This media is not supported in your browser
VIEW IN TELEGRAM
I HATE WHATSAPP from developer view... From user side - we need Constantine to perform an exorcism on Meta...
😇2
Angular Munich
Video
Cloudflare released a post analyzing yesterday's incident. It turned out that their Bot Management service, which they use for DDoS protection, was down.
The architecture of this service is as follows:
1. Clickhouse, where Cloudflare stores a list of rules for bot protection
2. A cron noscript that reads the database and generates a list of rules for deployment to the servers
3. A Rust noscript, running on the servers themselves, that takes the rules and applies them
In the first stage, engineers made a change to Clickhouse, which resulted in the second stage creating a list of rules twice as large as usual.
At stage 3, the noscript realized the file was exceeding its size limits and tripped over .unwrap(), which panicked and crashed (instead of ignoring the "bad" list) on all instances worldwide.
At first, Cloudflare thought it was an attack by the new Aisuru botnet, which had recently set a record with a 15 Tbps DDOS attack. But as a result of an error by the company's own engineers, a slew of services were taken down, including X/Twitter, ChatGPT, Spotify, Canva, and McDonald's.
———————
Cloudflare junior developer deployed rust noscript in production ^_^ Approved! 😂😂😂😂😂😂😂😂
The architecture of this service is as follows:
1. Clickhouse, where Cloudflare stores a list of rules for bot protection
2. A cron noscript that reads the database and generates a list of rules for deployment to the servers
3. A Rust noscript, running on the servers themselves, that takes the rules and applies them
In the first stage, engineers made a change to Clickhouse, which resulted in the second stage creating a list of rules twice as large as usual.
At stage 3, the noscript realized the file was exceeding its size limits and tripped over .unwrap(), which panicked and crashed (instead of ignoring the "bad" list) on all instances worldwide.
At first, Cloudflare thought it was an attack by the new Aisuru botnet, which had recently set a record with a 15 Tbps DDOS attack. But as a result of an error by the company's own engineers, a slew of services were taken down, including X/Twitter, ChatGPT, Spotify, Canva, and McDonald's.
———————
Cloudflare junior developer deployed rust noscript in production ^_^ Approved! 😂😂😂😂😂😂😂😂
The Cloudflare Blog
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
😁1
Forwarded from kirjs_ru
YouTube
What's new in Angular v21
Join the Angular on this new exiting developer event! Learn about our newest advancements in our latest release in this one-of-a-kind mini-movie.
We think you'll have a wonderful time.
⃗Learn more about our latest release → https://goo.gle/angular-v21-blog…
We think you'll have a wonderful time.
⃗Learn more about our latest release → https://goo.gle/angular-v21-blog…
Today... I was mental fired in my current project (4year development angular (4 portals) + nx + nest)...
Why?
Because managers love AI...
Because AI hate Angular and love React...
Because React love tailwind...
This is why https://lovable.dev/ can easy replace us... Because sugaring is better as "no pain - no gain"
ps: this is not an ads!!! Just my thinking about 2026 perspectives...
Why?
Because managers love AI...
Because AI hate Angular and love React...
Because React love tailwind...
This is why https://lovable.dev/ can easy replace us... Because sugaring is better as "no pain - no gain"
ps: this is not an ads!!! Just my thinking about 2026 perspectives...
‼️ FrontMuc: 2025 wrap-up
> Tuesday, Nov 25 · 6:30 PM to 9:30 PM MEZ
> Celonis SE
> Theresienstraße 6, 80333, Munich, Germany
18:30 to 19:00 check-in/registration, food, drinks, kindly offered by our host.
19:05 - 19:10 Welcome words by Uliana and Celonis Team.
19:15 Talk 1: Lukas Heddendorp, Sr. Frontend Engineer @Celonis Labs
Title: I Gave an AI my Figma File, and All I Got Was This Lousy 'div'
19:45 Talk 2: Syed Iqrar Raza Zaidi, Principal Engineer - Frontend, Tamara
Title: Scalable Frontend Architecture
20:15 - 20:25 Break
20:25 Talk 3: Nikolay Vitkov, Software Engineer at Chrome DevTools Team @Google
Title: Chrome DevTools MCP
20:30 - 21:00 Talk 4 Hayk Yaghubyan, Lead Software Engineer at casavi GmbH
Title: Building a Frontend Design System That Scales
21:30 - Closing of the event, Networking (15-20 min)
RSVP
#meetup #frontmuc #frontmucmeetup
> Tuesday, Nov 25 · 6:30 PM to 9:30 PM MEZ
> Celonis SE
> Theresienstraße 6, 80333, Munich, Germany
18:30 to 19:00 check-in/registration, food, drinks, kindly offered by our host.
19:05 - 19:10 Welcome words by Uliana and Celonis Team.
19:15 Talk 1: Lukas Heddendorp, Sr. Frontend Engineer @Celonis Labs
Title: I Gave an AI my Figma File, and All I Got Was This Lousy 'div'
19:45 Talk 2: Syed Iqrar Raza Zaidi, Principal Engineer - Frontend, Tamara
Title: Scalable Frontend Architecture
20:15 - 20:25 Break
20:25 Talk 3: Nikolay Vitkov, Software Engineer at Chrome DevTools Team @Google
Title: Chrome DevTools MCP
20:30 - 21:00 Talk 4 Hayk Yaghubyan, Lead Software Engineer at casavi GmbH
Title: Building a Frontend Design System That Scales
21:30 - Closing of the event, Networking (15-20 min)
RSVP
#meetup #frontmuc #frontmucmeetup
‼️ WebStorm 2025.2.5 (252.28238.10 build) Release
```
[🐛][Built-in Formatter] - Formatter: Angular HTML template references produce line breaks
[🐛][Code vision, Inlay hints] - Angular: Misaligned inlay hints when using $any()
[Usability] - Add option to disable Angular navigation popup
```
Full Release Notes
```
[🐛][Built-in Formatter] - Formatter: Angular HTML template references produce line breaks
[🐛][Code vision, Inlay hints] - Angular: Misaligned inlay hints when using $any()
[Usability] - Add option to disable Angular navigation popup
```
Full Release Notes
🚨 XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
‼️ Package » @angular/common
‼️ Severity » High (7.7/10)
Link
‼️ Package » @angular/common
‼️ Severity » High (7.7/10)
The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain.
Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header.
Affected versions Patched versions
>=21.0.0-next.0 < 21.0.1 21.0.1
>=20.0.0-next.0 < 20.3.14 20.3.14
>=19.0.0-next.0 < 19.2.16 19.2.16
<= 18.2.14 none
Workarounds
Developers should avoid using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Link
GitHub
XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
The vulnerability is a **Credential Leak by App Logic** that leads to the **unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token** to an attacker-controlled domain.
Angular'...
Angular'...
Again...
‼️ Shai-Hulud Returns: Over 300 NPM Packages Infected
- https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
- https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
#security #npm
‼️ Shai-Hulud Returns: Over 300 NPM Packages Infected
- https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
- https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
#security #npm
🥴1
‼️ Angular - prevent XSS via SVG animation attributeName and MathML/SVG URLs
Fixed in:
> 21.0.2
> 20.3.15
> 19.2.17
#security #angular21 #angular20 #angular19
Fixed in:
> 21.0.2
> 20.3.15
> 19.2.17
#security #angular21 #angular20 #angular19