Joined February 2025
- Tweets 4,482
- Following 30
- Followers 1,499
- Likes 25,305
476 Photos and videos
Pinned Tweet
4 Nov 2025
Here it is - Ferron 2 is here! π₯³
A faster, easier to use, more powerful web server.
It can even obtain TLS certificates for you...
ALT A "Ferron is installed successfully!" page.
6
3
42
5,551
Wait... Apparently, our profile is tpot... π
ALT A cropped screenshot of Ferron web server profile, as shown on atlas.tiago.zip.
Jun 13
i made a map of everyone on twitter!
yes you're on there too ^w^
every account is placed next to the people they talk to, so you can find out where you are, which cluster claimed you, and exactly who you're stuck next to
atlas.tiago.zip?ref=launch_tβ¦
1
126
Ferron 3.0.0-beta.2 is here! π₯³
So many changes we couldn't list them all! π
- Debug production without guessing
- A stronger reverse proxy
- Security-first defaults
And more...
1
5
365
111.6GiB of Rust compilation artifacts!? π€―
ALT Output of `cargo clean` command.
6
20
1,990
Something crabby is going on in the chatroom... π₯²
ALT A cropped screenshot with a message sent to a Matrix chatroom. Note the crab reactions.
1
142
Jun 13
π§ Ferron 1.x is going to be EOL soon, likely on July 1, 2026...
If you're still using Ferron 1.x, it's recommended to migrate your server to Ferron 2 or Ferron 2 LTS (with long-term support).
We know this was the starting point of Ferron, but now the time has to come... π€
ALT Grayed-out Ferron logo of Ferron-1.x-era.
1
22
982
Jun 13
Just got a security advisory for "vibeio-http" regarding the chunked encoding DoS vulnerability...
π
1
2
294
Jun 13
Had these thoughts:
> If using Node.js and npm, check for shai-huluds!
223
Jun 12
Ferron 2.8.0 and 2.6.3 LTS are here! π₯³
- environment variable placeholders (2.8.0)
- Google Cloud DNS provider (2.8.0)
- various improvements backported from Ferron 3 beta
- and more...
1
4
285
Jun 11
We're ending up over-building software without marketing or telling people about it... π₯²
2
145
Jun 10
Observability isn't about Grafana dashboards (these are tools for monitoring).
It isn't about Prometheus (metrics store).
It isn't even about OpenTelemetry Protocol (an observability framework).
It's about making it easier to debug your infrastructure through clear signals.
1
6
334
Jun 10
And you don't have to host the LGTM (Loki, Grafana, Tempo, Mimir) stack either.
You can also use managed services (like Better Stack or Grafana Cloud) instead. Much less headaches debugging your observability stack.
1
1
204
Jun 10
Even "ps" and "top" output count as observability signals (these are metrics)! And web server access logs too.
And when things break, you'll need to know why it broke... This is what observability signals would help with.
3
145
Ease of setup without ease of troubleshooting is a hyper-focus trap that leads to guesswork (when something fails) and ultimately, exhaustion.
You swap out infrastructure for something easy to setup, only for DevOps to hyper-focus and guess when something fails.
1
1
433
Ferron 3 will fix this for web servers. Easy to configure, but also easy to debug.
You'll get correlated logs and traces, and comprehensive metrics that make finding out the failure easier for you.
And it works with many observability backends (via OTLP), of course.
1
2
404
Memory safety bugs causing RCE in NGINX... π’
Fortunately there are web server written in Go (Caddy) and Rust (Ferron) that are immune to this whole class of vulnerabilities.
FULL REMOTE CODE EXECUTION on default nginx 1.30.0 no config changes needed. π«
Verichains a deadly exploit chain combining Nginx-Rift (CVE-2026-42945) Nginx-PoolSlip (CVE-2026-9256).
2-byte heap pointer overwrite & heap over-read then ASLR bypass to arbitrary command execution via system() on connection teardown.
1
40
5,524