Fujifilm recipes are what got me into color photography. So I built Phocus - it puts that same film simulation look right in your iPhone viewfinder. You see it before you take the shot, not after. No editing. Kinda just feels like shooting film again. apps.apple.com/us/app/phocus…

Dear frontend devs and UI designers. I bring you Liquid DOM, a complete and faithful implementation of Liquid Glass on the Web. - Shape morphing - All properties animatable - Dynamic refraction and reflection - Adaptive tint - Adaptive specular highlight - Dispersion - Full html integration - Super fast layout engine that works across Canvas and html - Pointer event handling - Framework and renderer-agnostic low level API - High level React API - Ootb @threejs and r3f integration And lots more. Read on for implementation details and demos.

many new ways to make your browser feel "just right" dropped in helium today: - centered address bar - minimal address bar - new dynamic layout - improvements to vertical layout - and experimental zen/frameless mode (flagged, bit buggy, but cool!) helium.computer

this is peak

If you have to write code like this (B) just to get decent performance, you probably chose the wrong library. Needing workarounds to bypass the system defeats the point. In 2026, relying on a VDOM already feels outdated.

Clippy is back. This time he's actually useful He watches your Claude Code agents, catches permissions, and jumps you to the right terminal

It's time to bring Haptics to the web 🫨 Create custom tactile patterns with strengths durations for your web interactions. Make your app feel as good as it looks ✨ → haptics.lochie.me

Beautiful libghostty-based iOS/iPad terminal by @almonk. Libghostty has been blowing up in usage it’s kind of silently behind so many apps now I’ll continue to share more. The idea is working! replay.software/echo

I forked Ghostty so I could set subway surfers as my terminals background

Cyprus / Kakopetria village

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

i've been hacked and traced the malware's wallet to see how much money they actually made from this new exploit (if you use Next.js/React, READ THIS!) I woke up to a terrifying email from Hetzner: "Netscan Detected." my server was blocked and a botnet was using my IP to attack others i dug into the logs and what I found the anatomy of the attack: 1) The Symptoms: I logged into htop and saw the mess: - CPU usage: 361% - A process named ./3ZU1yLK4 running wild - Random connections to an IP in the Netherlands my server wasn't serving my app anymore; it was mining crypto for someone else! 2) The Culprit: It wasn't a random SSH brute force. It was inside my Next.js container the malware was sophisticated it renamed itself nginxs and apaches to look like web servers it even had a "killer" script that hunted down other hackers' miners to kill the competition 3) The "Root" Cause (literally): Probably the recent React/Next.js CVE-2025-66478 exploit was the entry point (my project was running on "next": "15.5.4", behind cloudflare dns, but their recent fix didn't work apparently) but the fatal error was mine: my Docker container was running as ROOT Coolify deploys like this automatically when using Nixpacks, and I never changed it... so because of USER root, the malware could install cron, systemd, and persistence scripts to survive reboots meaning, it was able to infect my whole server, from a single Next.js docker! 4) The Forensics: I ran docker diff on the container - the hacker didn't just run a script, they installed a whole toolset.. - /tmp/apaches.sh (The installer) - /var/spool/cron/root (The persistence) - /c.json (The wallet config) 5) The Fix: I killed the container, scrubbed the host, and extracted the malware for analysis. but the real fix is in the Dockerfile. if you are deploying Node/Next.js, DO NOT use the default (root), you must: - RUN adduser --system nextjs - USER nextjs if you have Docker on ROOT and didn't update the exploited react version, you'll be hacked soon check your containers NOW. Run: docker exec <container_id> id (or get the full list first: docker stats --no-stream) If it says uid=0(root), you are one vulnerability away from being a crypto-miner host. (it's easy to notice when hacked, it will be a command running on the top CPU%, using all your hardware resources) 6) The Money: I dug deeper and recovered the config file (c.json) - Wallet: A Monero (XMR) address: 831abXJn8dBdVe5nZ*** - Pool: auto.c3pool . org and ofc i tracked the hacker’s wallet on the mining pool 7) The Scale: My server wasn't alone. It was just 1 of 415 active zombies in this botnet they are burning the CPU of 400 cloud servers... to earn... guess how many millions? $4.26/day on the image attached you can see: "Total Paid: 0.00", meaning this campaign just started. I caught them on Day 1. i also tracked back the server where they hosted the malware, and by inspecting the code, I found several comments in Chinese, so I guess that's their origin im rebuilding from scratch on a fresh VPS. the lesson was expensive, but at least I caught it before the hosting nuked my account permanently... PS: I have the IP for all the other machines mining with that malware, not sure how I can help them, but feel free to contact me if ur doing infosec stay safe

Friendly reminder that I have the smoothest implementation of modal sheets with scrollable content in #FlutterDev (at least that I know of) It handles scrolling and resizing content perfectly. also comes with a better version of the classic cupertino sheet view.

meet Phocus a camera that brings vibe to every shot — live filters, film looks, and soft tones in real time. available now ↓ apps.apple.com/us/app/phocus… #buildinpublic #flutter #lut #iosapp

Why is no one talking about this? This is why I don't use an AI browser You can literally get prompt injected and your bank account drained by doomscrolling on reddit:

Cross-platform technologies such as Flutter or React Native are so bad if you want to develop something more complex than a to-do list. I finally gave up and started learning Swift. My camera app with real-time filters using a shader on Flutter takes up between 500 MB and 1 GB

🚀 Just launched Friendzone – a beautiful way to track your friends’ timezones and scroll through time! 🌍 Add friends, track any location 🌀 Scroll time forward/backward 🎨 Stunning themes Available on iOS & macOS 👉 friendzone.freethinkel.dev/ #timezone #buildinpublic #remote