لرن سرا

بلاگ

  • How To Convert A List To A String In Python (With Examples)



    How To Convert A List To A String In Python (With Examples)



    Source link

  • 6 Automotive Technologies That Have Hit the Scene Recently


    Automotive technology has come a long way since the first concept car was built in the 1700s. New innovations have been exploding onto the scene at a rapid pace since then. Cars are becoming more capable of assisting drivers in all aspects of their driving experiences as well. These are some of the technologies that have hit the scene recently.

    1. Adaptive Cruise Control

    Adaptive cruise control came about over the past few years and is an excellent upgrade to standard cruise control. Adaptive cruise control has a feature that enables the vehicle to slow down swiftly and speed up according to a pre-determined following distance. This technology has done wonders to protect drivers from getting into accidents. Millions of people sustain injuries on the highway yearly, and every little attempt to make the roadways safer is a huge plus.

    2. Lane Departure Warning

    Lane departure warning is a god-send for exhausted drivers worldwide. It also helps people who have to take long trips. The feature alerts the driver with a loud sound, light, or vibration when the vehicle swerves in the lane. The driver then regains alertness and corrects the issue.

    3. Lane-Keeping Assistance

    Lane-keeping assistance usually works with the lane departure warning system. It goes the extra mile and helps the driver get back into the lane from which he or she strayed. You might be interested in this feature if you have long rides to work or travel a lot by yourself. It can help you avoid having to deal with a lawsuit, too. The statute of limitations for driving incidents in Texas in two years. Thus, you might have to worry for two whole years if you get into an accident in the state. Having these features can help you avoid all such incidents.

    4. Automatic Emergency Braking

    Automatic Emergency Braking is exactly what it sounds like. The vehicle has a set of sensors that can pick up objects and people in the way. If the system senses a near accident, the braking system will stop the vehicle. It’s like mechanical assistance for emergencies and can be a real lifesaver if anything happens. It can be useful if someone ever lacks the reaction time to stop the vehicle quickly enough.

    5. Cameras

    More vehicles are being crafted with cameras that give a view of the entire road as well as the vehicle’s surroundings. These cameras cut down on accidents and leave lots of evidence for theft and vandalism incidents. Even the police are starting to use cruiser vehicles with cameras. In 2000, only 11% of police used cars with cameras. That figure has since blown up to a whopping 72%. If the police force uses them, that should be a cue for you to consider purchasing a car with the feature.

    6. Autonomy

    Some cars are now capable of driving on their own. The feature still requires drivers to stay alert and keep their hands near the wheels. However, the most intricate of the newer vehicles have an autonomy feature that can help when a driver wants to relax. This option is available mostly in all-electric high-end vehicles.

    You can add it to your package for additional pay, which might add up to several thousand dollars. However, you’ll be one of the first people to try out this exciting new feature. Consider inquiring about it the next time you want to purchase a vehicle.

    This list is not at all exhaustive. Many more features exist in cars today. It’s up to you to find the best fit for you and your family. Ask your sales rep to explain your vehicle’s features and benefits.



    Source link

  • JavaScript Location.reload() Explained (With Examples)

    JavaScript Location.reload() Explained (With Examples)


    In modern web development, there are times when a page needs to refresh itself without the user pressing a button. Whether you are responding to updated content, clearing form inputs, or forcing a session reset, JavaScript provides a simple method for this task: location.reload().

    This built-in method belongs to the window.location object and allows developers to programmatically reload the current web page. It is a concise and effective way to refresh a page under controlled conditions, without relying on user interaction.

    What Is JavaScript location.reload()?

    The location.reload() method refreshes the page it is called on. In essence, it behaves the same way a user would if they clicked the browser’s reload button. However, because it is called with JavaScript, the action can be triggered automatically or in response to specific events. 

    Here is the most basic usage:

    location.reload();

    This line of code tells the browser to reload the current page. It does not require any parameters by default and typically loads the page from the browser’s cache. Note that you can use our free resources (namely, online code editors) to follow along with this discussion.

    Forcing a Hard Reload

    Sometimes a regular reload is not enough, especially when you want to ensure that the browser fetches the latest version of the file from the server instead of using the cached copy. You can force a hard reload by passing true as a parameter:

    location.reload(true);

    However, it is important to note that modern browsers have deprecated this parameter in many cases. Instead, they treat all reloads the same. If you need to fully bypass the cache, server-side headers or a versioned URL might be a more reliable approach.

    And let’s talk syntax:

    So what about the false parameter? That reloads the page using the web browser cache. Note that false is also the default parameter. So if you run reload() without a parameter, you’re actually running object.reload(false). This is covered in the Mozilla developer docs.

    So when do you use Location.reload(true)? One common situation is when the page has outdated information. A hard reload can also bypass caching issues on the client side.

    Common Use Cases

    The location.reload() method is used across a wide range of situations. Here are a few specific scenarios where it’s especially useful:

    1. Reload after a form submission:

    document.getElementById("myForm").onsubmit = function() {
    setTimeout(function() {
        location.reload();
    }, 1000);
};

    This use case helps clear form inputs or reset the page state after the form has been processed. You can test this in the online Javascript editor. No download required. Just enter the code and click run to immediately see how it looks.

    2. Refresh after receiving new data:

    In web applications that rely on live data, such as dashboards or status monitors, developers might use location.reload() to ensure the page displays the most current information after an update.

    3. Making a manual refresh button:

    <button onclick="location.reload();">Refresh Page</button>

    This is a simple way to give users control over when to reload, particularly in apps that fetch new content periodically.

    4. Reload a Page Without Keeping the Current Page in Session History

    This is another common use. It looks like this.

    window.location.replace(window.location.href);

    Basically, if a user presses the back button after they hit reload, they might be taken back to a page that no longer reflects the current application logic. The widow.location.replace() method navigates to a new URL, often the same one, and replaces the current page in the session history.

    This effectively reloads the page without leaving a trace in the user’s history stack. It is particularly useful for login redirects, post-submission screens, or any scenario where you want to reset the page without allowing users to revisit the previous state using the back button.

    Limitations and Best Practices

    While location.reload() is useful; it should be used thoughtfully. Frequent or automatic reloads can frustrate users, especially if they disrupt input or navigation. In modern development, reloading an entire page is sometimes considered a heavy-handed approach.

    For dynamic updates, using JavaScript to update only part of the page, through DOM manipulation or asynchronous fetch requests, is often more efficient and user-friendly.

    Also, keep in mind that reloading clears unsaved user input and resets page state. It can also cause data to be resubmitted if the page was loaded through a form POST, which may trigger browser warnings or duplicate actions. If you’re looking for a job, make sure to brush up on this and any other common JavaScript interview questions.

    Smarter Alternatives to Reloading the Page

    While location.reload() is simple and effective, it is often more efficient to update only part of a page rather than reloading the entire thing. Reloading can interrupt the user experience, clear form inputs, and lead to unnecessary data usage. In many cases, developers turn to asynchronous techniques that allow content to be refreshed behind the scenes.

    AJAX, which stands for Asynchronous JavaScript and XML, was one of the earliest ways to perform background data transfers without refreshing the page. It allows a web page to send or receive data from a server and update only the necessary parts of the interface. Although the term AJAX often brings to mind older syntax and XML data formats, the concept remains vital and is now commonly used with JSON and modern JavaScript methods.

    One of the most popular modern approaches is the Fetch API. Introduced as a cleaner and more flexible alternative to XMLHttpRequest, the Fetch API uses promises to handle asynchronous requests. It allows developers to retrieve or send data from a server and then apply those updates directly to the page using the Document Object Model, or DOM.

    Here is a simple example:

    fetch('/api/data')
  .then(response => response.json())
  .then(data => {
    document.getElementById('content').textContent = data.message;
  });

    This example retrieves data from the server and updates only a single element on the page. It is fast, efficient, and keeps the user interface responsive.

    By using AJAX or the Fetch API, developers can create a more fluid and interactive experience. These tools allow for partial updates, background syncing, and real-time features without forcing users to wait for an entire page to reload. In a world where performance and responsiveness matter more than ever, these alternatives offer a more refined approach to managing content updates on the web.

    Conclusion

    The location.reload() method in JavaScript is a straightforward way to refresh the current web page. Whether used for resetting the interface or updating content, it offers a quick and accessible solution for common front-end challenges. But like all tools in web development, it should be used with an understanding of its impact on user experience.

    Before reaching for a full page reload, consider whether updating the page’s content directly might serve your users better. When applied appropriately, location.reload() can be a useful addition to your JavaScript toolkit.

    Want to put this into action? Add it to a JavaScript project and test it out.

     





    Source link

  • Motion Highlights #4 | Codrops

    Motion Highlights #4 | Codrops


    The

    New

    Collective

    🎨✨💻 Stay ahead of the curve with handpicked, high-quality frontend development and design news, picked freshly every single day. No fluff, no filler—just the most relevant insights, inspiring reads, and updates to keep you in the know.

    Prefer a weekly digest in your inbox? No problem, we got you covered. Just subscribe here.



    Source link

  • 6.32 Million Google Clicks! 🤩

    6.32 Million Google Clicks! 🤩


    Yesterday Online PNG Tools smashed through 6.31M Google clicks and today it’s smashed through 6.32M Google clicks! That’s 10,000 new clicks in a single day – the smash train keeps on rollin’!

    What Are Online PNG Tools?

    Online PNG Tools offers a collection of easy-to-use web apps that help you work with PNG images right in your browser. It’s like a Swiss Army Knife for anything PNG-related. On this site, you can create transparent PNGs, edit icons, clean up logos, crop stamps, change colors of signatures, and customize stickers – there’s a tool for it all. The best part is that you don’t need to install anything or be a graphic designer. All tools are made for regular people who just want to get stuff done with their images. No sign-ups, no downloads – just quick and easy PNG editing tools.

    Who Created Online PNG Tools?

    Online PNG Tools were created by me and my team at Browserling. We’ve build simple, browser-based tools that anyone can use without needing to download or install anything. Along with PNG tools, we also work on cross-browser testing to help developers make sure their websites work great on all web browsers. Our mission is to make online tools that are fast, easy to use, and that are helpful for everyday tasks like editing icons, logos, and signatures.

    Who Uses Online PNG Tools?

    Online PNG Tools and Browserling are used by everyone – from casual users to professionals and even Fortune 100 companies. Casual users often use them to make memes, edit profile pictures, or remove backgrounds. Professionals use them to clean up logos, design icons, or prepare images for websites and apps.

    Smash too and see you tomorrow at 6.33M clicks! 📈

    PS. Use coupon code SMASHLING for a 30% discount on these tools at onlinePNGtools.com/pricing. 💸



    Source link

  • Russian R&D Networks Targeted via Decoy PDFs

    Russian R&D Networks Targeted via Decoy PDFs


    Contents

    • Introduction
    • Key Targets
      • Industries Affected
      • Geographical Focus
    • Infection Chain
    • Initial Findings
      • Looking into the decoy-document
    • Technical Analysis
      • Stage 1 – Malicious RAR File
      • Stage 2 – Malicious .NET malware-dropper
      • Stage 3 – Malicious Golang Shellcode loader
      • Stage 4 – Shellcode Overview
    • Hunting and Infrastructure
    • Conclusion
    • Seqrite Protection
    • IOCs
    • MITRE ATT&CK
    • Authors

    Introduction

    SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defense, aerospace, and advanced engineering programs that contribute to Russia’s military-industrial complex. Tracked as Operation HollowQuill, the campaign leverages weaponized decoy documents masquerading as official research invitations to infiltrate academic, governmental, and defense-related networks. The threat entity delivers a malicious RAR file which contains a .NET malware dropper, which further drops other Golang based shellcode loader along with legitimate OneDrive application and a decoy-based PDF with a final Cobalt Strike payload.

    Key Targets

    Industries Affected

    • Academic & Research Institutions
    • Military & Defense Industry.
    • Aerospace & Missile Technology
    • Government oriented research entities.

    Geographical Focus

    Infection Chain.

     

    Initial Findings.

    In the early months of 2025, our team found a malicious RAR archive file named as Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова.rar , which translates to Outgoing 3548 on the formation of state assignments for conducting fundamental and exploratory research at BSTU ‘VOENMEKH’ named after D.F. Ustinov.rar surfaced on Virus Total. Upon investigation, we determined that this RAR has been used as a preliminary source of infection, containing a malicious .NET dropper which contains multiple other payloads along with a PDF based decoy.

    The RAR archive contains a malicious .NET executable functioning as a dropper, named “Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова” which also translates to Outgoing No. 3548 regarding the formation of state assignments for conducting fundamental and exploratory research at BSTU ‘VOENMEKH’ named after D.F. Ustinov. This dropper is responsible for deploying a legitimate OneDrive executable alongside a malicious shellcode loader written in Golang. Upon execution, the .NET executable performs several operations: one of them it deploys the Golang loader containing shellcode, injects the shellcode into the legitimate OneDrive process, and spawns a decoy document. Before delving into the technical details, let’s first examine the decoy document.

    Looking into the decoy-document.

    Upon looking into the decoy document, it turns out that this lure is a document related to the Ministry of Science and Higher Education of Russia, specifically concerning Baltic State Technical University “VOENMEKH” named after D.F. Ustinov. The document appears to be an official communication addressed to multiple organizations, potentially discussing state-assigned research projects or defense-related academic collaborations.

    The above is a translated version of the initial sections of the decoy.

    The contents and the entire decoy confirm that this PDF serves as a comprehensive guideline for the allocation of state-assigned research tasks, outlining the process for organizations to submit proposals for fundamental and applied research projects under the 2026-2028 budget cycle. It provides instructions for institutions, particularly those engaged in advanced scientific and technological research, on how to register their technological requests within the Unified State Information System for Scientific Research and Technological Projects (ЕГИСУ НИОКТР) before the specified deadline.

    Now, looking into the later part of the decoy it can be seen that the decoy document provides additional information on the submission process for state-assigned research tasks, emphasizing that financial support for these projects will come from budgetary allocations through the Ministry of Science and Higher Education of Russia. Also, the document mentions contact details for inquiries of Bogdan Evgenyevich Melnikov, a senior researcher in the Department of Fundamental and Exploratory Research, with an email address for communication.

    Well, at the end of this decoy, it can be seen that it has been signed by A.E. Shashurin, who is identified as a Doctor of Technical Sciences (д.т.н.), professor, and acting rector (и.о. ректора) of the institution. Overall, this lure document serves as an official communication from the Ministry of Science and Higher Education of Russia, providing guidelines for organizations regarding state-funded research initiatives.

    Technical Analysis

    We will divide our analysis into four main sections. First, we will examine the malicious RAR archive. Second, we will delve into the malicious .NET dropper. Third, we will focus on analyzing the working of the malicious Golang based shellcode injector and at the end, we will look into the malicious Cobalt Strike payload. This detailed exploration will shed light on the methodologies employed and provide insights into the threat actor’s tactics within this particular campaign.

    Stage 1 – Malicious RAR File.

    Upon examining the malicious RAR file, it contains another malicious executable named Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова. After initial analysis of the file’s artefacts it was revealed it is a 32-bit .NET-based executable. In the next section, we will explore the functionality of this.NET executable.

    Stage 2 – Malicious .NET malware-dropper.

    Now, let us look into the workings of the .NET file which was compressed inside the RAR archive. As in the previous section we found that the binary is basically a 32-bit.NET executable, it is also renamed as SystemUpdaters.exe while we loaded it into analysis tools.

    Upon looking inside, the sample, we found three interesting methods. Now let us dive deep into them.

    Looking into the first method we can see that the Main function, we can see that it calls another method MyCustomApplicationContext . Let us analyze the method.

    Next, looking into the method, we found that the code initially checks whether the decoy PDF is present inside the C:\Users\Appdata\Roaming\Documents location, in case the PDF file is not present, it goes ahead and copies the decoy, which is stored under the resources section, and writes it into the location.

    Next, looking into the code further, we found that it checks if the file OneDrive.exe which is basically the legitimate OneDrive application exists, in case it does not find it on the desired location, it goes ahead and copies the legitimate application stored under the resource section, and writes it into the location.

    Looking into the later part of code, we found that it checks for a file named as OneDrives_v2_1.exe under the location C:\Users\Appdata\Roaming\Driver , in case it did not find the file, just like similar files, it copies the executable from the resources section and writes it to the location.

    Then looking into one of the most intriguing aspects of this dropper is its use of a shortcut (.lnk) file named X2yL.lnk as a persistence mechanism by placing it in the Windows Startup folder to ensure execution upon system boot. Upon analyzing the H3kT7fXw method, we observed that it is responsible for creating this shortcut file. The method utilizes WshShell to generate the .lnk file and assigns it a Microsoft Office-based icon, making it less suspicious. Additionally, the target path of the shortcut is set to the location where the malicious payload I.e., OneDrives_v2_1.exe is stored, ensuring its execution whenever the shortcut is triggered upon booting.

    At the end, it goes ahead and spawns the decoy PDF into the screen. As, we conclude the analysis of the malicious .NET dropper, in the next sections, we will analyze the malicious executable dropped by this dropper.

    Stage 3 – Malicious Golang Shellcode loader.

    Initially, upon looking into the sample inside analysis tools. we can confirm that this executable is programmed using Golang. Next, we will look into the working of the shellcode loader and its injection mechanism.

    Looking into the very first part of this shellcode loader, we found that the binary executes time_now function to initially capture the current system time, then it calls time_sleep which is also a Golang function with a hardcoded value, then again it calls the time_now function, which checks for the timestamp after the sleep. Then, it calls time_Time_Sub which checks the difference between the timestamp captured by the function and goes ahead and checks if the total sleep time is less then 6 seconds, in case the sleep duration is shorter, the program exits, this acts as a little anti-analysis technique.

    Next, moving ahead and checking the code, we found that the legitimate OneDrive executable, which was dropped by the.NET dropper, that similar process is being created using the CreateProcess API in Golang, and the process is being created in a suspended mode.

    Then, the shellcode which is already embedded in this loader binary is being read by using Golang function embed_FS_ReadFile which returns the shellcode.

    Next, the shellcode which was returned by the previous function in a base64 encoded format is being decoded using Golang native function base64.StdEncoding.DecodeString and returned.

    Then, the code basically uses a hardcoded 13-byte sized key, which is basically used to decode the entire shellcode.

    Then finally, the code performs APC Injection technique to inject the shellcode inside the memory, by first starting with the process in a suspended state, followed by decoding and decrypting the shellcode, followed by allocating memory on the suspended OneDrive.exe process, then once the memory is allocated, it goes ahead and writes the shellcode inside the memory using WriteProcessMemory , then it uses QueueUserAPC API to queue a function call inside the main thread of the suspended OneDrive.exe process. Finally using ResumeThread which causes the queued APC function (containing the shellcode) to execute, effectively running the injected malicious code within the context of OneDrive.exe. Now, let us analyze some key artifacts of the shellcode.

    Stage 4 -Shellcode overview.

    Upon looking inside, the malicious shellcode and analyzing it we found that the shellcode is actually a loader, which works by initially loading a Windows wwanmm.dll library.

    Once, the DLL is loaded it zeroes out the .text section of the DLL. It uses a windows API DllCanUnloadNow which helps to prepare the beacon in memory. Thus, further facilitating the working of the shellcode which is a Cobalt Strike beacon.


    Further analyzing it becomes quite evident that the beacon is connecting to the C2-server, hosted by the attacker using certain user-agent. As, this tool is quite commonly used, therefore, we will not delve in-depth on the workings of the malicious beacon. The configuration of the beacon can be extracted as follows.

    Extracted Configuration:

    Method : GETHost[Command & Control] : phpsympfony.comUser-Agent : “Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko”

    Hunting and Infrastructure.

    Upon analysis of the shellcode injector programmed in Golang, we found little OPSEC related mistakes from the threat actor such as leaving Go-build ID along with the injector, which helped us to hunt for similar payloads, used by the same threat actor. The Go-build ID is as follows:

    -_APqjT14Rci2qCv58VO/QN6emhFauHgKzaZvDVYE/3lVOVKh9ePO_EDoV_lSN/NL58izAdTGRId20sd3CJ

    Now, looking into the infrastructural artefacts, the malicious command-and-control server which has been hosted at the domain phpsymfony[.]com , has been rotating the domain across multiples ASN services. Also, there has been a unique HTTP-Title which has also been rotated multiple times across the C2-server.

    Looking into the response across the history we can see that the title Coming Soon – pariaturzzphy.makebelievercorp[.]com has been set up multiple times.

    Upon further searching for the same HTTP-Title, we found that a lot of hosts are serving the same title, out of which some of them are serving malicious binaries such as ASyncRAT and much more.

    Looking into the ASNs, the C2 server has been rotating since the date of activation. The list is as follows.

    ASN Geolocation Owner
    AS13335 United States Cloudflare Net
    AS35916 United States MULTA-ASN1
    AS135377 Hong Kong UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED
    AS174 United States COGENT-174
    AS47846 Germany SEDO-AS
    AS8560 🌍 Unknown IONOS-AS

    Conclusion

    We have found that a threat actor is targeting the Baltic Technical University using research themed lure where they have been using a.NET dropper to shellcode loader finally delivering a Cobalt Strike in-memory implant. Analyzing the overall campaign and TTPs employed by the threat actor, we can conclude that the threat actor has started targeting few months back since December 2024.

    SEQRITE Protection.

    • Trojan.Ghanarava.1738100518c73fdb
    • Trojan.Ghanarava.1735165667615275

    IOCs.

    MD5 Filename
    ab310ddf9267ed5d613bcc0e52c71a08 Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова.rar
    fad1ddfb40a8786c1dd2b50dc9615275 SystemsUpdaters.exe
    cac4db5c6ecfffe984d5d1df1bc73fdb OneDrives_v2_1.exe

    C2

    phpsymfony[.]com
    hxxps://phpsymfony[.]com/css3/index2.shtml

    MITRE ATT&CK.

    Tactic Technique ID Name
    Initial Access T1566.001 Phishing: Spear phishing Attachment

     

     
    Execution T1204.002

    T1053.005

    		 User Execution: Malicious File

    Scheduled Task.
    Persistence T1547.001 Registry Run Keys / Startup Folder
    Defense Evasion T1036
    T1027.009
    T1055.004
    T1497.003    		 Masquerading
    Embedded Payloads.
    Asynchronous Procedure Call
    Time Based Evasion
    Command and Control T1132.001 Data Encoding: Standard Encoding

    Authors

    • Subhajeet Singha
    • Sathwik Ram Prakki



    Source link

  • HTML Editor Online with Instant Preview and Zero Setup



    HTML Editor Online with Instant Preview and Zero Setup



    Source link

  • Developer Spotlight: Max Barvian | Codrops

    Developer Spotlight: Max Barvian | Codrops


    In past Developer Spotlights, we’ve featured devs who’ve pushed the craft of building award-winning websites. But web development is more than just translating great design—Max Barvian is one of those pioneering devs who have a deep understanding of the core mechanics of frontend development. In 2024, he shared one of the coolest CSS-powered, scroll-driven animations with us here on Codrops. We can’t shine the light enough on Max, as his work represents the next frontier in web development—one that merges deep technical knowledge with creative experimentation.

    Hi! My name is Max Barvian. I’m a UI engineer currently working at Clerk.

    Projects I’m proud of

    NumberFlow

    NumberFlow is an animated number component for React, Vue, Svelte, and vanilla TS/JS. It was heavily inspired by the number animations in the wonderful Family app:

    I built NumberFlow as a custom element with wrapper components for each framework. All the animations are powered by the Web Animations API (WAAPI). It uses the FLIP technique, registered custom CSS properties, spring-based linear() timings, new CSS math functions, and composited KeyframeEffects for better interruption handling.

    The response to NumberFlow has been surreal. 𝕏 is currently using it for their analytics dashboard, and Elon Musk even retweeted this screenshot of it:

    barvian.me

    When it came time to rebuild my portfolio last year, my goal was to make some combination of Godly and the Apple TV home screen. I’d really wanted a site like that for years, with a grid of project videos that smoothly transitioned into detail pages, but never felt confident about pulling it off. Then I found the View Transitions API. Despite its shortcomings (i.e. no interruption handling), it felt like the perfect tool for the job. View Transitions using snapshots of “old” views seemed perfect for the video grid, and meant I wouldn’t have to worry about animating a bunch of <video> elements at the same time. Ultimately, I had to use a few more tricks to get decent performance during the transitions, but I still can’t imagine having built the site with anything else. I was honored when Googlers Addy Osmani and Una Kravets shared my little site as a demo for View Transitions.

    Musée

    I stumbled upon this incredible design by Kevin Pham on Dribbble a couple years ago and immediately fell in love with it. I had wanted to experiment with CSS Scroll Snapping and 3D scenes for a while, and this seemed like the perfect candidate. I ended up using React Three Fiber, Motion for React, and Tailwind to implement it. It’s not perfect (there’s a pesky bug with mobile Safari on the last slide that I haven’t been able to fix), but I’m pretty happy with how it turned out. I was honored when Guillermo Rauch, Paul Henschel, Matt Perry, and Three.js all reposted it.

    Fluid type projects

    This work is probably the most boring on the list but I’m still happy with it. I was working on a Tailwind plugin for CSS clamp() when I encountered some longstanding accessibility issues with fluid type. I didn’t want to bring those issues into my plugin, so I spent a whole Sunday watching math videos on YouTube and talking to my physicist brother to figure out how to work around them. I eventually published the results in Smashing Magazine with some help from their great editors there, and was honored to see Adrian Roselli reference the work in his original article. Utopia, a popular fluid clamp generator, also integrated the findings into their tool.

    About me

    I got into creative development in a 7th grade journalism class, when my teacher made me the webmaster for our school newspaper. I asked my parents for Dreamweaver that year for Christmas and got my first freelance client a year after that. I’ve since moved on from Dreamweaver 🙂, but I’ve never wanted to do anything else professionally. I feel lucky that I’ve been able to make a career out of my passion.

    Current challenges

    At Clerk I’m working on building the component library we use for our dashboard. It’s been a fun challenge to try to build something that equally emphasizes UX and DX! I hope to share more on 𝕏 as it progresses. React Aria Components has been a huge inspiration here.

    Tools

    I basically live in VS Code writing React, Tailwind, and Motion code all day.

    Philosophy

    Someone I follow on 𝕏 thought NumberFlow was a good example of a quote by Charlie Munger:

    “Take a simple idea and take it seriously.”
    —Charlie Munger

    That’s stuck with me over the last few months, and I think it’s increased my enjoyment of projects I previously would’ve dismissed as too routine or boring.

    It’s an honor to be featured on a site I’ve been reading my whole career. Thanks a lot, Manoela and the Codrops team!



    Source link

  • Write and Test Code Instantly With an Online Python Editor



    Write and Test Code Instantly With an Online Python Editor



    Source link

  • 6.33 Million Google Clicks! 🤑

    6.33 Million Google Clicks! 🤑


    Yesterday Online PNG Tools smashed through 6.32M Google clicks and today it’s smashed through 6.33M Google clicks! That’s 10,000 new clicks in a single day – the smash train keeps on rollin’!

    What Are Online PNG Tools?

    Online PNG Tools offers a collection of easy-to-use web apps that help you work with PNG images right in your browser. It’s like a Swiss Army Knife for anything PNG-related. On this site, you can create transparent PNGs, edit icons, clean up logos, crop stamps, change colors of signatures, and customize stickers – there’s a tool for it all. The best part is that you don’t need to install anything or be a graphic designer. All tools are made for regular people who just want to get stuff done with their images. No sign-ups, no downloads – just quick and easy PNG editing tools.

    Who Created Online PNG Tools?

    Online PNG Tools were created by me and my team at Browserling. We’ve build simple, browser-based tools that anyone can use without needing to download or install anything. Along with PNG tools, we also work on cross-browser testing to help developers make sure their websites work great on all web browsers. Our mission is to make online tools that are fast, easy to use, and that are helpful for everyday tasks like editing icons, logos, and signatures.

    Who Uses Online PNG Tools?

    Online PNG Tools and Browserling are used by everyone – from casual users to professionals and even Fortune 100 companies. Casual users often use them to make memes, edit profile pictures, or remove backgrounds. Professionals use them to clean up logos, design icons, or prepare images for websites and apps.

    Smash too and see you tomorrow at 6.34M clicks! 📈

    PS. Use coupon code SMASHLING for a 30% discount on these tools at onlinePNGtools.com/pricing. 💸



    Source link