Most HTTP vulnerabilities don’t come from sophisticated attacks. They come from misunderstanding where your framework stops protecting you. This covers the edge cases that actually bite production APIs: Range headers, path traversal, encoding conflicts, and request smuggling

This was a fun read.

I love protocols. Awareness of the protocols that rule us, and a willingness to hack on them and improve them, is (I believe) the path forward to save humanity from what capitalism currently is (a planet-gorging evil that makes Galactus look like a tin soldier).