Readit News logoReadit News
gamedever commented on Japanese Toshiba Typewriter Model BW-2112 (2020) [video]   youtube.com/watch?v=JZcui... · Posted by u/CaliforniaKarl
gamedever · 10 months ago
tangentially, Google Japan makes joke keyboards. Here's their latest

https://www.youtube.com/watch?v=EHqPrHTN1dU

you can see some others here

https://www.youtube.com/@GoogleJapan/search?query=%E3%82%AD%...

They had one with 1000+ keys but I don't see a video for it

gamedever commented on How to gain code execution on hundreds of millions of people and popular apps   kibty.town/blog/todesktop... · Posted by u/xyzeva
rvz · 10 months ago
My goodness. So much third-party risk upon risk and lots of external services opening up this massive attack surface and introducing this RCE vulnerability.

From an Electron bundler service, to sourcemap extraction and now an exposed package.json with the container keys to deploy any app update to anyone's machine.

This isn't the only one, the other day Claude CLI got a full source code leak via the same method from its sourcemaps being exposed.

But once again, I now know why the entire Javascript / TypeScript ecosystem is beyond saving given you can pull the source code out of the sourcemap and the full credentials out of a deployed package.json.

gamedever · 10 months ago
Blaming Js/Ts is ridiculous. All those same problems exist in all environments. Js/Ts is the biggest so it gets the most attention but if you think it's different in any other environment you're fooling yourself.
gamedever commented on How to gain code execution on hundreds of millions of people and popular apps   kibty.town/blog/todesktop... · Posted by u/xyzeva
felixrieseberg · 10 months ago
As an Electron maintainer, I'll re-iterate a warning I've told many people before: Your auto-updater and the underlying code-signing and notarization mechanisms are sacred. The recovery mechanisms for the entire system are extremely painful and often require embarrassing emails to customers. A compromised code-sign certificate is close to the top of my personal nightmares.

Dave and toDesktop have build a product that serves many people really well, but I'd encourage everyone building desktop software (no matter how, with or without toDesktop!) to really understand everything involved in compiling, signing, and releasing your builds. In my projects, I often make an argument against too much abstraction and long dependency chain in those processes.

If you're an Electron developer (like the apps mentioned), I recommend:

* Build with Electron Forge, which is maintained by Electron and uses @electron/windows-sign and @electron/osx-sign directly. No magic.

* For Windows signing, use Azure Trusted Signing, which signs just-in-time. That's relatively new and offers some additional recovery mechanisms in the worst case.

* You probably want to rotate your certificates if you ever gave anyone else access.

* Lastly, you should probably be the only one with the keys to your update server.

gamedever · 10 months ago
And yet, tons of developers install github apps that ask for full permissions to control all repos and can therefore do to same things to every dev usings those services.

github should be ashamed this possibility even exists and double ashamed that their permission system and UX is so poorly conceived that it leads apps to ask for all the permissions.

IMO, github should spend significant effort so that the default is to present the user with a list of repos they want some github integration to have permissions for and then for each repo, the specific permissions needed. They should be designed that minimal permissions is encouraged.

As it is, the path of least resistance for app devs is "give me root" and for users to say "ok, sure"

gamedever commented on Microsoft begins turning off uBlock Origin and other extensions in Edge   neowin.net/news/microsoft... · Posted by u/thombles
AnonC · 10 months ago
Seems like Microsoft is just taking whatever Chromium releases and repackages it to show more ads and to make Bing the default search engine. In this case, it's just dropping support for Manifest V2 extensions, such as uBlock Origin, and moving to Manifest V3, which does not support extensions intercepting and blocking requests using blockingWebRequest.

Just three days ago, Mozilla reiterated [1] that Firefox would continue to support Manifest V2 alongside Manifest V3. So if you want a better web experience with uBlock Origin, Firefox is your only choice (or use Firefox forks that support it). While you're at it, note that "uBlock Origin works best on Firefox". [2]

[1]: https://blog.mozilla.org/en/products/firefox/firefox-manifes...

[2]: https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

gamedever · 10 months ago
Can you explain in detail what feature of UBlock Origin I will lose because of V3 vs V2 extensions?

I see people complaining, I don't see concrete examples, only panic

gamedever commented on WebShield – A new wide-spectrum content blocker for Safari   github.com/arjpar/WebShie... · Posted by u/tW4r
gjsman-1000 · 10 months ago
No; it’s because then, the internet would go from 80% Chromium, to 95% Chromium.

Allowing alternative browser engines does not mean Firefox gets a footing. It means Chromium gets a footing even on iOS, and we start seeing Electron apps on iOS, with every app bundling their own Chromium renderer.

If Apple were forced to allow 3rd party engines on iOS, they might as well shut down WebKit. All hail Blink, the universal engine.

gamedever · 10 months ago
Good! because people prefer Chrome. People have to go out of their way to install it and they do.

If Safari was better then Safari would stay #1 on iOS. They shouldn't be allowed force this any more than Microsoft was allowed to force IE.

If 3rd party browsers were allowed we'd have had WebGL2 on iOS 4 years earlier. WebGPU 2 years earlier. WebXR several years earlier (Apple is only adding it now and only for Vision Pro), and many other features.

gamedever commented on 3,200% CPU Utilization   josephmate.github.io/2025... · Posted by u/atomlib
williamdclt · 10 months ago
It's a decent rule of thumb, but it definitely needs some pragmatism. Squashing any error, strangeness and warning can be very expensive in some projects, much more than paying the occasional seemingly-unrelated problem.

But of course it's quasi-impossible to know in advance the likelihood of a given error participating in a future problem, and whether it's cheaper to fix this error ahead or let the problem happen. So it becomes an art more than a science to decide what to focus on.

"fix nothing" is certainly a horrible approach, "fix everything" is often impractical. So you either need some sort of decision framework, or a combination of decent "instinct" (experience, really) and trust from your stakeholder (which comes from many places, including good communication and track record of being pragmatic over dogmatic)

gamedever · 10 months ago
if there are any warnings I'm supposed to ignore then there are effectively no warnings.

there's nothing pagmatic about it. once I get into the habit of ignoring a few warnings that effectively means all warnings will be ignored

gamedever commented on The man who spent forty-two years at the Beverly Hills Hotel pool (1993)   newyorker.com/magazine/19... · Posted by u/zeveb
rtpg · 10 months ago
This is not as true as it used to be. I don't even know how true it used to be!
gamedever · 10 months ago
it's still true except in a few special popular areas
gamedever commented on The man who spent forty-two years at the Beverly Hills Hotel pool (1993)   newyorker.com/magazine/19... · Posted by u/zeveb
kamaal · 10 months ago
Owning a home is always good no matter what the finance influencers tell you. In fact, earlier the better. Its not even the buying vs renting thing, renting is bad, you don't get to own anything at the end of the journey, and often the kind of things you have to put up with to save rent, or avoid getting homeless in case of of a job loss or other life crisis is just worth your mental health. Most of your life is spent paying up for the landlords ownership.

People often arrive at the scene when most of the options are gone years back, and they wish they bought at the price that existed back then. Get disappointed and lawyer through the arguments to justify renting a home.

gamedever · 10 months ago
Japan would like have a word with you. Houses in Japan are like cars. The moment you buy it it's now "used" and worth less and it keeps doing down in value.
gamedever commented on Rediscovering Quaternions   jasonfantl.com/posts/Spac... · Posted by u/jfantl
hassleblad23 · 10 months ago
Because quaternions are awesome? :) it definitely feels like a discovery when you learn about them first.
gamedever · 10 months ago
Are they?

[Let's remove Quaternions from every 3D Engine] https://marctenbosch.com/quaternions/

gamedever commented on Material Theme has been pulled from VS Code's marketplace   github.com/material-theme... · Posted by u/Inityx
oefrha · 10 months ago
The original author seemed to talk a lot about funding development/maintenance, so I got curious about what the hell needs to be maintained. I cloned the https://github.com/t3dotgg/vsc-material-but-i-wont-sue-you repo and had a look. Here's a LoC summary:

  ===============================================================================
   Language            Files        Lines         Code     Comments       Blanks
  ===============================================================================
   CSS                     2          142          119            0           23
   TypeScript             32         2026         1650          243          133
  -------------------------------------------------------------------------------
   HTML                    2           59           49            1            9
   |- JavaScript           2            2            2            0            0
   (Total)                             61           51            1            9
  ===============================================================================
   Total                  36         2227         1818          244          165
  ===============================================================================
Among those, 622 lines of TS are hex color definitions for variants in scripts/generator/settings/specific. Most of the rest seems pretty boilerplatey, e.g. look at the 599 lines in scripts/generator/color-set.ts.

So the question remains: what the hell is there to maintain (that takes more than a couple minutes every $godknowshowlong)? I've published and maintained waaaaay more substantial open source projects for years without expectation of any financial contribution.

gamedever · 10 months ago
it's a problem. As soon as it became easy to ask for money via Patreon or githib sponsorship, etc... tons of people are going to try to get some for minimal effort. It's just the nature of the beast.
g

u/gamedever

KarmaCake day150January 29, 2025View Original