Skip to main content

2024-07-09

Google Chrome has a special hidden API accesible only from *.google.com

  • Google Chrome provides all *.google.com sites with extensive access to system and tab CPU, GPU, and memory usage, as well as detailed processor information and a logging backchannel.
  • This API access is exclusive to *.google.com sites, raising potential privacy and security concerns among users and developers.

Reactions

  • Google Chrome has a hidden API accessible only from *.google.com, likely used for Google Meet, providing detailed system information like CPU/GPU/RAM usage.
  • This exclusivity raises concerns about anti-competitive behavior and user privacy, as other websites can't access this information.
  • The API is built into Chrome and not listed in chrome://extensions, sparking debates about the ethics and legality of such practices.

Rye: A Hassle-Free Python Experience

  • Rye is a comprehensive project and package management solution for Python, offering a unified experience for managing Python installations, projects, dependencies, and virtual environments.
  • It supports complex projects, monorepos (repositories containing multiple projects), and global tool installations, making it versatile for various development needs.
  • The installation process is straightforward, with specific instructions provided for Linux, macOS, and Windows, as well as an option to compile from source using Rust and Cargo.

Reactions

  • Rye is a Python packaging tool that now supports "universal" resolution, allowing the generation of a locked requirements.txt file that works across all platforms and operating systems.
  • Rye uses the uv tool under the hood, which has been improved to support this universal resolution feature, making dependency management more streamlined and efficient.
  • Users have reported successful transitions from other tools like Poetry to Rye, particularly for complex projects involving dependencies like PyTorch, due to Rye's enhanced resolution capabilities.

PySkyWiFi: Free stupid wi-fi on long-haul flights

  • PySkyWiFi is a tool that exploits a loophole in in-flight Wi-Fi systems by using airmiles accounts to tunnel internet data, providing free internet access on long-haul flights.
  • The tool operates with two components: a sky proxy on the plane and a ground daemon, which process HTTP requests and responses through the airmiles account.
  • The developer successfully tested PySkyWiFi for instant messaging, live updates, and full internet access, demonstrating its potential to bypass in-flight Wi-Fi charges.

Reactions

  • Users reminisced about creative hacks with old Kindle devices, such as using Google Voice for texting and displaying messages on the home screen.
  • Discussions included ethical considerations and nostalgia for old tech hacks, like bypassing paid Wi-Fi services and using DNS tunneling to access the internet.
  • The conversation highlighted the ingenuity and resourcefulness of users in finding free internet access solutions, sparking debates on the ethics and practicality of such methods.

DB Browser for SQLite (Windows, macOS, and Most Versions of Linux)

  • DB Browser for SQLite (DB4S) is a high-quality, visual, open-source tool for managing SQLite database files, featuring a spreadsheet-like interface and full SQL query capabilities.
  • The current official version is 3.12.2, with a 3.13.x-rc1 release candidate available, and nightly builds for those seeking the latest features, though they may be unstable.
  • DB4S supports creating, editing, and managing database files, tables, and records, as well as importing/exporting data and issuing SQL queries, making it a versatile tool for database management.

Reactions

  • DB Browser for SQLite, available on Windows, macOS, and Linux, was featured on Hacker News, with a new stable version announced soon by maintainer lucydodo.
  • Users praised the software for its user-friendliness, particularly in handling large CSV files, and compared it favorably to other tools like DBeaver and SQLiteStudio.
  • The community discussed desired features such as STRICT support and offline licenses, and expressed gratitude for the tool's significance in applications like competitive gaming and development.

Anna's Archive Faces Millions in Damages and a Permanent Injunction

  • Anna's Archive, a pirate library search engine, is facing monetary damages and a permanent injunction in a U.S. court after not responding to a lawsuit by OCLC.
  • The lawsuit stems from the scraping and online publication of OCLC's WorldCat database, with OCLC claiming over $5 million in damages and seeking a default judgment and injunctive relief.
  • Despite the legal issues, Anna's Archive has switched to a new .GS domain, complicating enforcement efforts against the site.

Reactions

  • Anna's Archive is facing a lawsuit with claims of millions in damages and a permanent injunction due to alleged cyberattacks, primarily through web scraping.
  • The organization OCLC claims to have incurred over $5 million in damages, including costs for hardware upgrades, Cloudflare contracts, and salaries for employees mitigating the attacks.
  • The case raises questions about whether web scraping constitutes a cyberattack and the broader implications for data scraping practices, including potential impacts on AI training and other industries.

Z-Library admins "escape house arrest" after judge approves U.S. extradition

  • Two alleged Z-Library operators, Anton Napolsky and Valeriia Ermakova, escaped house arrest in Argentina after appealing for political refugee status.
  • They face extradition to the U.S. for charges including criminal copyright infringement, wire fraud, and money laundering.
  • The U.S. Department of Justice and FBI began seizing Z-Library’s domains in November 2022, and an international arrest warrant has been issued for the pair, whose current whereabouts are unknown.

Reactions

  • Z-Library administrators have reportedly "escaped house arrest" following a judge's approval of their extradition to the U.S.
  • They face money laundering charges, likely stemming from using user donations to fund the site, which is considered money laundering under U.S. law.
  • This case underscores the aggressive nature of federal prosecutions and raises ethical and legal debates about shadow libraries like Z-Library.

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

  • Testaankoop, the Belgian Consumers’ Association, discovered that Linksys Velop Pro 6E and Velop Pro 7 routers send Wi-Fi login details in plaintext to Amazon servers in the US, posing significant security risks.
  • Despite warnings in November, Linksys has not taken effective measures to address this issue, leading to potential Man-In-The-Middle (MITM) attacks.
  • Testaankoop advises changing Wi-Fi names and passwords via the web interface and recommends against purchasing these routers due to the security vulnerabilities.

Reactions

  • Linksys Velop routers are transmitting Wi-Fi passwords in plaintext to US servers, causing significant security concerns among users.
  • Despite being reported in November, no effective measures have been implemented to address the issue, prompting discussions about similar practices by other ISPs and router manufacturers.
  • The situation underscores the need for improved security and transparency in consumer network devices, with some recommending open-source firmware like OpenWRT to mitigate such vulnerabilities.

Making my own wedding rings

  • The author decided to make their own wedding rings using the lost PLA casting method, inspired by a Nile Red video on purple gold.
  • The process involved 3D printing, creating a plaster mold, and pouring molten metal, with initial trials using fine silver and later alloying silver with gold.
  • After several attempts and adjustments, the author successfully created unique, professional-looking rings, spending six weekends and approximately $3,500 on the project.

Reactions

  • A user shared their experience of making their own wedding rings using stainless steel and a lathe, highlighting the durability and personal significance of the rings over nearly 20 years.
  • The discussion includes various methods and materials for DIY wedding rings, such as titanium, gold, and silver, with users sharing tips and personal anecdotes about their ring-making processes.
  • The post emphasizes the sentimental value and unique experience of creating custom wedding rings, with many users noting the lasting memories and personal touches involved in the process.

The zombie misconception of theoretical computer science

  • Scott Aaronson's blog post clarifies common misconceptions in theoretical computer science, particularly the difference between computability and complexity.
  • He uses examples, such as a function determining God's existence, to illustrate that computability pertains to functions, not individual questions, and addresses misunderstandings about the P vs. NP problem.
  • Aaronson explains that computability concerns the existence of a program to map inputs to outputs, not the difficulty of creating that program, and discusses the Busy Beaver function to highlight uncomputable versus computable values.

Reactions

  • Theoretical computer science often deals with concepts involving infinity, making them unintuitive, such as the Kolmogorov complexity and the halting problem.
  • The P=NP problem remains a philosophical debate, with some comparing its complexity to the continuum hypothesis (CH).
  • The distinction between computability and provability is emphasized, showing that a function can be computable even if its exact implementation is currently undetermined.

Microsoft's Xandr grants GDPR rights at a rate of 0%

  • Xandr, a Microsoft subsidiary, collects and shares personal data of millions of Europeans for targeted advertising, auctioning ad space to thousands of advertisers, even if only one ad is shown.
  • Xandr's data is often inaccurate, misrepresenting users in contradictory ways, and fails to comply with GDPR access requests, with a reported 0% response rate.
  • noyb has filed a GDPR complaint against Xandr for transparency issues, inaccurate data, and non-compliance with access and erasure requests, urging the Italian data protection authority to investigate and impose fines.

Reactions

  • Microsoft's Xandr is reportedly granting GDPR (General Data Protection Regulation) rights at a rate of 0%, raising significant privacy concerns.
  • This issue highlights ongoing challenges in the advertising industry regarding compliance with privacy laws and the protection of user data.
  • The discussion reflects broader frustrations with how companies handle user privacy, often prioritizing business interests over legal and ethical obligations.

The Deadlock Empire: An Interactive Guide to Locks

  • "The Deadlock Empire" is an educational game designed to teach concurrency and multi-threaded programming in C# by exploiting program flaws to cause crashes or malfunctions.
  • The game includes tutorials on interface and non-atomic instructions, as well as various challenges such as unsynchronized code, deadlocks, and high-level synchronization primitives.
  • Created by Petr Hudeček and Michal Pokorný at HackCambridge 2016, the game allows users to submit feedback or ideas via GitHub.

Reactions

  • "The Deadlock Empire" is an interactive guide focused on understanding and managing locks in multithreaded programming.
  • Discussions highlight best practices such as avoiding shared mutable state, using ring buffers for message passing, and leveraging concurrent data structures or channels.
  • The guide and community comments emphasize the importance of simplicity in multithreading and the challenges of writing non-blocking code.

Dear Roku, you ruined my TV

  • A recent Roku update (version 13.0.0) introduced a feature called Roku Smart Picture, which forces motion smoothing on all content, making TVs unwatchable for some users.
  • Many Roku TV owners have reported this issue, but Roku has not provided a solution or responded adequately to customer complaints.
  • This problem is not new; a similar issue occurred in 2020 and remains unresolved, leading some users to consider purchasing non-internet-connected TVs.

Reactions

  • A Roku update has caused frustration among users by enabling motion smoothing, which many dislike, preferring original frame rates for films.
  • The discussion highlights broader issues with unwanted software updates and the challenge of finding non-internet-connected "dumb" TVs.
  • Users are considering alternatives like Apple TV or Nvidia Shield to maintain better control over their viewing experience and avoid smart TV issues.

State of Text Rendering 2024

Reactions

  • The future of fonts may include advanced features like full-color images, Web Assembly code, and network streaming, raising concerns about their necessity and complexity.
  • Oxidize, a Rust framework, aims to unify font compilation and consumption, potentially reducing development costs, but raises questions about long-term support for existing tools like FreeType and HarfBuzz.
  • The article discusses ongoing debates about text shaping involving programmable paradigms like WASM versus using existing GPU shaders, highlighting concerns about complexity and performance.

Crawlee for Python – a web scraping and browser automation library

  • Crawlee for Python is a new web scraping and browser automation library designed for building reliable crawlers quickly, now available for early adopters.
  • Key features include support for headless browsers, automatic scaling, proxy management, and type hints for improved code completion and bug detection.
  • Crawlee is free, open source, and can be installed via pip; users can join the community on Discord for support.

Reactions

  • Crawlee for Python, a new web scraping and browser automation library, has been launched by Jan, the founder of Apify.
  • Key features include a unified interface for HTTP and headless browser crawling, automatic parallel crawling, type hints, automatic retries, proxy rotation, session management, configurable request routing, persistent URL queue, and pluggable storage.
  • The library is open-source and free, aiming to simplify web scraping by handling complex tasks, allowing developers to focus on business logic, with future documentation improvements and additional features planned.

Nearly 2M metric tons of wild fish used to feed Norwegian farmed salmon annually

  • A report by Feedback and various West African and Norwegian organizations highlights that nearly 2 million metric tons of wild fish are harvested annually to produce fish oil for Norwegian farmed salmon feed.
  • This practice is negatively impacting livelihoods and causing malnutrition in West African countries such as The Gambia, Senegal, and Mauritania, with the potential to triple the demand for wild-caught fish by 2050.
  • Major feed producers like Mowi, Skretting, Cargill, and Biomar are sourcing fish oil from northwest Africa, leading to significant declines in local fish stocks and incomes, prompting calls for sustainability measures.

Reactions

  • Nearly 2 million metric tons of wild fish are used annually to feed Norwegian farmed salmon, raising sustainability and efficiency concerns.
  • Critics argue that using protein-rich food like soybeans to feed livestock instead of directly to humans is wasteful and highlights inefficiencies in food production.
  • The environmental impact of meat and fish farming, including deforestation and pollution, is significant, prompting calls for reduced meat consumption and improved farming practices.