HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jkl5xx

no profile record

Submissions

JSON formatter Chrome plugin now closed and injecting adware

github.com
289 points·by jkl5xx·3 mesi fa·136 comments

comments

jkl5xx
·27 giorni fa·discuss
Random naive thought, could I use this to backup and version all of my user data? E.g. just point Lore at my ~/Documents folder and call it a day? I'm sure there's some scalability constraint but I have music projects, game projects, markdown notes, photos, videos, etc. and have thought in the past it'd be convenient to treat all my files like a monorepo.
jkl5xx
·mese scorso·discuss
Thanks for the level-headed response. Agreed, "blame the kings" is also an overly simplistic take. There's rarely a single entity to blame. Just wanted to bring some nuance to the hate getting thrown around here.

Redirecting frustration towards the systemic issues that drive perfectly normal people to work for a terrible company like Meta seems more productive to me.

I hate what Meta does just as much as the next guy, but shaming friends who feel like they have no better employment option doesn't seem like the best way to make a difference here.
jkl5xx
·mese scorso·discuss
This is a pretty uncharitable perspective. Most folks I know working at Meta or Amazon aren’t morally bankrupt. They just have kids, debt, poor parents with health problems, etc. They work at Meta to support their loved ones. And it’s not like you can walk onto the street and just wave down a morally superior job with similar pay and benefits. Blame the tech oligarchs, not the workers.
jkl5xx
·2 mesi fa·discuss
This misses the point that parent was making. The conversation shouldn’t be “move your data to countries you can trust”. It should be “use protocols that don’t require trust in the first place”.
jkl5xx
·3 mesi fa·discuss
I’ve had the same thought and would love this. MacOS shortcuts are too deeply ingrained in my fingers.

But every attempt of mine to make Linux shortcuts Mac-like has had too many sharp edges to be useable. Toshy didn’t seem to work well with Wayland and felt heavy. Probably the best so far I’ve found has been keyd and custom configs for your most used apps.

A community effort might get us there. Distribute the hours of tinkering across many passionate users instead of everyone doing it in a vacuum.
jkl5xx
·3 mesi fa·discuss
It’s kind of wild to read through these comments and realize hn is still riffing on the same ideas. Is it e2ee? Does it run on Linux? Who would pay for something you can slap together in a weekend with a few bash scripts? Really highlights this community’s values, skills, and blind spots. Also a bit of a bummer that the privacy and open source situations today are even worse in many ways.
jkl5xx
·3 mesi fa·discuss
Regardless of the intent, it was poorly executed and highlights security gaps inherent in the distribution model of browser extensions.
jkl5xx
·3 mesi fa·discuss
Agreed. Times are tough. Open source is under-appreciated. People are going to crack and slip up like this. We’re only human.
jkl5xx
·3 mesi fa·discuss
I did webdev for a long time, so yeah. If you want the story, I was looking into guix on asahi and ended up on https://www.asahi-guix.org/ which didn’t load anything, so I checked the page source and noticed the element.
jkl5xx
·3 mesi fa·discuss
Noticed a suspicious element called give-freely-root-bcjindcccaagfpapjjmafapmmgkkhgoa in the chrome inspector today.

Turns out about a month ago, the popular open source [JSON Formatter chrome extension](https://chromewebstore.google.com/detail/json-formatter/bcji...) went closed source and started injecting adware into checkout pages. Also seems to be doing some geolocation tracking.

I didn't see this come up on hn, so I figured I'd sound the alarm for all the privacy-conscious folks here.

At this point, I feel like browser extension marketplaces are a failed experiment. I can just vibecode my own json pretty-printer extension and never deal with this problem again.
jkl5xx
·4 mesi fa·discuss
Good points. What local models have you found work best for your use cases? I feel like if we get to opus 4.6 level intelligence running on local hardware, we’re in the clear for a lot of day to day use cases.
jkl5xx
·4 mesi fa·discuss
Definitely interested! I've reinstalled Fedora Asahi Remix several times on my old M1 after fiddling my way into a broken state. NixOS sounds like a tinkerer's dream but getting started is a bit intimidating.
jkl5xx
·4 mesi fa·discuss
Thanks for sharing. Much better source.
jkl5xx
·4 mesi fa·discuss
> If the pen tester doing a security evaluation judges that a bug is easier to find and exploit if the source code is public, then, sharing the source code lowers your score

Good on the author for calling out how nuts this is! In the age of LLM coding agents, I feel this mentality needs to change quickly. Security through obscurity is dead. LLMs have little to no issues conversing in encoded or obfuscated data.
jkl5xx
·8 mesi fa·discuss
This is smart and a good first step. Everyone can't be trusted to do the security dance flawlessly, though. We need sane defaults. Least privilege by default for 3rd-party code. Deno's headed in the right direction with this. But I think the solution needs to exist deeper in the stack. The surge in popularity of `curl -fsSL https://my-cool-ai-starup.ai/install.sh | bash` style installers is particularly concerning to me in this regard.
jkl5xx
·8 mesi fa·discuss
Totally agree with all of your comment. To solve for structured data instead of everyone writing parsers, I’ve enjoyed using nushell (not affiliated, just love the idea). https://www.nushell.sh/

It’s like powershell but not ugly and not Microsoft.
jkl5xx
·12 mesi fa·discuss
Huh? Zed's vim emulator is one of the best I've used in an IDE. Saying it's an afterthought feels disingenuous. I'm pretty sure some of the core zed devs are big vim enthusiasts.
jkl5xx
·2 anni fa·discuss
I'd never heard of this effect before but it reminds me of a feature I've aways wanted for ios which is, in order to unlock your phone, you need to type in what you're planning to do (and maybe for how long), so you can refer to that or get notified when your memory inevitably blanks and you get sidetracked.
jkl5xx
·2 anni fa·discuss
Is there an SRS app or Anki feature that takes into account your reaction time when answering a card? I've wanted to use Anki for things like speeding up mental arithmetic but Anki doesn't seem to have a feature for measuring and plotting progress on response times.
jkl5xx
·3 anni fa·discuss
Does the local underscore variables feature solve this? Or the approach outlined in the plots tutorial? IMO, not allowing redeclaration is more valuable than supporting this use case. A slight paradigm shift away from your example gives you the significant benefits of a reactive environment with fewer edge cases/quirks. I'd much rather have a notebook error out instead of silently overwriting a value. You save so much time debugging.