HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vitonsky

no profile record

Submissions

Show HN: Transly – Cache-driven incremental translation

github.com
1 points·by vitonsky·3 maanden geleden·0 comments

Show HN: Leviathan-crypto – WebAssembly cryptography library for TypeScript

github.com
1 points·by vitonsky·4 maanden geleden·0 comments

Show HN: Nano Queries, a state of the art Query Builder

vitonsky.net
1 points·by vitonsky·5 maanden geleden·0 comments

Integrate any translation service into the browser

linguister.io
1 points·by vitonsky·10 maanden geleden·0 comments

Show HN: Pedantify – Simple CLI for proofreading text files via LLM

npmjs.com
3 points·by vitonsky·10 maanden geleden·0 comments

Show HN: DOMTranslator package to translate text nodes in DOM

github.com
3 points·by vitonsky·12 maanden geleden·0 comments

comments

vitonsky
·vorige maand·discuss
> GPU sharing with docker and VMs

Yeah, we really live in age of Internet Explorer 6 yet.

We already have cool features in browsers, like transparent backgrounds, rounded borders, and even HTML 5 video elements, but we still cannot use VM intensively for any purpose with no hassle.

Maybe 10-50 years later we finally can use Linux laptop with RTX 5060, and just run a Call Of Duty multiplayer while a local LLM will fix bugs in our code.
vitonsky
·7 maanden geleden·discuss
Yet another promotional post of Mullvad team. Nice story, but I don't buy it.

Email is fine when it is an option. Mullvad have even option to pay with a credit card & PayPal. That's more sensitive data than Email.
vitonsky
·10 maanden geleden·discuss
Well, somebody must validate data on top level. So that's fine to have packages like `is-number`/`is-arrayish` etc.
vitonsky
·10 maanden geleden·discuss
Good idea. Probably nowadays this would not work due to changes in chrome extension API? They have limit a network interception API.
vitonsky
·10 maanden geleden·discuss
Current incident confirms that we can't trust to authors of DuckDB, because they can't evade a trivial phishing attack.

Tomorrow they will do it again, and attackers will replace binary files that users download with this random script. Or this script will steal crypto/etc.

To make attack vector difficult for hackers, it's preferable to download any software as packages. On linux it looks like `apt install python3`.

The benefits is

1. Repositories are immutable, so attacker can't replace binary for specific version, even if they will hack all infrastructure of DuckDB. Remote script may be replaced anytime to run any code

2. Some repositories have strict review process, so there are external reviewers who will require to pass security processes to upload new version
vitonsky
·10 maanden geleden·discuss
Just for context. DuckDB team is consistently ignores any security practices.

The single one method how to install DuckDB on laptop is to run

`curl https://install.duckdb.org | sh`

I've requested to deliver CLI as standard package, they have ignored it. Here is the thread https://github.com/duckdb/duckdb/issues/17091

As you can see that it isn't single slip due to "human factor", but DuckDB management consistently puts users at risk.
vitonsky
·10 maanden geleden·discuss
Is there any real games with LLM dialogues?

Recently I've tried Baldur's Gate 3, gameplay looks nice, but options in dialogues written by 12 y.o. kid. It would be nice to talk via LLM that would have the described character personality.
vitonsky
·11 maanden geleden·discuss
No, thanks. I already spent time to write tests while implementing a features, now I have a lot of tests that proof the feature is works fine, and I no more fear to make changes, because tests keep me safe of regression bugs.

The typical problems of any code base with no tests is a regression bugs, rigid team (because they must keep in mind all cases when code may destroy everything), fear driven development (because even team with zero rotation factor don't actually remember all problems they've fixed).
vitonsky
·11 maanden geleden·discuss
I have couple open source NPM packages I develop together with other developers. In some of this packages I have less than 50% contributions in code. But I listed as contributor on NPM, just because I found this packages and did not update contributors list a long time.

So definitions does not matter when stats that author refers, does not include a developers who own over 50% code in repo, but includes me as contributor.

That's widely known problem of programmers to believe that world is perfect and all data are always actual. Actually it won't.
vitonsky
·11 maanden geleden·discuss
Huh, I just checked stats on ecosyste.ms

It looks they consider as maintainer only those people who listed on package.json, not a real number of contributors on github or anything.

So all conclusions in this post is based on wrong assumption and incorrect data interpretation. That's all you need to know about it.

I think you could list random people on github in your package.json to looks cool in eyes of stats cultists.
vitonsky
·11 maanden geleden·discuss
It looks like whisper + google translate + google TTS. Typical "quality" for that stack, bad latency, no any privacy.

I'm developer of "Linguist", a browser extension for translation in browser, and I say you that nowadays it is possible to translate text locally in device. Linguist have embedded offline translator. The same with TTS and voice recognition.

All this features may run locally in-device, even in browser extension, but not in macOS application?

This product looks rather like a malware that will spy on users and then blackmail us or sell our conversations to email scammers for better targeting or anything.

Additionally it is interesting that Chinese and Korean languages is not supported. You just use cloud services, they are all support these languages, why you don't? Is it to fake something?

"12 hours translation per month" for $29. 12 hours it's about 6-12 meetings? Who is your audience then?
vitonsky
·11 maanden geleden·discuss
> The old URL redirects to the new one, so in theory existing posts/backlinks keep working. We also agreed the original creator wouldn’t reuse the “unity-mcp” repo name under his GitHub profile, which could break redirects.

Why?

A lot of times I faced with page 404 when clicked GitHub links that have been moved.

Isn't it good idea to do it like that - Move repo to new org (to move stats and activity) - Create repo with the same name that are fork of a target repo - Update readme to explain repo was moved - Archive the repo to place a warning on top of the repo

This way make users have to click link in original github repo, to go on your repo.

So it would be a problem if you need to show a numbers and you need to fake activity. But if you don't need fake activity, it is not a problem, because a real people who really looking for solution will be able to click one more link.

On the other hand, this way ensure that whole content will be available by indexed links.

How to prevent 404 and why people still faces with it on GitHub?
vitonsky
·11 maanden geleden·discuss
How exactly this vision will make money for you?

Currently it sounds you just a kid who want to be paid. Is there anything more except "you all owe to me" in this claim?
vitonsky
·11 maanden geleden·discuss
One yet another narrative that claim all people owe to an open source.

I believe, once in deep future, an open source developers will grown and stop repeating this sectarian mantra.

No one owes you anything. If you do opensource and you need in money - use your open source as marketing tool to promote services you sell.

It's simple as 2+2, I've mention it in my blog post https://vitonsky.net/blog/2025/06/24/open-source/

I think those who believe a companies will pay to you for a random OSS is just a kids. Ask people who can use a sheets, they explain you why your product will die with this approach.
vitonsky
·12 maanden geleden·discuss
Check discussion in GitHub issue https://github.com/turt2live/matrix-bot-sdk/issues/363

Quote > Decryption of messages in encrypted rooms always end with error `Error: Can't find the room key to decrypt the event`

Maintainer action is "turt2live closed this as not planned on May 10, 2024"

It's all you need to know about a goals of Matrix and its success.
vitonsky
·12 maanden geleden·discuss
No, as i wrote in issue title and explained twice in this thread, the problem is bot SDK does not support encryption. It must work by default, for "privacy focused" application. Chat with no encryption must be an option, not default.

Matrix protocol is over-complicated, as consequence any SDK and even clients are over-complicated too, that eventually makes any interaction with Matrix is difficult, unpleasant, and error-prone.

Matrix design is error-prone by its nature:

Keys exchange confuses many users, I had many questions of people who are not programmer.

Matrix encourage login at random sites who up their web client, that is critical security problem.

But a Matrix fans are blind to a problems. This is why I don't believe Matrix will transform from marginal chat for freaks to a mainstream chat where people talk. So eventually, Matrix is a platform where Matrix fans talks about Matrix and send porn to each other.
vitonsky
·12 maanden geleden·discuss
Matrix community scam everyone when claim a matrix is a privacy-focused. And you are part of this community who deceive people. The fact that anything is open source is not make it "privacy focused".

Literally everything in Matrix is designed against privacy and security. Check issue I mention above. The product that is "privacy focused" would never have such type of problems that will force developers to say that lack of encryption for chats is a minor problem that will not be fixed.
vitonsky
·12 maanden geleden·discuss
Yeah, Matrix UX is disgusting in every aspect.

Every client looks bad, works slow and most of them have only subset of features.

At 2025 year I still can't see online status when I use most popular server and client.

When I use SDK as a developer, *I can't use encryption* for bots. I've created issue about it over year ago https://github.com/turt2live/matrix-bot-sdk/issues/363 and maintainer just closed it as not planned to fix.

Matrix Protocol is overcomplicated and ridiculous. As I understood, the reason of mentioned problem with lack of "online status" feature is a high network load that yields by presence status feature, so server owners just disable this feature.

It is ridiculous that messenger who state it is "privacy focused" - can't handle encryption for bots and sell us idea that it's fine to log-in in my account on random site on internet. Because any site where i enter my password and secret key, may steal my password.

The same thing with applications. "Reference implementation" of app is an Electron app that loads javascript from internet and may inject malware anytime.

My impression is that Matrix is a scam to spy over people who blindly believe in security, like a Telegram does.
vitonsky
·vorig jaar·discuss
I tried to use this model in my package with translators kit https://github.com/translate-tools/core/pull/112

It runs very slow. Test case that run translation for text in 3k chars multiple times, takes about 30 seconds for google translator, but more than 10 minutes for `nllb-200-distilled-600M`.

Text sample: https://github.com/translate-tools/core/pull/112/files#diff-...

My tests runs on nodejs, it looks in browser it have no chance for real world use
vitonsky
·vorig jaar·discuss
As maintainer of https://linguister.io/, should I start work on polyfill for that API?

If this API will be implemented in next few years, there will be browsers who hold up the world in progress.

Linguist have enough many users, so we could expose this API for client side code, and users with browsers where Translation API is not implemented yet, could install Linguist and sites who uses Translation API would works fine. Translation API calls would proxy by Linguist and preferred translator module would be used.

Any thoughts about it?