HackerTrans
TopNewTrendsCommentsPastAskShowJobs

matusfaro

no profile record

Submissions

LocalRouter: Use free-tier across all providers

localrouter.ai
2 points·by matusfaro·4 месяца назад·1 comments

LocalRouter: MCP via LLM

localrouter.ai
1 points·by matusfaro·4 месяца назад·0 comments

Show HN: LocalRouter: Open-Source Desktop App for Smart LLM Routing and MCPs

localrouter.ai
1 points·by matusfaro·4 месяца назад·1 comments

Show HN: Open-Sourcing My Own "Gamified" Wedding Invitations

matusnomin.com
2 points·by matusfaro·2 года назад·0 comments

Tell HN: Color Blind Awareness Day: Set Your Screen to Grayscale

4 points·by matusfaro·2 года назад·3 comments

Show HN: Firefox addon to quarantine a tab to use offline with private data

166 points·by matusfaro·3 года назад·54 comments

Ask HN: Thoughts on isolating an “allegedly” offline site?

5 points·by matusfaro·3 года назад·2 comments

Ask HN: Help with suspected malware extension with 10M users

14 points·by matusfaro·3 года назад·8 comments

comments

matusfaro
·3 месяца назад·discuss
This usually happens in single page apps (SPA):

The proper way is to have an actual link but to override the behavior to navigate within the SPA. So if you click it, the navigation will be within the SPA but if you ctrl+click it, the browser takes over and opens the underlying link in a new page.

Typical issue is when a developer forgets to make it an actual link, but only inclides the SPA navigation.
matusfaro
·4 месяца назад·discuss
I built something I needed:

A local desktop app that acts as a gateway for LLMs, MCPs and Skills with smart routing and optimizations built-in.
matusfaro
·4 месяца назад·discuss
Hey HN!

With Claude and a strong hammer, I made a desktop app that acts as a gateway for LLMs and MCPs to solve some of my problems:

- One place to auth my MCPs and LLMs and to dynamically assign them to apps

- Monitor and intercept requests for debugging AI Apps and MCPs

- LLM routing with local fallback, using up free-tier first across providers

- Just for fun: Enriching LLMs with injected MCPs, Skills, JSON repair, msg compacting/indexing, Memory, etc..

It's a great tool for developing AI apps as well as managing a handful of MCPs and LLMs.
matusfaro
·4 месяца назад·discuss
[dead]
matusfaro
·2 года назад·discuss
Agreed, I was only suggesting to use Grayscale to cover all types of color-blindness and to encourage creating UIs that are independent from any color as it's a bad habit in general. It's easier to remember to not rely on any color rather than just red-green.
matusfaro
·3 года назад·discuss
Living in Ulaanbaatar Mongolia for some time I experienced temperatures of -20 -30 -40 Celsius. Every ten degrees lower I thought it was going to be the same, but was I wrong.

My most notable discovery was when I wanted to jump start my car, because the battery died due to the cold. I was about to bring out my jumper cables when my local friend told me to bring the cables inside first.

I didn't understand why and naively ignored what he said only for the rubber jumper cables to literally crumble in my hand, breaking as I tried to straighten them.

Mongolians are so resilient and have so much knowledge on how to survive in extreme weathers with a simple yurt and a livestock of 100 sheep goats and horses.
matusfaro
·3 года назад·discuss
> love a tool to see which tabs are talking with each other also

Cool idea but probably not that useful and difficult to accomplish. There are many ways to communicate that could be grouped into:

1. tab -> tab (same domain)

2. tab -> tab (different domain)

3. tab -> server -> tab

For #1, there are so many ways to transfer information it would be hard to detect and differentiate whether it's communication or just happens to be using the same resource. (e.g. one sets a cookie or local storage and the other one reads it)

For #3, it would be impossible to detect. Especially if detection is an issue, both tabs could be communicating with unrelated servers which talk with each other.

For #2, it would be the only interesting one as there is limited options (e.g. Broadcast Channel), but at the same time I assume rarely used in practice. And if detection is an issue, they would switch to #3 to avoid it.
matusfaro
·3 года назад·discuss
Funny that you say Sonos.

I also remember there was a data-over-voice library called "chirp.io" which now redirects to Sonos homepage. Now I know why they acquired them :)
matusfaro
·3 года назад·discuss
I can certainly do that. I used a browser extension boiler plate that minifies it by default. I submitted an issue for myself to fix this [1]

1. https://github.com/matusfaro/quarantab/issues/3
matusfaro
·3 года назад·discuss
We have our first bug bounty!

Thank you "dz2742" for finding out [1] existing connections including websockets are not terminated and has won 100 USD! This is exactly the type of exploit I was hoping to catch.

Now I have to figure out how to fix that :) And also think about refilling the bug bounty pool without becoming very poor very soon.

https://github.com/matusfaro/quarantab/issues/2
matusfaro
·3 года назад·discuss
The Contextual Identity API indicates that it's supported [1] in Firefox for Android so will need see how usable it is. I was planning on testing my extension on Android soon.

Looking into it more, there is an open request to complete the work in Android Firefox [2] and also to make the MAC extension for Android too [3]

1. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

2. https://bugzilla.mozilla.org/show_bug.cgi?id=1807456

3. https://connect.mozilla.org/t5/ideas/multi-account-container...
matusfaro
·3 года назад·discuss
Interesting options, wasn't aware of those.

The only minor counter-argument would be laziness as a security threat: the more difficult you make the process, the more likely the user will skip seemingly useless steps, thus compromising security.
matusfaro
·3 года назад·discuss
> built in permission to disable AJAX after page load

Interesting, but consider this is a cat-and-mouse game. If you are the only one using this trick it may work for you, but I assume would be easy to overcome. (e.g. keep the page loading forever or until ads are loaded. Have the ads be J-free after page load, ...)

> website could play background music ... another tab could listen

You would need mic access from the other tab, but yes. If you send it over high enough frequency you wouldn't even hear it. You would just have a visual feedback that the tab is playing music.

On a side-note, I recall there was some kind of hardware device pairing (maybe Chromecast?) that used data over voice to establish that you are physically near the other device.
matusfaro
·3 года назад·discuss
> Chrome's profiles are actually superior due to ability to have different extensions and history per profile

Interesting attack vector I haven't thought about which could leak information out of a network-locked Firefox Container. It would be under an assumption you have either:

1. A malicious extension installed (you have a much worse problem in this case)

2. A side-effect of an existing extension that leaks information to the outside world. (e.g. translate a part of a page, lookup a word in a dictionary, pre-fetch some images...)

> Firefox's containers are only useful if you want multiple logins

I think there are valid use cases for both Containers and Profiles. You can go down the list to have more and more isolation as needed:

- Grouping tabs to stay organized, no isolation

- Firefox containers, same browser window, shared history & extensions

- Chrome profiles, almost complete isolation within same browser (different processes)

- Separate browser instances

- Separate devices
matusfaro
·3 года назад·discuss
What actually triggered my idea was a recent DNaaS HN post [1] that tells you your expected life expectancy and other cool facts based on your country and birthdate which I was reluctant to input my actual birthday.

1. https://news.ycombinator.com/item?id=37324733&
matusfaro
·3 года назад·discuss
> it allows for multiple levels of isolation

Yes! Chrome has a visually similar functionality to Firefox Containers hidden away behind a feature flag [1] at the moment. BUT under the hood it's simply just tab grouping with no isolation. I presume isolation is against Google's interests so we will never see this kind of feature.

As for Firefox's API, the Contextual Identities API [2] that allows you to create/delete containers is amazing and easy to work with as a dev. And it works out-of-the-box, it doesn't need the companion addon Multi-Account Containers (MAC) [3] which really should've been part of Firefox in my opinion.

1. chrome://flags/#tab-groups-save

2. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

3. https://addons.mozilla.org/en-US/firefox/addon/multi-account...
matusfaro
·3 года назад·discuss
Agreed, and to be honest, this extension is more for myself as I would be extremely skeptical if someone else made it especially with the permissions it requires.

It would probably be more successful as a feature added to an existing trusted extension such as Temporary Containers.
matusfaro
·3 года назад·discuss
Yes, in addition to deleting all browsing data (maybe in a private window) for that site prior to re-enabling internet otherwise the site could store information locally and transmit it once online.

It is time consuming to do this and do it right so I actually already created an extension for it in another ShowHN post: https://news.ycombinator.com/item?id=37469321
matusfaro
·3 года назад·discuss
What if the submission points be the difference between positive and negative ai generated comments
matusfaro
·3 года назад·discuss
After covid I lost my sense of smell, and for almost 2 years my smell only recovered to about 5% of my original.

Honestly, I thought about it and I'm perfectly fine not being able to smell for the rest of my life. On the flip side, I'm actually happy I'm not impacted by unwanted smells in my environment.

Having smelt before, I don't miss it, but if I was born without it I would always wonder. Well let me tell you there's not much to miss.