As I said a few years ago in my blog post, the problem is that browser extension developers are mostly incompetent in security, and will sell all their users to scammers for a few thousand dollars.
Do not trust anonymous developers with no track record.
vitonsky.net/blog/2023/09...
#security
Over 100 malicious extensions in the Chrome Web Store are stealing Google OAuth2 bearer tokens by injecting backdoors and carrying out ad fraud.
Researchers at Socket concluded they’re all part of a coordinated campaign, operating under a MaaS model.
socket.dev/blog/108-chr...
#security #malware
WASM has limitations: no threads, no hardware acceleration, etc.
So it is interesting what other real-world use cases can you imagine?
Maybe you already used WebAssembly to solve some problems or business needs. Tell about it.
What practical use cases for #WebAssembly can you imagine?
Tell about it in this thread.
I use WASM to integrate software solutions across different stacks. I compile a Twofish cipher implementation from C to WASM and use it in the browser.
#wasm #webassembly #askfedi #opensource #programming
It would be nice if browser automatically load the WebAssembly modules, bind the native web APIs directly (without any JS glue code), and run the module.
We could write the code for web apps in any language and then compile it to a WASM.
hacks.mozilla.org/2026/02/maki...
#wasm #webdev #javascript
People at Anthropic say they’ve found over 500 high-severity vulnerabilities using Claude.
Looks like 0-day exploits might become widely accessible soon.
red.anthropic.com/2026/zero-da...
#security #research #llm
Nothing extraordinary, we may do the same thing with a for + break, but this way let us organize code better, represent it in a pipeline manner
Yes, this way give us a 2 wins - all processing steps for one item will be run in one step instead of iterate array N times, and we consume only number of items we really need and stop when have enough items, unlike a standard way.
Matt Smith noticed that the Iterator utils is widely available now (since ~2024).
So we may keep an arrays processing look like a pipeline, but do it lazy and reach significant performance win. A trivial change is needed.
Someone had to remind us all of this.
allthingssmitty.com/2026/01/12/s...
New blog post where I show a nano-queries, an state of the art Query Builder for a SQL and NoSQL queries.
Fun fact, the JavaScript infrastructure had no a query builder before. Only ORM solutions that makes hurt your queries performance.
vitonsky.net/blog/2026/01...
#opensource #sql #javascript
Don't shout at your drives!
I just found a video where a man shouts at an HDD array and its latency are noticeably increases because of vibrating.
youtu.be/tDacjrSCeq4?...
#devops #science #humor #funny
Can somebody explain why it so difficult to LLMs to place a commas correctly?
The "villain," on my screenshot.
All LLM I've tried last few years had this problem. Such problems makes me feel the LLM nowadays like a CGI in 2000s when people have called it a "photo realistic graphic".
#ai #llm
One weird thing I noticed is they recommend a Vue as a default frontend framework that makes me thing they are weak in a frontend things like those who have invent a HTMX.
I discovered tauri.app recently. Do you have any feedback on it?
They define it as a framework to build cross platform apps based on web technologies like Electron does, but app will takes reasonable size like 600kb (not a 200mb unlike Electron).
#opensource #programming #frontend
How do you search for a new good movies to watch among a tons of garbage released in last 20 years?
Do you use an IMDB or any other service?
#movies
Just released Ordinality — a framework-agnostic migration tool for Browser, Node, and Deno.
We use it in production on both backend and frontend.
Ordinality works with any database — IndexedDB, SQL, state files, or anything else.
github.com/vitonsky/ord...
#opensource #javascript
I just read email from NPM "New TOTP 2FA configurations disabled (existing TOTP still works)".
It looks NPM will disable TOTP and force package authors to use WebAuthn/passkeys.
Business as usual. Spot an opportunity to hype it up and cash in.
#opensource #programming #javascript
Just found a fun article where author uses cluster of 3 candles as a clock source.
cpldcpu.com/2025/08/13/c...
Linguist is a browser extension that translate content on web page. It cannot work other way, because "translate web page content" implies access to DOM of web page.
Linguist is highly customizable.
In recent update has been added an option to control what elements must not be translated.
User now can describe elements to ignore as CSS selectors and Linguist will skip translation on anything that match the query.
Linguist made it to the Top 3 extensions in the Chrome Web Store.
Try it: linguister.io
It is the only in-browser translation solution that respects your privacy.
#opensource #browser #extension #FOSS
Roasting post about Matrix - probably the most disappointing project claiming to be a "privacy-focused messenger," but actually a scam targeting naive people.
xn--gckvb8fzb.com/giving-up-on...
#security #privacy
Just publish NPM package `langstats` that provides stats with speakers count and countries list where language is used.
Basically, that's a small dataset i maintain for our products purposes.
Will be useful for those who work on internationalization, to prioritize work.
github.com/translate-to...
Then how you can explain that Linguist still not in privacy guides list?
Because It's literally the single one extension who really care about privacy as I explained above bsky.app/profile/vito...
It was rejected twice as I can see.
New post on blog, with insights around why it's nice to have open source project, why you can't rely on donations, and how you can actually make money on your pet project.
Good to read for open source maintainers with existential questions.
#opensource #programming
vitonsky.net/blog/2025/06...
Hey @privacyguides.org
How you can comment on that?
Isn't that a "privacy" about?
Linguist is literally the single one project about translation who support custom translation modules.
This feature let you up LLM locally and translate any content on all sites with LLM
You may also do it with rule-based machine translation (RBMT), statistical machine translation or anything else
For me it looks like site where you should pay moderators to publish your product. I did not pay, so my product is not there.
There are many sites based on this model, and I sure all of them is a bad company to trust.
For me as a security researcher who built a linguister.io with embedded offline translator and support for custom translators, it looks suspicious that Privacy Guides still did not added Linguist at their site for more than 4 years.
They have discussion discuss.privacyguides.net/t/translatio...
Actually problem have widely affects, out of "Copilot" scope