Hacker News: Scryptonite

New comment by Scryptonite in "Various LLM Smells"

Scryptonite — Fri, 29 May 2026 03:48:34 +0000

I personally wonder if the writing (and coding) smells are being leveraged for watermarking/steganography. Like, if it's quirky but intentional; they're biding the time, leaving breadcrumbs so they can more effectively sift new internet content, or perhaps tracing/de-anonymizing.

I can also see how it is not necessarily the case, since all models seem plagued by having unique cliche patterns. We all seem to experience the writing smells from the same models. I see 'cleanly' a lot less from GPT 5.5 vs <5.4

New comment by Scryptonite in "WebGPU-Based WiFi Simulator"

Scryptonite — Sun, 20 Oct 2024 20:14:55 +0000

When I run the Waveguide Simulator demo on my Alienware M15 Ryzen Ed. R5 (has a RTX 3070; Windows 11 Pro, Chrome v129), I hear a distinct high pitched flutter noise emanating from my laptop. I thought it was from the speakers, but no, with my volume down it was still present as long as the simulator was playing. Weird, but very cool demo (probably my hardware, never hear this during games or other WebGPU demos). The realistic house simulation yields a different signature in the sound.

New comment by Scryptonite in "Bun v1.1.22"

Scryptonite — Thu, 08 Aug 2024 02:47:03 +0000

No question, just want to say Bun is awesome and thank you.

(minor nit: release article says "Uint8Array.prototype.fromBase64()" when it's actually "Uint8Array.fromBase64()" per the code sample. Same for .fromHex)

New comment by Scryptonite in "YouTube will delete existing video annotations on January 15, 2019"

Scryptonite — Tue, 27 Nov 2018 09:23:06 +0000

Or they could keep an archive of the annotations and provide a process for the video owners to choose to have Google 'bake' them into the video permanently after they've been shut off from being used by mainstream YT interfaces. Annotation links could be visually represented in a way that indicates their link could now be found in the description.

New comment by Scryptonite in "Presidential Alerts"

Scryptonite — Wed, 03 Oct 2018 19:13:14 +0000

> The name just automatically angers a significant portion of the population, no matter who the president happens to be.

I think that pretty much speaks to how shamefully bad politics has gotten here in the US. I see a couple of comments that jump to speculate that it could be used as a tool of politics, or that they would rather opt-out of knowing about an imminent threat to themselves and/or their fellow American's lives. I think it's selfish, considering smoke and CO2 detectors can't warn you of nuclear attacks. If an office of the state was responsible for calling out a fire in the building, I would want every chance to be informed, regardless of whether or not they were my prefered elected official. Obviously, if the system was abused I would want it to be fixed.

New comment by Scryptonite in "Valid use cases for autocomplete=off"

Scryptonite — Fri, 28 Sep 2018 22:24:55 +0000

Previous discussion about this in 2016: https://news.ycombinator.com/item?id=11911116

Last I checked you can always give Chrome a stronger hint not to autocomplete using something like this:

    document.querySelectorAll("input[autocomplete=off]")
        .forEach(element =>
            element.autocomplete = window && window.chrome ? "hell-no-chrome" : "off"
        );

I think it's a shame that they didn't design UI or something to coordinate with the user to override it in less well-behaved web apps. Instead, they just decided to ignore it completely.

New comment by Scryptonite in "Mixing Vue.js templates with server-side templates can lead to XSS"

Scryptonite — Mon, 26 Feb 2018 03:30:13 +0000

Yup. Obfusticating using a tool like http://www.jsfuck.com would get around the lack of quotations.

If the result was too verbose, you can always handroll your own JS:

    {{constructor.constructor(constructor.name.constructor.fromCharCode(97,108,101,114,116,40,39,120,115,115,39,41))()}}

New comment by Scryptonite in "Mixing Vue.js templates with server-side templates can lead to XSS"

Scryptonite — Mon, 26 Feb 2018 01:47:47 +0000

Makes sense because htmlspecialchars() doesn't protect against malicious Vue template expressions, it only converts characters that are used to represent html tags, entities or attributes (<>"'&) IIRC.

I think another solution (besides v-pre) to "fixing" it (though you might say that relying on htmlspecialchars() to protect against user-supplied {{vue expressions}} was unwise to begin with) is to replace { and } with { and } after using htmlspecialchars/htmlentities.

EDIT: Another solution would be to pass a different set of delimiters to Vue that uses characters that would be escaped by htmlspecialchars, like demonstrated in [1] or like so:

    Vue.options.delimiters = ['<%', '%>'];

[1]: https://stackoverflow.com/a/40538194/4522571

New comment by Scryptonite in "How to write a JavaScript-free todo app using just HTML and CSS"

Scryptonite — Mon, 30 Oct 2017 20:57:22 +0000

I made something very similar for fun a few years ago[0] and added it to a repository called You-Dont-Need-JavaScript[1].

CSS-only for this sort if thing is totally contrived, but making it still proved to be a fun little exercise.

[0]: https://codepen.io/scryptonite/pen/oLGzdj

[1]: https://github.com/you-dont-need/You-Dont-Need-JavaScript

New comment by Scryptonite in "Defending a website with Zip bombs"

Scryptonite — Thu, 06 Jul 2017 05:15:43 +0000

Reminds me of a time I once wrote a script in Node to send an endless stream of bytes at a slow & steady pace to bots that were scanning for vulnerable endpoints. It would cause them to hang, preventing them from continuing on to their next scanning job, some remaining connected for as long as weeks.

I presume the ones that gave out sooner were manually stopped by whoever maintains them or they hit some sort of memory limit. Good times.

A new beginning for THX

Scryptonite — Mon, 17 Oct 2016 23:12:17 +0000

Article URL: https://medium.com/@thxltd/a-new-beginning-for-thx-why-i-sold-my-company-in-my-first-year-8d2398b1e4df

Comments URL: https://news.ycombinator.com/item?id=12730681

Points: 1

# Comments: 0

New comment by Scryptonite in "Stretching the limits of CSS 3: Amazing creations in pure CSS"

Scryptonite — Thu, 15 Sep 2016 18:11:28 +0000

I once made a CSS-only Todo List[1] that demonstrated chaining sibling selectors, using the :checked psuedo selector, CSS counters and some other things to "enhance" a Todo without using JS (technically JS is used in a Jade template to compile the necessary HTML and CSS). CSS is pretty powerful.

1: http://codepen.io/scryptonite/pen/oLGzdj?editors=1000

New comment by Scryptonite in "“autocomplete=off is ignored on non-login input elements”"

Scryptonite — Wed, 15 Jun 2016 20:04:42 +0000

It's tough to say that Chrome made the right call, as I enjoy being able to (in theory) rely on browsers aiming to be standard compliant. The standard is there for a reason, no?

I noticed that the Chrome team also developed a feature called Threaded scrolling in an attempt to improve site UX, but instead (or additionally?) completely ruins the ability to rely on onscroll/onmousewheel events (let alone being able to trust the values pulled from scrollLeft/scrollTop using requestAnimationFrame or similar). This can be seen on these two GIFs, with threaded scrolling enabled (currently the default behavior): https://gfycat.com/DiligentHomelyIndianelephant and with threaded scrolling disabled (behind a chrome flag): https://gfycat.com/SlimDefinitiveErin

The same flag/feature is active on mobile Chrome as well, so the same effect can be seen. The only way to guarantee jank-free work with scroll position (for parallax or w/e) is to implement handling user-input-to-scroll-behavior entirely yourself, which is rather unfortunate imo.

You can play with this yourself: http://jsbin.com/mohehotupe/edit (might need to click "Run with JS" / or tick "Auto-run JS" to start the scroll-listening script)

My take on autocomplete is that the standard says it's something I can disable, so autocomplete="off" is simply something the browser should obey. I have no problems with users using extensions or taking "advantage" of a browser setting to "fix" websites they say have abused this attribute. But there are valid use cases for disabling autocomplete as other comments have mentioned, and all they have done is make it to where I just have to do autocomplete="sudo-off" and it "works". But what happens when other webmasters misuse the attribute again? Might as well just toss support for it if they really can't trust the page to do the right thing.

New comment by Scryptonite in "IBM Watson's Visual Recognition Demo"

Scryptonite — Tue, 22 Mar 2016 19:35:17 +0000

It classified this Labrador-"I HAVE NO IDEA WHAT I AM DOING"-meme: http://i.imgur.com/ZQaM2D7.jpg as vip: 45%, moustache: 45%, person: 26%

http://i.imgur.com/FYkxCNS.png

New comment by Scryptonite in "Amazon Dash Button"

Scryptonite — Tue, 31 Mar 2015 16:05:27 +0000

I think that if they are remotely serious (being almost April 1st) I think I'd like to see them offer to bundle NFC stickers with each product purchase, so that I can place them near the product's point of use should I want to replace it at some point in the future.

New comment by Scryptonite in "Valve replaces Steam Controller touchscreen with new analog face buttons"

Scryptonite — Sat, 15 Mar 2014 17:07:45 +0000

What makes a controller right handed?

New comment by Scryptonite in "Show HN: Add forms to your static site – no iFrames required"

Scryptonite — Tue, 25 Feb 2014 17:36:48 +0000

This might also work:

Truthfully, base64 is probably better at deterring email harvesters.

New comment by Scryptonite in "Learn You The Node.js"

Scryptonite — Sun, 02 Feb 2014 01:43:07 +0000

Least bytes?

  var a=process.argv,i=a.length,x=0;while(i>2)x-=-a[--i];console.log(x)

New comment by Scryptonite in "IBM Watson fires its own cancer-fighting ‘moonshot’"

Scryptonite — Sat, 19 Oct 2013 00:14:39 +0000

A stab in the dark would be chips made from Graphene or IBM's Silicene, if I am to understand what you quoted.

New comment by Scryptonite in "Who exactly is crawling my site?"

Scryptonite — Fri, 18 Oct 2013 21:02:07 +0000

I deal(t) with the same thing. I made it so my web server would try to stream a page that never ends, and some bots would stay connected for hours and hours. But over time they seem to have adapted.

I've also noticed some of them used to make requests synchronously (waiting for the previous to finish before making another), but they have adapted to make requests in parallel and add timeouts so they don't have their time wasted quite as long.

I created a log of the ones who stayed connected the longest.

https://gist.github.com/scryptonite/5324724

I don't bother to maintain it anymore, but it was pretty interesting watching them change tactics over time.