<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: dotproto</title><link>https://news.ycombinator.com/user?id=dotproto</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 03 Jul 2026 01:56:39 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=dotproto" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by dotproto in "Hacker News but for independent blogs"]]></title><description><![CDATA[
<p>Ctrl+Click / Cmd+Click also opens in a new tab.</p>
]]></description><pubDate>Thu, 18 Jun 2026 22:11:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48592340</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=48592340</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48592340</guid></item><item><title><![CDATA[New comment by dotproto in "Uber's $1,500/month AI limit is a useful signal for AI tool pricing"]]></title><description><![CDATA[
<p>As someone involved in the WebExtensions Community Group who has been (slowly) trying to figure out what, if anything, we should do at the platform level around these use cases, I appreciate you raising and repeating this concern. I'd be obliged if you have any other recommended reading around this topic.</p>
]]></description><pubDate>Fri, 05 Jun 2026 19:15:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=48416924</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=48416924</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48416924</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: Agent-browser-shield – free extension to protect AI agents on the web"]]></title><description><![CDATA[
<p>Oh, this is interesting! I assume most of the heavy lifting to identify and filter content is being performed by the content script. In practice have you see any issues with models accessing page content before the extension has been able to sanitize the page?</p>
]]></description><pubDate>Fri, 05 Jun 2026 18:49:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=48416624</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=48416624</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48416624</guid></item><item><title><![CDATA[New comment by dotproto in "Build Adafruit projects right from Firefox"]]></title><description><![CDATA[
<p>Do you mean Firefox on iOS? If so, that would require the firefox-ios project to adopt BrowserEngineKit, which is relatively new. Firefox for iOS WebExtension support is being tracked in <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1497374" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1497374</a></p>
]]></description><pubDate>Wed, 27 May 2026 19:34:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=48299381</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=48299381</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48299381</guid></item><item><title><![CDATA[New comment by dotproto in "Claude for Chrome"]]></title><description><![CDATA[
<p>Also pretty easy with Firefox's new profile manager <a href="https://support.mozilla.org/kb/profile-management" rel="nofollow">https://support.mozilla.org/kb/profile-management</a></p>
]]></description><pubDate>Wed, 27 Aug 2025 00:59:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=45034234</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=45034234</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45034234</guid></item><item><title><![CDATA[New comment by dotproto in "Claude for Chrome"]]></title><description><![CDATA[
<p>Just took a quick glance at your extension and observed that it's currently using the "debugger" permission. What features necessitated using this API rather than leveraging content scripts and less invasive WebExtensions APIs?</p>
]]></description><pubDate>Tue, 26 Aug 2025 23:59:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=45033828</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=45033828</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45033828</guid></item><item><title><![CDATA[New comment by dotproto in "Gorhill pulls uBlock Origin Lite from Firefox store"]]></title><description><![CDATA[
<p>Simeon from the Firefox Add-ons team here. Sorry about the rocky experience. I realize this is a bit late for your situation, but earlier this year the source code submission docs were updated with information about the default reviewer build environment[1].<p>It's not a huge improvement, but it sounds like one thing we could do to improve the communications process around build errors is to include a link to this documentation in the notification email sent to developers. I'll create a ticket for this now.<p>[1]: <a href="https://extensionworkshop.com/documentation/publish/source-code-submission/#default-reviewer-build-environment" rel="nofollow">https://extensionworkshop.com/documentation/publish/source-c...</a></p>
]]></description><pubDate>Thu, 03 Oct 2024 23:43:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=41736253</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=41736253</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41736253</guid></item><item><title><![CDATA[New comment by dotproto in "About Google Chrome's "This extension may soon no longer be supported""]]></title><description><![CDATA[
<p>Asking as a browser contributor, what do you feel is missing from MV3?</p>
]]></description><pubDate>Tue, 06 Aug 2024 17:19:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=41172969</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=41172969</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41172969</guid></item><item><title><![CDATA[New comment by dotproto in "Ask HN: Who has had a successful PWA product?"]]></title><description><![CDATA[
<p>I was about to say "concurrent writes shouldn't be a problem because localStorage is synchronous and JS is single-threaded," but then I started thinking about multiple tabs, WebWorkers, and multi-process browsers and figured I should double-check the spec.<p>> Warning! The localStorage getter provides access to shared state. This specification does not define the interaction with other agent clusters in a multiprocess user agent, and authors are encouraged to assume that there is no locking mechanism. A site could, for instance, try to read the value of a key, increment its value, then write it back out, using the new value as a unique identifier for the session; if the site does this twice in two different browser windows at the same time, it might end up using the same "unique" identifier for both sessions, with potentially disastrous effects.<p><a href="https://html.spec.whatwg.org/multipage/webstorage.html#introduction-15:dom-localstorage-2" rel="nofollow">https://html.spec.whatwg.org/multipage/webstorage.html#intro...</a></p>
]]></description><pubDate>Wed, 19 Jun 2024 07:26:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=40725770</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=40725770</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40725770</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: I made a CLI tool to create web extensions with no build configuration"]]></title><description><![CDATA[
<p>Would love to hear your thoughts on how to improve it ;)</p>
]]></description><pubDate>Wed, 01 May 2024 15:57:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=40225076</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=40225076</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40225076</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: I made a CLI tool to create web extensions with no build configuration"]]></title><description><![CDATA[
<p>Can you share more about what you find frustrating or confusing about this process?</p>
]]></description><pubDate>Wed, 01 May 2024 15:52:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=40225013</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=40225013</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40225013</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: I made a CLI tool to create web extensions with no build configuration"]]></title><description><![CDATA[
<p>Chrome extensions are published on Chrome Web Store (<a href="https://chromewebstore.google.com" rel="nofollow">https://chromewebstore.google.com</a>), not on Google Play.</p>
]]></description><pubDate>Wed, 01 May 2024 15:51:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=40224996</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=40224996</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40224996</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: I made a CLI tool to create web extensions with no build configuration"]]></title><description><![CDATA[
<p>I don't know exactly what the the person you're replying to had in mind, but support for different parts of the manifest varies (especially in Manifest V3). While it's possible to write a single manifest that works in all browsers (with warnings), doing so requires more than a little specialized knowledge.<p>For example, Firefox does not currently support the `optional_host_permissions` top level manifest key. To work around this, developers can declare their optional host permissions in both the `optional_host_permissions` array for Chrome compatibility and in the `optional_permissions` array for Firefox/Safari compatibility.<p>Another example is that currently only Chrome supports `background.service_worker` in stable releases. To work around this, developers can write their MV3 background scripts in a way that's compatible with both service workers and event pages, then declare both in the manifest like so:<p>```json
{
  "background": {
    "scripts": ["background.js"],
    "service_worker: "background.js"
  }
}
```</p>
]]></description><pubDate>Wed, 01 May 2024 15:28:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=40224653</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=40224653</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40224653</guid></item><item><title><![CDATA[New comment by dotproto in "Detect when your installed Chrome extensions have changed owners"]]></title><description><![CDATA[
<p>To my knowledge no browser supports transferring an extension's user base from one extension to another. If you want your users to switch, the only think you can do is show them a link of where to get the new extension they should install.</p>
]]></description><pubDate>Thu, 07 Mar 2024 15:38:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=39630371</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=39630371</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39630371</guid></item><item><title><![CDATA[New comment by dotproto in "Detect when your installed Chrome extensions have changed owners"]]></title><description><![CDATA[
<p>Both CWS (Chrome) and AMO (Firefox) supports this. It's part of Chrome's One Stop Support[1] form and Forefox's developer hub UI.<p>At the moment I don't believe any browser has features that notify end users of ownership changes.<p>[1]: <a href="https://support.google.com/chrome_webstore/contact/one_stop_support?hl=en" rel="nofollow">https://support.google.com/chrome_webstore/contact/one_stop_...</a>
[2]: <a href="https://extensionworkshop.com/documentation/publish/add-on-ownership/#:~:text=Sign%20into%20your%20account%20on,new%20author's%20email%20address" rel="nofollow">https://extensionworkshop.com/documentation/publish/add-on-o...</a>.</p>
]]></description><pubDate>Thu, 07 Mar 2024 15:36:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=39630354</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=39630354</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39630354</guid></item><item><title><![CDATA[New comment by dotproto in "Detect when your installed Chrome extensions have changed owners"]]></title><description><![CDATA[
<p>> The extension ID is derived from a private key that the developer uploads with the first upload to the app store<p>While what you described is possible, this process isn't required or the typical way an extension ID is generated. Typically developers just upload a ZIP file on their first submission, then CWS will generate and store a private key to sign the extension for public distribution.<p>> and the ID will change if any subsequent uploads include a different key.pem in their zip file<p>CWS should never change an existing extension's ID. The ID is what I uniquely identifies an extension. If the ID changed, Chrome clients wouldn't be able to request an updated version of that extension. CWS & Chrome do not support migrating users from one extension to another.<p>To the best of my knowledge CWS will reject an extension if the zip after the first submission contains a key.pem file.<p>> Therefore, if the extension ID changes, it's possible the owner changed.<p>If the extension ID changes, it's not the same extension.<p>> then the new owner could push changes without even needing access to that key.<p>This is mostly true, but there is one case where developers CANNOT update an extension without the PEM: if the dev signed the extension they submitted to CWS. To be honest I'm not even sure this is possible to do any more; as I recall this feature was a huge foot-gun and often ended up causing developers to lose their install base because they lost their private keys that they used to sign their own uploads.</p>
]]></description><pubDate>Thu, 07 Mar 2024 15:30:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=39630296</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=39630296</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39630296</guid></item><item><title><![CDATA[New comment by dotproto in "US developers can offer non-app store purchasing, Apple still collect commission"]]></title><description><![CDATA[
<p>Sounds like literal rent seeking behavior.</p>
]]></description><pubDate>Fri, 26 Jan 2024 01:11:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=39137741</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=39137741</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39137741</guid></item><item><title><![CDATA[New comment by dotproto in "Chrome's next weapon in the War on Ad Blockers: Slower extension updates"]]></title><description><![CDATA[
<p>> If the idea is that these DNR rules require non-fast-trackable thorough reviews, but dynamically updating them will bypass those thorough reviews, than I am at a lost to understand the logic of treating them as requiring thorough review.<p>While they solve similar problems, these are different systems with different constraints.<p>* In order to allow something through the review process without close examination, you need to be sure it will not compromise end users. The block, allow, and allowAllRequests actions are known to present minimal risk to user's web browsing activities. The same cannot be said for redirecting requests or modifying a request's headers.<p>* Dynamic rule registration logic can be statically analyzed for risk assessment purposes. For example, say you're looking at two extensions that both have dynamic rules. Extension A only dynamically register block rules based on remote configuration. Extension B has <all_urls> and passed an arbitrary JSON object to the updateDynamicRules call. Personally, I'd be very concerned about what Extension B could do at the developer's behest, whether intentionally or if the dev's servers are compromised. IMO Extension B may even cross the line on what store policy permits.<p>* Expectations for extension's static content are different from an extension's dynamic operations. If an extension has code that explicitly does something nefarious and that passes review, the review process will be raked over the coals by commentators. If an extension's static contents are benign but a developer makes it do something nefarious at runtime, there is more understanding that this behavior may not have been visible to reviewers during the review process.<p>I'm sure there are more differences worth mentioning, but I need to run.<p>As a final parting thought, if safe rules and fast track review were already implemented and dynamic rules were being proposed today, I expect we'd be having conversations about whether or not devs should be able to register unsafe dynamic rules. I think there's a realistic possibility that we wouldn't allow it. Or if we did, that this capability would be gated by a new permission with a warning.</p>
]]></description><pubDate>Sat, 09 Dec 2023 00:18:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=38576767</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=38576767</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38576767</guid></item><item><title><![CDATA[New comment by dotproto in "Show HN: Bedframe – open-source Browser Extension Development framework"]]></title><description><![CDATA[
<p>No one does at the moment. The deprecation is on hold, but Chrome has stated that they "will provide at least 6 months between a timeline announcement and any experiments deprecating MV2 features": <a href="https://developer.chrome.com/docs/extensions/migrating/mv2-sunset/" rel="nofollow noreferrer">https://developer.chrome.com/docs/extensions/migrating/mv2-s...</a></p>
]]></description><pubDate>Wed, 06 Sep 2023 16:05:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=37407090</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=37407090</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37407090</guid></item><item><title><![CDATA[New comment by dotproto in "Firefox users may import Chrome extensions now"]]></title><description><![CDATA[
<p>> I wonder if the main obstacle to (actual) cross-browser extensions isn't so much technical but rather political.<p>Normally when browser folk talk about "cross-browser extensions," we're not focusing on the distributable package so much as the source code. As you suggest, there are a variety of reasons that browsers aren't terribly interested in having a single authoritative distribution channel. For that matter, the packaging format is explicitly not something we intended to discuss in the WebExtensions Community Group[1]. While we diversity in how extensions are marketed and distributed, we want the actual code of the extensions to be as reusable as (reasonably) possible.<p>[1]: <a href="https://github.com/w3c/webextensions/">https://github.com/w3c/webextensions/</a></p>
]]></description><pubDate>Mon, 28 Aug 2023 18:20:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=37298365</link><dc:creator>dotproto</dc:creator><comments>https://news.ycombinator.com/item?id=37298365</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37298365</guid></item></channel></rss>