Hacker News: matthberg

Wikidata for Developers

matthberg — Sat, 04 Apr 2026 00:15:50 +0000

Article URL: https://www.wikidata.org/wiki/Wikidata:For_developers

Comments URL: https://news.ycombinator.com/item?id=47634095

Points: 10

# Comments: 0

Mapterhorn

matthberg — Thu, 26 Mar 2026 06:27:31 +0000

Article URL: https://mapterhorn.com/

Comments URL: https://news.ycombinator.com/item?id=47527216

Points: 4

# Comments: 0

Saulala

matthberg — Sat, 07 Mar 2026 01:46:17 +0000

Article URL: https://www.saulala.com/

Comments URL: https://news.ycombinator.com/item?id=47283541

Points: 2

# Comments: 0

New comment by matthberg in "Show HN: Streaming gigabyte medical images from S3 without downloading them"

matthberg — Sat, 17 Jan 2026 10:10:39 +0000

Seems very similar to how maps work on the web these days, in particular protomap files [0]. I wonder if you could view the medical images in leaflet or another frontend map library with the addition of a shim layer? Cool work!

0: https://protomaps.com/

Compressing Cellular Automata Images (2017)

matthberg — Sat, 17 Jan 2026 02:10:28 +0000

Article URL: https://cloudinary.com/blog/compressing_cellular_automata

Comments URL: https://news.ycombinator.com/item?id=46654619

Points: 2

# Comments: 0

New comment by matthberg in "1970 Paris, cut into a grid and photographed"

matthberg — Sun, 11 Jan 2026 03:30:35 +0000

Quick summary for those confused:

In 1970 a massive project crowdsourced thousands of photographs of everywhere in Paris (nearly every single grid square on each letter sized page, a rare few have no photos).

To see the photos, click on a map section to go to the subgrid page. Then find the square grid number that corresponds to where you want to see and click the corresponding numbered link from the list at the top.

Some cool example locations:

By the Eiffel Tower: https://paris1970.jeantho.eu/carres/718.html

The Arc de Triomphe: https://paris1970.jeantho.eu/carres/427.html

Gare du Nord (urban area train station, less touristy): https://paris1970.jeantho.eu/carres/268.html

Random southern Paris neighborhood (many photos of streets, people, more suburban): https://paris1970.jeantho.eu/carres/1296.html

Random central Paris neighborhood (lots of photos, mainly of the urban architecture): https://paris1970.jeantho.eu/carres/507.html

New comment by matthberg in "Tiled Art"

matthberg — Fri, 26 Dec 2025 12:11:04 +0000

Cool site, I especially appreciate the detailed about page [1] including the libraries used for the graphics (paperjs + GSAP) and the bloopers section [2], covering interesting glitches from development.

1: https://tiled.art/en/about/#thanks

2: https://tiled.art/en/bloopers/

New comment by matthberg in "The Ultimate Windows Utility (2022)"

matthberg — Wed, 24 Dec 2025 11:16:23 +0000

Don't know if 2022 is needed since this seems to be an evergreen page for an actively developed tool (last update was 3 weeks ago).

https://github.com/ChrisTitusTech/winutil/releases/tag/25.12...

New comment by matthberg in "How to Design Programs 2nd Ed (2024)"

matthberg — Fri, 20 Jun 2025 22:09:10 +0000

He's also the person behind Practical Typography [0], a great reference/guide for essential typography and layout concepts and terms. It has opinionated recommendations covering nearly everything you'll need to make beautiful documents like this one.

Particularly helpful is the practical advice: how to get the desired results in Word, Pages, or with HTML/CSS; not just high-level abstract guidelines. There's everything from keyboard shortcuts for inserting different dashes (to accompany the explanation on when to use each type) [1] to guidance on page margins in print and on the web [2].

0: https://practicaltypography.com/

1: https://practicaltypography.com/hyphens-and-dashes.html

2: https://practicaltypography.com/page-margins.html

New comment by matthberg in "Tell HN: Help restore the tax deduction for software dev in the US (Section 174)"

matthberg — Tue, 10 Jun 2025 03:15:43 +0000

Exactly, this letter refers to the "reconciliation bill" without mentioning the better known (and more notorious) monikers "Big Beautiful Bill" or "One Big Ugly Bill".

There are so many horrific things in it, the bill must be fully opposed, not endorsed with minor changes.

New comment by matthberg in "Tell HN: Help restore the tax deduction for software dev in the US (Section 174)"

matthberg — Tue, 10 Jun 2025 03:10:21 +0000

Note that this letter's requests DO NOT include voting against the reconciliation bill, just modifying it to add a carve-out to fix Section 174. While I agree that Section 174 desperately needs reform and is harmful to the tech industry, the bill as a whole must be opposed, not tweaked.

There are many, many things wrong with the "Big Beautiful Bill", too many to fix through piecemeal efforts like this. It must be resolutely opposed, not endorsed with minor changes.

New comment by matthberg in "Covert web-to-app tracking via localhost on Android"

matthberg — Tue, 03 Jun 2025 15:20:50 +0000

I agree, yet at least you can kind of see where they're coming from.

I guess a better example would be the automatic hardware detection Lenovo Support offers [0] by pinging a local app (with some clear confirmation dialogs first). Asus seems to do the same thing.

uBlock Origin has a fair few explicit exceptions made [1] for cases like those (and other reasons) in their filter list to avoid breakages (notably Intel domains, the official Judiciary of Germany [2] (???), `figma.com`, `foldingathome.org`, etc).

0: https://pcsupport.lenovo.com/

1: https://github.com/uBlockOrigin/uAssets/blob/master/filters/...

2: https://github.com/uBlockOrigin/uAssets/issues/23388 and https://www.bundesjustizamt.de/EN/Home/Home_node.html (they're trying to talk to a local identity verification app seems like, yet I find it quite funny)

New comment by matthberg in "Covert web-to-app tracking via localhost on Android"

matthberg — Tue, 03 Jun 2025 14:17:46 +0000

Yep! Unfortunately its main method (as far as I remember from when I first read the proposal at least, it may do more) is adding preflight requests and headers to opt-in, which works for most cases yet doesn't block behind-the-lines collaborating apps like mentioned in the main article. If there's a listening app (like Meta was caught doing) that's expecting the requests, this doesn't do much to protect you.

EDIT: Looks like it does mention integrating into the permissions system [0], I guess I missed that. Glad they covered that consideration, then!

0: https://wicg.github.io/private-network-access/#integration-p...

New comment by matthberg in "Covert web-to-app tracking via localhost on Android"

matthberg — Tue, 03 Jun 2025 13:58:51 +0000

If I recall correctly Figma uses it to connect to the locally installed app, and Discord definitely uses it to check if its desktop app is installed by scanning ports (6463-6472).

I'm aware of two blockers for LAN intrusions from public internet domains, uBlock Origin has a filter list called "Block Outsider Intrusion into LAN" [0] under the "Privacy" filters, and there's a cool Firefox extension called Port Authority [1][2] that does pretty much the same thing yet more specifically targeted and without the exclusions allowed by the uBlock filterlist (stuff like Figma's use is allowed through, as you can see in [0]). I've contributed some to Port Authority, too :)

0: https://github.com/uBlockOrigin/uAssets/blob/master/filters/...

1: https://addons.mozilla.org/firefox/addon/port-authority

2: https://github.com/ACK-J/Port_Authority

New comment by matthberg in "Covert web-to-app tracking via localhost on Android"

matthberg — Tue, 03 Jun 2025 13:48:42 +0000

A comment I wrote in another HN thread [0] covering this issue:

Web apps talking to LAN resources is an attack vector which is surprisingly still left wide open by browsers these days. uBlock Origin has a filter list that prevents this called "Block Outsider Intrusion into LAN" under the "Privacy" filters [1], but it isn't enabled on a fresh install, it has to be opted into explicitly. It also has some built-in exemptions (visible in [1]) for domains like `figma.com` or `pcsupport.lenovo.com`.

There are some semi-legitimate uses, like Discord using it to check if the app is installed by scanning some high-number ports (6463-6472), but mainly it's used for fingerprinting by malicious actors like shown in the article.

Ebay for example uses port-scanning via a LexisNexis script for fingerprinting (they did in 2020 at least, unsure if they still do), allegedly for fraud prevention reasons [2].

I've contributed some to a cool Firefox extension called Port Authority [3][4] that's explicitly for blocking LAN intruding web requests that shows the portscan attempts it blocks. You can get practically the same results from just the uBlock Origin filter list, but I find it interesting to see blocked attempts at a more granular level too.

That said, both uBlock and Port Authority use WebExtensions' `webRequest` [5] API for filtering HTTP[S]/WS[S] requests. I'm unsure as to how the arcane webRTC tricks mentioned specifically relate to requests exposed to this API; it's possible they might circumvent the reach of available WebExtensions blocking methods, which wouldn't be good.

0: https://news.ycombinator.com/item?id=44170099

1: https://github.com/uBlockOrigin/uAssets/blob/master/filters/...

2: https://nullsweep.com/why-is-this-website-port-scanning-me/

3: https://addons.mozilla.org/firefox/addon/port-authority

4: https://github.com/ACK-J/Port_Authority

5: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

New comment by matthberg in "Covert Web-to-App Tracking via Localhost on Android"

matthberg — Tue, 03 Jun 2025 13:46:36 +0000

A comment I wrote in another HN thread [0] (though this one was the original):

Ebay for example uses port-scanning via a LexisNexis script for fingerprinting (they did in 2020 at least, unsure if they still do), allegedly for fraud prevention reasons [2].

0: https://news.ycombinator.com/item?id=44170126

1: https://github.com/uBlockOrigin/uAssets/blob/master/filters/...

2: https://nullsweep.com/why-is-this-website-port-scanning-me/

3: https://addons.mozilla.org/firefox/addon/port-authority

4: https://github.com/ACK-J/Port_Authority

5: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

Scheming Reasoning Evaluations

matthberg — Sun, 25 May 2025 19:27:39 +0000

Article URL: https://www.apolloresearch.ai/research/scheming-reasoning-evaluations

Comments URL: https://news.ycombinator.com/item?id=44090318

Points: 2

# Comments: 0

New comment by matthberg in "Minimal CSS-only blurry image placeholders"

matthberg — Thu, 03 Apr 2025 03:45:11 +0000

Since there're independent Lightness values set for each section (I'd say quadrant but there are 6 of them), I wonder if two bits can be shaved from the `L` value from the base color. It'd take some reshuffling and might not play well with color customization in mainly flat images, but I think it could work.

I'm also curious to see that they're doing solely grayscale radial gradients over the base color instead of tweaking the base color's `L` value and using that as the radial gradient's center, I'd imagine you'd be doing more math that way in the OKLab colorspace which might give prettier results(?).

Tempted to play around with this myself, it's a really creative idea with a lot of potential. Maybe even try moving the centers (picking from a list of pre-defined options with the two bits stolen from the base color's L channel), to account for varying patterns (person portraits, quadrant-based compositions, etc).

Basilisk Collection (2021)

matthberg — Mon, 31 Mar 2025 21:50:00 +0000

Article URL: https://suricrasia.online/unfiction/basilisk/

Comments URL: https://news.ycombinator.com/item?id=43540362

Points: 2

# Comments: 0

Finding Threat Actor Infrastructure with SSL Certificates [video]

matthberg — Sun, 30 Mar 2025 23:50:14 +0000

Article URL: https://www.youtube.com/watch?v=MM9gKmpBOVs

Comments URL: https://news.ycombinator.com/item?id=43529042

Points: 2

# Comments: 0