Robert Vitonsky

People at Anthropic say they’ve found over 500 high-severity vulnerabilities using Claude.

Looks like 0-day exploits might become widely accessible soon.

red.anthropic.com/2026/zero-da...

#security #research #llm

Nothing extraordinary, we may do the same thing with a for + break, but this way let us organize code better, represent it in a pipeline manner

Yes, this way give us a 2 wins - all processing steps for one item will be run in one step instead of iterate array N times, and we consume only number of items we really need and stop when have enough items, unlike a standard way.

Matt Smith noticed that the Iterator utils is widely available now (since ~2024).

So we may keep an arrays processing look like a pipeline, but do it lazy and reach significant performance win. A trivial change is needed.

Someone had to remind us all of this.

allthingssmitty.com/2026/01/12/s...

Nano Queries, a state of the art Query Builder In June 2023, I found myself in an awkward situation. We used a custom database on a project, and I needed a simple query builder to create complex queries dynamically and ensure security against user...

New blog post where I show a nano-queries, an state of the art Query Builder for a SQL and NoSQL queries.

Fun fact, the JavaScript infrastructure had no a query builder before. Only ORM solutions that makes hurt your queries performance.

vitonsky.net/blog/2026/01...

#opensource #sql #javascript

YouTube video by Bryan Cantrill Shouting in the Datacenter

Don't shout at your drives!

I just found a video where a man shouts at an HDD array and its latency are noticeably increases because of vibrating.

youtu.be/tDacjrSCeq4?...

#devops #science #humor #funny

Can somebody explain why it so difficult to LLMs to place a commas correctly?

The "villain," on my screenshot.

All LLM I've tried last few years had this problem. Such problems makes me feel the LLM nowadays like a CGI in 2000s when people have called it a "photo realistic graphic".

#ai #llm

One weird thing I noticed is they recommend a Vue as a default frontend framework that makes me thing they are weak in a frontend things like those who have invent a HTMX.

I discovered tauri.app recently. Do you have any feedback on it?

They define it as a framework to build cross platform apps based on web technologies like Electron does, but app will takes reasonable size like 600kb (not a 200mb unlike Electron).

#opensource #programming #frontend

How do you search for a new good movies to watch among a tons of garbage released in last 20 years?

Do you use an IMDB or any other service?

#movies

Just released Ordinality — a framework-agnostic migration tool for Browser, Node, and Deno.

We use it in production on both backend and frontend.

Ordinality works with any database — IndexedDB, SQL, state files, or anything else.

github.com/vitonsky/ord...

#opensource #javascript

I just read email from NPM "New TOTP 2FA configurations disabled (existing TOTP still works)".

It looks NPM will disable TOTP and force package authors to use WebAuthn/passkeys.

Business as usual. Spot an opportunity to hype it up and cash in.

#opensource #programming #javascript

Candle Flame Oscillations as a Clock Todays candles have been optimized for millenia not to flicker. But it turns out when we bundle three of them together, we can undo all of these optimizations and the resulting triplet will start t…

Just found a fun article where author uses cluster of 3 candles as a clock source.

cpldcpu.com/2025/08/13/c...

Linguist is a browser extension that translate content on web page. It cannot work other way, because "translate web page content" implies access to DOM of web page.

Linguist is highly customizable.

In recent update has been added an option to control what elements must not be translated.

User now can describe elements to ignore as CSS selectors and Linguist will skip translation on anything that match the query.

Linguist made it to the Top 3 extensions in the Chrome Web Store.

Try it: linguister.io

It is the only in-browser translation solution that respects your privacy.

#opensource #browser #extension #FOSS

Roasting post about Matrix - probably the most disappointing project claiming to be a "privacy-focused messenger," but actually a scam targeting naive people.

xn--gckvb8fzb.com/giving-up-on...

#security #privacy

Just publish NPM package `langstats` that provides stats with speakers count and countries list where language is used.

Basically, that's a small dataset i maintain for our products purposes.

Will be useful for those who work on internationalization, to prioritize work.

github.com/translate-to...

Then how you can explain that Linguist still not in privacy guides list?

Because It's literally the single one extension who really care about privacy as I explained above bsky.app/profile/vito...

It was rejected twice as I can see.

Open source is a promotion tool Big tech companies invest a lot of effort to sell us the point that every good programmer must have their own open source project. Many programmers have open source side projects, but quite few of...

New post on blog, with insights around why it's nice to have open source project, why you can't rely on donations, and how you can actually make money on your pet project.

Good to read for open source maintainers with existential questions.

#opensource #programming

vitonsky.net/blog/2025/06...

Hey @privacyguides.org
How you can comment on that?

Isn't that a "privacy" about?

Linguist is literally the single one project about translation who support custom translation modules.

This feature let you up LLM locally and translate any content on all sites with LLM

You may also do it with rule-based machine translation (RBMT), statistical machine translation or anything else

For me it looks like site where you should pay moderators to publish your product. I did not pay, so my product is not there.

There are many sites based on this model, and I sure all of them is a bad company to trust.

Translation software/services I think it’d be nice to have an additional section on the recommendations website, under software, for translation software/services. A couple recommendations for the section would be: Offline solut...

For me as a security researcher who built a linguister.io with embedded offline translator and support for custom translators, it looks suspicious that Privacy Guides still did not added Linguist at their site for more than 4 years.

They have discussion discuss.privacyguides.net/t/translatio...

Actually problem have widely affects, out of "Copilot" scope

GitHub joins to the party.
It looks this month gives a lot of fun for sys ops of BigTech.

The HTTP QUERY Method draft, that defines a new HTTP method, QUERY, as a safe, idempotent request method that supports body payload and may be safely cached.

httpwg.org/http-extensi...

There are many projects who don't. Startups, pet projects that powers a half of world

Reality is porcelain.

NPM is down, and all projects who had not set NPM proxy with cache is blocked for development. CI is in stuck, deployments is delayed, etc.

#programming #frontend #javascript

Huh, that's quite original way to tell us about malware in a blog post on platform that requires registration and send spam to its clients.

Digital world are difficult.