During COVID, lots of live shows (concerts, etc.) in Japan moved to streaming (and most of them stuck, so thanks to that, lots of large concerts today have real-time streaming, which is great for foreign fans).
Out of 10+ platforms, more than half have vulnerabilities that allow you to access the content freely (sometimes including the rehearsals, because they are also streamed internally), and on a handful, you can access the admin panel and, as the author said, stream whatever you want.
Most of them have been patched over the years (some are just the byproduct of them changing the backend/SaaS provider, though), but there remain some major providers where you can get content for free.
I've met some people IRL who are so engulfed in their own greatness that it simply cannot be that they made a mistake (in planning and strategy). Therefore this is all a great injustice towards a poor victim and doesn't that sound like a great argument for some charity money.
Most of them grow out of it, some become politicians.
US lawyers keep filing LLM-generated pleadings and refuse to check citations. It's taken state discipline committees a long time to get there, but they're close to figuring out that any option other than prompt disbarment just increases the pain for people who are actually qualified to practice and doesn't noticeably increase the number of practitioners who see the error of their ways.
The ABA will eventually make sure that this behavior is identified in law school and people who don't want to take responsibility for what they file are expelled well before graduation, but in the meantime there are a ton of screwups in the profession and all you can do is kick them when they identify themselves.
Microsoft will then bribe the government to abolish this antitrust scheme for lawyers known as "the bar" which anticompetivley prevents AIs from doing law.
dunno, a loop I've seen in folks with main character syndrome: grandiose idea -> minimal effort execution -> failure -> blame something -> grandiose idea for "justice" / revenge -> GOTO 0.
the good news is I've seen at least two seemingly irredeemable assholes grow out of it when they realized it wasn't working. but in general I don't think introspection and self-examination are universal traits
yup, same thoughts here. I think someone is trolling the irc members. It's so over the top, like an episode of 'the office'. I'd be amazed if this were an honest message.
I have a coworker who, when he needs to operate some software that is unfamiliar to him, snaps a photo of it and has Gemini AI read each label and description. If there is a checklist or form that needs to be filled, Gemini reads each question.
There's only one of him, not 40% of my coworkers, but these people can be employed and maintain employment.
Very good write up but I lost it a little at the end. Could someone clarify for me?
The author said:
You cannot just use the shortcut trick to install the evil extension directly because of new publisher trust system;
You can bypass this by using local workspace extensions which has no publisher screening, but CSP blocks it;
The solution seems to be that installing a local workspace extension which binds a shortcut of 'install extension without checking publisher'.
So I assume it means:
1. you need two extensions, 1st one is local and only for the keybinding, and 2nd one is the 'real' evil one and it doesn't need to (actually can't, because of CSP) be local anymore?
2. the CSP only prevents the JS in local extension but nothing about its package.json (or the ability to add shortcuts), right?
We can try to just put a `my-extension/extension.js` for the most direct execution but the CSP blocks that. It's only a script-src CSP blocking it though, so fetching the package.json is still kosher. So we end up using it to contribute a keybinding instead.
I don't want either, if I'm indeed "searching." But I find that often times I am indeed just looking for a quick answer, and Gemini/Google's "new" search does it fine.
It's one of the few AI features, despite still being shoved in my face, that I actually find useful.
With that said, the worst thing is how search results have degraded significantly since the AI years, even before they added the actual "AI mode."
Google now (and quite a few search features on other services, e.g., Twitter) often returns results that have ZERO relationship to the search keywords I gave -- like an entirely different person when searching for a person's name, which I think should never happen and did not happen when search was still based on a "rigid" algorithm of indexed content. So, I can only assume it's because they have some AI thingy along the process.
Sometimes it's not very clear what I really want when typing.
Also, Google Search's AI answer doesn't prevent the actual search results from still showing below; so if I later realize I need those (search results) instead, they're already there.
Also, I use browsers all the time, so typing things into the location bar is quicker than deliberately opening the Gemini app/website or whatever.
I value one fewer click/action a lot when such an action will be performed hundreds of times a day.
In the video, some debris seemed to fly away from the explosion in a wavy path (top left). I thought things only moved like that in video games. What causes that kind of movement?
Good article, but I'd like to ask about two small technical details (I've used Bambu before, but I'm not very familiar with the 3D printing ecosystem).
1. OrcaSlicer: so it's a fork of Bambu's official client, Bambu Studio - but it apparently still goes through Bambu's servers for printing? How exactly does that work? Does it also "impersonate" the User-Agent, and Bambu was okay with that?
2. OrcaSlicer-bambulab: if the goal of this fork-of-a-fork is to bypass Bambu's cloud servers, why would it still need to "impersonate" the UA and communicate with Bambu's servers (as Bambu claimed)? Wouldn't the whole point be to avoid doing that in the first place?
Orcas Slicer is a fork of Bambu Studio, which is a fork of PrusaSlicer, itself a descendant of Slic3r.
Orca Slicer was forked to improve usability and features, not to get around any cloud printing requirements, Bamboo added those later and removed the ability to print locally.
It has to impersonate to transfer a gcode file locally, which is another open standard.
Bamboo restricted LAN printing, that is the issue.
> OrcaSlicer-bambulab: if the goal of this fork-of-a-fork is to bypass Bambu's cloud servers, why would it still need to "impersonate" the UA and communicate with Bambu's servers (as Bambu claimed)? Wouldn't the whole point be to avoid doing that in the first place?
I finally got to the bottom of this; there is a cloud-based RPC method called `bambu_network_start_local_print` where Bambu's Cloud would authorize a print using (ostensibly) only locally transferred data. The goal of this project was basically to pretend to be the Bambu plugin in order to authorize this method, which is otherwise locked behind Bambu's auth system.
The alternative is to run the printer in LAN mode (which OrcaSlicer has always supported) where the client connects natively over MQTT, but after Bambu added their cloud authentication, this requires putting the printer in Developer mode and severing the Cloud features.
Does it effectively bypass regional restrictions for you, so you can use something like the Claude API from unsupported regions such as Hong Kong, or does it still enforce the official providers' geo-restrictions?
OpenRouter is great for budget control, but as they are indirect APIs, your experience with cached tokens may vary, eventually costing much more than in direct depending on the providers.
You can pay with crypto though, which seems to be convenient for people under sanctions or with limited access, or if you are in low-tax jurisdiction (e.g. HK)
That said I think few people using openrouter are actually being selective about providers.
It took half a day to get my opencode setup, was not friendly. A lot of manually cross referencing model and providers. I was actually mainly optimizing for relatively fast providers. It all is super fragile and I'm sure half out of date; I have no idea if these picks are still fast, no promises they are still the same price (pretty terrifying honestly).
I'm mostly on coding plans so it doesn't super affect me. But man is it a bother to maintain.
During COVID, lots of live shows (concerts, etc.) in Japan moved to streaming (and most of them stuck, so thanks to that, lots of large concerts today have real-time streaming, which is great for foreign fans).
Out of 10+ platforms, more than half have vulnerabilities that allow you to access the content freely (sometimes including the rehearsals, because they are also streamed internally), and on a handful, you can access the admin panel and, as the author said, stream whatever you want.
Most of them have been patched over the years (some are just the byproduct of them changing the backend/SaaS provider, though), but there remain some major providers where you can get content for free.
reply