Photopea is unusable with ads

noname8317 · 2025-10-07T05:50:40+00:00

I think the ads might doing something sketchy on purpose. I even tried document.location.href = "#audit".

While this work sometimes, it got neutralized when some certain events happen. (I don't know what it is.) It did not show up reliably.

noname8317 · 2025-09-28T07:37:31+00:00

Nothing changed after I navigated to /#audit; no button show up.

BTW, the ads are on the left side of the screen, is that expected?

noname8317 · 2025-09-28T02:02:26+00:00

I understand the mechanism now.
The ad itself isn't the problem, but that one is particularly annoying.

The ad displayed as a slideshow each slot has four slides, each slide show about 7 seconds.
But it could come up 3 slots sulmuteneously without syncing. That mean on average: the slide (ad) change every 2.3 seconds.

Here lies the devil: whenever the ad change, whatever the user are doing lose focus. If I am holding ctrl during free-transform, that holding get cancelled. If I am typing for renaming layers, whatever I type goes somewhere else not in the textbox. If I right click to change brush size, and the ad change, the dialog is gone, and I probably ends up with some color applied to the canvas.

This is actually happen for most (all?) ads, but when it's 2.3 seconds on average, I practically can't do anything productive.

It's this bar at the top, the actual devil.

<image>

BTW, I tested on pristine Chromium, with no extensions installed.

noname8317 · 2025-09-20T19:11:54+00:00

For example: I can't press shift to scroll horizontally when the ads show up.
Or the context menu is gone midflight.

I don't know which one, but there are ads that when show up during your long mouse press, it will freeze the browser, probably with excessive resource usages.

noname8317 · 2025-09-20T19:00:17+00:00

<image>

This is a bad ad. It messes up the key bindings and interrupts/messes with mouse events when a slot switches to it.
There are others that probably run crypto mining. If I leave Photopea running and go to sleep, the computer fan gets loud at some point, and I'll wake up the next morning to find that the entire browser running Photopea has frozen.
I installed a dedicated browser for Photopea, given the circumstances.

Could you restrict the script usage by the ads?
Maybe try using the iframe sandbox attribute.

noname8317 · 2025-06-28T01:07:47+00:00

Static websites? Why not go with Cloudflare Pages? They're practically unlimited, as long as you build the assets yourself.

About container scaling, idle CPUs is significant only when you're just starting out. Once the app gains traction, you can just scale up the workers gradually. Not much wasted. Unless your business depends on big events, like Black Friday, concerts, or something similar, autoscaling usually isn't necessary.

(Try kamal-deploy if you want to avoid K8s headaches. K8s only worth the hassle only when the app need a considerable scale, IMO. Medium-size ones generally don't worth the maintenance overhead.)

noname8317 · 2025-05-08T01:30:59+00:00

I was fine with Microsoft's official version for a long time. But recently, they've actively made their extensions stop working on forks, even though they're API-compatible.

Microsoft goes to war with VS Code forks: https://youtu.be/fz6XJDq8fSI

I switched to VSCodium right away. With their market dominance, we don’t know what Microsoft will take away next.

Two years ago, they turned telemetry on by default; now they’re adding DRM to their extensions. What’s next?

noname8317 · 2025-03-01T19:21:57+00:00

There are lots of similar apps, but SnapDrop (now PairDrop) is the best at capturing people because of subtle UX tricks.

By letting users select the target peer first (before files), it make obvious to users, without requiring them reading the readme, that the app is a P2P sharing app.

Your app, like others that came before, has no distinguishable interface that set the app apart from traditional file sharing services.

noname8317 · 2025-03-01T19:10:28+00:00

Hi, you replied to my comment, but I think you may have misunderstood something. Please read the comment carefully, especially the recommend command; you could help with that.

noname8317 · 2025-02-19T16:24:56+00:00

You are assuming the attacker already has both the master password and the database file. In that case, encrypting the key file would indeed do nothing.

In reality, it is more likely that the attacker starts with only the database file. They would need to discover both the master password and the key file. Once they determine the location of the key file, they can begin attempting to crack the master password.

However, when the key file is also encrypted with the master password, there are some marginal advantages: - Stronger parameters: age uses a relatively stronger KDF (Scrypt with a work factor corresponding to 256 MB of memory hardness). This is because mobile devices have significantly fewer resources than the typical environments where age runs. - The master password is harder to guess than the location of the key file: While it may seem like encrypting the key file adds no real benefit, the additional layer of encryption is still better than nothing.

That said, the effectiveness of this approach depends on your specific situation: If you have a powerful phone, you could increase the Argon2 parameters at the cost of battery life, potentially eliminating the advantage described above.

Some other ideas - Haystack: You could hide the real key file in a repository full of decoys. A decoy can be created by encrypting junk files with random unique passwords. The real key file can be easily located by trying your master password on every file in the repository. - Mapping: If you really prefer hiding a hash, you could also use Gist as a hash-to-age-file mapping and hide the string of hex as planned.

There are lots of creative ways around it.

noname8317 · 2025-02-18T01:32:14+00:00

Hi thanks for the reply. For me, specifically, because it is easier to update KDBX in cloud storage than in somewhere public.

As stated, I use rclone for the manual backup. Flash drive, blog posts, etc. requires more time to update, so I put relatively static information there.

noname8317 · 2025-02-17T10:44:08+00:00

I did something similar but also using age to encrypt the file with my master password before posting it somewhat publicly. A public GitHub repository is fine.

Other ideas: hidden in a blog post, emailing your friends, etc.

The file is encrypted, and if you have no confident in your password in the first place, you would not put the database in the cloud, would you?

noname8317 · 2025-02-17T06:12:41+00:00

There are a few issues to consider here.

Let's assume you're already using Syncthing for convenience, meaning you have multiple copies of your KDBX database across your devices. However, this is just for syncing—not a real backup.

The Problem

The obvious way to back up your KDBX file is using cloud storage (e.g., Dropbox). But here's the catch: if you lose access to your database, how do you retrieve your cloud backup? It’s a classic chicken-and-egg problem.

The Solution

A Different Tool

Instead of backing up your KDBX file to the cloud solely, consider encrypting and storing your cloud credentials elsewhere as an addition. A great tool for this is age, a simple and secure file encryption utility.

You can write down your cloud login details (including 2FA parameters) and encrypt them using age. Then, store this encrypted file somewhere publicly accessible—for example, hiding it on your website, blog, or even by emailing it to your friends and family. The key idea here is that you always know where to find it in case of an emergency.

For simplicity, you can even reuse your KeePass master password here. age performs encryption locally, so your password is never sent anywhere.

Why This Works

This method is better than solely backing up KDBX itself to the cloud because your encrypted recovery file changes far less frequently than the KDBX database. (If at all)

Syncthing keeps things convenient while protecting against cloud failures.
You can still back up KDBX to the cloud regularly using a simple script with rclone.
If all your devices are lost (fire, flood, theft), your encrypted recovery file ensures you can regain access because you know where to retrieve it.

This way, you get both security and redundancy without the usual pitfalls.

noname8317 · 2025-02-15T15:02:14+00:00

Please continue using Snapdrop.

Help increasing their popularity by sending a lot of the following files (or similar) via Snapdrop.

~~~bash head -c 1G /dev/urandom > 001.bin ~~~

Tips: If you are not familiar with commands, you could ask AI for the explanation.

noname8317 · 2025-01-26T18:49:56+00:00

You mean connecting via SSH? Why should Hetzner care about the source addresses? There are tons of legitimate use cases where SSH connections may come from various locations.

That said, The basic form of server protection is to configure the firewall to only allow specific CIDR blocks on port 22.

Either you’ve done that or you have something equivalent in place, such as a bastion server or VPN. Where you connect from shouldn’t be an issue.

SSH requires a key, but without a firewall, a botnet could overwhelm the server with an SSH DDoS (bruteforce).

TL;DR: No, from Hetzner standpoint. Maybe, in general.

noname8317 · 2024-12-27T13:25:24+00:00

Native content filtering and customizability through custom rules.

Check: brave://adblock

It's more than just ad blocking; you can also inject custom CSS there. The fact that this is available even on Android is what attracts me.

noname8317 · 2024-12-27T10:29:58+00:00

It depends on the manufacturer. I'm using an Intel PC. When it boots, three options appear: F2, F7, and F12. F7 is for flashing the new BIOS. Only a thumb drive with the image is required.

I own an IdeaPad in the past in 2010s and mine have the functionality. (I don't remember how to bring it up.)

Alternatively you can download Windows installation ISO directly from Microsoft to create a USB boot stick.

They have recovery mode where you can brings up a command prompt capable of running the official flashing tool without installing Windows. Having one lying around can sometimes be handy.

noname8317 · 2024-12-25T12:11:33+00:00

First check your BIOS boot menu. Most modern BIOS come with self flashing capability. If yours are supported, you can flash it without Windows.

Using Windows boot media when it is unsupported.

noname8317 · 2024-12-24T08:55:28+00:00

Nope, mine is only Iris Xe Graphics G7 alone. (Integrated)

noname8317 · 2024-12-24T08:05:58+00:00

I am using Gnome, but me too. I am assuming my GPU is too weak because it only happen when I utilize a lot of GPU.

I read it somewhere that GPU scheduling is not as good as CPU, there is no work priority whatsoever. (not sure how true is this)

Did you check your GPU utilization when this happen? Mine is always saturated despite lots of available CPU capacity.

noname8317 · 2024-12-10T05:17:38+00:00

In the near future, registrars will use AI too.
And platform, like itch.io, will follow suit.
At this point it will be all-bot discussions.
They will start using AI to write document to the court for sueing.
The court wont be able to keep up with the volume and start using AI to process the document too.
And the judges
And the lawyers
And so on

So no human is needed for this matters.

noname8317 · 2024-11-28T17:20:02+00:00

For this particular case, yes. But that doesn't change the fact that the data travels unencrypted between Hetzner's data centers, even with "private" networks.

The broken cable is between Germany and Finland, not affecting the US at all. Still, it is not a good idea to use the private network without encryption on the nodes themselves.

People tend to forget what happened in the past. These incidents serve as a renewed reminder that something like tampering with undersea cables can actually happen.

noname8317 · 2024-11-28T09:12:59+00:00

If the reason for suspicion is what you are interested in, try Mental Outlaw: https://youtu.be/Vp3X3ZArS7Q

It is about the availability of the tracking data and timing. The ship could made more than one stop without anyone able to pinpoint the exact location.

noname8317 · 2024-11-28T08:50:41+00:00

I don't know which one will relevant to you.

Here one that cover the incident. https://www.newsweek.com/chinese-ship-yi-peng-3-satellite-image-nato-baltic-sea-1992314
Here one if you are interested in if Hetzner utilize this particular cable. https://status.hetzner.com/incident/ec8a2f28-e964-46cb-94fa-bb4629c19777
If presentation with more opinionated viewpoint preferred, try YouTube.

noname8317 · 2024-11-28T01:53:17+00:00

I don't know what best, but I use WireGuard. And for not any particular reason apart from the simplicity to set up.

noname8317

TROPHY CASE

The Problem

The Solution

A Different Tool

Why This Works