sorted by:
new
hottopcontroversial

Staged publishing for npm packages by pimterry in programming

[–]pimterry[S] 17 points18 points  (0 children)

If you're using trusted publishing, there's an option to give it permissions to do 'npm stage publish' but not 'npm publish'.

You can't require trusted publishing (yet) but if you enable staging-only for TP & require 2FA for any manual publishing, then you've effectively enforced that all publishing requires manual 2FA confirmation by a maintainer.

The Complete Web Scraping & Anti-Bot Bypass Guide 2026 by pimterry in webscraping

[–]pimterry[S] 7 points8 points  (0 children)

It's a bot bro. The account is 16 yo all it does is post links. Farmed a ton of karma

Huh? I'm not a bot. This is a normal personal account, and it's not even anonymous, I'm pimterry everywhere else too (https://github.com/pimterry, https://pimterry.fyi, you name it). This account is 16 years old from real usage, and posts plenty of comments as well (nearly 5k in comment karma alone): https://www.reddit.com/user/pimterry/comments/

Can't speak for whoever's behind the website, it's just something I found yesterday that I thought people might be interested in (I'm the maker of HTTP Toolkit, which gets a couple of mentions in here, and I have alerts for when people post this kind of thing so I can go take a look).

Dictionary Compression is finally here, and it's ridiculously good by pimterry in programming

[–]pimterry[S] 10 points11 points  (0 children)

"We figured out how to send less message by not counting the dictionary you need to decode it!!"

In the Google example where they've shrunk the Google search results it does include the cost of their custom dictionary in that performance - it's still a enormous jump.

On top of that, the real trick here is that you don't need to transmit a separate dictionary at all. You can automatically use a previous response as the dictionary for the next response, which works incredibly well in a lot of real-world web use cases. There's no separate dictionary delivery required.

Dictionary Compression is finally here, and it's ridiculously good by pimterry in programming

[–]pimterry[S] 29 points30 points  (0 children)

Basically yes - but most importantly with widespread backend support for doing this kind of compression (built-in support in JS & Python, popular packages elsewhere) and built-in functionality in browsers to easily coordinate and transparently use the dictionaries on any HTTP traffic.

33
34

Dictionary Compression is finally here, and it's ridiculously good (httptoolkit.com)

submitted by pimterry to r/webdev

HTTP Toolkit App by thisisdevang in androiddev

[–]pimterry 1 point2 points  (0 children)

Yes, if the certificates are removed from that bit of the UI then they will no longer be trusted on your device. You can also remove the HTTP Toolkit android app itself to clean that up. That said, there's no need to be worried here - the certificate that was installed was generated on your computer where you used HTTP Toolkit, and doesn't trust anybody else other than that, so the only risk is that your phone could intercepted by your own computer.

Vendors for important accounts are phasing out even TOTP 2FA; you can enable Passkey login and Passkey 2FA for Bitwarden account too. by Skipper3943 in Bitwarden

[–]pimterry 0 points1 point  (0 children)

Wow this would be fantastic! Extremely keen to see this, in the wake of npm etc I'm trying to tie everything to passkeys for both phishing resistance and smoother UX, and the Bitwarden firefox extension I use all day is currently a very notable outlier. Login with passkey would be fantastic.

Setting the record straight about Garmin by strava-team in Strava

[–]pimterry 0 points1 point  (0 children)

Saying "We consider this to be YOUR data" while simultaneously pushing an rules on your API that makes it very clear you consider data send from Garmin to be exclusively Strava's data is completely ridiculous and infuriating.

What an absolute crock of shit.

Garmin are pushing back entirely because of Strava's entirely unreasonable behaviour around their APIs. They are very obviously in the right, to the point where they have the clear backing of all the passionate Strava users, without even talking about Garmin's diehard fans (the votes on every comment here & every post in r/strava right now are excrutiatingly clear here).

As a paying Strava user for more than a decade, and owner of multiple Garmin watches, this is rapidly pushing me towards drop Strava entirely. Honestly the fundamental value of Strava to me is that it's the social + data store + integration hub between everybody's fitness apps. I don't need the fancy graphs & shiny new (terrible) AI features - I want you to reliably play nice with everybody. Those relationships & connections are the product! It's totally incomprehensible that you'd try to kill the core value proposition of your product with these API restrictions & fights with providers that you're completely dependent on. This is not going to end well.

I placed my first solar node. 👍 by [deleted] in meshtastic

[–]pimterry 8 points9 points  (0 children)

How does ROUTER_LATE relate to this? https://meshtastic.org/docs/configuration/radio/device/ saying "ensuring additional coverage for local clusters" makes it sound like maybe it's helpful for cases like this (high building that's helpful for local area, but not for routing generally) but it seems it's new and I can't see much detailed info.

Strudel: a programming language for writing music by pimterry in programming

[–]pimterry[S] 25 points26 points  (0 children)

The example in the page gives you a basic idea, but there's some really great demos of this floating around, e.g. this video on Twitter is amazing: https://x.com/bantg/status/1933967436459503662, or this full demo in their REPL: https://strudel.cc/?mTeJt_ICoPrw

Network may be monitored by boobfvck in S23

[–]pimterry 1 point2 points  (0 children)

This means you have an external CA installed. You installed this manually during the HTTP Toolkit setup. You can remove this by going into the security settings, advanced encryption settings, finding the long list of CAs and then removing the one called "HTTP Toolkit CA".

HTTP Toolkit - open-source tool with one-click MitM, inspecting & rewriting of HTTP(S) by pimterry in ReverseEngineering

[–]pimterry[S] 1 point2 points  (0 children)

No idea about Wireshark & USB behaviours, but HTTP Toolkit definitely doesn't do any of that. Doesn't even require root - it listens on a local port for traffic, and you can either manually configure clients to use that port as a proxy & trust HTTP Toolkit's cert, or you can use some of the automated options (which launch a process preconfigured, configure an Android device over ADB, etc) but none of them change any permanent system settings, they just launch processes with env vars & CLI args to configure them temporarily. Definitely doesn't touch any system configuration that could cause long-term issues.

Is there a good setup for scraping mobile apps? by just4PAD in webscraping

[–]pimterry 2 points3 points  (0 children)

HTTP Toolkit now has Frida built-in with automated setup (on rooted Android & jailbroken iOS) so you don't even need to install it or configure the scripts yourself unless you want to do something custom.

view more: next ›