Did the client side JS being infected produce any issues which would have affected end users? As in if a web owner were on an affected version and deployed during the window would the end user of their site have had any negative impact?
No, just the host that was running the package (the exploit was pretty generic and not targeted at PostHog specifically). In fact, so far we think there were 0 production deployments of PostHog because the package was only live for a little bit.
Recently used a lot of HaxeUI for a game and it felt similar to this. A lot of components included out of the box that “just work” with some basic styling. And you can use CSS styling on top to further customize as needed. Works across a lot of different platforms as well.
This is obviously going straight to TikTok. The big issue is it's going to open the flood gates on their own platform.
Anyway, if everyone wants to be a content creator, why not charge them for the privilege of that desire? A content creator will forever need AI-generated something. So now we move from "you get to post your content for free" over to "you get to now pay us through this AI-gateway to post your content".
Tried it. It was okay, felt very futuristic. But ultimately there weren’t really any benefits over just using a multi monitor setup that could justify the cost. I thought it’d be nice to have something I could also use for watching movies, but when I watch movies I almost always watch them with my wife, and much prefer that.
Daily driver no, but after the somewhat recent ultrawide monitor update, it is absolutely viable for travel. It's nice not to be constrained by a 14" monitor while on the road, and it's perfectly usable for a couple hours of work (especially if you take the surround seal off and use one of the head strap mounts that take all the pressure off your face).
I tried it, and it works alright. But it's not very comfortable to keep it on while eating/drinking, and you can't wear the thing in public without looking ridiculous.
Personally I found my existing dual-monitor setup to be more ergonomic.
I made one of the original posts on HN about this years ago after hearing about it from my CPA. Both then and now these changes make zero sense to me as a matter of good policy. I am also still surprised at the number of people in tech who either haven’t heard about this or are willfully ignoring it and likely filing their taxes incorrectly.
Somewhat related topic: anyone used something like the Luxedo to do a projection mapping? It seems like it’s more complicated and expensive but I love the idea of doing something cool to the house for Halloween and Christmas without having to lug out a ton of lights and decorations.
There are media players and graphics generators that will run on a RaspPi also. Finding a bright enough projector and sheltering it for outdoor use might be the main challenge.
Another approach might be a galvo scanned laser with DMX software to control it, though there may be safety/liability issues with that.
I‘m fascinated by these projection setups ever since I learned they’re a thing! But Jesus is the Luxedo stuff pricey?! I’d love to learn about something similar but in a kinda OSS/DIY kind of style…
I think that ideally, every project would be setup from scratch in the beginning to use t() tags or something similar to have translation keys so that setting up translations is as easy as swapping out what t() returns (from e.g. a config file or the like).
Of course, we all know that this is very rarely how projects end up getting setup especially in the early stages, and then it's just massive amounts of work to go back and set it up later.
The thing that's the most intriguing to me about what you're describing is automatically setting up translations in the build step where you auto-detect strings to translate. But looking at the site, most of it seems to be focused around the VSCode extension which will just sort of find and replace strings in the source code with t() tags.
Can you talk more about the translations in the build step? Is there a reason you're not talking more about that on the site? (Is it just newer, not very reliable/good, or...)?
The idea that I could just throw something like this into my project, not have t() tags in my source code but still get translations, sounds like magic and I think it would be really neat.
Yeah, we've noticed that companies in the early stage ignore i10n completely and then eventually realize it's going to be a huge lift to retroactively support it
So, for the build time translation-
Yeah, I would say it's not reliable yet =p
But, it's not that far off. It's not magic- the idea is that we inject the t functions at build time so that they don't need to be in your code. The vscode extension is a good visual for this- for many patterns, it correctly notices what does or doesn't need to be translated.
But, the real problem is that if a process like this goes awry (a strange pattern leads to text being erroneously translated/untranslated) then it is next to impossible for someone to debug.
Glad you think this is cool. We think this is absolutely on the horizon, and we hope to be the first to get people using it... but in the meantime, we don't want to be responsible for issues on prod...
> companies in the early stage ignore i10n completely and then eventually realize it's going to be a huge lift to retroactively support it
That's the correct thing to do. When you're first building a product you're trying to prove that it can and should exist: that you can get people to pay you money for it. It doesn't make sense to spend your time or money doing anything else.
Once you're successful then you know that people in one country like your product and maybe people in another company will as well. But until you know that, that's the only thing you should be working on.
Yes! I've seen multiple products that were only in English, translations were a super annoying productivity blocker (build step required), tens of unused string keys, keys not matching the it's content etc. Please don't localize until the product is at least 95% "finished".
On this, I just want to share my take-away from my translation engineering days: I fully believe the "right way to do it" is to have two string types: A regular string type and a "user-visible string" type, in a similar way that some frameworks expose a "safe string" vs "unsafe string" (for escaping purposes).
User-visible strings are consistently translatable, and the translation mechanism needs to have deep access in the language for this. I think in typescript this is a fairly doable thing given the AST access you yourself make use of. I'll gladly dig into how you do this on your end but I'm guessing it's somewhere along those lines but not quite?
Incidentally, when you have two string types, it becomes fairly straightforward to detect strings that probably should be translated but aren't tagged as such. Most strings are like this, in fact, because string constants tend to be a bad idea in general (vs numeric constants), and string operations tend to be a bad idea in the context of i18n (you want to use templated strings instead). So you tag until you only have a few left-over.
Yeah, this tracks! The steps are basically 1) determine user facing elements 2) determine strings 3) map user facing elements to the string. (We use the ast and no llms for this)
The upside of this approach is that we get a lot of context for accurate translation. The other upside is that down the line we can pull off fully automatic translation, but as others have pointed out, this is more of a gimmick. We think it's cool but it's more like the cherry on top
Also, yeah, that pattern would make life infinitely easier. Most develors really should think like this already, and not mix user facing strings with strings for other logic. But from what ive seen, pre i18n, devs dont think like this. Someday...
At Roll20 we just released a beta version of our new VTT engine which is powered by Babylon. The devs on the team have really enjoyed getting to use the modern workflow compared to the legacy decade-old stuff we were using before. Thanks Babylon devs!
