naugtur
@naugtur.pl
Working on supply chain security for JS. LavaMoat and Endo contributor. meet.js Poland organizer. Node.js user since v0.8.
Addicted to teaching.
https://naugtur.pl
Addicted to teaching.
https://naugtur.pl
Reposted by naugtur
Wow. Glad it ended up mostly slapstick and not harm.
The build looks fun tho.
The build looks fun tho.
November 9, 2025 at 10:18 PM
Wow. Glad it ended up mostly slapstick and not harm.
The build looks fun tho.
The build looks fun tho.
Wow! This is pixel art, but harder 🤩
November 8, 2025 at 9:51 AM
Wow! This is pixel art, but harder 🤩
That's funny. Compared to folks getting their first "Senior" title 3 years into their career in late 2010s
😁
😁
November 8, 2025 at 9:46 AM
That's funny. Compared to folks getting their first "Senior" title 3 years into their career in late 2010s
😁
😁
It's also possible he's considering it part of his reproductive strategy
November 8, 2025 at 9:38 AM
It's also possible he's considering it part of his reproductive strategy
They have an ep about Elon but it's from 2y ago and I can't recommend what I didn't listen to 😉
November 8, 2025 at 9:36 AM
They have an ep about Elon but it's from 2y ago and I can't recommend what I didn't listen to 😉
Oh it was so much weirder than that. Check out "Behind the bastards" podcast about Himmler.
Bonus - latest eps are about Peter Thiel 😅
Bonus - latest eps are about Peter Thiel 😅
November 8, 2025 at 9:26 AM
Oh it was so much weirder than that. Check out "Behind the bastards" podcast about Himmler.
Bonus - latest eps are about Peter Thiel 😅
Bonus - latest eps are about Peter Thiel 😅
We've got an experimental tool that does the reverse - protects a string of text that's visible to the user from being accessible via any reference to DOM elsewhere. It's called LavaDome.
But the reverse has more practical use-cases.
But the reverse has more practical use-cases.
November 6, 2025 at 7:08 PM
We've got an experimental tool that does the reverse - protects a string of text that's visible to the user from being accessible via any reference to DOM elsewhere. It's called LavaDome.
But the reverse has more practical use-cases.
But the reverse has more practical use-cases.
Ultimately the goal is to create an environment in which a UI component (that someone installed from npm and never read its code) can't modify the rest of the document, only the node it's meant to render to and its children.
November 6, 2025 at 7:08 PM
Ultimately the goal is to create an environment in which a UI component (that someone installed from npm and never read its code) can't modify the rest of the document, only the node it's meant to render to and its children.
I'm working on LavaMoat (runtime protections against malware - a tool that stopped the recent npm malware by default) lavamoat.github.io
One gap that I've yet to close is that once you get a reference to one DOM node, you get them all.
I'd need a DOM node that doesn't expose parent and ownerDoc.
One gap that I've yet to close is that once you get a reference to one DOM node, you get them all.
I'd need a DOM node that doesn't expose parent and ownerDoc.
LavaMoat
Secure your JavaScript with LavaMoat.
lavamoat.github.io
November 6, 2025 at 4:15 PM
I'm working on LavaMoat (runtime protections against malware - a tool that stopped the recent npm malware by default) lavamoat.github.io
One gap that I've yet to close is that once you get a reference to one DOM node, you get them all.
I'd need a DOM node that doesn't expose parent and ownerDoc.
One gap that I've yet to close is that once you get a reference to one DOM node, you get them all.
I'd need a DOM node that doesn't expose parent and ownerDoc.
The only thing I could spot is legends in charts are too bright with their fff background. And fixing that counts as perfectionism already. 😁
I think you could inline the CSS declaration for body background to avoid the initial flash of white.
I think you could inline the CSS declaration for body background to avoid the initial flash of white.
November 6, 2025 at 6:11 AM
The only thing I could spot is legends in charts are too bright with their fff background. And fixing that counts as perfectionism already. 😁
I think you could inline the CSS declaration for body background to avoid the initial flash of white.
I think you could inline the CSS declaration for body background to avoid the initial flash of white.
Creating an architecture upfront where interpretation of various inputs is independent. Would be harder to fool.
With the existing architecture you could put commands in as extra layer - like retraining - and data as input.
We're not ready to do that efficiently but intuitively seems possible
With the existing architecture you could put commands in as extra layer - like retraining - and data as input.
We're not ready to do that efficiently but intuitively seems possible
November 5, 2025 at 6:53 PM
Creating an architecture upfront where interpretation of various inputs is independent. Would be harder to fool.
With the existing architecture you could put commands in as extra layer - like retraining - and data as input.
We're not ready to do that efficiently but intuitively seems possible
With the existing architecture you could put commands in as extra layer - like retraining - and data as input.
We're not ready to do that efficiently but intuitively seems possible
It's the same problem but the solution space is orders of magnitude larger. Impossible to solve with the same type of mechanism.
We should have learned is what I'm trying to say
We should have learned is what I'm trying to say
November 5, 2025 at 6:48 PM
It's the same problem but the solution space is orders of magnitude larger. Impossible to solve with the same type of mechanism.
We should have learned is what I'm trying to say
We should have learned is what I'm trying to say