Tom Sherman
@tom.sherman.is
Pinned
Tom Sherman
@tom.sherman.is
· Jan 1
hello from the dawn of the unix epoch
Fixed it by blocking the JA4 fingerprint, once they started receiving non-OK statuses they stopped
Weirdly all of the IPs were also requesting robots.txt but not respecting it. Do I have something configured wrong?
atproto-browser.vercel.app/robots.txt
Weirdly all of the IPs were also requesting robots.txt but not respecting it. Do I have something configured wrong?
atproto-browser.vercel.app/robots.txt
Wtf atproto browser is being hammered by a genuine botnet right now 😂 mostly from Vietnam but also a bunch of other countries too
November 8, 2025 at 10:49 AM
Fixed it by blocking the JA4 fingerprint, once they started receiving non-OK statuses they stopped
Weirdly all of the IPs were also requesting robots.txt but not respecting it. Do I have something configured wrong?
atproto-browser.vercel.app/robots.txt
Weirdly all of the IPs were also requesting robots.txt but not respecting it. Do I have something configured wrong?
atproto-browser.vercel.app/robots.txt
Wtf atproto browser is being hammered by a genuine botnet right now 😂 mostly from Vietnam but also a bunch of other countries too
November 8, 2025 at 8:57 AM
Wtf atproto browser is being hammered by a genuine botnet right now 😂 mostly from Vietnam but also a bunch of other countries too
Will it ever come back 😭
json.schemastore.org is down 😱
November 6, 2025 at 8:35 PM
Will it ever come back 😭
I am so happy to see they're doing well. My hope for mobo returning was just starting to fade too 🥲
271: Bren Lukens (Modern Baseball): Saying Yes
open.spotify.com
November 5, 2025 at 6:27 PM
I am so happy to see they're doing well. My hope for mobo returning was just starting to fade too 🥲
We really need a `.peek()` method on promises in JS.
It's a bad situation where both React and Bun have two different ways to solve this problem. Is anyone at @tc39.es working on this?
It's a bad situation where both React and Bun have two different ways to solve this problem. Is anyone at @tc39.es working on this?
November 5, 2025 at 2:19 PM
We really need a `.peek()` method on promises in JS.
It's a bad situation where both React and Bun have two different ways to solve this problem. Is anyone at @tc39.es working on this?
It's a bad situation where both React and Bun have two different ways to solve this problem. Is anyone at @tc39.es working on this?
Would anyone like to start an affiliate marketing business with me?
Looks like X is juicing web visit numbers by opening a browser WebView in the background whether the user visits the link or not.
They've re-invented pop-under fraud (allegedly).
news.ycombinator.com/item?id=4580...
They've re-invented pop-under fraud (allegedly).
news.ycombinator.com/item?id=4580...
![Tell HN: X is opening any tweet link in a webview whether you press it or not
247 points by stillatit 10 hours ago | hide | past | favorite | 200 comments
Just saw the CEO of Substack celebrating traffic from X/Twitter shooting up thinking they stopped suppressing tweets with links[0]. Actually, this traffic is because now any time you open a tweet with a link, the in-app webview loads in the background, and displays when you press the link.
I run an ecom store that gets a lot of its customers from Twitter. I was also shocked to see my traffic double or triple overnight and thought the algorithm had blessed me and my business. Soon realized what was actually happening. Thought other traffic-monitors might appreciate this explanation.
Meanwhile Nikita Bier is pretending they never suppressed tweets with links to begin with, offering the alternative explanation: "a common complaint is that posts with links tend to get lower reach. This is because the web browser covers the post and people forget to Like or Reply. So X doesn't get a clear signal whether the content is any good"[1]. A bit of a rewriting of history since Elon and his mom both tweeted about how it wasn't fair to use his platform to promote other links/platforms, even banning people who shared profiles of other social networks (including Paul Graham for a period). They suppressed all links shortly after.
[0] https://x.com/cjgbest/status/1985464687350485092
[1] https://x.com/nikitabier/status/1979994223224209709](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:tpg43qhh4lw4ksiffs4nbda3/bafkreia62cq7p2dn2o76cjuuzl5dpwaatnf5m5cl5bm7lmoprsavebgl4q@jpeg)
November 4, 2025 at 6:24 PM
Would anyone like to start an affiliate marketing business with me?
@bnewbold.net is the intention to flesh out some of the lexicon semantics before "AT 1.0"? Firming up some of the the rules that aren't in the current spec like "can't ref a record" or "can't have a union as a def"
November 4, 2025 at 11:23 AM
@bnewbold.net is the intention to flesh out some of the lexicon semantics before "AT 1.0"? Firming up some of the the rules that aren't in the current spec like "can't ref a record" or "can't have a union as a def"
It would be cool if @leaflet.pub showed you a group of commenter avatars next to the block where the comment thread is attached. I think this could increase discussion on articles!
November 3, 2025 at 1:12 PM
It would be cool if @leaflet.pub showed you a group of commenter avatars next to the block where the comment thread is attached. I think this could increase discussion on articles!
"Manual lexicon curation" solved by `lpm` btw 😏
github.com/lexicon-communit…
matthieu.leaflet.pub/3m4pw7osrg22v/l-…
github.com/lexicon-communit…
matthieu.leaflet.pub/3m4pw7osrg22v/l-…
Rethinking Lexicon Tooling for Third-Party Developers - Matthieu's Leaflet
The official Lexicon code generation tooling hasn't evolved much since its initial release. While it serves the core atproto codebase well, third-party developers face significant challenges with bund...
matthieu.leaflet.pub
November 3, 2025 at 12:40 PM
"Manual lexicon curation" solved by `lpm` btw 😏
github.com/lexicon-communit…
matthieu.leaflet.pub/3m4pw7osrg22v/l-…
github.com/lexicon-communit…
matthieu.leaflet.pub/3m4pw7osrg22v/l-…
@ricky.fm I would absolutely love an async react patterns guide for design systems and component libraries
eg, accepting `T | Promise`, action props, local loading indicators and how to override them from outside
eg, accepting `T | Promise
November 3, 2025 at 12:38 PM
@ricky.fm I would absolutely love an async react patterns guide for design systems and component libraries
eg, accepting `T | Promise`, action props, local loading indicators and how to override them from outside
eg, accepting `T | Promise
Have you ever been so lost in the sauce that you're playing a crumpled aluminium can on tiny desk?
clipping.: Tiny Desk Concert
YouTube video by NPR Music
youtu.be
November 1, 2025 at 10:26 PM
Have you ever been so lost in the sauce that you're playing a crumpled aluminium can on tiny desk?
both /security.txt and /.well-known/security.txt exist
receive cold email
> hello where can i report a security vulnerability
reply with link to security.txt
no response
??
receive cold email
> hello where can i report a security vulnerability
reply with link to security.txt
no response
??
November 1, 2025 at 7:41 PM
both /security.txt and /.well-known/security.txt exist
receive cold email
> hello where can i report a security vulnerability
reply with link to security.txt
no response
??
receive cold email
> hello where can i report a security vulnerability
reply with link to security.txt
no response
??
My experience with using @effect-ts.bsky.social so far has been hot and cold
Writing library functions was really quite maddening, bridging into the outside world is hard. But I suppose exposing the complexities in handling IO is why it exists!
Writing library functions was really quite maddening, bridging into the outside world is hard. But I suppose exposing the complexities in handling IO is why it exists!
October 31, 2025 at 11:42 AM
My experience with using @effect-ts.bsky.social so far has been hot and cold
Writing library functions was really quite maddening, bridging into the outside world is hard. But I suppose exposing the complexities in handling IO is why it exists!
Writing library functions was really quite maddening, bridging into the outside world is hard. But I suppose exposing the complexities in handling IO is why it exists!
Good thread with many good points but blaming your outage on AWS is just... A bad look
Signal is big enough and ugly enough to figure out region failover. Blaming poor engineering choices on a big cloud monopoly is a bad take
Signal is big enough and ugly enough to figure out region failover. Blaming poor engineering choices on a big cloud monopoly is a bad take
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).
It’s also concerning. 1/
It’s also concerning. 1/
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
October 28, 2025 at 9:09 AM
Good thread with many good points but blaming your outage on AWS is just... A bad look
Signal is big enough and ugly enough to figure out region failover. Blaming poor engineering choices on a big cloud monopoly is a bad take
Signal is big enough and ugly enough to figure out region failover. Blaming poor engineering choices on a big cloud monopoly is a bad take
20th anniversary remaster 🥲
The Sunset Tree (20th Anniversary Remaster), by the Mountain Goats
13 track album
themountaingoats.bandcamp.com
October 25, 2025 at 11:14 AM
20th anniversary remaster 🥲
Why is the tooling for local opentelemetry trace visualisation so bad 😭
It's crazy that I have to spin up Jaeger in docker man, this should just be a vscode extension
It's crazy that I have to spin up Jaeger in docker man, this should just be a vscode extension
October 24, 2025 at 5:58 PM
Why is the tooling for local opentelemetry trace visualisation so bad 😭
It's crazy that I have to spin up Jaeger in docker man, this should just be a vscode extension
It's crazy that I have to spin up Jaeger in docker man, this should just be a vscode extension
Realised a lexicon was missing a required property, I'm glad I decided to implement before publishing the lexicon doc to the pds 😅
Paragraph block text should be required · likeandscribe/frontpage@684fc71
github.com
October 23, 2025 at 9:27 PM
Realised a lexicon was missing a required property, I'm glad I decided to implement before publishing the lexicon doc to the pds 😅
Just let me do one render blocking http request bro, as a treat
October 22, 2025 at 11:43 PM
Just let me do one render blocking http request bro, as a treat
Next.js cache components are not ready for prime time. They're "GA" but it really feels the same as when they advertised app router as stable in v13
Many bugs and missing features
Many bugs and missing features
October 22, 2025 at 11:42 PM
Next.js cache components are not ready for prime time. They're "GA" but it really feels the same as when they advertised app router as stable in v13
Many bugs and missing features
Many bugs and missing features
Reposted by Tom Sherman
I've created my first Firefox plugin that lets me share the current tab to @frontpage.fyi with minimal effort (mobile and desktop).
It's also the first time I use @atprotocol.dev and it's as cool as it seems.
The repo is available in Github but also in @tangled.org:
tangled.org/@galiglobal....
It's also the first time I use @atprotocol.dev and it's as cool as it seems.
The repo is available in Github but also in @tangled.org:
tangled.org/@galiglobal....
October 22, 2025 at 1:31 PM
I've created my first Firefox plugin that lets me share the current tab to @frontpage.fyi with minimal effort (mobile and desktop).
It's also the first time I use @atprotocol.dev and it's as cool as it seems.
The repo is available in Github but also in @tangled.org:
tangled.org/@galiglobal....
It's also the first time I use @atprotocol.dev and it's as cool as it seems.
The repo is available in Github but also in @tangled.org:
tangled.org/@galiglobal....
Does anyone have an example of the metrics_exporter_prometheus crate with http listener?
No matter what I do, endpoint returns an empty html body. I can see metrics if I manually grab them and output them to the console, but they're not showing up in the http endpoint
No matter what I do, endpoint returns an empty html body. I can see metrics if I manually grab them and output them to the console, but they're not showing up in the http endpoint
October 22, 2025 at 9:25 AM
Does anyone have an example of the metrics_exporter_prometheus crate with http listener?
No matter what I do, endpoint returns an empty html body. I can see metrics if I manually grab them and output them to the console, but they're not showing up in the http endpoint
No matter what I do, endpoint returns an empty html body. I can see metrics if I manually grab them and output them to the console, but they're not showing up in the http endpoint
I'm quite bored of maintaining a websocket->webhook transformer (to consume jetstream events inside serverless compute, where I can only have a HTTP server handler)
Does anyone have any alternatives for lightweight, configurable queues?
Does anyone have any alternatives for lightweight, configurable queues?
October 20, 2025 at 9:52 PM
I'm quite bored of maintaining a websocket->webhook transformer (to consume jetstream events inside serverless compute, where I can only have a HTTP server handler)
Does anyone have any alternatives for lightweight, configurable queues?
Does anyone have any alternatives for lightweight, configurable queues?