2025-04-07

33 篇热帖

6. Glamorous Toolkit (gtoolkit.com)

Glamorous Toolkit is the Moldable Development Environment.

7. Gumroad's Interestingly Timed "Open-Source" Play (tedium.co)

Gumroad开源事件的争议与反思

Gumroad宣布将其应用开源,最初被视为推动创作者经济去中心化的重要举措。然而,这一举动随后引发了广泛质疑和批评。

Gumroad面临的主要问题:

  1. 服务质量下降:平台改变了向用户发送邮件的规则,并将大部分客户支持替换为大型语言模型(LLM)。用户反映,在遇到问题时,得到的自动回复指向不存在的帮助页面,且无法联系到人工客服。
  2. “开源”许可的实质:Gumroad使用的并非标准的开源许可证(如GPL),而是一种源码可用许可。该许可包含商业限制:除非年收入低于100万美元且总商品交易额(GMV)低于1000万美元,或属于非营利/政府组织,否则必须支付定制许可费用。这意味着一旦创作者业务增长超过门槛,就需要付费,与传统开源理念相悖。

事件的争议核心: 在Gumroad宣布“开源”的同一天,《连线》杂志发布了一篇报道,揭露了其创始人兼CEO Sahil Lavingia 同时在为美国政府效率部门(DOGE)工作。Lavingia作为顾问,参与了影响退伍军人事务部(VA)网站代码的修改。报道指出,他之所以能从事这份无薪工作,是因为通过用自动化几乎取代了Gumroad全部员工,实现了个人的财务自由——而这种激进的自动化正是导致平台客服质量骤降的原因。

结论与反思: 作者认为,这一系列事件暴露了Gumroad作为创作者平台的根本矛盾:它通过牺牲服务质量和员工来优化自身,其“开源”举动更像是一种营销策略,而非真正赋权给创作者。作者建议,创作者应重新考虑对这类以自动化和AI为核心、中层价值提取型平台的依赖。随着低代码和AI工具的发展,创作者已具备自行搭建和维护类似服务的技术能力,从而真正掌握控制权,建立更以创作者为中心、名称也更友好的服务。

9. Eavesdropping on smartphone 13.56MHz NFC polling during screen wake-up/unlock (old.reddit.com)

img While casually exploring the NFC frequency range using a software-defined radio, I stumbled upon something quite surprising...

12. Rsync replaced with openrsync on macOS Sequoia (derflounder.wordpress.com)

On many Unix-based operating systems, rsync is a command line tool for transferring and synchronizing files on a computer, either between storage attached directly to the computer or between another computer located elsewhere on a network. The rsync command line tool has long been included on macOS, but Apple has provided the last version of…

14. Gmail E2E is as terrible as expected (michal.sapka.pl)

谷歌宣布为Gmail推出端到端加密功能,但其具体实现方式引发了广泛批评。核心争议在于,这种加密并非传统意义上的端到端加密,而是对用户和邮件生态施加了限制。

加密方式与实现机制 发送方使用自己的密钥对邮件加密,收件人收到一封包含链接的邮件。要阅读邮件内容,收件人必须点击链接,使用谷歌称为“简易Gmail”的界面。这意味着,即使收件人从未拥有Google账户,也必须通过Google的服务来读取邮件。

对邮件生态的破坏 以往,尽管Gmail和Outlook等巨头在邮件协议基础上增加了私有功能,但用户仍能自由地向这些服务发送邮件。谷歌的新举措性质不同:它迫使收件人必须访问Google的服务(涉及浏览器、JavaScript和潜在追踪)才能读取本应属于他们的邮件。这实质上将Gmail发出的加密邮件,转变为一个只能通过特定平台访问的“文档”。

数据控制权的转移 根据谷歌官方的文档,IT管理员可以强制所有外部收件人(包括Gmail用户)使用受限制的Gmail版本查看邮件。其目的是确保组织数据不被存储在第三方服务器上,并便于应用安全策略或撤销邮件访问权限。这本质上意味着谷歌成为已发送邮件的实际控制者。收件人无法在本地搜索、归档或完全自主地管理这些邮件,他们的邮箱账户(无论是否为Gmail)仅仅变成了一个接收通知的渠道。

结论 鉴于这种加密方式带来的限制、对邮件互操作性的损害以及谷歌对数据控制权的强化,作者明确将此类邮件直接标记为垃圾邮件。

15. The Dire Wolf Is Back (www.newyorker.com)

Colossal, a genetics startup, has birthed three pups that contain ancient DNA retrieved from the remains of the animal’s extinct ancestors. Is the woolly mammoth next? D. T. Max reports.

16. Federal cuts disrupt repairs to iconic U.S. trails (apnews.com)

Hiking the Pacific Crest Trail that runs through three western states is already challenging. Now the grueling journey may become even tougher this year due to federal cuts.

17. SciOp torrents: download, seed erased US Gov sites and datasets (sciop.net)

Preserving Public Information

19. Capital Trades: Tracking Stock Market Transactions of Politicians (www.capitoltrades.com)

Tracking Capitol Hill politicians’ trades can provide valuable insights for your investment research. Learn about the STOCK ACT and discover our free solution to track US politician trades.

21. Max severity RCE flaw discovered in widely used Apache Parquet (www.bleepingcomputer.com)

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

22. Bonobos use a kind of syntax once thought to be unique to humans (www.newscientist.com)

The way bonobos combine vocal sounds to create new meanings suggests the evolutionary building blocks of human language are shared with our closest relatives

23. CDC's top laboratory on STDs is shut by Trump administration (www.statnews.com)

Everyone in a CDC lab that is crucial to tracking drug-resistant gonorrhea and other STDs was fired. "We are blind," an expert says.

26. Fewer Foreign Passengers Are Flying to the US (jasher.substack.com)

On using a new dataset and ensuring your analytic findings aren't a data reporting issue.

28. Nix Derivations, Without Guessing (bernsteinbear.com)

I went on a little low-level Nix adventure yesterday and early this morning because of this excellent blog post. In it, Farid builds up the simplest possible Nix derivation—making a file that has the contents “hello world”. Here’s what I like about it:

29. Writing C for Curl (daniel.haxx.se)

It is a somewhat common question to me: how do we write C in curl to make it safe and secure for billions of installations? Some precautions we take and decisions we make. There is no silver bullet, just guidelines. As I think you can see for yourself below they are also neither strange nor … Continue reading Writing C for curl →

33. Show HN: Uncurl.dev – Convert curl commands to a shareable, executable UI (uncurl.dev)

Share and execute curl commands