2025-06-30

32 篇热帖

1. YouTube No Translation (addons.mozilla.org)

YouTube No Translation 是一款开源浏览器扩展,旨在阻止 YouTube 上的自动翻译功能,使用户能够以内容原始语言进行浏览和观看。

主要功能包括:

  • 视频标题:保持显示原始语言的标题。
  • 音频轨道:可设置默认音频轨道为原始语言或指定语言(此功能仅限桌面版)。
  • 描述:防止视频描述被自动翻译。
  • 缩略图:恢复使用视频的原始缩略图。
  • 字幕:允许设置首选字幕语言。若该语言不可用,则字幕将被禁用。

其他重要信息:

  • 隐私保护:扩展保证无跟踪、无数据收集。
  • 开源与可用性:扩展源代码公开,可在 GitHub 上查看。它免费使用,并接受自愿捐助以支持开发。同时也在 Chrome 网上应用店上架,适用于 Chromium 系浏览器。
  • 支持渠道:用户可通过 GitHub Issues 报告问题或提出功能建议。
  • 免责声明:该扩展与 YouTube™ 或 Google™ 无任何关联。
2. There are no new ideas in AI only new datasets (blog.jxmo.io)

LLMs were invented in four major developments... all of which were datasets

3. Show HN: TokenDagger – A tokenizer faster than OpenAI's Tiktoken (github.com)

High-Performance Implementation of OpenAI's TikToken. - M4THYOU/TokenDagger

4. Loss of key US satellite data could send hurricane forecasting back 'decades' (www.theguardian.com)

Scientists left scrambling amid hurricane season after irreplaceable program is slotted to be shuttered

6. Show HN: New Ensō – first public beta (untested.sonnet.io)

Projects, experiments and toys by Rafał Pastuszak

7. Gridfinity: The modular, open-source grid storage system (gridfinity.xyz)

The modular, open-source grid storage system.

8. Many ransomware strains will abort if they detect a Russian keyboard installed (2021) (krebsonsecurity.com)

勒索软件的区域规避机制 许多勒索软件,特别是源自东欧(如俄罗斯)的勒索软件,在安装前会检测受害计算机的系统语言。如果检测到已安装俄语、乌克兰语等独联体国家的键盘语言,恶意软件通常会停止运行或退出安装。这是一种内置的防护机制。

目的与原因 这种设计的首要目的是保护恶意软件作者及其附属团伙。俄罗斯等国的法律环境使得当局通常只在本国境内出现受害者并正式报案时才会立案调查。通过确保其工具不感染独联体国家的计算机,网络犯罪分子旨在避免引起本国执法部门的关注,从而降低自身风险。

实例与关联 2021年对美国科洛尼尔管道公司发动攻击的DarkSide勒索软件就是典型例子。尽管该组织试图将自己描述为“非政治”且只追求金钱,但其软件代码却包含了一个硬编码的“不安装”国家列表(主要来自独联体)。这表明其整个操作平台实质上是基于地缘政治的。安全研究人员还注意到DarkSide与之前的REvil(又名Sodinokibi)等勒索软件在规避模式上存在关联。

作为一种防御手段 有安全专家提出,用户可以将电脑的语言设置更改为俄语或添加独联体国家的键盘语言,以此作为一种简单、免费的“预防性”措施,可能避开遵循此规则的恶意软件。如果大规模用户采用此方法,可能会迫使网络犯罪分子面临抉择:要么冒着失去法律保护的风险(开始感染这些伪装的电脑),要么承受收入损失的风险。

局限性

  • 这种方法不能防御所有恶意软件,只对那些内置了地域检查机制的勒索软件有效。
  • 恶意软件作者可能会修改策略以应对这种防御。
  • 仍有大量不考虑受害地点的恶意软件存在。
  • 最佳实践仍然是采取纵深防御策略和避免高风险网络行为。

技术实现 用户可以通过Windows设置手动添加其他语言。此外,也有安全研究人员提供了通过修改Windows注册表键值来模拟特定语言环境的批处理脚本,这可以被视为一种“疫苗”式的技术手段。

9. The provenance memory model for C (gustedt.wordpress.com)

[The wordpress markdown inclusion does a very bad job, it seems, there have been some idiotic formatting errors. I hope that these are fixed, now.] A years-long effort led by Kayvan Memarian and Peter Sewell from Cambridge University, UK, Martin Uecker from Graz University of Technology, Austria, and myself (from ICube/Inria, France) has guided the…

13. We accidentally solved robotics by watching 1M hours of YouTube (ksagar.bearblog.dev)

the existential crisis we all share

imagine this: you've just spent $640 billion training the chonkiest language model known to humanity (lol) and decide...

14. Finding a former Australian prime minister’s passport number on Instagram (2020) (mango.pdf.zone)

Do not get arrested challenge 2020

15. LetsEncrypt – Expiration Notification Service Has Ended (letsencrypt.org)

Since its inception, Let’s Encrypt has been sending expiration notification emails to subscribers that have provided an email address to us via the ACME API. This service ended on June 4, 2025. The decision to end the service is the result of the following factors: Over the past 10 years more and more of our subscribers have been able to put reliable automation into place for certificate renewal. Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us. Providing expiration notifications costs Let’s Encrypt tens of thousands of dollars per year, money that we believe can be better spent on other aspects of our infrastructure. Providing expiration notifications adds complexity to our infrastructure, which takes time and attention to manage and increases the likelihood of mistakes being made. Over the long term, particularly as we add support for new service components, we need to manage overall complexity by phasing out system components that can no longer be justified. For those who would like to continue receiving expiration notifications, we recommend using a third party service such as Red Sift Certificates Lite (formerly Hardenize). Red Sift’s monitoring service providing expiration emails is free of charge for up to 250 certificates. More monitoring options can be found here.

16. Nearly 20% of cancer drugs defective in four African nations (www.dw.com)

Across Africa, cancer medications have been found to be substandard or counterfeit. That means people are being given medicine that may not work, or that could even cause them harm.

17. Tools I love: mise(-en-place) (blog.vbang.dk)

Once in a while you get introduced to a tool that instantly changes the way you work. For me, mise is one of those tools.

18. China Dominates 44% of Visible Fishing Activity Worldwide (oceana.org)

Oceana released an analysis of China’s global fishing* activity worldwide between 2022 and 2024, showing 57,000 of their industrial fishing vessels dominated 44% of the world’s visible fishing activity during this period. 

21. Entry-level jobs down by a third since launch of ChatGPT (www.personneltoday.com)

Entry-level jobs have taken a major hit, dropping by nearly a third since the advent of widely available generative AI tools.

22. Want to meet people, try charging them for it? (notes.eatonphil.com)

作者自2017年持续撰写博客,旨在通过公开分享结识志同道合者,尽管博客和推特获得超百万浏览和2万关注,但几乎无人主动联系。
为改变这一情况,作者于2023年11月尝试以100美元价格提供聊天机会,收入全部捐赠给教育非营利组织。此举迅速吸引参与者,至今已为教育机构筹集近6000美元,并接触到风险投资人、教授、学生、创始人等多元背景人群。

模式有效性分析

  1. 公益驱动参与:参与者积极认可筹款性质,作者可公开宣传捐赠以扩大影响。
  2. 心理界限明确:收费机制让陌生人更自在地占用作者时间,提供合理社交借口。
  3. 潜在问题与调整
    • 提供建议的风险:作者强调仅分享个人视角,建议参与者多方参考。
    • 排除无力支付者:作者虽允许免费预约(视日程而定),但实际投入时间减少;通过30岁生日活动(捐赠30美元即可通话)部分缓解。

项目背景与持续性
作者缺乏传统学位,难以符合常规志愿者资格,且非营利组织时间承诺较大。该“教育聊天”项目以30分钟交换捐赠凭证的形式,成为其当下参与公益的可行方式,目前成效超出预期,且易于长期维持。

作者总结该模式在连接人群与筹款两方面均具价值,并欢迎更多人通过该计划交流。

24. Nano-engineered thermoelectrics enable scalable, compressor-free cooling (www.jhuapl.edu)

Researchers at Johns Hopkins APL, in collaboration with Samsung Research, have unveiled a breakthrough in solid-state cooling technology, doubling the efficiency of today’s commercial systems. Driven by the Lab’s patented nano-engineered thin-film thermoelectric materials and devices, this innovation paves the way for compact, reliable and scalable cooling solutions that could potentially replace traditional compressors across a range of industries.

26. A list is a monad (alexyorke.github.io)

这个页面标题为“A list is a monad”,但实际内容是一个重定向页面。正文指示用户正在重定向到另一地址,并提供链接以便在未自动重定向时手动访问博客文章:Click here if you are not redirected.。页面的目的是引导用户前往指定URL,以查看关于“列表是一个单子”的详细技术内容。

27. The Chan-Zuckerbergs stopped funding social causes (www.washingtonpost.com)

Priscilla Chan and Mark Zuckerberg’s retreat from funding social issues forced the closure of a school Chan opened for disadvantaged families in Silicon Valley.

28. Continuous Glucose Monitoring (www.imperialviolet.org)

连续血糖监测(CGM)技术现已对非糖尿病患者开放,不再是昂贵且需要处方的医疗设备。作者出于好奇,以50美元购买了一个可佩戴两周的一次性传感器进行体验。

设备外形类似厚吉他拨片,配有带弹簧的施加器,佩戴时几乎无痛。传感器每5分钟测量一次血糖,每15分钟通过蓝牙向手机传输一次数据,若手机不在附近会缓存部分数据。应用程序设计良好,但受法规限制,不提供数据直接导出功能。不过,在iOS系统上可连接至“苹果健康”应用,并通过该应用将所有数据导出为XML文件,作者随后编写了Go脚本将其转换为CSV格式进行分析。

通过监测,作者获得了一些个人见解:

  • 某些自认为健康的饮食实际导致了较大的血糖波动,这影响了其未来的食物选择。
  • 运动对血糖的调节作用比预期更显著,即使是快走也能快速降低血糖水平。
  • 监测本身引发了“霍桑效应”——因意识到自己在被观察,行为随之改变。
  • 血糖峰值的游戏化管理对行为改变非常有效。

传感器在约15天后自动停止工作,粘贴处的粘合剂残留需要费力清除。作者认为最初的监测期已带来了主要洞察,因此未续用第二个传感器,但肯定了这项技术普及的价值。

29. Reverse Engineering Vercel's BotID (www.nullpt.rs)

Vercel recently announced BotID, an anti-bot meant to protect against bots without requiring manual intervention. This post reverse-engineers the script and takes a peek inside.

31. Cell Towers Can Double as Cheap Radar Systems for Ports and Harbors (2014) (spectrum.ieee.org)

Passive radio signals sent by cellular stations could detect small boats and improve security at ports and harbors

32. Error handling in Rust (felix-knorr.net)

当前Rust错误处理的常见模式是为模块或整个crate定义一个大型错误枚举,涵盖所有可能的错误情况。这导致公共函数返回的错误类型包含了该函数根本无法产生的错误变体,使得错误匹配和处理变得冗余且容易出错,需要依赖文档来区分适用的错误。

这种做法与Rust利用类型系统精确表达约束的核心优势相悖。尽管为每个函数定义独立错误枚举并实现转换非常繁琐,导致社区普遍采用大一统的错误枚举,但仍有一些实践者探索更精细的替代方案。

替代理念:将错误视为独立的信息单元,更适合用结构体表示。函数返回一个错误集合(set),但本身不定义这些错误。这种哲学的早期体现是terrors crate,它通过类型系统实现,但使用时需要频繁进行.map_err(OneOf::broaden)操作,且需要手动枚举所有错误,较为不便。

error_set 宏示例:目前更受青睐的是error_set crate,它使用宏来更简洁地定义错误集,并自动生成错误集之间的转换实现。其核心特性包括:

  • 使用并集操作符 (||) 从其他错误集构建新的错误集。
  • ? 操作符可以自动处理子集到父集的错误转换,例如,函数 b() 返回错误集 B,那么在返回更大错误集 A(包含 B)的函数 a() 中可以直接使用 b()?
  • 该方式相比terrors减少了类型层面的复杂性,但定义包含具体字段的结构体错误时仍需额外包装。

总结与现状:作者认为对于复杂结构体错误,仍需定义包装枚举,但愿意为此付出少量额外工作。社区中还有其他库(如SmartErr)探索类似范式,甚至存在能通过函数体自动推断并生成错误枚举的属性宏,但作者未能再次找到该实现。整体而言,存在一个从巨型枚举向更模块化、自动转换的错误集合模型转变的趋势。