More

hallak · 2025-11-11T14:46:20 1762872380

don't tell my landlord :D

hallak · 2025-10-28T18:54:50 1761677690

You can try it out at https://lumi.withgoogle.com ! From PAIR at Google Deepmind.

hallak · 2025-08-04T18:29:36 1754332176

I was 15 years old when they killed google reader, so can you blame me for forgetting about RSS?

Added :) https://aldenhallak.com/blog/rss.xml

dmje · 2025-08-04T18:53:59 1754333639

Ha! Subscribed, and now the pressure is on to write something ;-)

hallak · 2025-08-04T18:27:27 1754332047

Oh! I hadn't seen this. I was more inspired by the St Louis aquarium (where you color a fish and it swims) and Google's Quickdraw (a memory from like 2016)

XenophileJKO · 2025-08-04T22:55:03 1754348103

TeamLabs also has this in both of their main Tokyo art installations (Borderless & Planets).

hallak · 2025-08-04T18:11:10 1754331070

That's actually intentional desgin - I think you can like a fish a little or like a fish a lot, and therefore should be able to upvote/downvote to your hearts content :)

pixl97 · 2025-08-04T19:39:07 1754336347

The only potential risk I see with anonymous voting is some 4chaner is apt to create a bunch of fish with horrific names and use distributed IPs to upvote them to the top. I guess regular moderation could filter that out.

nijave · 2025-08-05T00:02:51 1754352171

IP based breaks users with CGNAT and people connecting from corporate networks

In those cases you'd be denied votes since someone else used them up

VoidWhisperer · 2025-08-05T01:11:36 1754356296

The first case would be an issue yes, although this app doesn't exactly strike me as something that an insane amount of people would be connecting to from corporate networks

fragmede · 2025-08-05T07:18:38 1754378318

CGNAT is used in places other than corporate networks.

VoidWhisperer · 2025-08-05T09:55:22 1754387722

I'm aware of that - I spoke to the corporate network part specifically as the post I was replying to specifically listed that in addition to CGNAT

john01dav · 2025-08-05T06:32:43 1754375563

It can work okay for apps that don't go to massive scale and where users aren't concentrated in the same place. The chance of another simultaneous user on your block/building/CGNAT isn't extremely likely.

sdenton4 · 2025-08-04T22:51:30 1754347890

Any button a human can touch is a vector for abuse...

lanyard-textile · 2025-08-05T02:10:41 1754359841

You write with such whimsy, absolutely delightful :)

hallak · 2025-08-03T15:26:20 1754234780

Unfortunately got posted to some heinous websites... and I made the mistake of using a very simple username and password that's been leaked 100 times for my admin account. I was going to "change it later"...

Anyway, working on the rollback now. A nice guy from here reached out and reported some small vulns I involuntarily committed.

hallak · 2025-08-01T15:43:47 1754063027

This is an issue that many are seeing, it has to do with how the model is loaded / how the submission logic works without it. I think I know the fix, but am currently getting slammed at my big boy job and so I can't fix it until I'm free in the evening ...

sometimes_all · 2025-08-01T15:47:31 1754063251

Absolutely no issues, I figured it out anyway. No stress on this, big boy job way more important :)

hallak · 2025-08-01T15:40:01 1754062801

There is mobile support... but it currently loads a 40mb model which doesn't work so great in a lot of places where you will use a phone. I meant to allow you to submit anyway, but I didn't test enough. Sorry...

hallak · 2025-08-01T15:28:01 1754062081

Actually most people aren't trying to submit bad fish! I was surprised to, it's really like 95/5 good to bad submissions. People seem to follow the rules on average :)

roughly · 2025-08-01T16:32:15 1754065935

Yeah, there’s two rules that define the internet:

1. 95% of people will not be trying to draw penises

2. 5% penises by volume is a lot of penises

sebastiennight · 2025-08-01T16:55:06 1754067306

By volume, yes, but by mass, it's a pretty reasonable load

roughly · 2025-08-01T18:08:10 1754071690

Perfectly average, I’d say

_9y71 · 2025-08-01T19:24:23 1754076263

Or roughly average, as your username would say. :D

stbtrax · 2025-08-01T18:43:20 1754073800

To be fair, you stop them from submitting the bad fish before they have a chance. I never submitted a fish that wasn't already 'green' for %

jasonkester · 2025-08-02T05:49:18 1754113758

When I launched Twiddla, it was so common that we joked about adding them to the shape tool.

I think it’s just human nature that that’s the first thing you try to draw on any online whiteboard.

hallak · 2025-08-01T15:13:52 1754061232

I don't let the client decide whether the submission needs moderation :)

There's a very slightly different model in the backend that sends things to the mod queue. Strings are also sanitized there. But copilot really wanted to add all that logic to the frontend too and I thought it was funny

rafram · 2025-08-01T15:25:11 1754061911

You still should not be building HTML and JS using string interpolation.

hallak · 2025-08-01T15:37:42 1754062662

Absolutely! I've removed all references of HTML and JS using string interpolation.

(jk)

This is definitely a drawback with with vibe-coding. I never really write like HTML5 style code - at work I always use typescript with heavy ESLint, so never have to worry about this.

I figured the string sanitization in the backend would take care of any XSS vulns, which was my main concern. But I will have to read into the dangers of string interpolation which I admit I do not remember too much about (outside of the XSS stuff I tried to mitigate).

Thanks for giving the opportunity to learn... :)

mh- · 2025-08-01T17:38:05 1754069885

> Absolutely! I've removed all references of HTML and JS using string interpolation.

I love that this is becoming a meme, haha. Thanks for the laugh.