Rok Kralj

@AitkenResearch @ExodusChad @PeterSchiff His argument is ridiculous. But on the other hand, you said NEM will be at $150 if gold holds $3000 until the end of year 2025. This is also ridiculous.

@ExodusChad @PeterSchiff It’s not the case, Peter has heard all these theories, next they’ll get gold on meteor. It’s a weak argument vs Peter’s knowledge of gold.

So far in 2026, gold is up 9%, silver is up 11%, the NASDAQ is up 13%, the Russell 2,000 is up 14%, while Bitcoin is down 11%. Congratulations, Bitcoiners. Bitcoin is finally the uncorrelated asset you’ve hoped it would be. Even when risk-on & risk-off assets rise, Bitcoin falls.

@wongyal @PeterSchiff Why is HBAR doing so poorly?

@PeterSchiff And how many percentages is bitcoin up from the 1 dollar mark you could of bought it at just a few short years ago

@FirefoxWebDevs Unfortunately I have already disabled CSP sitewide to spare the FF users, but here it is valat.si How caching works: cache root HTML with max_age 14 days, but if XHR says we are outdated, refetch / refresh root HTML with location.reload()

@Rok_Kralj We wonder if it might be related to bugzilla.mozilla.org/show_bug.cgi?i…, but looking at the URL would really help us here.

Firefox 150 just landed & includes new web platform features like: 🎉 sizes="auto" on images 🎉 light-dark() image support 🎉 CSS revert-rule 🎉 ariaNotify() 🎉 Media pseudo-classes like :playing None of these are baseline yet, so check MDN for support developer.mozilla.org/en-US/docs/Moz…

@FirefoxWebDevs It is intermittent. It happens exclusively to Firefox users, but a small portion of them. I could not reproduce it myself. I suspect it is the interplay of cached root document, and calling location.reload(). Did anything in these areas change in FF 150?

@Rok_Kralj Is this error reliably reproducible, or is it intermittent?

@FirefoxWebDevs This was never observed before. And it is literally impossible to happen, because we emit headers and response body in Netty in a single ByteBuf. Header on root HTML document is "Cache-Control: private,max-age=1209600". Did you make any changes to caching in FF 150?

@FirefoxWebDevs Something is very wrong in FF 150. Only FF users are reporting failed page loads due to mismatched CSP hash for inline script. We have cached root HTML document, but somehow headers cache and content cache get out of sync. More details below.

@Im_IrushiK It is making more technical / logical mistakes than a drunk junior programmer. There is no chance. It is just a very smart autocomplete.

Developers, What’s your backup plan if AI writes better code than you in the next 2 years?

@PeterSchiff GDX since inception in 2006, so 20 years ago, did not even outperform inflation. Gold mining companies are terribly mismanaged, or corrupt, or both.

Gold at $4600, Dollar Crashing Below 98, Trump’s 25% EU Car Tariffs & Bitcoin vs. Saylor x.com/i/broadcasts/1…

@frederic_ooo @theo just a trivial wrapper. The actual highlighter is done by some other dev.

@theo did he write shiki or just the react wrapper?

Bassim quietly built the best syntax highlighter for React. He has 2 followers on here. Can we fix that?

@FirefoxWebDevs Ah, little caveat, Firefox and Safari still do not support streaming request bodies, but I believe this is included in 2026 interop. caniuse.com/mdn-api_reques…

@Rok_Kralj Browsers have been pretty reluctant to implement that as it's a huge change to the current architecture. What do you want it for, and could you alternatively use two fetches (one for upstream, one for downstream)?

If you had to pick _one_, which web platform feature would you like in Firefox that isn't part of the Interop 2026 effort? #new-features" target="_blank" rel="nofollow noopener">hacks.mozilla.org/2026/02/launch…

@FirefoxWebDevs Not really. And besides, NGINX now supports HTTP/2 even for proxying upstream. Which people should adopt anyway to protect against request smuggling. Anyway, fetch API is one awesome API, and a de facto modern replacement for websockets. (Or could be)

@Rok_Kralj Is that doubling an issue in practice?

@someoak2 @FirefoxWebDevs It will be year 2050 before NGINX will support proxying these over HTTP/3 or HTTP/2.

@FirefoxWebDevs transport looks interesting, websockets is amazing

@someoak2 @FirefoxWebDevs Once fetch() API supports duplex: "full", you will need none of these anymore

@FirefoxWebDevs sibling-count and sibling-index github.com/web-platform-t…

@FirefoxWebDevs Most people only need to decompress. I am pretty sure Chrome would already support this feature if there was not a requirement for the compress/decompress api to be symmetric.

In Firefox 147, you no longer need heavy libraries to (de)compress brotli with JS - you can just use CompressionStream and DecompressionStream!

@jiang_mingya @karpathy No, third option: amateur Python package managers like PIP need to redesigned.

@karpathy So the entire open source system need to be hardened, or the OS need to be hardened. I think the later is more plausible

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@PeterSchiff You are famous for predicting the economic crisis in 2008. I think you will finally predict the next one in 2038. Just 25 years too early.

@PeterSchiff Dollar is falling? Are we looking at the same DXY chart?

What's interesting is despite gold and silver selling off sharply, the U.S. dollar is also falling against other foreign currencies. So if forex traders realize that cancelling rate cuts is not bullish for the dollar, why do precious metals traders think it's bearish for gold?