nickr

Chrome just became massively more agent-friendly 🔥 Your real, signed-in browser can now be natively accessible to any coding agent. No extensions. No headless browser. No screenshots. No separate logins. Just one toggle to enable it. Check this out: developer.chrome.com/blog/chrome-de…

@thejuicemedia I don't know about anyone else, but my kids have not even been age verified yet. stillnotbanned.social

The Australien Government has made an ad about the Social Media Ban for Under-16s, and it's surprisingly honest and informative. #auspol

Are Aussie teens really being kept off social media? 🤔 I just shared my experience with the new social media ban. The data so far is surprising. Parents: share yours too 👇 stillnotbanned.social #socialmediaban

@BohuangMars It's a common tactic - they call it email bombing. It's intended to push any automatic email alert created by the purchase to be pushed beyond page one of your email in box

Woke up with 200+ new mails in gmail account. Most of them are subscription emails from different websites. Unknown Alaska Airlines ticket booked I suspect people hacked my alaska account and use the "legit" subscription emails to hide the track. Smart but ineffective for me 📷

@MSeqVC @kasada_io Thanks for joining us on this wild adventure 🙌

We’ve backed @kasada_io since 2019, long before AI agents reshaped the internet. Their recent $30M raise (now $300M+ valuation) shows just how critical their tech has become. 🔐 As billions of AI agents crawl the web, Kasada gives companies control over which agents access their data, protecting digital infrastructure across retail, defence, and more. With 90% of revenue from the US, their impact is global. 🌏 #Cybersecurity #AI #DeepTech

Oh dear. X.com's new anti-bot solution seems to be struggling under the pressure...

@andrewqu @MadsMcIlwain @vercel I was expecting them to be names of famous ships…

@MadsMcIlwain @vercel Room names on point ⚫️

Day 1 new office @vercel people already cooking

@clairevo @MattyB FWIW, Gong provides an API that you can use to export transcripts rather than using Zapier. We've built a bunch of internal tools on Lovable that leverages vendor this API and others.

Everyone is recording everything these days, but most are only using the basics (notes, summaries.) @MattyB takes call recordings to a whole other level, turning 25,000 hours of sales calls into a fully automated GTM team across sales, ops, and marketing. In this ep of How I AI we see - how to use @zapier to build complex automation workflows off a single asset - using AI as a coach, admin, and quality check - long tail marketing tactics that would NEVER be possible before AI I hadn't thought of half the ideas Matt has implemented w AI, and now I want to steal all of them. This is a must-watch for founders, CMOs, CROs, and CEOs out there who are tired of hearing about vibe coding and want some practical ways to drive revenue with AI. As always, a massive thanks to our sponsors: 🤑 @brexHQ - the intelligent finance platform built for founders ⚡️@zapier - the most connected AI orchestration platform

@vercel_dev @rauchg Let’s smash more bots!!!

Free, invisible CAPTCHA in 3 steps: ① 𝚗𝚙𝚖 𝚒 𝚋𝚘𝚝𝚒𝚍 ② Run 𝚒𝚗𝚒𝚝𝙱𝚘𝚝𝙸𝚍() client-side ③ Use 𝚌𝚑𝚎𝚌𝚔𝙱𝚘𝚝𝙸𝚍().𝚒𝚜𝙱𝚘𝚝 server-side

@andrewqu 10x human

Me and my AI agent coworkers: 🤖🤖🤖😄🤖🤖🤖

@theo As at May/June it had better backend integration. I built a puppeteer browser pool app back then and it was ok

I still don’t know anyone who uses Replit

@re_jevi @cramforce I think it’s largely marketing led product development. The concept sounds fine. The practical realities are that this will be DOA. They’ve generated lots of PR though, so they achieved that goal at least.

@WebsecNick @cramforce this is what i’ve not quite understood, all this anti crawl stuff seems irrelevant when they have solvers that work on their products? surely (like we see already) they’ll take this approach maybe i’ve misunderstood 🤔

People talk about Cloudflare blocking AI crawlers. Some nuance: This is something we considered shipping at Vercel but ultimately decided against. The TLdr is that because of pesky game-theory and system analysis stuff, this type of marketplace will not work OR it will work, but have bad outcomes. Obviously, both options are bad. The current state: Cloudflare is aiming to create a marketplace where AI crawlers pay for the content the crawl. This has not actually shipped. As a basis for it, Cloudflare started blocking AI crawlers to access content on Cloudflare's CDN under some circumstances. The 1st bit of nuance: Almost nobody wants this as a percentage of website. If you sell goods or services, then you want to be crawled by AI and get free advertising from the AI. Things are, of course, different for media sites. If your content is the product, or, dare I say, the user reading the content is the product, then AI is acting as a substitute. You don't want it to get access to all of your content and be able to create substitute content. Because this is real, we shipped an *opt-in* feature for such sites of opt out of AI crawling. For the Cloudflare marketplace to be successful, there has to be content on it that the AI crawlers want so badly that they are willing to pay for it. AI crawlers want two categories of stuff - Absolutely everything (quantity matters) - The best, most unique stuff Hence a marketplace must be both large (has a good chunk of everything) and high quality (has the good stuff). Cloudflare is a big enough chunk of the internet to be "large", but it has to turn the feature on by default for the chunk to have a chance to be big enough. If the feature was opt-in, not enough people would opt-in because, well, see above, most sites don't want this. Even if you somehow make it so that enough sites opt-in, then some are always incentivized to opt-out, because while the AI might take a lot of traffic, if that one site is the only one to link to, that would be very valuable. So, in practice even media sites opt for AI crawlers. This is classic tragedy of the commons. Next, the best, most unique stuff. It won't be on the marketplace. Why? For the same reason why there isn't Netflix-for-news. The stuff is expensive to produce, but a substitute of each other–and the most valuable players go it alone (See Reddit licensing directly to Google, and the NYT suing for what might eventually settle to a direct deal). Next, let's assume everything I said above is false, and the marketplace has the right content that it *could* work. It will still fail. That is because the content is subject to the DRM problem: A single digital copy that leaves the crawler-wall is enough to circumvent the entire scheme. Did y'all notice that all the AI companies are shipping browsers? If you give your content to a "human", the AI crawler can get a copy without doing direct crawling. And finally: AI agents are user agents. It's a real problem that the ad based business model of the web is under threat. But there is also real value in AI-supported content consumption. We need to find a way to make it work, not break the new stuff to keep the old business model, that was already struggling, on life support.

Saturday vibes: coded a functioning config model + UI for Puppeteer stealth. #vibecoding

The #vibecoding lifecycle

@_k3ru Yes my 100% clientside tinder for bots test is secretly recording! 🫣

🔥 Just scored 190 points (Expert level) on our Bot Detection Challenge Built this as internal training - turned out way more fun than expected Think you can beat my score? It's trickier than it looks 👀 Accuracy + speed both count, just like real systems is-it-a-bot.vercel.app

@vladcooks dont tell our sales team ;)

@WebsecNick Speed and accuracy may count but answering the questions is optional

@vladcooks IPowered By K4sada

I was reading a HN post about a new Chrome header `x-browser-validation` that appeared in the wild. The quality of the discussion is just absolutely abysmal, but it turns out to be quite interesting: - I first tried to validate if the post is actually talking about something real and the answer is: Not really. At least not generally. You can easily validate by going to any[See below] website and check devtools. - Chrome does NOT actually generally send a new header called x-browser-validation (a lonely commenter on HN realized this but was ignored) - However, knowing Google quite well, I was like: “Maybe it is real, but they only send it to their own properties” - Turns out that is right. google.com and youtube.com (at the very least) actually do get the header - Can it be used for tracking? Not really, it’s sha1(userAgent + hardCodedAPIKeyThatIsNowOnGithub) - Can it be used for validating real browsers? No, cause, like, it’s a hard coded value - What is it for then: My guess is that this is used to remove noise from experimentation that happens during Chrome version and potentially feature roll out. It must be a use case where there is more accidental spoofing than malicious activity