This would work. We started prototyping this way and it worked well to an extend. The main issue you're going to have, is you need to have both chromium and the forwarder process to run at the same time. This makes it difficult to track what is running exactly.

If you're forwarder is running but the browser crashed, it will still appear as available on the Redis side. While if you're making the browser setting a key with expiration itself, if it crashes, it will stop appearing on redis side.

Those are the kind of stuff you get modifying the source, and that will be hard to do with dual process type of setup.

Thank you! I thought people might know it more as Google Chrome. Hence why I changed it on the HN title. But the original blog title specifically mention Chromium.

Tried to install it on asahi-linux fedora. Got a segfault:

```

/usr/bin/pulsar: line 151: 480856 Segmentation fault nohup "$PULSAR_PATH" --executed-from="$(pwd)" --pid=$$ "$@" --no-sandbox > "$ATOM_HOME/nohup.out" 2>&1

```

Looks like it's a fork of Atom?

Looks like it from the Documentation. The User and Developer Guide references Atom quite a bit (includes the original Atom docs too)

An aside, but I wish more webpages for applications put screenshots on the front page. Probably would had made it easier to notice if the application was based on Electron or not

An native thread management with an `async` keyword would really make it stand out from Lua for game engine uses.

I wouldn’t call that “stand out” especially when it comes to game engines, game engines are very complex and they are all different from implementations to their algorithms having a native thread management keyword does more worries than stand out

Thanks ! Yeah, I really enjoyed working with the ESA. I think they mention the usage of a shield around the SEPP. But yeah, this architecture is pretty crazy for a satellite.

It's actually in production, but it's an experimental satellite, so not built to drive crazy missions for now.

Thanks!

Like what ?

Fraudulently recording steps, and the other example of you gave making calls to the API.

Legally, those API calls signify something in the real world. You are representing that the action/status signified by the API call happened in the real world. _It's one thing to accidentally or mistakenly call those APIs, but to do so deliberately if such action/status is not true is fraud.

By itself, that the API calls are fraudulent wouldn't matter. But in your case, the purpose of the fraud is financial gain: each API call earns you money. In the U.S., this would be (felony) theft by fraud, among other crimes. French laws are more complicated, and as I'm not French nor do I speak French I won't attempt to go into any detail as to what the specific crimes would be, other than to say it appears that your actions, if performed, would appear to constitute several different crimes.

[Note that in the U.S., intent matters, so fake API calls for purposes of QA testing, security testing, etc., isn't fraud...but could be a crime if performed without the website owner's permission.]

I mean in the US, you have the CFAA and in France a quick Google search indicates the illegalities of doing something like this. I wouldn't be surprised to see the company go after you and to be questioned by law enforcement. Don't say no one warned you.

"illegalities of doing something like this" -> Like what ?

Maybe you can provide sources ?

Trying to do a crime is punishable. Your blogpost is one big confession on how your tried to hack a company out of money. No?

It's exacly my point in the "about phone data" section.

I don't think so. Take it as it is. A funny prétexte to speak about serious stuff.

EDIT: I'm waiting for WeWard answer. And will help them fix stuff presented in this article.

You should honestly take this post down. You've literally revealed how to gain access to their API keys, mentioned that it can be used to devestate the company and commit fraud, then just added a message in parentheses asking the reader not to do it.

This is a shitty article that isn't humorous at all. It would've been funny if you had reported it, they had fixed and you'd posted the article after. This reads like an engineer trying to get an ego boost and a pat on the back.

The keys are already public, he’s not documenting some super secret zero-day way of extracting keys. He… downloaded the app and unzipped it, basically.

Be angry at the company who clearly don’t have a clue how to secure anything.

You can be angry at both the company and the person who publicly revealed the issue without first trying to inform the company. That's literally white-hat-hacking 101.

They keys may already be public (technically), but he is the one publicizing it and posting it on Hacker News. OP is also clearly aware of how much harm can be done using these keys, since he asks people to not use them.

If anyone really wanted to they could probably figure out who you are based off your comment history, all of which is “public information.” So it’s cool if they use your name and list your address right? Or let’s just remove you from the equation: do you agree doxxing is wrong regardless if the info is publicly available?

You're supposed to tell them it's broken before you tell everyone else it's broken

Ça fait pitié.

Back online ! for the last time I hope :') Also strapi take soooo much ressources...