Stories with Tag Playwright

• Detect and crash Chromium bots

  permalink

  Posted: 2025-05-07 15:01:46

  Verbose tl;dr

  The blog post details a method for detecting and disrupting automated Chromium-based browsers, often used for malicious purposes like scraping or credential stuffing. The technique exploits a quirk in how these browsers handle JavaScript's navigator.webdriver property, which is typically true for automated instances but false for legitimate user browsers. By injecting JavaScript code that checks this property and subsequently triggers a browser crash (e.g., an infinite loop or memory exhaustion) if it's true, websites can selectively disable or deter unwanted bot activity. This approach is presented as a simple yet effective way to combat automated threats, although the ethical implications and potential for false positives are acknowledged.

  This blog post, titled "Detect and Crash Chromium Bots with One Weird Trick (Bots Hate It!)," explores a method for identifying and disrupting automated web browsers based on the Chromium engine, such as those used for web scraping or automated testing. The author posits that these bots, while often sophisticated, can be distinguished from legitimate human users due to their typically perfect adherence to web standards. The "trick" revolves around exploiting a quirk in the way Chromium-based browsers handle CSS scroll-behavior: smooth.

  The author explains that when a webpage uses scroll-behavior: smooth to create smooth scrolling animations, a genuine human user will almost inevitably interrupt these animations with their mouse wheel or other input methods, creating slightly jerky or non-linear scrolling behavior. Chromium-based bots, however, tend to follow the smooth scrolling animation precisely, as they programmatically execute scrolls without the inherent imprecision of human interaction.

  The blog post then details a JavaScript-based detection mechanism that monitors scrolling behavior. This mechanism measures the time taken for a scroll animation to complete and compares it to the expected duration based on the distance scrolled. If the actual scroll time matches the expected time too precisely over a series of scrolls, the script flags the user as a potential bot.

  Furthermore, the author describes how this detection mechanism can be weaponized to crash or freeze Chromium-based bots. Once a user is flagged as a potential bot, the script can trigger an infinite recursion within the browser by repeatedly initiating and interrupting smooth scrolling animations. This overload exploits a vulnerability in Chromium, ultimately leading to a denial-of-service condition for the bot.

  The author acknowledges potential ethical concerns and false positives associated with this technique, suggesting it's primarily intended for informational or experimental purposes, rather than widespread deployment. They emphasize that using this method to disrupt legitimate users or critical services could be detrimental and is strongly discouraged. The post concludes by highlighting the ongoing cat-and-mouse game between bot developers and website operators, suggesting that this particular technique may have a limited lifespan as bot developers adapt to circumvent it.

  • chromium
  • Bots
  • bot detection
  • web scraping
  • Automation
  • Browser Fingerprinting
  • Anti-Bot
  • Security
  • Web Development
  • javascript
  • headless browser
  • Puppeteer
  • Playwright
  • Selenium
  • Reverse Engineering

  Summary of Comments ( 11 )
  https://news.ycombinator.com/item?id=43916622

  Verbose tl;dr

  HN commenters largely discussed the ethics and efficacy of the proposed bot detection method. Some argued that intentionally crashing browsers is harmful, potentially disrupting legitimate automation tasks and accessibility tools. Others questioned the long-term effectiveness, predicting bots would adapt. Several suggested alternative approaches, including using progressively more difficult challenges or rate limiting. The discussion also touched on the broader issue of the arms race between bot developers and website owners, and the collateral damage it can cause. A few commenters shared anecdotes of encountering similar anti-bot measures. One commenter pointed out a potential legal grey area regarding intentionally damaging software accessing a website.

  The Hacker News post titled "Detect and crash Chromium bots" generated a modest discussion with several interesting comments. Several commenters focused on the ethical and practical implications of the technique described in the article (detecting and crashing Chromium-based bots by exploiting a quirk in how they handle oversized canvas elements).

  One commenter questioned the ethics of intentionally crashing bots, suggesting it could be considered a denial-of-service attack. They argued that while the technique may be effective against malicious bots, it could also harm legitimate web scraping tools or accessibility software that rely on Chromium. This raised a concern about the potential for collateral damage and the responsibility of developers to avoid harming non-malicious actors.

  Another user pointed out the potential for an "arms race" between bot developers and website maintainers. They predicted that bot developers would quickly adapt to this technique, finding ways to circumvent the oversized canvas check. This would lead to an ongoing cycle of detection and evasion, with both sides constantly trying to outsmart each other.

  A practical concern raised by a commenter was the potential for false positives. They suggested that certain legitimate users with unusual browser configurations or extensions might also be affected by this technique. This could lead to a poor user experience for those individuals.

  Several users discussed alternative approaches to bot detection and mitigation. These included using established bot detection services, employing CAPTCHAs, and rate limiting. The general sentiment was that while the canvas trick might be a useful short-term tactic, it was not a robust long-term solution. More comprehensive and adaptable methods are necessary for effective bot management.

  One user noted the irony of using a browser vulnerability to detect and crash bots based on that same browser. They found it amusing that the very technology being used for bot development was also its potential downfall.

  Finally, one commenter offered a more technical explanation of why this technique works, delving into the specifics of how Chromium handles canvas elements and memory allocation. They suggested that the oversized canvas triggers an out-of-memory error, leading to the crash.

• Mario Vargas Llosa has died

  permalink

  Posted: 2025-04-14 03:52:56

  Verbose tl;dr

  Nobel laureate Mario Vargas Llosa, a towering figure of 20th and 21st-century literature, has died. The Peruvian writer, known for his prolific and politically charged novels, essays, and plays, explored themes of power, corruption, and individual freedom against the backdrop of Latin American society. His works, including "The Time of the Hero," "Conversation in the Cathedral," and "The Feast of the Goat," garnered international acclaim for their complex characters, intricate plots, and unflinching portrayal of societal ills. Vargas Llosa's influence extended beyond literature, as he actively participated in Peruvian politics, even running for president in 1990. His death marks the end of a remarkable literary career that spanned decades and left an indelible mark on the world.

  The esteemed Peruvian author, Mario Vargas Llosa, recipient of the 2010 Nobel Prize in Literature, has passed from this mortal coil, leaving behind a vast and multifaceted literary legacy that spans several decades and encompasses a multitude of genres. His demise marks the conclusion of a prolific career characterized by intricate narratives, insightful explorations of political and social themes, and a distinctive prose style that blended realism with elements of magical realism and postmodern experimentation. Vargas Llosa's literary output, ranging from sprawling epic novels like "The War of the End of the World" and "Conversation in the Cathedral" to more concise, introspective works such as "Aunt Julia and the Scriptwriter," demonstrates a remarkable versatility and an enduring fascination with the human condition. His works often grapple with complex issues of power, corruption, and the enduring tension between individual liberty and societal constraints, frequently drawing upon his own experiences growing up in Peru and his observations of Latin American society. Beyond his fictional pursuits, Vargas Llosa was also a prominent public intellectual, engaging actively in political discourse and offering trenchant commentary on contemporary affairs, both within Latin America and on the global stage. He was known for his outspoken views, often espousing classical liberal principles and vigorously defending freedom of expression. His contributions to literature and intellectual discourse have solidified his position as one of the most significant Latin American writers of the 20th and 21st centuries, leaving an indelible mark on the world of letters and beyond. The world mourns the loss of this literary giant, whose words continue to resonate with readers worldwide.

  • Mario Vargas Llosa
  • Obituary
  • death
  • author
  • Nobel Prize in Literature
  • Peruvian Literature
  • Latin American Literature
  • Literary Criticism
  • The New York Times
  • books
  • Literature
  • Novelist
  • Essayist
  • Playwright

  Summary of Comments ( 64 )
  https://news.ycombinator.com/item?id=43677917

  Verbose tl;dr

  HN commenters react to Vargas Llosa's death with a mix of appreciation and criticism. Some praise his literary contributions, particularly "The War of the End of the World," and his defense of liberal values. Others criticize his political stances, viewing him as too conservative, and some bring up controversial personal life choices. A few commenters note the irony of his death shortly after an erroneous obituary was published. Several discuss his Nobel Prize and his prolific writing career, with some recommending entry points for those unfamiliar with his work. A recurring theme is the contrast between his impressive literary talent and his sometimes questionable political and personal decisions.

  The Hacker News post titled "Mario Vargas Llosa has died" links to a New York Times article which appears to be an appraisal of his work rather than an obituary. This has led to significant confusion and discussion in the comments section.

  Many of the initial comments express surprise and even disbelief, given the framing of the Hacker News title. Several users point out that the NYT article doesn't mention his death and speculate about a potential error in the headline. Some even suggest checking other sources to confirm the news, highlighting a healthy skepticism towards information presented online.

  Once the misunderstanding about the headline is cleared up, the discussion shifts towards Vargas Llosa's literary legacy and political views. Some commenters express admiration for his writing, particularly "The Feast of the Goat" and "Conversation in the Cathedral," while acknowledging his controversial political stances. The discussion delves into his shift from left-leaning views to more conservative ones, with some commenters attributing this change to his experiences with Peruvian politics and the rise of authoritarian regimes.

  A few commenters criticize what they perceive as a hagiographic tone in the NYT piece, arguing that it glosses over some of the more problematic aspects of Vargas Llosa's life and career. They mention his public feud with Gabriel García Márquez, his support for controversial political figures, and his sometimes contentious views on cultural and social issues.

  There's also a thread discussing the challenges of writing about living authors, particularly those with complex and evolving legacies. One commenter suggests that attempting an overarching appraisal while the subject is still alive can be premature and potentially lead to skewed perspectives.

  Overall, the comments section reveals a mixed reaction to Vargas Llosa. While there's widespread recognition of his literary talent, his political views and personal life remain subjects of debate and contention. The confusion caused by the initial headline further underscores the importance of accurate reporting and the potential for misinformation to spread rapidly online.

• Playwright Tools for MCP

  permalink

  Posted: 2025-03-26 19:07:39

  Verbose tl;dr

  Playwright-MCP provides tools to simplify testing and automation of Microsoft Control Plane (MCP) services. It offers utilities for authenticating to Azure, interacting with Azure Resource Manager (ARM), and managing resources like subscriptions and resource groups. The toolkit aims to streamline common tasks encountered when working with MCP, allowing developers to focus on testing their services rather than boilerplate code. This includes helpers for handling long-running operations, managing role assignments, and interacting with specific Azure services.

  The Microsoft Contributors Playwright (MCP) toolkit is a comprehensive suite of utilities designed to streamline and enhance the process of contributing to projects that utilize the Playwright testing framework. It primarily focuses on simplifying the often complex tasks associated with end-to-end (E2E) testing, particularly within the context of large and active open-source projects like the Playwright project itself.

  MCP offers a collection of specialized commands, accessible through a command-line interface, which address various stages of the contribution workflow. These commands facilitate tasks such as setting up a development environment tailored for Playwright contributions, executing tests against different browser configurations, and managing the execution and debugging of tests across multiple projects. The toolkit also aims to standardize testing procedures and ensure consistent results across different contributor environments, thereby reducing friction and improving the overall quality of contributions.

  A key feature of MCP is its ability to manage multiple project instances simultaneously. This enables contributors to test changes across a range of projects impacted by their modifications, ensuring compatibility and identifying potential conflicts early in the development process. Additionally, MCP provides tools for generating reports, analyzing test results, and diagnosing failures, further simplifying the debugging and troubleshooting process for contributors. By automating repetitive tasks and providing standardized tools, the MCP toolkit lowers the barrier to entry for new contributors and allows experienced contributors to work more efficiently, ultimately accelerating the pace of development and improvement within the Playwright ecosystem.

  • Playwright
  • Microsoft Playwright
  • MCP
  • Managed Cloud Partner
  • testing
  • test automation
  • browser automation
  • web testing
  • E2E Testing
  • End-to-End Testing
  • javascript
  • TypeScript
  • Node.js
  • Cloud Partner Portal
  • Partner Center
  • Automation Tools

  Summary of Comments ( 9 )
  https://news.ycombinator.com/item?id=43485740

  Verbose tl;dr

  Hacker News users discussed the potential benefits and drawbacks of Playwright's new tools for managing multiple Chromium profiles. Several commenters expressed excitement about the improved debugging experience and the potential for streamlining complex workflows that involve multiple logins or user profiles. Some raised concerns about potential performance overhead and the complexity of managing numerous profiles, particularly in CI/CD environments. Others questioned the need for a dedicated tool, suggesting that existing browser profile management features or containerization solutions might suffice. The conversation also touched on the broader context of Playwright's evolution and its position in the web testing landscape, comparing it to Selenium and Cypress. A few users requested clarification on specific functionalities, like profile isolation and resource consumption.

  The Hacker News post titled "Playwright Tools for MCP" discussing the GitHub repository microsoft/playwright-mcp has a modest number of comments, generating a brief discussion around the purpose and utility of the tools. No overwhelmingly compelling or groundbreaking insights emerged, but the comments offer some clarifying points and perspectives.

  One commenter questions the intended audience and use case for these tools, specifically wondering if they are meant for Microsoft internal use or for the wider community. They express some confusion about the "MCP" acronym and how these tools relate to Playwright itself. This comment highlights a potential lack of clarity in the project's documentation or purpose statement.

  Another comment directly addresses the first commenter's question, explaining that "MCP" stands for "Modern. Connected. Personalized," representing the suite of Microsoft 365 apps. The commenter further clarifies that the tools are intended to facilitate testing and automation within these apps using Playwright, thus clarifying the target audience as developers working with the Microsoft 365 ecosystem.

  A further comment elaborates on the connection between Playwright and Microsoft 365, pointing out that Playwright is now a recommended tool for UI testing within Microsoft's internal development processes. This suggests a significant investment from Microsoft in Playwright as a core testing technology.

  Another participant briefly mentions their prior experience using MCP-related tools and alludes to challenges related to cross-platform compatibility, particularly with macOS. This comment, though brief, hints at potential areas for improvement or further development within the playwright-mcp project.

  Finally, one commenter expresses skepticism about the project's relevance to the broader Playwright community, suggesting its utility might be limited to a niche audience working specifically within the Microsoft 365 ecosystem. This echoes the initial confusion about the project's target audience and reinforces the need for clearer communication regarding its scope and purpose.

  In summary, the comments section provides some valuable context and clarification surrounding the playwright-mcp project. The discussion revolves primarily around the intended audience and the meaning of "MCP," revealing the tools' focus on Microsoft 365 application development and testing. While the comments don't offer any profoundly insightful technical discussions, they highlight the importance of clear documentation and communication for open-source projects to effectively reach their intended users.

• Toni Morrison's Lost Play

  permalink

  Posted: 2025-03-13 02:48:31

  Verbose tl;dr

  A recently rediscovered play by Toni Morrison, Dreaming Emmett, written in 1986 to commemorate the 50th anniversary of Emmett Till's murder, offers new insights into her later masterpiece, Beloved. The play, centered on Till's ghost revisiting key figures in his life and the trial, grapples with themes of racial violence, memory, and the struggle for justice, all prominent in Beloved. Scholars see Dreaming Emmett as a crucial stepping stone in Morrison's exploration of historical trauma and its enduring impact, revealing how she developed her signature blend of realism and surrealism to give voice to the silenced. The play's emphasis on cyclical violence and the importance of remembering resonates powerfully with the themes of haunting and unresolved grief found in her iconic novel.

  In a comprehensive exploration of Toni Morrison's lesser-known theatrical pursuits, Vulture's article, "Toni Morrison's Lost Play," delves into the fascinating history and lasting influence of Dreaming Emmett, a dramatic work penned by the esteemed Nobel laureate in response to the horrific 1955 lynching of Emmett Till. The piece meticulously details the play's genesis, originating from a commission by the New Federal Theatre in 1986 to commemorate the 30th anniversary of the tragic event. It further elucidates Morrison's deliberate artistic choices in crafting the play, highlighting her decision to eschew a realistic depiction of the brutal murder in favor of a more abstract, symbolic representation of Emmett Till's enduring presence and the pervasive racial injustice that fueled his demise.

  The article meticulously outlines the play's structure and narrative trajectory, explaining how Morrison employs a dual timeline, juxtaposing scenes from Emmett's life with a contemporary setting three decades after his death. This temporal interplay, the article argues, serves to underscore the cyclical nature of racial violence and the haunting persistence of historical trauma in the African American consciousness. Furthermore, the piece emphasizes Morrison's innovative use of dream sequences and surreal elements to explore the psychological and emotional ramifications of racial oppression, offering a glimpse into the enduring pain and unresolved grief that lingers in the aftermath of such atrocities.

  Moreover, the article posits a compelling connection between Dreaming Emmett and Morrison's celebrated novel, Beloved, suggesting that the play served as a crucial precursor to the novel's exploration of similar themes. It draws parallels between the spectral presence of Emmett in the play and the haunting figure of Beloved in the novel, highlighting how both works grapple with the lingering legacy of slavery and the pervasive impact of racial violence on individual and collective memory. The piece also explores the critical reception of Dreaming Emmett, noting its limited performances and subsequent obscurity despite its profound thematic resonance and undeniable literary merit.

  Finally, the article concludes by lamenting the play's relative unavailability to contemporary audiences, emphasizing the significant loss this represents for scholars and enthusiasts of Morrison's oeuvre. It underscores the importance of rediscovering and re-examining Dreaming Emmett, not only for its intrinsic artistic value but also for its illuminating insights into the development of Morrison's literary genius and her enduring commitment to exploring the complexities of race, memory, and the enduring struggle for justice in America. By situating Dreaming Emmett within the broader context of Morrison's literary career and the sociopolitical landscape of its time, the article provides a rich and nuanced appreciation for this often-overlooked theatrical work.

  • Toni Morrison
  • Dreaming Emmett
  • Beloved
  • Playwright
  • Literature
  • American Literature
  • African American Literature
  • Theater
  • Lost Works
  • Emmett Till
  • Race
  • Civil Rights
  • 1980s
  • Vulture

  Summary of Comments ( 0 )
  https://news.ycombinator.com/item?id=43349940

  Verbose tl;dr

  HN commenters discuss Toni Morrison's lost play, "Dreaming Emmett," and its influence on Beloved. Some highlight the play's focus on the cyclical nature of racial trauma and its exploration of Emmett Till's murder through different perspectives, including his mother's grief and the imagined responses of figures like Jackie Robinson. Others express excitement at the possibility of the play finally being produced and draw parallels between Morrison's theatrical approach and Greek tragedies. Several commenters also mention the poignant timing of the play's rediscovery amidst ongoing racial injustice and note the connection between historical trauma and present-day struggles. One commenter notes the irony of Morrison having called the play "unstageable" while others suggest that its experimental nature might have made it challenging for audiences of that era.

  The Hacker News post titled "Toni Morrison's Lost Play" links to a Vulture article about the discovery and upcoming production of Morrison's play, "Dreaming Emmett." The comments section on Hacker News is relatively sparse, with only a handful of comments focusing more on the logistics of the play's production than deep analysis of its themes or connection to Morrison's other work.

  One commenter notes that the play's run is quite short, just a couple of weeks, and expresses hope that a recording will be made available for a wider audience. This reflects a common sentiment on Hacker News regarding access to information and preference for asynchronous consumption.

  Another commenter questions the use of the term "lost" to describe the play, given that it seems it was known to scholars. They link to an academic database entry for the play, suggesting a degree of prior awareness within certain circles. This comment highlights a discussion about the definition of "lost" in the context of artistic works and the differing levels of public and academic knowledge.

  A third commenter briefly speculates on the reasons behind the play not being published or widely produced earlier, mentioning potential legal complexities related to Emmett Till's family. This introduces a possible explanation for the play's limited prior exposure, touching upon sensitive issues of copyright and rights related to real-life tragedies.

  The remaining comments are brief and mostly express interest in seeing the play or learning more about it. Overall, the comments section lacks extensive discussion or debate. The focus remains primarily on the practicalities of accessing the play, clarifying its historical status, and briefly speculating on the reasons for its limited prior availability. No comments delve into deeper literary analysis or connect it extensively to Morrison's broader body of work, likely because the play itself was newly rediscovered and not yet widely accessible at the time of the comments.