Howdy there, partner! Welcome on into the Stacker Saloon.
Saddle on up to a stool and spill the beans about your day, fire away with them questions, or let loose and give us the lowdown on your wild and woolly life. We're all ears, so don't hold back!
We're open round the clock, so mosey on in whenever you please!
I was pretty sure before, but now I'm certain, that I "met" Tim Ferriss a few years ago in Capital Factory. He interrupted a video call to thank me for wearing a MAPs hoodie and asked where he could get some M&M's. I didn't recognize him up close and I mostly listened to his podcasts at the time. I was also kind of pissed that he just barged into the conference room I was in.
MAPS has hoodies? Grabbing one, they do great work.
their swag is relatively nice too
Ok i finished the extension and submitted it. The approval process is a lot longer now so we will see if its approved in a few weeks
This is cool! Is this a browser extension? Is the code available so we can test before it goes live?
I was using this script bookmarked and is working greet too
javascript:window.location="https://stacker.new/post?type=link&url="+encodeURIComponent(document.location)+"&title="+encodeURIComponent(document.title)The review process was quicker than it let on #1038704
Sweet logo!
TY! I did have a quick question:
In the manifest file I had to get permission to call the graphql api
"host_permissions": [ "https://stacker.news/api/graphql" ],but because of the way graphql works I can't restrict it to only read-only access. I could make the tool open source and you can always check the code but at any time I could update it and start calling mutations on your behalf. Do you have any good ideas for locking it down better so it can only read data and not also call mutations?
If they give you permission, I’m not sure how we’d gate it on our end.
I was thinking of adding a "read-only" version of the endpoint or even just an optional "read-only" query-string parameter. That way you could use a url like
"https://stacker.news/api/read-only-graphql"or"https://stacker.news/api/graphql?readOnly=true"so then you could be sure it couldn't run a mutationAre you sure even if you allow /api/graphql, that you can run mutations on behalf of the user inside an extension? I think the
SameSiteproperty of our cookies will not allow that.Or will it work because of host permissions?
yeah with the host permissions my background can break CORS and send whatever it wants. I need to check but I think it's making the requests with the logged in users credentials. This says https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions#host-permissions
Access cookies with the chrome.cookies API.Ah, you are right, it mentions that host permissions allow cross-site requests here:
I did not know that (I don't know anything about extensions), that is cool and scary haha
I do think we can actually just allow queries and block mutations, by making the endpoint aware that we don't want to use mutations.
This requires more thinking and testing than just my sentence above. I know that we can do stuff to the GraphQL middleware.
If you don't mind the wait, I'll explore more about it in the coming days ^^
I have the dev environment setup locally. Should I make an issue for a read-only graphql solution? I think middleware to block it would be pretty easy
Yeah a ticket would be nice
I thought your extension just redirects to a pre-filled link form. Would that be an option?
I want to make one with a page action that is for submitting any url you may be on but this one is to help arbitrage links between HN and Stacker. You don't want to submit a duplicate so it needs to call the dup check for all the HN post urls. Right now its doing it in batches of 5. Heres my current graphql query
query UrlBatch($url0: String!, $url1: String!, $url2: String!, $url3: String!, $url4: String!) { url0: dupes(url: $url0) { ...DupeInfo } url1: dupes(url: $url1) { ...DupeInfo } url2: dupes(url: $url2) { ...DupeInfo } url3: dupes(url: $url3) { ...DupeInfo } url4: dupes(url: $url4) { ...DupeInfo } } fragment DupeInfo on Item { createdAt commentSats commentCredits credits id ncomments sub { name } sats title updatedAt upvotes url user { name id } }It shows a loading icon while its waiting for the batches of graphql queries to finish
Then if it has results is shows you info about the territory it was submitted to and how many sats its gotten
@ek or @sox might have better ideas than I. They’ve been thinking about authentication more recently.
It's nice for me to wake up and know the truth of this image.
Yes, thank the state, banksters and various cronies for that image.
I agree with you..
hahaha 😂 I certify it
🏷️ Hey it’s Spending Sunday!🏷️ Hey it’s Spending Sunday!
What Have You Bought with Bitcoin this Week?
Bonus sats if you found a killer deal!
Share it at #1037448
Still HODLing!
how about the spend and replace approach?
Why not get rid of all that useless fiat that I have already.it is just getting more and more worthless as time goes on.
Is that the lady from breaking bad?
Which one? I remember two..
The one married to Hank
Betsy? naaa
“Live, seeking God, for there can be no life without God.”
― Leo Tolstoy
A Stoic Resurrection
CoinOS showing errors on my LN withdraws.
Some attempts showed a wait, and then error but were actually delivered, others showed an error (long wait) but were not sent
Day 565 of posting mining earnings from the day before: 606 sats on 12Jul2025!
Running total: 382,835 sats!
Yesterday's comment
Day 566's comment
Day 364 of nut 🌰 dropping 🥜 in the Saloon
cashu:cashuBo2FteCJodHRwczovL21pbnQubWluaWJpdHMuY2FzaC9CaXRjb2luYXVjc2F0YXSBomFpSABQBVDwSUFGYXCCpGFhAWFzeEBhNzgzMTQ0NmU1MDhiZjc1NzY5NmFjZjQ1MDM4MGUwY2I2M2M1YmViYWZhZDM1NjEzODM1MWM1NTc5YTc4NzI0YWNYIQPxgHHERowWio-vjtndEjYRp2Jdbdl7fM8hzV5SnODK_GFko2FlWCDlt226RiuBpeyXjPBhsi1wJj1vmyVD27cNJpidgv57D2FzWCBkw2DF-y5igT_CW9IfKW7WAHw1r3e9LIfGaIBX-OBYyGFyWCAi8h0bFuMz5AoyEVpcHBMF1CFq-jtpumBWN0lvV9-3KqRhYQRhc3hAODEwZmM3MzMxNGU0ODBmZDJkZDM1YTdkNTkxM2I1ZTZiYTU2MmI0OGI2YThlNmM4OWY4NGM1NWMxNTRhNWY5MGFjWCEDmzwMtlXoH3-b9EL0nAtFl2cHiTaInP7NuStU9MTpi7lhZKNhZVggVXybZ0ddA5t1v1-IBnZ7Kl0Fj2gffPEmTgCy1r5IXblhc1gglvxB2RYwUGPMjD-0FSSTPs14-ITSOOmhPksNHVo5nhZhclggZAI-kn-lKq7gu0fqrfoVrY05-9BLPCYrLsuC6Qn6mLk
Want to harvest? Go here to get a Wallet to harvest this nut!
Finally one more day of spam on the saloon 🙌 🤣
Yep tomorrow is the last day!
How are you going to get rid of it?
Happiness Journal 13/7/25
I have been feeling blue since the renovation project. The assorted expenses cost me an arm and a leg, so there is no way I can achieve my financial goals this year. Luckily, every dog has its day, and life decided to give me a break. While watching over my children at the indoor playground, I decided to sort out my finances.
An amazing thing met my eyes when I opened my banking app. What a sight for sore eyes! To my surprise, my previous employer had deposited $1.9k into my account. Since this was money I wasn’t expecting at all, you can imagine how over the moon I was. Being fiscally responsible, I transferred $1k over to my son’s account, feeling as proud as a peacock.
Thank you for sharing your little story, wow, life is surprising and sometimes when you don't think, it leaves you blank and that's what life is like, it's something unexpected.
Howdy! Appreciate the warm welcome. I’ll grab a stool and hang out a bit. Day’s been a mix of chaos and coffee—just the way I like it. Might toss a question or two your way soon, but for now, just glad to be here. Cheers, y’all!