Streaming live video as a macOS screensaver using AVFoundation and yt-dlp
I built this to play live HLS streams as a screensaver on macOS. It supports both direct .m3u8 URLs and YouTubelinks (via yt-dlp extraction with caching).The interesting bits:Cross-screen synchronization: All displays show the same frame of the video by syncing to a shared timestamp,making it feel like one continuous stream across monitorsHandles the unreliable macOS screensaver lifecycle (stopAnimation doesn't always get called when dismissed, so Iadded system idle time detection to exit properly)Caches yt-dlp extracted URLs with expiration timestamp parsing to avoid re-extraction on every launchIncludes stall detection and exponential backoff retry logic for flaky streamsWritten in Swift using AVFoundation. The hardest part was dealing with macOS screensaver framework quirks -processes would stick around after dismissal until I added explicit idle detection using CGEventSource.MIT licensed. Would appreciate any feedback on the approach or edge cases I might have missed.Comments
via github.com by hauxir
I built this to play live HLS streams as a screensaver on macOS. It supports both direct .m3u8 URLs and YouTubelinks (via yt-dlp extraction with caching).The interesting bits:Cross-screen synchronization: All displays show the same frame of the video by syncing to a shared timestamp,making it feel like one continuous stream across monitorsHandles the unreliable macOS screensaver lifecycle (stopAnimation doesn't always get called when dismissed, so Iadded system idle time detection to exit properly)Caches yt-dlp extracted URLs with expiration timestamp parsing to avoid re-extraction on every launchIncludes stall detection and exponential backoff retry logic for flaky streamsWritten in Swift using AVFoundation. The hardest part was dealing with macOS screensaver framework quirks -processes would stick around after dismissal until I added explicit idle detection using CGEventSource.MIT licensed. Would appreciate any feedback on the approach or edge cases I might have missed.Comments
via github.com by hauxir
GitHub
GitHub - hauxir/macos-live-screensaver: Use live streams as screensavers/lock screens on MacOS
Use live streams as screensavers/lock screens on MacOS - hauxir/macos-live-screensaver
TARmageddon (CVE-2025-62518) highlights the challenges of open source abandonware
Comments
via edera.dev via jmillikin
Comments
via edera.dev via jmillikin
Edera
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog
Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.
What’s the problem with pipe-curl-into-sh?
You’ve seen it : many popular tools will have a one-liner homepage with something along the lines of
via by ecco
You’ve seen it : many popular tools will have a one-liner homepage with something along the lines of
curl https://fancy.tool/install.sh | /bin/shAnd inevitably people will comment on how unsafe this is.I don’t get it. How is it any more unsafe than cloning a repo and building and running its code/via by ecco
lobste.rs
What’s the problem with pipe-curl-into-sh?
0 comments