Hacker News: tptacek threads

New comment by tptacek in "Why TUIs are back"

tptacek — Mon, 04 May 2026 04:36:23 +0000

Sure, I hear this (with current models). But consider the UX complexity of a typical TUI. Even with a TUI framework, you end up with serious coding lifts just to get things that the all the current native UI frameworks give you for free.

New comment by tptacek in "Why TUIs are back"

tptacek — Mon, 04 May 2026 03:38:39 +0000

If you think it’s all a house of cards, obviously none of my arguments hold. I’m not going to hedge that every time I write anything that intersects with AI though.

New comment by tptacek in "Why TUIs Are Back"

tptacek — Sun, 03 May 2026 23:32:20 +0000

Every time I read a comment like this, I flash to the episode of the Office where Michael steals one of Dwight's clients while Dwight is on the phone with him in the car. He pitches the client, and Dwight screams into his phone "ARE YOU SAYING YOU INVENTED PAPER?!"

No, friend-o, I'm not saying htop and emacs are show-off projects --- though everyone I know who uses Emacs (myself included) uses graphical emacs.

My point is that most developer tooling is CLI, not TUI; most developer tools are shop jigs, not packaged tools. Though most of the packaged tools: also CLIs!

All of them can very quickly be made into native UIs, though.

You'll get further on HN not calling people "very dishonest".

New comment by tptacek in "Why TUIs are back"

tptacek — Sun, 03 May 2026 22:05:44 +0000

Yes. Developers are conditioned to expect the only convenient answer is a TUI (actually, a CLI; TUIs are show-off projects most of the time) and, if you really want to go all out, Electron. That's not the case anymore.

New comment by tptacek in "Security through obscurity is not bad"

tptacek — Sun, 03 May 2026 22:00:05 +0000

Everybody trying to discuss this gets the framing wrong. Obscurity isn't "bad" or "good". It's not "not" security. Security in the real-world sense is about risk. It fixes an adversary and then applies costs to them. Obscurity changes costs (usually by raising them for the adversary).

Depending on the setting and the adversary, obscurity measures can raise costs by a material or immaterial amount.

Obscurity measures usually also impose costs on defenders (and, transitively, on the intended users of the system). Those costs are different than they are for adversaries (usually: substantially lower). They might or might not be material.

Your general goal is to asymmetrically raise costs on the adversary.

Seen that way, it's usually pretty easy to reason about whether obscurity is worth pursuing or not. Don't do it if it doesn't materially raise costs for attackers, or, even if it does, if it doesn't raise costs way less for defenders and users.

What trips people up in forums like this is that we're used to dealing with security problems framed in settings where we can impose \infty costs on attackers: foreclosing all known avenues of attack (to something like a mathematical certainty, and stipulating that computer science discoveries may change the cost function tomorrow). In those settings, all obscurity measures have relatively immaterial attacker costs associated. But it's still the same underlying problem! And, in the real world, we're actually rarely operating in model situations where we really can impose \infty costs on attackers.

New comment by tptacek in "Why TUIs Are Back"

tptacek — Sun, 03 May 2026 21:46:06 +0000

I do get that, but developers like native UI too. You can tell by how much we gripe about Electron!

New comment by tptacek in "Why TUIs are back"

tptacek — Sun, 03 May 2026 20:32:57 +0000

What does it matter how fragmented the platforms are? I feel like this isn't sinking in with people. I was chatting with a friend last night about a SwiftUI app that I'd built and he'd pitched in on. He then reimplemented --- didn't port it, reimplemented it, for WinUI, that night, with just a couple prompts.

I am, in a proverbial sense, buying puts on Electron.

New comment by tptacek in "Why TUIs are back"

tptacek — Sun, 03 May 2026 19:43:58 +0000

The tide is going to turn on this in the second half of 2026. There have always been nerds who just love TUIs, and still read their email in Mutt. But I think the subtext of this article is right, that TUIs are back because of how much of a pain UI development is.

But that's changed drastically in the last few months. I spent the weekend doing SwiftUI stuff with Claude, with a lot of success. It's going to get much easier to ship fast, solid, native UIs for things, and native UI is both very fun to build and also attractive to ordinary users.

(Fun green field for doing interesting UI work: do native UI for remote server stuff, like an htop UI that uses some dialect of SSH to fetch remote data.)

I think modern TUIs are a blip. A big, important blip. But a blip. The age of the Orc is over. The time of the Human Interface Guideline has come.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 17:43:17 +0000

People in this thread keep saying reasonable things and then stepping on a rake in their last sentence. No, not "hence bank fraud". The bank fraud charges have nothing to do with what's happening here in this thread. SPLC is alleged to have created pass-through bank accounts under fictitious business identities. Everybody agrees that the thing SPLC was trying to do with those accounts was reasonable (or at least, well publicized and understood). They crossed over the line in trying to (a) improve the optics of what they were doing and (b) retaining a single major banking relationship instead of shopping for whatever bank would let them transfer money to the Grand Kloobah of the Kloo Klux Klan or whatever.

New comment by tptacek in "A network smuggling Starlink tech into Iran to beat internet blackout"

tptacek — Sun, 03 May 2026 17:40:49 +0000

I'm not interested in whatever it was you were debating. You referred to Arab countries, someone said (correctly) Iran isn't Arab, you said "I understand it's not an Arab monarchy", and I was moved to point out it's not an Arab anything. I'm not a party to whatever other debate you believe is happening here.

New comment by tptacek in "A network smuggling Starlink tech into Iran to beat internet blackout"

tptacek — Sun, 03 May 2026 04:27:47 +0000

It's not an Arab country at all. Iranians are Persian, not Arab. Iran is low-key at war with most of the gulf Arab states.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 04:16:43 +0000

It's the opposite: elected or not, governments are strictly limited in their ability to do anything like what SPLC did, because they are bound by the Constitution. Private entities are not; they're free to associate, advocate, and advocate for associations or disassociations, generally however they'd like.

New comment by tptacek in "The agent harness belongs outside the sandbox"

tptacek — Sun, 03 May 2026 04:09:44 +0000

The post is explicit about what they mean by sandboxing and what the tradeoffs are for the model they're discussing.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 03:33:11 +0000

No it isn't. A 501c3 can't participate directly in a campaign. That's it, that's the whole rule. Plenty of 501c3's are nakedly and openly partisan. Center For American Progress is a c3. Heritage is a c3. AEI is a c3. Claremont is a c3.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 03:31:34 +0000

Again, I'm not disputing anything in Patrick's post, and I totally buy SPLC could have stepped over the line in a number of ways, but being a 501c(3) just means you can't directly contribute to campaigns. You can do as much partisan advocacy as you want. There is absolutely no requirement that a 501c(3) be non-partisan; they just can't participate in campaigns.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 02:17:21 +0000

If that was a response to my comment I think you need to read it slightly more carefully.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 01:41:05 +0000

Pesky First Amendment. Freedom of association is a hell of a drug.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 01:23:18 +0000

I've read Patrick's post very carefully and am not disputing it, just the comment upthread, and then only as a nudge.

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 00:40:56 +0000

You're trying to axiomatically derive election law here. Every word in the statute matters. It is very probably perfectly lawful for SPLC to work to censor ideologies, even up to the point where those ideologies are coterminous with party definitions. The whole edifice of Citizens United is based on a sharp divide between advocacy and campaign finance; the argument you're putting forward is disfavored.

(That's not to say SPLC couldn't have fucked up and crossed the line, just that the general description given upthread of what they were doing did not in fact describe a violation of law).

New comment by tptacek in "Notes on a non-profit indicted for bank fraud"

tptacek — Sun, 03 May 2026 00:24:33 +0000

Private actors working hard to censor political adversaries is not necessarily illegal, for what it's worth. You could say it's problematic for other reasons, and if you mesh in with campaign financing you start to face (long shot) bank-shot legal arguments, but generally partisanship is a time-honored American tradition.