Hacker News: Flimm

New comment by Flimm in "Obsidian plugin was abused to deploy a remote access trojan"

Flimm — Mon, 11 May 2026 09:05:03 +0000

In practise, Flatpak packages have many more permissions than you might expect, and the sandbox feature gives a false sense of security. For example, the Obsidian Flatpak package [0] is given all of the following abilities without explicit permission from the user (the user has to know where to look to find out about them):

- Home folder read/write access

- System folder media

- System folder mnt

- Microphone access and audio playback

- And more...

The Obsidian snap [1] is installed with the --classic flag, which also grants access to the whole home directory, but at least you have to consciously specify the --classic flag to grant this permission.

[0] - https://flathub.org/en/apps/md.obsidian.Obsidian

[1] - https://snapcraft.io/obsidian

New comment by Flimm in "Google Cloud Fraud Defence is just WEI repackaged"

Flimm — Fri, 08 May 2026 15:58:11 +0000

I disagree that this kind of scheme is inevitable. We can "evit" it through thoughtful discussion, foresight, alternative mitigations, and even regulation. Certainly, Google can choose to avoid it. On the other hand, the AI bubble will inevitably burst, since compute is not free. I look forward to post-bubble AI.

New comment by Flimm in "How to disable Firefox's new emoji picker"

Flimm — Thu, 30 Apr 2026 11:58:15 +0000

> On GNOME we already have a global shortcut for some emoji picker, I think it's Super + , or something

Actually, on most distros, the default keyboard shortcut for the emoji picker on GNOME/GTK is ctrl-. (same as the Firefox shortcut). This only works on apps that support it. Older Firefox versions did not support GNOME's emoji picker at all, but Firefox 150 supports GNOME's emoji picker using the expected keyboard shortcut.

New comment by Flimm in "Warp is now open-source"

Flimm — Tue, 28 Apr 2026 21:20:37 +0000

The GPL would not have prevented the scenario that the top-level comment complained about. Nothing in the GPL requires rich downstream projects to send money to poor upstream projects. That's by design. The four freedoms that Stallman preaches intentionally permit distributing the software to free riders.

New comment by Flimm in "You don't want long-lived keys"

Flimm — Sat, 25 Apr 2026 09:56:17 +0000

Secrets tend to be randomly-generated tokens, chosen by the server, whereas passwords tend to be chosen by humans, easier to guess, and reused across different services and vendors.

New comment by Flimm in "Highlights from Git 2.54"

Flimm — Thu, 23 Apr 2026 12:52:58 +0000

To clear up any confusion, Git runs pre-commit hooks, and they can be written in any programming language. There's a completely separate and independent project that gave itself the confusing "pre-commit" name, and it is written in Python. This project aims to make it easier to configure pre-commit hooks. An alternative to it is "prek", written in Rust.

New comment by Flimm in "1 kilobyte is precisely 1000 bytes?"

Flimm — Wed, 04 Feb 2026 08:54:13 +0000

Uppercase "B" stands for byte, and lowercase "b" stands for bit. But it's very common for people to miss the distinction, sadly, even professionals are sloppy.

New comment by Flimm in "Total monthly number of StackOverflow questions over time"

Flimm — Sun, 04 Jan 2026 22:52:27 +0000

> "why did you close my question as a duplicate of how to do X with a list? I clearly asked how to do it with a tuple!" (for values of X where you do it the same way.)

This is a great example of a question that should not be closed as a duplicate. Lists are not tuples in Python, regardless of how similar potential answers may be.

New comment by Flimm in "Package managers keep using Git as a database, it never works out"

Flimm — Sun, 28 Dec 2025 06:55:25 +0000

It's less meaningful than you think. Widespread prejudice does give you signal on public sentiment, but it doesn't give you much signal on whether the prejudice happens to coincide with reality or not, compared to other methods. People should be open to having their prejudices corrected by more relevant information.

New comment by Flimm in "Google is 'gradually rolling out' option to change your gmail.com address"

Flimm — Fri, 26 Dec 2025 08:09:47 +0000

Google doesn't allow you to recover a Google account using only your recovery email address. Despite its name, the recovery email address is not used to recover Google accounts AFAICT, it's only used to receive notifications about security-related events.

New comment by Flimm in "Amazon will allow ePub and PDF downloads for DRM-free eBooks"

Flimm — Fri, 19 Dec 2025 12:01:28 +0000

The eBooks in Kobo's store are also locked down with DRM.

New comment by Flimm in "Amazon will allow ePub and PDF downloads for DRM-free eBooks"

Flimm — Fri, 19 Dec 2025 11:38:15 +0000

Can anyone find even one DRM-free ebook on Amazon Kindle?

New comment by Flimm in "Make product worse, get money"

Flimm — Sat, 22 Nov 2025 12:59:44 +0000

Amazon made $56 billion just in advertising revenue in 2024.

New comment by Flimm in "Unicode Footguns in Python"

Flimm — Thu, 06 Nov 2025 06:34:57 +0000

I strongly disagree. Python 2 had no bytes type to get rid of. It had a string type that could not handle code points above U+00FF at all, and could not handle code points above U+007F very well. In addition, Python 2 had a Unicode type, and the types would get automatically converted to each other and/or encoded/decoded, often incorrectly, and sometimes throwing runtime exceptions.

Python 3 introduced the bytes type that you like so much. It sounds like you would enjoy a Python 4 with only a bytes type and no string type, and presumably with a strong convention to only use UTF-8 or with required encoding arguments everywhere.

In both Python 2 and Python 3, you still have to learn how to handle grapheme clusters carefully.

New comment by Flimm in "Liquibase continues to advertise itself as "open source" despite license switch"

Flimm — Thu, 16 Oct 2025 13:07:18 +0000

If you're talking about free-as-in-freedom software, promoted by Richard Stallman and the FSF, then they have always been clear that Free software must not forbid commercial usage or require payment. Vendors are perfectly free to sell copies of Free software if they wish, but the license cannot forbid making copies and derivatives, even for commercial usage. See:

https://www.gnu.org/philosophy/free-sw.en.html#selling

New comment by Flimm in "Python 3.14.0"

Flimm — Wed, 08 Oct 2025 08:36:26 +0000

Does the library handle arguments that begin with a dash?

Does this code print out the contents of the file named `--help`, or does it print the documentation for the `cat` command?

  filename = "--help"
  await sh(t"cat {filename}")

New comment by Flimm in "Python 3.14"

Flimm — Wed, 08 Oct 2025 08:29:22 +0000

If you have uv installed, trying out Python 3.14 is as simple as running this command:

  $ uvx python@3.14
  Python 3.14.0 (main, Oct  7 2025, 15:35:21) [Clang 20.1.4 ] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>>

That was beautifully easy! (Make sure you're on the latest version of uv first (v0.9.0))

New comment by Flimm in "Facebook and Instagram to offer ad-free service in UK for up to £3.99 a month"

Flimm — Fri, 26 Sep 2025 14:28:32 +0000

Even personalised advertising can be done without sharing personal data with 100+ third parties. For example, ask the user to fill out a survey about their interests, and then serve them more personalised ads based on their survey answers, all without sharing personal data with third parties.

New comment by Flimm in "Facebook and Instagram to offer ad-free service in UK for up to £3.99 a month"

Flimm — Fri, 26 Sep 2025 13:14:12 +0000

There are many ways to monetize free online websites. The most obvious way is advertising. Advertising can be privacy-respecting.

The Guardian in particular is funded by a trust fund, by donations, by advertising, and maybe by other sources of revenue as well.

New comment by Flimm in "Facebook and Instagram to offer ad-free service in UK for up to £3.99 a month"

Flimm — Fri, 26 Sep 2025 12:39:47 +0000

This article is on theguardian.com , and it has started to require a paid subscription for all readers who don't want to share their data with 131 third parties. There is no privacy-respecting free option. The paid subscription is £5 per month, and it doesn't eliminate all ads. (This requirement may depend on which country you're in.)