Hacker News: Panino

New comment by Panino in "Help Keep Thunderbird Alive"

Panino — Thu, 09 Apr 2026 18:29:14 +0000

I recently started using Thunderbird for work which uses O365 (horrific service) for mail. I've found that 2FA with O365 to be totally unreliable no matter the client, even using the iOS app.

Does anyone use Thunderbird with Gmail and 2FA, and does it work correctly 100% of the time there?

OpenBSD Copyright Policy

Panino — Sat, 07 Feb 2026 17:27:18 +0000

Article URL: https://www.openbsd.org/policy.html

Comments URL: https://news.ycombinator.com/item?id=46925631

Points: 1

# Comments: 0

New comment by Panino in "Hackers (1995) Animated Experience"

Panino — Fri, 06 Feb 2026 17:49:47 +0000

Watching with a big public group of people you mostly don't know but maybe should is a special experience. This may depend on region, but in the US there used to be frequent midnight openings for superfans like myself. People dress up in costumes, local shops hand out prizes and it's an event. Saw Phantom Menace this way, LOTR, Watchmen, and maybe others, but I haven't seen a midnight opening offered in years. Maybe the theater managers are swimming in the pool on the roof.

New comment by Panino in "Tesla unsupervised Robotaxis are nowhere to be found"

Panino — Sun, 25 Jan 2026 02:13:58 +0000

https://en.wikipedia.org/wiki/Greater_fool_theory

New comment by Panino in "Analysis finds anytime electricity from solar available as battery costs plummet"

Panino — Sat, 13 Dec 2025 18:13:16 +0000

Why would you think that? Solar and wind are both far cheaper than fossil fuels even ignoring the problems caused by coal and methane.

https://en.wikipedia.org/wiki/Cost_of_electricity_by_source

New comment by Panino in "Linux Instal Fest Belgrade"

Panino — Sat, 06 Dec 2025 19:47:56 +0000

I've been thinking a lot about organizing an installfest sometime in the next year or so, which would be my first time in over 20 years. To anyone with current experience running one, do you have any advice?

I'm also interested in smartphone operating systems like Ubuntu Touch and postmarketOS etc.

New comment by Panino in "Tell HN: iOS 18.7.2 in Lockdown Mode is unable to load many websites"

Panino — Sat, 06 Dec 2025 19:34:08 +0000

Thank you for posting this - I had to disable Lockdown Mode because of this issue.

Funding: The rpki-client project needs your help

Panino — Sun, 30 Nov 2025 16:30:48 +0000

Article URL: https://www.rpki-client.org/funding.html

Comments URL: https://news.ycombinator.com/item?id=46098007

Points: 1

# Comments: 0

New comment by Panino in "Notes by djb on using Fil-C"

Panino — Sun, 02 Nov 2025 19:13:36 +0000

> Also maybe of interest is that the new cdb subdomain is using pqconnect instead of dnscurve

This is not correct. There isn't a cdb subdomain because cdb.cr.yp.to doesn't have NS records, which is where DNSCurve fits in. If you have a DNSCurve resolver, then your queries for cdb.cr.yp.to will use DNSCurve and will be sent to the yp.to nameservers.

From there, if you have pqconnect, your http(s) connection to cdb.cr.yp.to will happen over pqconnect.

Maybe the confusion is because both DNSCurve and pqconnect encode pubkeys in DNS, but they do different things.

Here is DNSCurve:

  $ dig +short ns yp.to
  uz5jmyqz3gz2bhnuzg0rr0cml9u8pntyhn2jhtqn04yt3sm5h235c1.yp.to.

Here is pqconnect:

  $ dig +short cdb.cr.yp.to
  pq1htvv9k4wkfcmpx6rufjlt1qrr4mnv0dzygx5mlrjdfsxczbnzun055g15fg1.yp.to.
  131.193.32.108

Like CurveCP, pqconnect puts the pubkey into a CNAME.

New comment by Panino in "Let's Help NetBSD Cross the Finish Line Before 2025 Ends"

Panino — Sun, 26 Oct 2025 18:32:05 +0000

In some cases yes, replacing an old machine with a new one can be an evironmentally responsible choice. But in general that's not the case and one should thoughtfully consider the variables including but not limited to software choice, grid carbon cost (see Electricity Maps below), embodied carbon cost of materials, environmental issues of mining and production not strictly related to climate emissions, and more.

Low Tech Magazine wrote an article about this here:

https://solar.lowtechmagazine.com/2020/12/how-and-why-i-stop...

https://app.electricitymaps.com

New comment by Panino in "Apple Reportedly Moving Ahead with Ads in Maps App"

Panino — Sun, 26 Oct 2025 18:07:11 +0000

Apple News is loaded with ads, so this wouldn't surprise me. iOS already has ads.

I just installed Open Street Map (the iOS app is called OsmAnd) and it looks nice! Zoom in/out is much better than on Apple Maps. A quick check of a route I know produced a good map, so I'll start using OSM from now on.

How Big Can Tiny MicroSD Cards Get? Limits, Physics, and the Road Ahead

Panino — Tue, 22 Apr 2025 19:10:50 +0000

Article URL: https://lowendbox.com/blog/how-big-can-tiny-microsd-cards-get-limits-physics-and-the-road-ahead/

Comments URL: https://news.ycombinator.com/item?id=43765281

Points: 1

# Comments: 0

New comment by Panino in "Tesla Sales Fall Off a Cliff Globally, Including Germany, Australia, and China"

Panino — Mon, 10 Mar 2025 00:48:23 +0000

Note that GP used "whilst" which is British English, and previous posts seem Euro-centric and talk about renaming "American football." So it sounds like this person is Europe's problem.

The post had a number of grammatical errors too, so if "whilst" we're at it, should we criticize all of European education? Please don't post low-effort negative nationalism. It's cheap and the subject (the richest person alive is apparently a nazi) is a serious matter.

New comment by Panino in "Humans have caused 1.5 °C of long-term global warming according to new estimates"

Panino — Sun, 17 Nov 2024 19:17:09 +0000

> I was surprised how little it costs to stop climate change.

If you read Drawdown, you'll see that it doesn't cost money to stop climate change, it saves money.

https://drawdown.org/the-book

New comment by Panino in "HardenedBSD Feature Comparison with OpenBSD, FreeBSD, NetBSD"

Panino — Mon, 04 Nov 2024 05:45:21 +0000

> Executable file integrity enforcement

I assume but don't know for sure that this refers to Veriexec in NetBSD, and I'm not sure what in HardenedBSD. Anyone know?

https://man.netbsd.org/veriexec.8

My understanding is that Veriexec isn't enabled by default - the manpage says only that "[s]ome kernels already enable Veriexec by default." If you have this enabled, how do you upgrade binaries? The manpage says that in strict mode 1, write access to monitored binaries is allowed but then access is denied. So I assume that after file modification, root then runs veriexecgen and veriexecctl load as mentioned in the manual to update the signatures list. So it seems that strict level 1 isn't functionally different from a read-only /usr or even just root-owned binaries. In either case, you just need root to update targeted binaries. Surely I'm missing something and would appreciate some insight.

At a glance as an outsider, stricter modes appear somewhat functionally similar to "chflags schg" on BSD systems, where more work is needed to get around restrictions. In the case of schg, you have to reboot into single user mode, remove the schg flag, then modify the binary, and continue booting into multi-user mode. You could do this as a remote attacker (as in not having console access) depending on what boot files are or aren't protected with schg, but modifying all the necessary files can be a source of new problems.

New comment by Panino in "Cryptographic Right Answers: Post Quantum Edition"

Panino — Thu, 15 Aug 2024 15:28:48 +0000

> Pre-shared keys are just inconvenient to handle safely.

You can transfer PSKs safely and easily with OpenSSH 9.0 (released 2022-04-08) or later, which uses sntrup761x25519-sha512@openssh.com as the default key exchange method.

New comment by Panino in "By harnessing wind power, high-tech sails can help cut marine pollution"

Panino — Sun, 09 Jun 2024 04:48:01 +0000

> The ships in service show a reduction in fuel consumption, and thus a similar drop in emissions, of between 5% and 25%, says Tuomas Riski, the firm’s outgoing ceo. Each rotor costs around €1m, which he says can be repaid in fuel savings over three to ten years.

> After six months at sea the WindWings have cut fuel consumption by about 15%, although the company reckons three sails could cut average fuel use by 30% or more.

> Oceanbird reckons the sails could deliver 50-60% lower emissions compared with conventional vehicle-carriers.

> Airseas tested a Seawing last year on a k Line cargo ship. They are expected to reduce carbon-dioxide emissions by some 20%, says k Line.

These are consistently good results across a range of carriers. If the industry moved to these sails, the aggregate emissions drop would be significant.

New comment by Panino in "OpenBSD 7.5"

Panino — Fri, 05 Apr 2024 21:38:46 +0000

Yes, I run -current so I update packages frequently.

After tedu's comment here I installed 7.5 in a VM and could build and run my Go software in it successfully, so I figured there were some Go build or config files or something somewhere getting in the way. I pkg_delete'd go, removed every Go build/config file I could find, and re-added Go with pkg_add. Now I can build apps with the previously mentioned modules; everything works fine now.

Thank you for the responses. :-)

New comment by Panino in "OpenBSD 7.5"

Panino — Fri, 05 Apr 2024 04:18:55 +0000

I'm currently switching my Go code to Rust in part because of the syscall related Go trouble:

> Users of syscall(2), such as Perl and the Go programming language were converted to use the libc functions.

I think the following may still need to be converted:

  * unix.Pledge from golang.org/x/sys/unix
  * unix.Unveil from golang.org/x/sys/unix
  * terminal.ReadPassword from golang.org/x/crypto/ssh/terminal

New comment by Panino in "Xz: Can you spot the single character that disabled Linux landlock?"

Panino — Sun, 31 Mar 2024 20:00:05 +0000

> If you have a security feature for example, which uses the pledge() syscall on OpenBSD, but you can only use that feature on OpenBSD systems, you have two choices:

Just in case, I want to note that pledge(2) and unveil(2) are also supported by SerenityOS, so checking only for an OpenBSD target is insufficent.

https://awesomekling.github.io/pledge-and-unveil-in-Serenity...

Pledge and unveil in SerenityOS, combined with the planned move to memory safety, will be a powerful combination.