<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: Roguelazer</title><link>https://news.ycombinator.com/user?id=Roguelazer</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sun, 12 Jul 2026 01:18:59 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=Roguelazer" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by Roguelazer in "Hy3"]]></title><description><![CDATA[
<p>Got really excited for a minute that the long-standing [Hy](<a href="https://hylang.org" rel="nofollow">https://hylang.org</a>) project had had a release, but it's just some confusingly-named LLM. Shame.</p>
]]></description><pubDate>Thu, 09 Jul 2026 18:37:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48850505</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=48850505</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48850505</guid></item><item><title><![CDATA[New comment by Roguelazer in "Mad Bugs: Vim vs. Emacs vs. Claude"]]></title><description><![CDATA[
<p>modelines allow you to put a special comment in your file (typically on the first or last line of the file, and [for vim] of the format `# vim: set ts=2:`) to configure a subset of editor settings automatically whenever that file is opened in a buffer. They're very common, especially in codebases where there are lots of different styles in different files. Many editors (e.g., Zed (as of <a href="https://github.com/zed-industries/zed/pull/49267" rel="nofollow">https://github.com/zed-industries/zed/pull/49267</a>)) support vim and/or emacs's syntaxes for modelines.<p>Modelines were disabled by default for security reasons for a long time. It's kind of wild to me that they're enabled in some distributions, but there still isn't much restriction on what settings can be configured; I've never seen a modeline in the wild that did anything other than set `filetype`, `fileencoding`, `tabwidth`, `expandtab` (hard tabs vs spaces), and maybe `tabstop` / `softtabstop`.</p>
]]></description><pubDate>Wed, 01 Apr 2026 06:53:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=47597730</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=47597730</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47597730</guid></item><item><title><![CDATA[New comment by Roguelazer in "Grief and the AI split"]]></title><description><![CDATA[
<p>The important thing to remember is that for a large number of people (in the US), "work" is a place where they do things that they hate for eight hours a day, for people they hate (surveys routinely show between 40% and 60% of people are "satisfied" with their jobs). Those of us who are in the tech industry because we like actually programming computers (the "craft-lovers", in the parlance of this blog post) have been lucky enough to have jobs where where we get to actually do something we enjoy (even if it's intermingled with meetings and JIRA). If AI slop really is the future and programming becomes as rare of a job as hand-building wood furniture, then most of us are going to be living the normal experience of capitalism in a way that we are probably not well-prepared for.<p>Personally, I have noticed that I still produce substantially more and better code than the people at my company spending all day writing prompts, so I'm not too worried yet, but it seems plausible at some point that a machine that stole every piece of software ever written will be able to reliably turn a few hundred watt-hours of of electricity into a hallucination-free PR.</p>
]]></description><pubDate>Thu, 12 Mar 2026 23:47:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=47358892</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=47358892</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47358892</guid></item><item><title><![CDATA[New comment by Roguelazer in "Grief and the AI split"]]></title><description><![CDATA[
<p>That's absolutely not true. The places that have embraced "agentic engineering" are mostly garbage factories, and lots of places, including plenty of startups and fast-moving companies are staying off of this trend. I recognize that most of the people on this site are just trying to self-promote for their own gig, but the level of misinformation is sometimes just staggering.</p>
]]></description><pubDate>Thu, 12 Mar 2026 23:35:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=47358780</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=47358780</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47358780</guid></item><item><title><![CDATA[New comment by Roguelazer in "How we automated federal retirements"]]></title><description><![CDATA[
<p>So what's going to happen in 3 years after these startup bros have left government, none of the frameworks they're using are supported any more, and nobody in the office that they parachuted into is trained to maintain whatever spaghetti they crapped out over three months of all-nighters? There's a reason that we don't build critical infrastructure by giving it to some guy whose entire accomplishments are "working at Airbnb for 10 years"</p>
]]></description><pubDate>Sat, 27 Dec 2025 17:06:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=46403205</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=46403205</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46403205</guid></item><item><title><![CDATA[New comment by Roguelazer in "Email verification protocol"]]></title><description><![CDATA[
<p>DCR <i>is</i> cool, but I haven't seen anyone roll it out. I know it has to be enabled per-tenant in Okta and Azure (which nobody does), and I don't think Google Workspace supports it at all yet. It's a shame that OIDC spent so long and got so much market-share tied to OAuth client secrets, especially since classic OpenID had no such configuration step.</p>
]]></description><pubDate>Sun, 09 Nov 2025 21:04:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=45869166</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=45869166</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45869166</guid></item><item><title><![CDATA[New comment by Roguelazer in "Show HN: Small Transfers – charge from 0.000001 USD per request for your SaaS"]]></title><description><![CDATA[
<p>Some API questions/observations<p>- I don't see an idempotency key in the request to authorize a charge; that might be something nice for people looking to build reliable systems on this.
- How long are accessTokens valid? Forever? Do they become invalid if the subject metadata (firstName, lastName, email) changes?<p>I think this is a super-cool idea, but I think the idea of extending net30 terms to every customer of some B2C product seems pretty iffy; since you're deferring charging until the end of the month, you won't get most of the fraud signals from Stripe until then and anything popular that used this system seems like it'd be pretty inundated with fraud. I would at least consider doing the charges more frequently (i.e., charge at the end of the month <i>or</i> every $50, whichever comes first) to put a better bound on how long you can go before finding out that someone gave you a stolen card.</p>
]]></description><pubDate>Thu, 11 Sep 2025 23:03:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=45216996</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=45216996</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45216996</guid></item><item><title><![CDATA[New comment by Roguelazer in "The origin story of merge queues"]]></title><description><![CDATA[
<p>I think this is ignoring a <i>lot</i> of prior art. Our deploys at Yelp in roughly 2010 worked this way -- you flagged a branch as ready to land, a system (`pushmaster` aka `pushhamster`) verified that it passed tests and then did an octopus merge of a bunch of branches, verified that <i>that</i> passed tests, deployed it, and then landed the whole thing to master after it was happy on staging. And this wasn't novel at Yelp; we inherited the practice from PayPal, so my guess is that most companies that care at all about release engineering have been doing it this way for decades and it was just a big regression when people stopped having professional release management teams and started just cowboy pushing to `master` / `main` on github some time in the mid 2010's.</p>
]]></description><pubDate>Wed, 10 Sep 2025 17:24:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=45200897</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=45200897</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45200897</guid></item><item><title><![CDATA[New comment by Roguelazer in "We all dodged a bullet"]]></title><description><![CDATA[
<p>For most users, that'll just result in them going to Google, searching for the name of your business, and then clicking the first link blindly. At that point you're trusting that there's no malicious actors squatting on your business name's keyword -- and if you're at all an interesting target, there's <i>definitely</i> malvertising targeting you.<p>The only real solution is to have domain-bound identities like passkeys.</p>
]]></description><pubDate>Tue, 09 Sep 2025 20:41:22 +0000</pubDate><link>https://news.ycombinator.com/item?id=45188667</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=45188667</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45188667</guid></item><item><title><![CDATA[New comment by Roguelazer in "Web fingerprinting is worse than I thought (2023)"]]></title><description><![CDATA[
<p>It's really "cool" when you get vendors like 6sense that combine browser fingerprinting with semi-licit data brokers to do full deanonymization of visitor traffic. Why bother doing marketing when you can just get a report of the name, email address, mailing address, and creditworthiness of every person who's visited your website?<p>I've seen people argue with a straight face that these tools and their reports don't run afoul of GDPR/CCPA because they don't involve information that a user gave you on purpose, so it's not protected. Ghouls, all of them.</p>
]]></description><pubDate>Thu, 24 Jul 2025 13:48:28 +0000</pubDate><link>https://news.ycombinator.com/item?id=44670651</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=44670651</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44670651</guid></item><item><title><![CDATA[New comment by Roguelazer in "The death of partying in the USA"]]></title><description><![CDATA[
<p>It does seem like there's something wrong with that data; I find it somewhat implausible that the average parent was only caring for their child for 1.7 hours a day in 1985; even if you assume that all of the tween and teens were free-range and only got an hour or two of parenting a day, little kids have always required nonstop attention to make sure that they're not actively dying.<p>Although... the infant mortality rate in the US has dropped by more than 50% since 1985, so who knows...</p>
]]></description><pubDate>Thu, 10 Jul 2025 14:33:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=44521561</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=44521561</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44521561</guid></item><item><title><![CDATA[New comment by Roguelazer in "The death of partying in the USA"]]></title><description><![CDATA[
<p>I mean, ~90M people live in one of the top 10 metro areas, which is about ¼ of the country. Not sure that I'd necessarily call that an "exception".</p>
]]></description><pubDate>Thu, 10 Jul 2025 14:08:38 +0000</pubDate><link>https://news.ycombinator.com/item?id=44521287</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=44521287</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44521287</guid></item><item><title><![CDATA[New comment by Roguelazer in "PWM flicker: Invisible light that's harming our health?"]]></title><description><![CDATA[
<p>> *Up to 15–50% slower decision-making in offices with high flicker (and high CO₂)<p>just throws me right off the argument in an article when the fine print notes that a cited study is confounding the thing the author cares about ("sensitivty to flicker") with a much simpler and better-understood explanation (CO₂ poisoning)</p>
]]></description><pubDate>Wed, 18 Jun 2025 23:00:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=44314007</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=44314007</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44314007</guid></item><item><title><![CDATA[New comment by Roguelazer in "AirBorne: Wormable zero-click remote code execution (RCE) in AirPlay protocol"]]></title><description><![CDATA[
<p>Running a parser for a network protocol as root seems like a pretty unnecessarily dumb thing to do. I can't really imagine why any part of airplay would need to run as root; maybe something to do with DRM? Although the DRM daemon `fairplayd` runs as a limited-privilege user `_fpsd`, so maybe not. So bizarre that Apple makes all these cool systems to sandbox code, and creates dozens of privilege-separated users on macOS, and then runs an HTTP server doing plists parsing as an unsandboxed root process.</p>
]]></description><pubDate>Wed, 30 Apr 2025 00:36:22 +0000</pubDate><link>https://news.ycombinator.com/item?id=43839830</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=43839830</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43839830</guid></item><item><title><![CDATA[New comment by Roguelazer in "Street address errors in Google Maps"]]></title><description><![CDATA[
<p>It's been a bit more than that; about four years ago they started using machine-analyzed satellite photos to override street geometry in my neighborhood and decided that a parking lot is a through street; since then, nobody who uses Google Maps can get to my house because Google Maps directs them to drive down that parking lot (which has a brick wall in it and is not a through street). I've filed this as a data issue maybe a half-dozen times and it gets fixed and then breaks again a couple of months later in the exact same way. Drives me crazy. OpenStreetMaps and Apple Maps are both correct.</p>
]]></description><pubDate>Fri, 25 Apr 2025 00:40:09 +0000</pubDate><link>https://news.ycombinator.com/item?id=43789068</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=43789068</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43789068</guid></item><item><title><![CDATA[New comment by Roguelazer in "LA wildfires force thousands to evacuate, NASA JPL closed"]]></title><description><![CDATA[
<p>As I understand it, no. Most counties require that you have an EMT license to be a firefighter, and many people with conviction histories are barred from getting EMT licenses (Title 22 § 100214.3(c)). There was a bill a few years ago that allowed CalFire specifically to hire people as firefighters with an alternate credential that doesn't have a blanket-ban on people with conviction histories.</p>
]]></description><pubDate>Wed, 08 Jan 2025 23:55:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=42639956</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=42639956</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42639956</guid></item><item><title><![CDATA[New comment by Roguelazer in "Ruby-SAML pwned by XML signature wrapping attacks"]]></title><description><![CDATA[
<p>I'm optimistic SAML will be dead soon. ActiveDirectory/EntraID/whatever Microsoft wants to call it now supports OpenID Connect. Okta, OneLogin, Google, and all the other post-turn-of-the-millenium IdPs support OIDC. Shibboleth is the last major IdP I know if that is SAML-only, and I haven't seen anyone using it in like 10  years. When I built enterprise SSO for my current company, we went OIDC-only and we haven't had a single customer who needed SAML.</p>
]]></description><pubDate>Wed, 18 Sep 2024 23:33:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=41586778</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=41586778</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41586778</guid></item><item><title><![CDATA[New comment by Roguelazer in "Ask HN: Fast data structures for disjoint intervals?"]]></title><description><![CDATA[
<p>This is the same problem as `malloc`, right?<p>I imagine the answer depends on exactly what queries you need. If you have a bunch of different standard event sizes, then managing multiple different sorted freelists for the next open 1 hour slot, the next open 3 hour slot, etc might work. If you need high concurrency and "next available slot" is allowed to be fuzzy, then managing four distinct "event heaps" and parallelizing across them might work.</p>
]]></description><pubDate>Tue, 23 Jul 2024 14:40:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=41046453</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=41046453</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41046453</guid></item><item><title><![CDATA[New comment by Roguelazer in "Why SMBs Don't Deploy SSO"]]></title><description><![CDATA[
<p>Missing one of the key reasons: most SMBs are sharing seats (usually in violation of the license terms for the products they're using), which is rather harder with good SSO products. Per seat licensing for b2b products is lucrative, but carries the risk that you're just pushing your customers to share passwords, which is usually way worse for security.</p>
]]></description><pubDate>Fri, 21 Jun 2024 19:09:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=40752642</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=40752642</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40752642</guid></item><item><title><![CDATA[New comment by Roguelazer in "Cloudy with a Chance of Insanity: Unsticking iCloud Drive"]]></title><description><![CDATA[
<p>I love that they named the cloud document sync daemon `bird`; people who've been using Apple's cloud services for a while may remember that MobileMe had a "Back to my Mac" feature which worked by creating a 6to4 tunnel and running the <i>other</i> bird daemon (BIRD Internet Routing Daemon) to manage routing. I wonder if there are any versions of macOS that ever had to have both bird daemons running at the same time?</p>
]]></description><pubDate>Fri, 13 Oct 2023 23:47:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=37876813</link><dc:creator>Roguelazer</dc:creator><comments>https://news.ycombinator.com/item?id=37876813</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=37876813</guid></item></channel></rss>