Hacker News: SahAssar

New comment by SahAssar in "Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys"

SahAssar — Tue, 21 Apr 2026 02:15:12 +0000

I'm not sure I understand, but haven't you just moved the problem to the out of band layer? And is that layer not secured using the same normal (somewhat) long-lived TLS as most sites?

I don't think I understand the threat model you are using here?

New comment by SahAssar in "Self-hosted webmail client for JMAP protocol: Email, calendar, contacts, files"

SahAssar — Tue, 21 Apr 2026 01:21:26 +0000

> floated the idea of using Stawart as the "server" implementation of JMAP and using something like mbsync to sync IMAP from their mail provider. And build a client on top of this Stalwart "server."

That really does not seem like a workable solution. It would probably be brittle, require double the storage, require mapping of accounts and and credentials, would not account for caldav/carddav, etc.

If JMAP is to take off we need proper clients, servers and bridges. I'm not sure we even have one proper OSS implementation for each.

New comment by SahAssar in "Migrating from DigitalOcean to Hetzner"

SahAssar — Sat, 18 Apr 2026 21:07:32 +0000

> The key: proxy_ssl_verify off — the new server’s SSL cert is valid for the domain, not for the IP address. Disabling verification here is fine because we control both ends.

Not really, a MITM could do anything here. It's not very likely to happen here, but I think this comment shows a misunderstanding of what certificates and verification does.

New comment by SahAssar in "PiCore - Raspberry Pi Port of Tiny Core Linux"

SahAssar — Sat, 18 Apr 2026 02:33:21 +0000

Is the suggested download a plain http without any signing?

New comment by SahAssar in "Mozilla Thunderbolt"

SahAssar — Fri, 17 Apr 2026 02:17:18 +0000

> Really the EU needs to apologize for those damned cookie popups and invest in a privacy-first browser.

You clearly misunderstand when they are required and how they are legally required to work, the key points (as I take them) that are often misunderstood are:

* They are not about cookies, but any persistent identifier

* If a identifier is needed for your core functionality (ads/tracking is not a core functionality) and not misused for other purposes you do not need consent

* It is required to be as easy to decline as it is to consent

* Not consenting is not allowed to degrade or gate the content

* Even if you consent to tracking/cookies you should be allowed to withdraw that consent

Do you not agree with these points?

New comment by SahAssar in "Claude is getting worse, according to Claude"

SahAssar — Tue, 14 Apr 2026 00:17:26 +0000

Isn't it weird to run an analysis scoped to currently open issues? Of course more recent issues will be more likely to be open right now.

New comment by SahAssar in "We moved Railway's frontend off Next.js. Builds went from 10+ mins to under 2"

SahAssar — Wed, 08 Apr 2026 21:15:30 +0000

Do you have a source for TanStack Router being a newer name for React Router? Doesn't seem like it when looking at the sites for both projects.

Are you thinking of the whole Remix/ReactRouter thing?

New comment by SahAssar in "Adobe modifies hosts file to detect whether Creative Cloud is installed"

SahAssar — Mon, 06 Apr 2026 19:14:57 +0000

This does not request a local/LAN file, it's a remote server but without any DNS entry unless the hosts file entry is present.

New comment by SahAssar in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

SahAssar — Fri, 03 Apr 2026 14:12:04 +0000

I'd assume they mean https://azure.microsoft.com/en-us/products/ai-foundry/models...

New comment by SahAssar in "21,864 Yugoslavian .yu domains"

SahAssar — Sat, 28 Mar 2026 00:45:47 +0000

> The break-up of Yugoslavia was a long, arguably still on-going, process, the final phase of which happened peacefully.

I get that I'm saying this as a outsider, but isn't that a very mild way to describe a civil war and a genocide?

New comment by SahAssar in "Apple Just Lost Me"

SahAssar — Wed, 25 Mar 2026 15:52:35 +0000

"X decides to not use products from Y after longstanding loyalty, because Z"

This is a so generic template that you cannot criticize a post for matching it. It'd be like criticize a story for matching "X happens to Y, leading to Y doing Z which leads to a (happy|unhappy) ending"

New comment by SahAssar in "GitHub appears to be struggling with measly three nines availability"

SahAssar — Tue, 24 Mar 2026 00:30:11 +0000

If something is unfixably broken 1 out of 10 times I use it I will just consider it broken. 1 out of 100 is unreliable but usable.

That goes for most things physical and digital.

New comment by SahAssar in "America tells private firms to “hack back”"

SahAssar — Mon, 23 Mar 2026 23:21:19 +0000

I don't think you are using APT correctly there.

New comment by SahAssar in "Liberated Systemd"

SahAssar — Mon, 23 Mar 2026 23:03:57 +0000

> Do you think it's a good idea for operating systems to comply with 1 or 2 exceptionally retarded state laws? The full name is as far as I know never exposed to websites right?

I think it's a good thing for OS'es to have the capability to comply with laws when it does not impose undue burden on users or developers. This is to avoid there being 40 different forks/patches of a system that would probably be less transparent than having it in the upstream project.

Whether that capability is activated should always be optional. This field is optional.

Regarding this info being exposed to websites is not up to systemd. If for example firefox were to expose this info to websites without my consent I'd support a fork of firefox or stop using firefox.

As long as the info does not leave my computer I feel it is fearmongering to call it mass surveillance.

New comment by SahAssar in "Supply Chain Attack on Trivy"

SahAssar — Sun, 22 Mar 2026 23:48:15 +0000

> avoid using community-maintained actions as far as possible, instead installing and configuring the runners as though I would a normal machine.

A runner and a action are two very different things.

You could run on the default runners with no community actions, and you can run on self-hosted runners with a lot of community actions.

New comment by SahAssar in "Liberated Systemd"

SahAssar — Sun, 22 Mar 2026 23:35:15 +0000

Facts:

There is and has for a long time been a field for full name.

There is now also a field for birthdate.

You are free to fill out neither or either.

Neither have a strong technical reason to be filled.

---

Your position:

You have no problem with the full name, but do have a problem with the birthdate.

You also agree that the field that you have no problem with (full name) is more sensitive than the one you don't (birthdate).

---

Have I summarized the situation correctly?

Do you not see the discrepancy in your position?

New comment by SahAssar in "Liberated Systemd"

SahAssar — Sun, 22 Mar 2026 23:30:03 +0000

The browser also has access to all of your files (at least unless strictly sandboxed). If the browser exposes it to websites isn't that a browser issue instead of a systemd issue?

Like if a browser offered up full unfettered filesystem access without any prompt or consent that'd be a browser issue, not a linux issue, right?

New comment by SahAssar in "iBook Clamshell"

SahAssar — Sun, 22 Mar 2026 22:44:23 +0000

Yeah, that first ibook base model would have been around $3100 today ($1599 then): https://en.wikipedia.org/wiki/IBook#iBook_G3_(%22Clamshell%2...

Laptops used to be a premium product, even on the lower-ish end. I don't think that properly changed in the mass-market until the eee pc, but I might be misremembering.

New comment by SahAssar in "iBook Clamshell"

SahAssar — Sun, 22 Mar 2026 22:37:14 +0000

Yes.

New comment by SahAssar in "Liberated Systemd"

SahAssar — Sat, 21 Mar 2026 14:36:10 +0000

> I leave "Users full name" empty and it's fine.

And you're free to not fill out this field aswell. Full name is probably a lot more unique and sensitive than birthdate