Hacker News: Thom2000

HardenedBSD Migrates to Radicle

Thom2000 — Mon, 01 Jun 2026 19:01:44 +0000

Article URL: https://hardenedbsd.org/article/shawn-webb/2026-06-01/hardenedbsd-may-2026-status-report

Comments URL: https://news.ycombinator.com/item?id=48361145

Points: 5

# Comments: 0

New comment by Thom2000 in "Nitpicking the shell history scene in 'Tron: Legacy'"

Thom2000 — Fri, 29 May 2026 06:46:06 +0000

> The artist, JT Nimoy, was an Emacs user but still thought it would be fun to set up a dichotomy--some fun details on this blog

I don't see any details about setting up a dichotomy in that article (just that the author was a happy Emacs user). Or maybe that was in that HN meetup you mention?

New comment by Thom2000 in "GitHub is sinking"

Thom2000 — Sun, 10 May 2026 19:20:33 +0000

Github still doesn't support SHA-256 git repos (https://github.com/orgs/community/discussions/12490) even though their competitors (Gitlab, Codeberg) have that for ages now.

New comment by Thom2000 in "SSH certificates: the better SSH experience"

Thom2000 — Fri, 03 Apr 2026 13:30:23 +0000

Sadly services such as Github don't support these so it's mostly good for internal infrastructure.

A year of work on the ALPM project

Thom2000 — Sat, 10 Jan 2026 10:34:21 +0000

Article URL: https://devblog.archlinux.page/2026/a-year-of-work-on-the-alpm-project/

Comments URL: https://news.ycombinator.com/item?id=46564508

Points: 2

# Comments: 0

New comment by Thom2000 in "Building a Transparent Keyserver"

Thom2000 — Fri, 19 Dec 2025 20:40:19 +0000

> PGP supports RSA. That's enough reason to avoid it.

I hate to break the narrative but age also supports RSA, for SSH compat:

https://man.archlinux.org/man/age.1#SSH_keys

New comment by Thom2000 in "Building a Transparent Keyserver"

Thom2000 — Fri, 19 Dec 2025 16:29:43 +0000

I wonder if they think of a deeper integration of this into the age binary. Currently the invocation looks extremely ugly:

    age -r $(go run filippo.io/torchwood/cmd/age-keylookup@main joe@example.com)

New comment by Thom2000 in "Show HN: Firm, a text-based work management system"

Thom2000 — Wed, 15 Oct 2025 17:54:48 +0000

> My biggest hurdle was getting it to export to a nice looking PDF that could be emailed or printed later.

If you can export to structured data such as JSON, I guess Typst would be a perfect fit for that job.

New comment by Thom2000 in "Pwning the Nix ecosystem"

Thom2000 — Wed, 15 Oct 2025 17:44:55 +0000

Exactly!

Bearer tokens should be replaced with schemes based on signing and the private keys should never be directly exposed (if they are there's no difference between them and a bearer token). Signing agents do just that. Github's API is based on HTTP but mutual TLS authentication with a signing agent should be sufficient.

New comment by Thom2000 in "Working pipe operator today in pure JavaScript"

Thom2000 — Thu, 09 Oct 2025 05:27:05 +0000

FWIW it's possible to run readme examples automatically add part of tests: https://github.com/parallaxsecond/rust-cryptoki/blob/main/cr...

New comment by Thom2000 in "Modern messaging: Running your own XMPP server"

Thom2000 — Mon, 06 Oct 2025 16:22:18 +0000

You don't need any third party modules and can proxy based on ALPN (https://wiki.xmpp.org/web/Tech_pages/XEP-0368#nginx) thus running everything on port 443. Note that ALPN is not encrypted AFAIK but public wifi services don't care.

New comment by Thom2000 in "NSA and IETF: Can an attacker purchase standardization of weakened cryptography?"

Thom2000 — Sun, 05 Oct 2025 06:03:08 +0000

It's hard to answer your question without repeating the arguments made in the post itself.

Are you implying that djb blew the matter out of proportion?

New comment by Thom2000 in "Modern CI is too complex and misdirected (2021)"

Thom2000 — Wed, 20 Aug 2025 09:38:53 +0000

I've used dynamic pipelines. They work quite well, with two caveats: now your build process is two step and slower. And there are implementation bugs on Gitlab's side: https://gitlab.com/groups/gitlab-org/-/epics/8205

FWIW Github also allows creating CI definitions dynamically.

New comment by Thom2000 in "Comptime.ts: compile-time expressions for TypeScript"

Thom2000 — Wed, 06 Aug 2025 20:04:40 +0000

Interesting. I've never seen the import-with syntax, though and it's hard to find any documentation on it. Is this a syntax extension?

New comment by Thom2000 in "C++26 Reflections adventures and compile-time UML"

Thom2000 — Sun, 03 Aug 2025 13:52:51 +0000

Sadly, Rust proc macros operate on tokens and any serious macro implementation needs third-party crates.

Compile-time reflection, with good, built in API, akin to C# Roslyn would be a real boon.

New comment by Thom2000 in "JSON5 – JSON for Humans"

Thom2000 — Mon, 09 Dec 2024 14:39:06 +0000

"comment" may be relevant to the object. Maybe using "_" for the whole object comment would be safer?

New comment by Thom2000 in "Engineering with Enclaves"

Thom2000 — Tue, 04 Apr 2023 14:03:23 +0000

That clarifies some matters - thanks!

New comment by Thom2000 in "Engineering with Enclaves"

Thom2000 — Tue, 04 Apr 2023 13:13:24 +0000

It seems like everything you have described could be done with TPM: creating a signing key for TLS mutual authentication (against the secret store) with policy that allows using that key only if system configuration did not change (PCR values stay consistent). Additionally TPMs allow remote attestation (via quotes and endorsement keys).

So I'm wondering what's the advantage of Nitro Enclaves? Better out of the box tooling?