Hacker News: Wicher

New comment by Wicher in "European digital ID wallets rely on safety services of Google and Apple"

Wicher — Tue, 30 Jun 2026 19:12:08 +0000

This is kind of already the case on Android.

If you've installed RealActualBankApp (with the ID of real.actual.bank.app) once (from whatever source!) then there cannot be another app installed with that same id but signed with a different public key (oversimplified version of the story, there is a key rollover scheme).

You can however install an imposter app that's also called RealActualBankApp, with the same icon. It'll need to go by a different ID.

So then we're down to the same problem, or pseudo-problem, of identity confusion, as we have for banking website URLs. Where is the ID/URL shown, and does the user know that it should be mybank.com and not mybank-incorporated.com ?

New comment by Wicher in "Canyon HUD helmet for road riding"

Wicher — Tue, 23 Jun 2026 10:03:55 +0000

Wear on the chain is greatly increased though on a 1x12 versus a 2x10, because of alignment.

Tolerances on a 1x setup are also much tighter, not ideal for long distance cycletrekking adventures.

Also, with a front derailer, dropping the chain to a smaller cog in the front to get to a lighter gear results in much happier shifting than having to lift the chain to a larger cog on the rear derailer when going uphill.

When MTB racing you can really get some advantage out of shifting combination discipline using a front derailer, when going from a downhill into an uphill.

I'm sad it's hard to find a 2x setup on new bicycles nowadays :-/

New comment by Wicher in "Canyon HUD helmet for road riding"

Wicher — Tue, 23 Jun 2026 09:43:57 +0000

Hmmmmm, a visor? I suppose it'll get steamed up pretty easily when hillclimbing on a cold damp morning.

New comment by Wicher in "The user is visibly frustrated"

Wicher — Wed, 27 May 2026 01:19:07 +0000

> "The victim" of using a certain operating system? Please.

Perhaps "victim" in the sense of not having much choice/agency? Neither in the choice of operating system (due to sparsely restrained anticompetitive behaviour of incumbents over decades) nor in how they're treated (entrapped) by the operating systems. The OSes are really POS (point of sale) terminals for media and cloud services.

Thus consider most operating system users aren't really users. They're "usees", they're being used. One could surmise that the Microsoft/Apple/Google shareholders are the real users of the operating systems.

If you'd left the commercial OS world in the Win2K/OSX 10.4 era for, say, Gentoo Linux, and would come back now to look over someone's shoulder while they're using (or rather, being used by) their operating systems, you could be forgiven for coming away with the impression that some kind of authority inversion has taken place in the meantime.

Living with Class

Wicher — Sat, 16 May 2026 22:36:59 +0000

Article URL: https://philosophersmag.com/living-with-class/

Comments URL: https://news.ycombinator.com/item?id=48164366

Points: 2

# Comments: 0

New comment by Wicher in "Hardware Attestation as Monopoly Enabler"

Wicher — Mon, 11 May 2026 03:59:16 +0000

Thanks, I wrote them. I'm curious as to what will come of it.

New comment by Wicher in "Pgrx: Build Postgres Extensions with Rust"

Wicher — Tue, 28 Apr 2026 08:51:44 +0000

Or rather – one of the downsides of many hosted Postgres installs, notably AWS RDS, is that you're not able to use the extensions you want.

New comment by Wicher in "Keycard – inject API keys into subprocesses, never touch shell env"

Wicher — Thu, 16 Apr 2026 02:49:55 +0000

Yeah, so, it's not injecting? To inject something into X, X needs to exist. X does not exist yet when execve is set up.

I'm not being pedantic. I just want to read about injection when I'm promised injection :-) because that'd be technically interesting for me. Plainly calling execve isn't so much, I have the manpage here already :-)

New comment by Wicher in "Keycard – inject API keys into subprocesses, never touch shell env"

Wicher — Thu, 16 Apr 2026 02:40:32 +0000

I couldn't find the technique used above the fold (or a short way below).

Is this something more (and something more interesting) than just standard spawned process inheriting the parent process environment?

IOW is this actually injecting in the true sense of the word? Because that'd be interesting.

New comment by Wicher in "My son pleasured himself on Gemini Live. Entire family's Google accounts banned"

Wicher — Wed, 01 Apr 2026 06:55:50 +0000

Totally.

Ideally it'd go like this:

Offer services for free (eg cross-subsidized by another business arm) in order to carve out a gigantic kingdom with millions of users, smothering any competition (only few use an indie email provider when there's "free" email, only few try to make a stand not using Whatsapp in whatsapp-saturated locales), and... Congratulations, now you've become too big too fail! And now you'll be treated as such. You're a critical part of society's functioning, and are to be regulated as such. Whether by accident, whether intentionally, whether it's because you're simply awesomely innovative or maybe you just massively cross-subsidized from another business branch, is irrelevant.

Once market capture has reached a certain point, yes, you need a physical grievance office, with state-backed arbitration/escalation. For instance.

Maybe you also can't just change the TOS anymore just like that, making people choose between coordinating a hasty move of the families' 4 TB of photos to... ? and being slowly boiled while $BIGBOY AI-trains on the family photos.

As a big boy, don't like this kind of regulation? Just shrink by selling off some business arms. Or stop hooking people by giving out "free" stuff. Or maybe don't base your growth strategy on gatekeepership and moats.

I surmise that big rules for big boys (while not burdening small players, thus, differential legislation) will actually massively help competition and innovation. But even if it doesn't — government, by the people, for the people, should get the final say in how we let citizens be treated. People with beating hearts over emotionless corps, always.

New comment by Wicher in "LinkedIn checks for 2953 browser extensions"

Wicher — Fri, 06 Feb 2026 02:01:40 +0000

From memory from working with these a couple of years ago:

Firefox extension asset URLs are random and long (there's a UUID in there iirc). The extension itself can discover its randomized base so that it can output its asset URLs, but webpage code can't.

New comment by Wicher in "Ask HN: Effective way to deal with mosquitoes?"

Wicher — Tue, 11 Nov 2025 22:32:28 +0000

Use fans. They don't like flying around in wind and they don't know where to fly to anymore because the fan disperses the CO2 you produce so quickly that there's no gradient for them to follow to the source (you).

New comment by Wicher in "SailfishOS: A Linux-based European alternative to dominant mobile OSes"

Wicher — Sun, 02 Nov 2025 21:18:04 +0000

There's GeckoView which one'd use for embedding Firefox in an Android app. Can't use that on Sailfish OS of course, but it'd help in figuring out what of core Firefox to bind to to make a similar layer.

New comment by Wicher in "Twake Drive – An open-source alternative to Google Drive"

Wicher — Fri, 24 Oct 2025 13:08:04 +0000

As for the permissions, using ACLs would work better here. Then you don't need a separate group for every grouping.

New comment by Wicher in "SSH3: Faster and rich secure shell using HTTP/3"

Wicher — Sat, 27 Sep 2025 21:22:20 +0000

try:

  sed 's:SSH/HTTP/3:SSH over HTTP/3:g'

At least with GNU sed, you can use different separators so dodge the need for exscaping. | works as well.

Docker Considered Harmful (2025)

Wicher — Tue, 09 Sep 2025 04:54:00 +0000

Article URL: https://quantum5.ca/2025/03/18/docker-considered-harmful/

Comments URL: https://news.ycombinator.com/item?id=45177566

Points: 19

# Comments: 10

New comment by Wicher in "Google shifts goo.gl policy: Inactive links deactivated, active links preserved"

Wicher — Sat, 02 Aug 2025 02:21:21 +0000

Totally. Furthermore one can input that (now broken) URL into the Internet Archive to see if they might have snapshotted that red stapler page.

New comment by Wicher in "The curious case of shell commands, or how "this bug is required by POSIX" (2021)"

Wicher — Tue, 10 Jun 2025 15:09:07 +0000

For SSH specifically (ssh user@host "command with args") I've written this workaround pseudoshell that makes it easy to pass your argument vector to execve unmolested.

https://crates.io/crates/arghsh

New comment by Wicher in "GitHub introduces sub-issues, issue types and advanced search"

Wicher — Thu, 16 Jan 2025 16:42:01 +0000

Great, but I would've been happier if I'd had some dead simple dependency tracking 10 years ago. Just enough to create metabug functionality with. Like Bugzilla, Trac, Mantis etc have sported for at least two deades. I've always wondered why Github didn't have such basic functionality. (No, just the ability to reference other issues is not enough; I want to get an email for the metabug when all blocking issues are resolved).

New comment by Wicher in "Ask HN: How do you backup your Android?"

Wicher — Sat, 11 Jan 2025 06:38:21 +0000

I'm running LineageOS, rooted, with MicroG' Safetynet emulation (of sorts?). So a build signed with userdebug keys.

Some banking apps just work - two with warning on first launch, and one just doesn't care at all.

Two refuse to run and I have an old unrooted phone for them. Resulting in me being a good customer of those three banks that are not fussy.

So try and see, perhaps things just work!