Hacker News: amichal

New comment by amichal in "Claude Fable is relentlessly proactive"

amichal — Fri, 12 Jun 2026 06:26:10 +0000

Do we care that the bug here was a horizontal scrollbar showing and the fix after all this insane tool writing was to add a very obvious overflow-x: hidden to the element?

We dont mind because its so fast a writing these tools and tricks but step back and if a human tool took this path i would seriously question thief gras of fundamentals.

New comment by amichal in "FSF trying to contact Google about spammer sending 10k+ mails from Gmail account"

amichal — Thu, 16 Apr 2026 12:38:37 +0000

Edit: https://www.twilio.com/en-us/blog/insights/leveraging-gmail-...

Shows you how to use googles thing if you are a sender to know if @gmail folks are reporting you. It doesnt address what to do if someone's @gmail is doing this to you (a workspace custom domain yes)... @gmail are rate-limited to a few 1000s per day per gmail address but this is still a lot obviously

New comment by amichal in "FSF trying to contact Google about spammer sending 10k+ mails from Gmail account"

amichal — Thu, 16 Apr 2026 12:27:41 +0000

I did some tiny digging because I remembered that there is a way to report individual messages in a structured machine readable way to abuse@ for these things --- i suspect that this is technically supported by gmail (if not given a lot of signal weight)

https://en.wikipedia.org/wiki/Abuse_Reporting_Format

How to bulk do this is interesting too. https://en.wikipedia.org/wiki/Feedback_loop_(email) says that gmail has a bulk format and that sendgrid is seeing some success.

Not defending just trying to see what a technical solution looks like

New comment by amichal in "Chess in SQL"

amichal — Wed, 01 Apr 2026 11:58:35 +0000

PostgresSQL

"crosstab ( source_sql text, category_sql text ) → setof record"

https://www.postgresql.org/docs/current/tablefunc.html

VIA https://www.beekeeperstudio.io/blog/how-to-pivot-in-postgres... as a current googlable reference/guide

New comment by amichal in "Claude Code's source code has been leaked via a map file in their NPM registry"

amichal — Tue, 31 Mar 2026 16:31:57 +0000

If this code is real and complete then there are no callers of those methods other than a logger line

New comment by amichal in "Caxlsx: Ruby gem for xlsx generation with charts, images, schema validation"

amichal — Tue, 10 Mar 2026 14:48:11 +0000

Good memories of the open source world. I couldn't find my commits in either repo and i'm afraid i might have been shy to upstream them and just did them in a fork. it was tiny, There was some issue in some less number formatting variation involving currencies in multiple locales. we needed xlsx for its ability to do some nice formatting etc but i really wanted to have a need for things like generating charts, embedding scripts etc just for the sheer nerdiness

New comment by amichal in "Ireland rolls out basic income scheme for artists"

amichal — Thu, 12 Feb 2026 14:16:04 +0000

I wonder, can we not turn all threads into a "when will AI do this creative thing better than humans".

Humans need basic income (or at least resources) and to have culturally valuable work to do. Art and craft esp as a form of human expression seems like we should ASSUME that humans want to do this, that we as a society value the human energy that goes into it.

New comment by amichal in "Show HN: Minimal NIST/OWASP-compliant auth implementation for Cloudflare Workers"

amichal — Mon, 09 Feb 2026 14:02:38 +0000

I would love to see alternatives of educational code that implements these things in a "compliant" way.

Security does not come from Compliance (sometimes they are at odds) but as someone who is not an academically trained security professional but who has read NIST* in detail, implements such code and has passed a number of code reviews from security professionals. And who has been asked to do things like STRIDE risk assessment on products I write code for I do appreciate the references and links along side actual code of any kind.

Now to be fair, I have not yet looked at any of the code here, it's commit history or its level of AI-induced fantasy confidence in the validity of the specific solutions. That could be good or bad but the intent of this is really on point for me.

Edit: I looked at some code:

This is missing a lot from NIST SP 800-63B

Looking at https://github.com/vhscom/private-landing/blob/main/packages...

    - the db select runs before the password has so you can detect if the account exists with timing attacks
    - there is no enforced minimum nor maximum length on the stored secret (e..g para 5.1.1.1 and 5.1.1.2 recommend length range of 8 to 64 unicode printable chars normalized to some form i forget)

    - there is no enforced min max length on the account identifier (in this case email) and no normalization

At least not in the code i saw. so there is still a lot of basics/low hanging fruit from NIST recommendations at least you would find in any production grade auth framework missing

New comment by amichal in "When internal hostnames are leaked to the clown"

amichal — Thu, 05 Feb 2026 16:50:59 +0000

Marginally better for sure but in this case the path would also have been "leaked" to the sentry instance owned by developers of the the NAS device phoning home. This can happen in zillions of ways and is a good reason to use relatively opaque urls in generally and not "friendly ids" and generally being careful abou putting secrets in URLs.

New comment by amichal in "We architected an edge caching layer to eliminate cold starts"

amichal — Mon, 15 Dec 2025 23:11:37 +0000

Yeah, as a salty greybeard i tried to tell our FE tech-lead to just render the proper HTTP Cache-Control headers in the Next.js site we recently built. He tried and then linked me to https://nextjs.org/docs/app/guides/caching and various version of their docs on when you can and cannot set Cache-Control headers (e.g. https://nextjs.org/docs/app/api-reference/config/next-config...) and I got several hours of head-ache before calling it a problem for another day. That site is not high traffic enough to care but this is not the first time that i've gotten the "not the Next.js way" talk and was not happy.

I obviously can be done but clearly is not the intended solution which really bothers me

New comment by amichal in "We architected an edge caching layer to eliminate cold starts"

amichal — Mon, 15 Dec 2025 20:30:51 +0000

this too...

New comment by amichal in "We architected an edge caching layer to eliminate cold starts"

amichal — Mon, 15 Dec 2025 20:18:54 +0000

I feel the same, 72 million monthly page views is about 8 pages per second even if in a single timezone (72e6 / 8h * 30d * 3600h/s) - even with today's heavy weight pages we are talking under well under 1000 req/s. Assuming they are not super image/asset heavy i would expect this to comfortably be served by a couple of reasonable old school ngnix servers[1]. If each page was a full megabyte of uncached content we are < 10Gbits/sec. Probably under 1

The build logic to decide which things to rebuild of course is probably the interesting bits but we dont need all these services...

[1] https://openbenchmarking.org/test/pts/nginx&eval=c18b8feaeca...

edit: to be less ranty they are more or less building static sites out of their Next.js codebase but on-demand updated etc which is indeed interesting but none of this needs cloudflare/hyerscaler tech

Not sure how many customers/sites they have. Perhaps they don't want to spend CPU regenerating all sites on every deployment? They do describe a content-driven pre-warmer but I'm still unclear why this couldn't be a content-driven static site generator running on some build machine

New comment by amichal in "Doom song on the Oldest Digital Computer in America [video]"

amichal — Thu, 15 May 2025 11:16:18 +0000

Does it? I watched this video and the explanation of how they (mostly Bill in Vermont) did it had barely enough room for the song data. I think the line graphics might have been some good story telling

New comment by amichal in "Debugging Lotus 1-2-3 by fax"

amichal — Mon, 31 Mar 2025 17:27:32 +0000

One of my first legit independent contractor jobs was a background job for coldfusion-based website that needed to get partners to update their data periodically. The business had figured out that their building supply partners were more responsive to faxes than emails and had a desktop window machine with a fax-modem used for that. A quick "micro-service" in classic asp to bridge the website to the desktop machine and they made it through the last few years of common usage of faxing for these kinds of things.

New comment by amichal in "ToS;DR"

amichal — Mon, 31 Mar 2025 10:53:32 +0000

Does a good job of showing how completely unparsable ToS are:

https://tosdr.org/en/service/1448 says both:

"You maintain ownership of your data: This service does not claim ownership over user-generated content or materials, and the user * doesn't need to waive any moral rights* by posting owned content."

and

"You waive your moral rights"

Edit: I have no energy for figuring out which of these statements is more true.

New comment by amichal in "English Multinyms"

amichal — Tue, 18 Mar 2025 13:07:37 +0000

Yeah, not a candidate for the list. I thought it wasn't because the list was about > 2 different spellings that sound "identical" but mean different things.

I agree with you and when I (a non-linguist) first learned about this it did occur to me that there was probably some infinite recursive version and it took *some* of the fun out of it. Its' still fun as is this list.

I also suspect there are lots of good examples of whatever a word with multiple meanings with different parts of speech is called. So it should be possible to find...use many "Buffalo buffalo buffalo..."

New comment by amichal in "Court filing: DOGE aide broke Treasury policy by emailing unencrypted database"

amichal — Tue, 18 Mar 2025 13:01:24 +0000

"database" in legal/business speak (AFAIK) is the more general "organized collection of data" - not the more software engineer focused relational/object/graph- implementations of such.

New comment by amichal in "English Multinyms"

amichal — Tue, 18 Mar 2025 12:40:54 +0000

This reminds me of https://en.wikipedia.org/wiki/Buffalo_buffalo_Buffalo_buffal...

Edit: It's not on the list because its using multiple meanings of the same spelling...

New comment by amichal in "Rails is better low code than low code"

amichal — Mon, 02 Dec 2024 12:26:09 +0000

Wasn't fintech but was fin something. Several weeks into trying to port a Excel workbook with a zillion tabs, some VBscript from stackoverflow and other nastiness and being unable to replicate the results. I discovered the "consultant" who help them create this insane thing had turned on the "allow circular references"[1] option and choosen a number of iterations that "Seemed to make it work"

Yay! for non-deterministic financial modeling.

Also was really fun trying to explain to the folks who hired me why I couldnt get the results they wanted to see.

[1] https://support.microsoft.com/en-us/office/remove-or-allow-a...

New comment by amichal in "Show HN: I built a(nother) house optimized for LAN parties"

amichal — Sun, 17 Nov 2024 15:28:16 +0000

https://datatracker.ietf.org/doc/html/rfc3927

"Microsoft Windows 98 (and later) and Mac OS 8.5 (and later) already support this capability."

And https://www.techrepublic.com/forums/discussions/win-98-fails...