Hacker News: aragilar

New comment by aragilar in "The locals don't know"

aragilar — Mon, 11 May 2026 09:01:58 +0000

I also live in Sydney, and the first question to ask is always "do you have a car?" (and then "how long you here for?")? A car makes it much easier to visit various spots (e.g. the national parks, Mount Annan (https://maps.app.goo.gl/WJRcJY8RHtRLV7Tm9) IMHO is a better botanic garden than Royal (the one in the city) because it focuses on native plants, Blue Mountains/Hawkesbury, the various zoos which are further out), whereas if you don't have a car the city has enough things close by to do. Powerhouse is great (the real one, not the one which is going to flood), Australia museum is great, if you can go on a ghost tour for the Rocks and the QStation. There's lots of other minor museums throughout the city, esp. the Rocks.

New comment by aragilar in "Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc"

aragilar — Sun, 10 May 2026 02:45:43 +0000

Which differential equations are you talking about? Linear ones have standard solutions and are definitely parallelisable (though you can basically just write the solution down by hand). Non-linear ones vary from can basically be approximated by a linear solution with corrections to needing to use relaxation methods (which are obviously not parallelisable).

Mechanics is generally linear, and for game physics engines fast is more valuable than correct (fast inverse square root being the obvious poster child). Add viscosity and you're in for a bad time.

New comment by aragilar in "For Linux kernel vulnerabilities, there is no heads-up to distributions"

aragilar — Fri, 01 May 2026 08:31:38 +0000

Uh, there is a list, named "linux-distros", which is for this purpose (and I think it's for more than just Linux, e.g. I believe it was used for the xz vuln).

Given this was announced when backports weren't ready (and given the POC was at least opaque if not obfuscated), I'm getting the vibe fixing the vuln wasn't as high as a priority as making a media splash.

New comment by aragilar in "Bugs Rust won't catch"

aragilar — Wed, 29 Apr 2026 13:15:21 +0000

But if you seek to replace coreutils (as at least is the case with Canonical it seems), rather than just be another POSIX userland implementation (e.g. busybox), then I would suggest you do need to be bug-compatible? I can apt/dnf/apk install busybox and use that for my user rather than coreutils, but given a significant amount of Linux infrastructure (including likely many personal scripts) are tied to coreutils, the bar is much higher. Given the numerous issues with quality Canonical has had, not just with Ubuntu but their other "commercial" tooling, I'm not sure any rewrite/port, written in rust or otherwise, with Canonical developing, managing, or even being associated with the project can meet the requisite bar.

New comment by aragilar in "Bugs Rust won't catch"

aragilar — Wed, 29 Apr 2026 11:52:08 +0000

But are the current uutils developers the same as the 2013 developers? At least based on GitHub's graphs, that's not the case (it looks fairly bimodal to me), and so it wouldn't be unreasonable to treat the 2013-era project differently to the 2020-era project. So judging the 2020-era project for its current and ongoing failures does not seem unreasonable.

Similarly, sudo-rs dropping "legacy" features leaves a bad taste in my mind, there are multiple privilege escalation tools that exist (doas being the first that comes to mind), and doing something better and not claiming "sudo" (and rather providing a compat mode ala podman for docker) would to me seem a better long term path than causing more breakage (and as shown by uutils, breakage on "core" utils can very easily lead to security issue).

I personally find uutils lack of care to be concerning because I've been writing (as a very low priority side project) a network utility in rust, and while it not aiming to be a drop in rewrite for anything, I would much rather not attract the same drama.

New comment by aragilar in "Revocation of X.509 Certificates"

aragilar — Mon, 27 Apr 2026 10:29:46 +0000

According to https://stats.labs.apnic.net/dnssec DNSSEC is sitting about 1/3, so "very few" isn't accurate. I'm not suggesting browsers should change what they do, but if WebPKI can't be used, building a new CA ecosystem would seem to be to be at least as hard as getting DANE working.

New comment by aragilar in "Revocation of X.509 Certificates"

aragilar — Mon, 27 Apr 2026 09:30:22 +0000

If you look at the older article linked (https://www.potaroo.net/ispcol/2022-03/revocation.html), it's very similar and uses the same tick/cross, so I don't think it's AI generated.

New comment by aragilar in "Revocation of X.509 Certificates"

aragilar — Mon, 27 Apr 2026 09:22:40 +0000

In addition to what other commenters have said, it's a copy of a post on their personal blog: https://www.potaroo.net/ispcol/2026-04/revocation.html

On revocation, check out https://bugzilla.mozilla.org/buglist.cgi?product=CA%20Progra... I don't think any CA hasn't had an issue with revocation at some point (e.g. Let's Encrypt had a major one in 2021, and refused to revoke), which is why Let's Encrypt is moving to 7 day certs (so that revocation isn't required, basically https://www.imperialviolet.org/2011/03/18/revocation.html which is mentioned in the article). My impression is CRLs (and by implication current revocation methods) don't work, and browsers are effectively fudging around CAs with custom methods (e.g. allowing existing certs but no new certs from distrusted CAs).

I'm no security expert, but modern bind9 seems to just handle DNSSEC with no issues when I've used it, and given that the "WebPKI" seems is becoming more and more reliant on custom browser code, adopting DANE outside browsers might not be the worst idea.

New comment by aragilar in "What the FCC router ban means for FOSS"

aragilar — Sun, 26 Apr 2026 07:32:06 +0000

My impression was that autoupdate was not the default because the devices it runs on only have so many resources, and there's a non-trivial chance of bricking the device (given how many devices are supported)? It's not like other vendors are doing any better in this space (and I've seen enough things in the "IoT/embedded" space brick themselves with updates to be a bit wary of autoupdates).

New comment by aragilar in "Ubuntu 26.04"

aragilar — Sun, 26 Apr 2026 05:47:14 +0000

Have you used busybox? The BSDs? I'm not sure adding more features to coreutils is a major help, and given rust-coreutils/uutils has:

1) more CVEs between two latest Ubuntu releases than coreutils has had over the last 30+ year

2) managed to break security updates

3) is neither fully compatible with POSIX nor coreutils

I'm not sure why I'd ever use it? Sadly, projects like uutils have made me suspicious of rust projects, so unless I know that the project is well maintained (for which there are numerous examples, ripgrep being the obvious example, but newsboat, the various tools from proxmox, servo/firefox, and the pgrx ecosystem are ones I use regularly), it's a negative marker against that project.

New comment by aragilar in "Reviving BrowserID in 2026"

aragilar — Sun, 26 Apr 2026 05:30:33 +0000

I believe https://portier.github.io/ was the replacement for Personas/BrowserID, any reason not to use it?

Revocation

aragilar — Sun, 26 Apr 2026 05:20:05 +0000

Article URL: https://www.potaroo.net/ispcol/2026-04/revocation.html

Comments URL: https://news.ycombinator.com/item?id=47907593

Points: 2

# Comments: 0

An Update on Rust-Coreutils

aragilar — Fri, 24 Apr 2026 12:29:02 +0000

Article URL: https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773

Comments URL: https://news.ycombinator.com/item?id=47889291

Points: 4

# Comments: 0

New comment by aragilar in "Ubuntu 26.04"

aragilar — Fri, 24 Apr 2026 12:20:24 +0000

Then why rewrite coreutils in rust? TOCTOU isn't exact some new concept. Neither are https://owasp.org/Top10/2025/ (most of which a good web framework will prevent or migrate), and switching to rust (which as far as I know) won't bring you a safer web framework like django or rails.

New comment by aragilar in "Mozilla Thunderbolt"

aragilar — Fri, 17 Apr 2026 13:46:34 +0000

Seamonkey exists.

The Web Is an Antitrust Wedge

aragilar — Thu, 16 Apr 2026 11:22:00 +0000

Article URL: https://infrequently.org/2026/04/the-web-is-an-antitrust-wedge/

Comments URL: https://news.ycombinator.com/item?id=47791481

Points: 3

# Comments: 0

New comment by aragilar in "Internet Protocol Version 8 (IPv8)"

aragilar — Thu, 16 Apr 2026 08:53:57 +0000

They're referencing https://en.wikipedia.org/wiki/Up_to_eleven (and you're one of today's lucky 10000: https://xkcd.com/1053/).

New comment by aragilar in "Dependency cooldowns turn you into a free-rider"

aragilar — Wed, 15 Apr 2026 09:01:45 +0000

I would suggest the current system fails to efficiently choose (as you have to align multiple pathways, like updates, "manual" installs, adding new packages), and so effectively there's only the illusion of choice. Switching instead to a queue not only means that there's time for QA/security scans, but it's much easier to make the choice to speed up than slow down.

New comment by aragilar in "AI assistance when contributing to the Linux kernel"

aragilar — Sun, 12 Apr 2026 09:47:06 +0000

Because that's what they're seeing? If only a small fraction of submissions can use the tool correctly, that's on the tool.

New comment by aragilar in "A cryptography engineer's perspective on quantum computing timelines"

aragilar — Tue, 07 Apr 2026 12:57:13 +0000

But you know beforehand how much you need. We can measure and make predictions with accuracy.