Hacker News: arianvanp

New comment by arianvanp in "1-Click GitHub Token Stealing via a VSCode Bug"

arianvanp — Wed, 03 Jun 2026 07:17:48 +0000

Zed downloads random binaries on startup without any permissions prompts. No thanks.

New comment by arianvanp in "NPM packages from Red Hat have been compromised"

arianvanp — Mon, 01 Jun 2026 13:46:26 +0000

Given they use nx my bet is on developer laptop compromise through the nx vscode extension that also compromised GitHub engineer's laptop

New comment by arianvanp in "Garnix (A Nix CI) is shutting down"

arianvanp — Fri, 29 May 2026 08:20:10 +0000

Yeh... This month has been especially tough. I'm both a customer of cirrus labs (now bought up by OpenAI) and garnix (now bought up by Shopify) and I'm scared that whatever competitor I switch to is also just gonna get bought out.

Now I have two CI providers to replace by the end of the Quarter

Sigh

New comment by arianvanp in "Italians and Dutch share the same gestural instinct for teaching"

arianvanp — Fri, 29 May 2026 08:11:14 +0000

I only realized that dutch people are handful communicators when moving abroad. Apparently I do it unconsciously all the time.

For example we gesture when something tastes good and I don't even say "tastes good" out loud i just wave my hand next to my cheek. But quickly learnt that people think you're crazy in the head instead of complimenting the chef.

https://youtube.com/shorts/5a9Md32gSQg?is=fJ9BYQEt-CpEUE-g

New comment by arianvanp in "DynIP – Dynamic DNS with RFC 2136, IPv6, DNSSEC, and BYOD"

arianvanp — Tue, 26 May 2026 08:56:03 +0000

This will be great for my homelab. Currently I have some hacky scripts to update he.net records whenever my ISP sends me a new ipv6 prefix but I'd prefer to reuse existing tooling.

Looking into switching today :D

New comment by arianvanp in "Ask HN: Is anyone working at least 4 hours daily on an Apple Vision Pro?"

arianvanp — Tue, 26 May 2026 08:53:05 +0000

I've tried and it's okay with Virtual desktop but the resolution is like on the uncanny line of fine and not good enough.

The quest being much lighter makes it nice though (but you should buy a third party headstrap that doesn't suck)

New comment by arianvanp in "Amazon Web Services – Four Years and Out"

arianvanp — Sun, 24 May 2026 08:57:49 +0000

Was inspiring to meet you at NixCon. Thanks for all your energy and advocacy! You'll always be welcome in our open source community.

New comment by arianvanp in "We should get rid of average CPU utilization"

arianvanp — Fri, 22 May 2026 09:15:04 +0000

A more general metric that is useful to watch for is pressure stall information for CPU, IO and Memory.

https://docs.kernel.org/accounting/psi.html

I made a Prometheus exporter for it:

https://github.com/arianvp/cgroup-exporter

New comment by arianvanp in "GitHub is investigating unauthorized access to their internal repositories"

arianvanp — Wed, 20 May 2026 07:12:22 +0000

Ah yeh Zed. The editor that downloads random binaries for LSPs unprompted without asking me. That's not gonna end badly.

The only way I found out is because I run NixOS and it downloaded a dynamically linked binary that failed to start up and it spat out an error

New comment by arianvanp in "Postmortem: TanStack NPM supply-chain compromise"

arianvanp — Tue, 12 May 2026 07:40:20 +0000

Why do we do all these efforts making our build systems hermetic and we end up just using a global mutable cache across branches where the caller picks the key? Failure of industry as a whole. Actually insane.

New comment by arianvanp in "Using Claude Code: The unreasonable effectiveness of HTML"

arianvanp — Sat, 09 May 2026 10:32:05 +0000

The irony of this being a Twitter post with pictures of html rendering instead of an interactive html page is not lost on me.

Arguing for html on a platform with less rich semantics than markdown is just ultimately funny

New comment by arianvanp in "Wire to Replace Signal as Standard in the Bundestag"

arianvanp — Wed, 29 Apr 2026 09:27:32 +0000

Yes, updates were delivered using a flash drive.

> PVC backing

Yeh. But wire's storage is based on Cassandra which handles replication of storage. So you could deploy it on local nvme drives as well using a local storage CSI.

That's also how the wire.com cloud is/was run. Large Cassandra cluster on top of EC2 Instance Store as opposed to EBS.

New comment by arianvanp in "Wire to Replace Signal as Standard in the Bundestag"

arianvanp — Wed, 29 Apr 2026 08:39:59 +0000

Working on the foundation of this (getting Wire deployed at and certified by the BSI) was my first job out of college 7 years ago and how I ended up in Berlin. And once you end up in Berlin you can never leave, it seems.

I was actually on site at the Bundeskanzleramt and they had requirements of being able to install the entire server stack airgapped. We ended up building quite a cool delivery method based on Nix to ship the whole closure of the system and the containers inside and spin up a Kubernetes cluster with it. I'm wondering if it is still being used.

Amazing to see it's still going strong :)

New comment by arianvanp in "Ghostty is leaving GitHub"

arianvanp — Tue, 28 Apr 2026 20:32:46 +0000

And yet GitHub has felt the most dead it ever did. Less quality contributions. Less feeling of community. All the open source projects are struggling.

They dont have a service usage problem they have a slop problem. Ban the slop and the platform will thrive

New comment by arianvanp in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"

arianvanp — Thu, 23 Apr 2026 19:03:45 +0000

The chainguard folks built sigstore :)

New comment by arianvanp in "Some secret management belongs in your HTTP proxy"

arianvanp — Thu, 23 Apr 2026 08:44:49 +0000

That's not true. Both AWS' as well as GCP's workload identity tokens are not bound to the VM. If you leak the credentials they're valid until they expire. on AWS the expiry is 6 hours (non-configurable). Even if your IAM role has a shorter expiration, the credentials assumed by the VM will always be valid for 6 hours.

New comment by arianvanp in "Zero-Copy Pages in Rust: Or How I Learned to Stop Worrying and Love Lifetimes"

arianvanp — Mon, 20 Apr 2026 22:58:03 +0000

Just a heads up: I know it's cool to generate ASCII art with Claude code these Days but for some reason checks the output? Non of the diagrams in the article look correct to me. They all have spacing issues?

New comment by arianvanp in "Zero-copy protobuf and ConnectRPC for Rust"

arianvanp — Mon, 20 Apr 2026 07:01:18 +0000

I've been running into _a lot_ of issues with Hyper/Tonic. Like literal H2 spec violations. Try hosting a tonic server behind nginx or ALB. It will literally just not work as it can't handle GOAWAY retries in a H2 spec-compliant way.

If this fixes that I might consider switching.

However, Google is also working in a new grpc-rust implementation and I have faith in them getting it right so holding tight a little bit longer.

New comment by arianvanp in "Dependency cooldowns turn you into a free-rider"

arianvanp — Wed, 15 Apr 2026 07:48:43 +0000

I feel like this is false. These companies mostly seem to monitor social media and security mailing lists with an army of LLMs and then republish someone else's free labor as an LLM slop summary as fast as possible whilst using dodgy SEO practices to get picked up quickly.

They do do original work sometimes. But most of it feels like reposted stuff from the open source community or even other vendors

New comment by arianvanp in "jj – the CLI for Jujutsu"

arianvanp — Tue, 14 Apr 2026 12:44:12 +0000

You can disable the auto staging of new files since recently which removed the main grype for me