Hacker News: b0a04gl

New comment by b0a04gl in "Breaking Git with a carriage return and cloning RCE"

b0a04gl — Tue, 08 Jul 2025 19:28:02 +0000

why tf is git still running submodule hooks during clone at all. like think. youre cloning a repo which you didnt write it or audit it. and git just... runs a post checkout hook from a submodule it just fetched off the internet. even with this CRLF bug fixed, thats still bananas

New comment by b0a04gl in "OpenFLOW – Quickly make beautiful infrastructure diagrams local to your machine"

b0a04gl — Tue, 01 Jul 2025 14:39:34 +0000

what if we can make these diagrams synchronized with reality. you need the diagram to pull from the same source of truth as your actual infrastructure - whether that's terraform state, kubernetes manifests, or service discovery. that way diagrams become less historical artifacts and more of living documentation

New comment by b0a04gl in "Show HN: Spegel, a Terminal Browser That Uses LLMs to Rewrite Webpages"

b0a04gl — Tue, 01 Jul 2025 14:31:29 +0000

this is another layer of abstraction on top of an already broken system. you're running html through an llm to get markdown that gets rendered in a terminal browser. that's like... three format conversions just to read text. the original web had simple html that was readable in any terminal browser already. now they arent designed as documents anymore but rather designed as applications that happen to deliver some content as a side effect

New comment by b0a04gl in "Claude Code now supports hooks"

b0a04gl — Tue, 01 Jul 2025 08:23:36 +0000

>before this you had to trust that claude would follow your readme instructions about running linters or tests. hit and miss at best. now its deterministic. pre hook blocks bad actions post hook validates results.

>hooks let you build workflows where multiple agents can hand off work safely. one agent writes code another reviews it another deploys it. each step gated by verification hooks.

New comment by b0a04gl in "Proton joins suit against Apple for practices that harm developers and consumers"

b0a04gl — Tue, 01 Jul 2025 04:54:34 +0000

every developer knows safari is the new ie6 but we all just shrug and build native apps anyway because what else are you gonna do. leave 50% of your users on the table. classic embrace extend extinguish but in reverse. embrace web standards then purposely not extend them so you can extinguish competition

New comment by b0a04gl in "Rust CLI with Clap"

b0a04gl — Tue, 01 Jul 2025 04:50:25 +0000

10kloc for command line parsing. TEN THOUSAND LINES. pico-args does it in 700 lines and probably handles 99% of real world use cases. compile times go to shit binary size bloats and for some edge case you'll never hit.most CLI tools need what three four flags max, maybe a subcommand or two. you don't need the swiss army knife of argument parsing for that. tried replacing clap with pico-args on three different projects last month. 80% reduction in compile time every single time. binary went from 8mb to 2mb on one of them.the "disk space is cheap" argument's acceptable partially but compile time isn't. developer experience isn't. startup time isn't. memory usage isn't

New comment by b0a04gl in "Asynchronous Error Handling Is Hard"

b0a04gl — Mon, 30 Jun 2025 18:44:07 +0000

in async code ,errors belong to the task ,not the caller.

in sync code ,the caller owns the stack ,so it makes sense they own the error. but async splits that. now each async function runs like a background job. that job should handle its own failure =retry ,fallback ,log because the caller usually cant do much anyway.

write async blocks like isolated tasks. contain errors inside unless the caller has a real decision to make. global error handler picks up the rest

New comment by b0a04gl in "Reverse Engineering Vercel's BotID"

b0a04gl — Mon, 30 Jun 2025 18:40:03 +0000

why is bot detection even happening at render time instead of request time. why can't tell you’re a bot from your headers, UA, IP, TLS fingerprint. imo making it a surveillance. 'you're a bot, ok not just go away, let’s fingerprint your GPU and assign you a behavioral risk score anyway'

New comment by b0a04gl in "The provenance memory model for C"

b0a04gl — Mon, 30 Jun 2025 15:02:28 +0000

provenance model basically turns memory back into a typed value. finally malloc wont just be a dumb number generator, it'll act more like a capability issuer. and access is not 'is this address in range' anymore, but “does this pointer have valid provenance”. way more deterministic, decouples gcc -wall

New comment by b0a04gl in "NativeJIT: A C++ expression –> x64 JIT (2018)"

b0a04gl — Mon, 30 Jun 2025 05:03:06 +0000

how deterministic is the emit really. if i feed same expression tree twice,same node layout same captures. do i get exact same bytes out every time (ignoring reloc) or not. if output produced is byte stable across runs for same input graph ,that opens up memoized JIT paths.worth checking if current impl already does this or needs a pass to normalise alloc order

New comment by b0a04gl in "Implementing fast TCP fingerprinting with eBPF"

b0a04gl — Sun, 29 Jun 2025 16:29:13 +0000

why do fingerprinting always happens right at connection start ,usually gives clean metadata during tcp syn. but what is it for components like static proxies or load balancers or mobile networks ,all of these can shift stack behavior midstream. this can make this activity itself a obsolete

New comment by b0a04gl in "Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok"

b0a04gl — Sun, 29 Jun 2025 16:13:16 +0000

what if this wasnt something you add after infra but the checkpoint you start with. right now you spin up a vm or db then wrap vpn or firewall around it. but imagine writing access rules first in way : 'team ml can hit service x' or 'web app can hit this backend' and the system wires infra from that.. infra becomes a side effect of access intent. access isnt something you cant guard always( as things move fast, breaks fast), it's may become seed where you can design with.

New comment by b0a04gl in "I made my VM think it has a CPU fan"

b0a04gl — Sun, 29 Jun 2025 16:03:44 +0000

Mitre ATT&CK's T1497.001 (VM Detection) lists SMBIOS checks as a known vector means its open for injection anyways.

i did one little expirement on faking VM's powersupply. done it with 'HotReplaceable=Yes' and 'Status=OK', and you suddenly look like a $5k baremetal server.

cmd used

pip install dmigen dmigen -o smbios.bin \

--type0 vendor="American Megatrends",version="F.1" \

--type1 manufacturer="Dell Inc.",product="PowerEdge T630" \

--type39 name="PSU1",location="Bay 1",status=3,hotreplaceable=1

New comment by b0a04gl in "Using the Internet without IPv4 connectivity"

b0a04gl — Sun, 29 Jun 2025 11:00:22 +0000

ipv6 only machine still reaches ipv4 sites because dns64 upstream is just faking AAAA records ,makes it look like everything is native ipv6. this part of the trick is happening somewhere else which's not controllable. if dns64 breaks or stops doing the mapping properly then this might break

New comment by b0a04gl in "C++ Seeding Surprises (2015)"

b0a04gl — Sat, 28 Jun 2025 15:58:57 +0000

found one more flakiness over cross platform, when seed mt19937 same way on linux and windows, same compiler, same code... but problem is std::random_device or libc internals differ under the hood. some platforms do random_device as true hardware entropy, others fake it or seed from diff system sources. so seed retrieved isn't stable cross platform. that means mt19937 starts from diff states, causing different random sequences

it's not a bug in mt19937 itself, it's how random_device (or libc randomness) works differently across environments. makes cross platform tests flaky even when logic is rock solid

std::random_device rd; // might differ per platform

std::mt19937 gen(rd()); // seed depends on rd output

std::uniform_int_distribution<> dist(1, 100);

int random_number = dist(gen); // different on linux vs windows tho same code

New comment by b0a04gl in "DeepSeek R2 launch stalled as CEO balks at progress"

b0a04gl — Sat, 28 Jun 2025 10:23:29 +0000

no way this delay's about gpus lol. deepseek prob has r2 cooked already. r1‑0528 already pumped expectations too high. if r2 lands flat ppl start doubting.

who knows maybe they just chillin watching how west labs burn gpu money, let eval metas shift. then drop r2 when oai/claude trust graph dips a bit

New comment by b0a04gl in "SymbolicAI: A neuro-symbolic perspective on LLMs"

b0a04gl — Fri, 27 Jun 2025 22:00:22 +0000

this works like functional programming where every symbol is a pure value and operations compose into clean, traceable flows. when you hit an ambiguous step, the model steps in. just like IO in FP, the generative call is treated as a scoped side effect. this can engage your reasoning graph stays deterministic by default and only defers to the model when needed. crazy demo though, love it

New comment by b0a04gl in "Whitesmiths C compiler: One of the earliest commercial C compilers available"

b0a04gl — Fri, 27 Jun 2025 19:00:04 +0000

file layout is the interface here lol you can literally walk the pipeline.. lexer parser codegen linker all just sit where they should. the dir was the flow. back then structure = filesystem. we can cd trace src to bin just by lookin at folders

New comment by b0a04gl in "Show HN: I'm an airline pilot – I built interactive graphs/globes of my flights"

b0a04gl — Fri, 27 Jun 2025 18:42:00 +0000

when a route doesn't come back as a roundtrip , like you fly LHR > HKG but not the return . how does that usually get handled on your end? do you deadhead back, get reassigned regionally or wait out a layover cycle?

New comment by b0a04gl in "Weird Expressions in Rust"

b0a04gl — Fri, 27 Jun 2025 16:04:38 +0000

they exist because whole language built to treat expressions as firstclass citizens : blocks, ifs, matches, even macros as expressions that return values. so once you internalize that, all these weirdo one liners are artifacts. just artifact of a system where expressions compose infinitely. the syntax tree runs deeper than most people's habbits allow. you hit that depth and brain says this is wrong but compiler's allowing.