Hacker News: bilalq

New comment by bilalq in "Delve removed from Y Combinator"

bilalq — Sat, 04 Apr 2026 03:55:10 +0000

Let me more clearly instead say that many successful startups knowingly and intentionally broke the law.

But I agree that Delve is a special case and should naturally be held to a higher standard here because their whole business is around being compliant with the law. When most other startups break the law, they do it to get an advantage over competition. Delve did it in a way that sacrificed their core value towards customers.

New comment by bilalq in "Delve removed from Y Combinator"

bilalq — Sat, 04 Apr 2026 03:40:54 +0000

While I do think Delve and the leadership there should be held responsible, it's a bit weird to see YC and others take shots at them for breaking the law when so many of their prized unicorns achieved what they did by being willing to just ignore laws and deal with the consequences later.

New comment by bilalq in "Tailscale's new macOS home"

bilalq — Thu, 02 Apr 2026 21:27:04 +0000

I use a wallpaper with a horizontal black bar at the top to make the notch invisible, so this catches me off guard pretty often.

New comment by bilalq in "Agent Safehouse – macOS-native sandboxing for local agents"

bilalq — Sun, 08 Mar 2026 22:31:38 +0000

Look into git reflog. If the changes were committed, it was almost certainly possible to still restore them, even if the commit is no longer in your branch.

New comment by bilalq in "Addressing Antigravity Bans and Reinstating Access"

bilalq — Sat, 28 Feb 2026 23:17:06 +0000

This has its own risk factors. If your domain renewal lapses due to credit card expiry or something and you fail to notice, it's catastrophic. This is just not realistic advice for the average person.

New comment by bilalq in "Why is Claude an Electron app?"

bilalq — Sun, 22 Feb 2026 02:10:00 +0000

XCode and Pages are a delight in comparison to VSCode and Notion is certainly one of the takes of all time.

XCode is usually the first example that comes to mind of a terrible native app in comparison to the much nicer VSCode.

New comment by bilalq in "Amazon closing its Fresh and Go stores"

bilalq — Tue, 27 Jan 2026 23:50:29 +0000

These were absolutely incredible when they first opened up right on until covid. The blue-apron style meal kits they had were actually really tasty and the gimmicky integration with Alexa to tell you the next step in the recipe was actually kind of useful when you were busy stirring a pot or cutting something and too busy to pull out the recipe card. It was like a 7-Eleven, but with the prices of a normal grocery store and higher quality prepared food. Not needing to deal with checkout felt freeing. I substituted many grocery store runs with a quick walk over to the original Amazon Go back in the day.

After covid, it was never the same. Open for shorter windows, closed on Sundays, reduced selection, no more meal kits etc.

I had many friends who worked on Amazon Go, so it's a bit sad to see that work come to an end.

New comment by bilalq in "Get an AI code review in 10 seconds"

bilalq — Mon, 22 Dec 2025 00:01:12 +0000

This question is surprising to me, because I consider AI code review the single most valuable aspect of AI-assisted software development today. It's ahead of line/next-edit tab completion, agentic task completion, etc.

AI code review does not replace human review. But AI reviewers will often notice little things that a human may miss. Sometimes the things they flag are false positives, but it's still worth checking in on them. If even one logical error or edge case gets caught by an AI reviewer that would've otherwise made it to production with just human review, it's a win.

Some AI reviewers will also factor in context of related files not visible in the diff. Humans can do this, but it's time consuming, and many don't.

AI reviews are also a great place to put "lint" like rules that would be complicated to express in standard linting tools like Eslint.

We currently run 3-4 AI reviewers on our PRs. The biggest problem I run into is outdated knowledge. We've had AI reviewers leave comments based on limitations of DynamoDB or whatever that haven't been true for the last year or two. And of course it feels tedious when 3 bots all leave similar comments on the same line, but even that is useful as reinforcement of a signal.

New comment by bilalq in "Stacked Diffs with git rebase —onto"

bilalq — Mon, 08 Dec 2025 03:11:48 +0000

I already use Graphite today on top of git. Others are using alternatives like Sapling, etc.

To go back to your question around why people still use these workarounds on top of git, it's because the CLI is just one piece of it. With Graphite, I also get a stack-aware merge queue and review dashboard.

New comment by bilalq in "Stacked Diffs with git rebase —onto"

bilalq — Fri, 05 Dec 2025 15:33:50 +0000

I have one and a half decades of muscle memory burned in with inoremap jj `^

It's not something I can just shift away from.

New comment by bilalq in "Lambda Durable Functions"

bilalq — Tue, 02 Dec 2025 21:10:56 +0000

This is really exciting. Step functions were a big improvement over SWF and the Flow framework, but declarative workflow authoring sucks from a type-safety standpoint. Workflows-as-code is the way to go, and that was missing from AWS. Can't wait to build on top of this.

New comment by bilalq in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

bilalq — Tue, 25 Nov 2025 16:07:04 +0000

This is orthogonal to the issue at hand. The problem is a malicious actor cutting a release outside of the normal release process. It doesn't matter if the normal process is automated or manual.

New comment by bilalq in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

bilalq — Mon, 24 Nov 2025 13:57:04 +0000

You're probably already planning this, but please setup an alarm to fire off if a new package release is published that is not correlated with a CI/CD run.

New comment by bilalq in "Our stewardship: Where we are, what's changing and how we'll engage"

bilalq — Tue, 30 Sep 2025 22:31:34 +0000

I did a double-take when I read that as well. I went and checked the license under rubygems, and sure enough, it's standard MIT with no warranties.

https://github.com/rubygems/rubygems/blob/master/LICENSE.txt

New comment by bilalq in "Keeping secrets out of logs (2024)"

bilalq — Sun, 07 Sep 2025 22:49:35 +0000

This is an excellent write-up of the problem. New hires out of college/bootcamps often have no awareness of the risks here at all. Sometimes even engineers with years of experience but no operational mentorship in their career.

The kitchen sink example in particular is one that trips up people. Without knowing the specifics of how a library may deal with failure edge cases, it can catch you off guard (e.g., axios errors including API key headers).

A lot of these problems come from architectures where secrets go over the wire instead of just using signatures/ids. But in cases where you have to use some third party platform, there's often no choice.

New comment by bilalq in "AWS in 2025: Stuff you think you know that's now wrong"

bilalq — Wed, 20 Aug 2025 21:14:17 +0000

My objections here are in terms of how this manifests in billing. Especially when you consider the highway robbery rates for internet egress.

New comment by bilalq in "AWS in 2025: Stuff you think you know that's now wrong"

bilalq — Wed, 20 Aug 2025 17:32:30 +0000

Fine for when you have no NAT gateway and have a subnet with truly no egress allowed. But if you're adding a NAT gateway, it's crazy that you need to setup the gateway endpoint for S3/DDB separately. And even crazier that you have to pay for private links per AWS service endpoint.

New comment by bilalq in "Ask HN: Why does the US Visa application website do a port-scan of my network?"

bilalq — Wed, 20 Aug 2025 13:35:53 +0000

Just checked, and it seems like it is. Not enabled by default for some reason.

New comment by bilalq in "Modern Node.js Patterns"

bilalq — Mon, 04 Aug 2025 05:14:55 +0000

I really wish ESM was easier to adopt. But we're halfway through 2025 and there are still compatibility issues with it. And it just gets even worse now that so many packages are going ESM only. You get stuck having to choose what to cut out. I write my code in TS using ESM syntax, but still compile down to CJS as the build target for my sanity.

In many ways, this debacle is reminiscent of the Python 2 to 3 cutover. I wish we had started with bidirectional import interop and dual module publications with graceful transitions instead of this cold turkey "new versions will only publish ESM" approach.

New comment by bilalq in "Modern Node.js Patterns"

bilalq — Mon, 04 Aug 2025 05:06:29 +0000

1. This is not 100ms latency for requests. It's 100ms latency for the init of a process that loads this code. And this was specifically in the context of a Lambda function that may only have 128MB RAM and like 0.25vCPU. A hello world app written in Java that has zero imports and just prints to stdout would have higher init latency than this.

2. You don't need to use axios. The main value was that it provides a unified API that could be used across runtimes and has many convenient abstractions. There were plenty of other lightweight HTTP libs that were more convenient than the stdlib 'http' module.