Hacker News: brasetvik

New comment by brasetvik in "Show HN: Tolaria – Open-source macOS app to manage Markdown knowledge bases"

brasetvik — Fri, 24 Apr 2026 13:59:38 +0000

Atomic looks quite interesting, and the "wiki synthesis" is particularly interesting:

I've been working on a suite of skills and a tiny MCP (also SQLite + SQLite-vec based) where the focus is on making it easy to produce "atoms" from quick brain dumps.

The chunking problem is "bypassed" by declaring each section a chunk, and having the LLMs rewrite drafts to sections that chunk well. That means lots of redundancy, and no "As explained above".

The intended reader isn't a human, but rather agents that generate human-friendlier prose, for different target audiences. By assuming the reader is an "expert", the idea is that it's much cheaper to mass-produce reviewed "atoms".

Itching to try that workflow with Atomic or Tolaria.

New comment by brasetvik in "The Internals of PostgreSQL"

brasetvik — Mon, 03 Mar 2025 14:43:44 +0000

Also recommend this free book: https://postgrespro.com/community/books/internals

New comment by brasetvik in "Postgres 17: Streaming I/O for sequential scans and ANALYZE"

brasetvik — Thu, 13 Jun 2024 17:10:11 +0000

pganalyze's blog is a goldmine of Postgres tidbits, a lot of which is recapped in their YouTube channel: https://www.youtube.com/@pganalyze6516

I'm not at all affiliated, just a happy consumer of their material.

Postgres Can Do That?

brasetvik — Tue, 06 Feb 2024 19:17:28 +0000

Article URL: https://medium.com/cognite/postgres-can-do-that-f221a8046e

Comments URL: https://news.ycombinator.com/item?id=39279121

Points: 5

# Comments: 0

New comment by brasetvik in "Transaction Isolation in Postgres"

brasetvik — Mon, 18 Dec 2023 17:30:36 +0000

Or from the other perspective of the trade-off: One caveat with MSSQL is that ALL concurrent transactions must pay the overhead if _some_ transactions need serializable guarantees?

New comment by brasetvik in "Scrambling eggs for Spotify with Knuth's Fibonacci hashing"

brasetvik — Sat, 09 Dec 2023 19:25:23 +0000

A bit of birthday paradox too? :)

New comment by brasetvik in "Show HN: Light implementation of Event Sourcing using PostgreSQL as event store"

brasetvik — Tue, 31 Oct 2023 16:44:43 +0000

Nice job, eugene-khyst. Looks very comprehensive from an initial skim.

I've worked on something in the same space, with a focus on reliable but flexible synchronization to many consumers, where logical replication gets impractical.

I have a mind to do a proper writeup, but at least there is code at https://github.com/cognitedata/txid-syncing (MIT-licensed) and a presentation at https://vimeo.com/747697698

The README mentions …

> A long-running transaction in the same database will effectively "pause" all event handlers.

… as the approach is based on the xmin-horizon.

My linked code works with involving the MVCC snapshot's xip_list as well, to avoid this gotcha.

Also, note that when doing a logical restore of a database, you're working with different physical txids, which complicates recovery. (So my approach relies on offsetting the txid and making sure the offset is properly maintained)

New comment by brasetvik in "When URL parsers disagree"

brasetvik — Thu, 07 Sep 2023 13:32:56 +0000

This is also a pretty cool presentation on the topic: https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-Ne...

New comment by brasetvik in "Lesser Known Postgres Features (2021)"

brasetvik — Tue, 29 Aug 2023 17:22:40 +0000

Some overlap, but my similar post mentions a few other things too, with a lot of links to sources to learn more :)

https://medium.com/cognite/postgres-can-do-that-f221a8046e

New comment by brasetvik in "PyPI new user and new project registrations temporarily suspended"

brasetvik — Sat, 20 May 2023 21:42:43 +0000

Reading that thread it doesn't seem like the official image shipped with any cryptominer at any point, and that it's more likely that the container got compromised in other ways. (A compromised [superuser connection to Postgres can execute shell code](https://medium.com/r3d-buck3t/command-execution-with-postgre...), so that seems more likely than the image shipping with a miner)

New comment by brasetvik in "SQL Maxis: Why We Ditched RabbitMQ and Replaced It with a Postgres Queue"

brasetvik — Tue, 11 Apr 2023 17:27:08 +0000

Advisory locks are purely in-memory locks, while row locks might ultimately hit disk.

The memory space reserved for locks is finite, so if you were to have workers claim too many queue items simultaneously, you might get "out of memory for locks" errors all over the place.

> Both advisory locks and regular locks are stored in a shared memory pool whose size is defined by the configuration variables max_locks_per_transaction and max_connections. Care must be taken not to exhaust this memory or the server will be unable to grant any locks at all. This imposes an upper limit on the number of advisory locks grantable by the server, typically in the tens to hundreds of thousands depending on how the server is configured.

– https://www.postgresql.org/docs/current/explicit-locking.htm...

New comment by brasetvik in "Wat [video] (2012)"

brasetvik — Thu, 30 Mar 2023 00:22:58 +0000

It’s the wat I’ve seen have the most security impact.

Deep merging two JSON parsed objects is innocuous enough everywhere else that most don’t think twice about doing it. Lots of widely used libraries that provide deep merging utilities have had security vulnerabilities because of this.

I guess you could argue that the wat is that objects coming out of JSON.parse don’t have null as its prototype.

New comment by brasetvik in "Wat [video] (2012)"

brasetvik — Wed, 29 Mar 2023 23:04:35 +0000

  >> JSON.parse("{}")["__proto__"]["A"] = "T"
  "T"
  >> W = {}
  Object {  }
  >> W.A
  "T"

PostgreSQL 14 Internals

brasetvik — Mon, 13 Mar 2023 19:29:37 +0000

Article URL: https://postgrespro.com/blog/pgsql/5969985

Comments URL: https://news.ycombinator.com/item?id=35141155

Points: 174

# Comments: 24

New comment by brasetvik in "ReDoS “vulnerabilities” and misaligned incentives"

brasetvik — Thu, 29 Dec 2022 19:22:19 +0000

I’d agree that ReDoS is a repeat offender in having overblown severity in vulnerability reports, and prototype pollution reports have contributed to a fair bit of noise when popping up in dev-tools and such, but prototype pollution can be quite significant.

Java has its “gadget chain” class of vulnerabilities, where the presence of certain jars can turn object deserialisation into RCEs. I’d argue that Javascript has “pollution gadgets”.

Some years ago I struggled making lodash – which almost any non-trivially sized Javascript project has at least a transitive dependency on (possibly multiple versions of) – fix its “gadget” in its template function. It’s since been patched, and the conversation unfortunately deleted - https://github.com/lodash/lodash/pull/4518

Here’s two real world examples of turning a prototype pollution into an RCE: https://hackerone.com/reports/852613 and https://hackerone.com/reports/861744

(If you’re unfamiliar with prototype pollution: This is possibly a security bug in Javascript: `obj[a][b] = c` if a user controls a, b and c.)

New comment by brasetvik in "Postgres Tips and Tricks"

brasetvik — Tue, 06 Dec 2022 21:29:56 +0000

I made a similar resource (and a talk) with different kinds of tips, that also has a lot of links to learning more about the different topics: https://medium.com/cognite/postgres-can-do-that-f221a8046e

New comment by brasetvik in "Awesome Node-Based UIs"

brasetvik — Thu, 17 Nov 2022 15:44:58 +0000

I think Blender is worth an honerable mention. :)

Geometry nodes, part of «everything Nodes», is pretty interesting: https://youtu.be/kMDB7c0ZiKA

New comment by brasetvik in "Ask HN: What piece of code/codebase blew your mind when you saw it?"

brasetvik — Mon, 31 Oct 2022 23:10:03 +0000

It has long since been cleaned up, but the history of Lucene's Levenshtein automatons are a fascinating mix of pragmatism, hackery, grit, and engineering. Using a Python library to generate crazy-looking Java code, which you can't (yet) understand, but whose tests pass and benchmarks look amazing.

- https://blog.mikemccandless.com/2011/03/lucenes-fuzzyquery-i... - https://www.youtube.com/watch?v=4AbcvHKX8Ow

(Levenshtein distances are used as a measure between fuzzy/misspelled matches, and was ironically misspelled initially - https://lucene.apache.org/core/7_4_0/suggest/org/apache/luce...)

New comment by brasetvik in "$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever"

brasetvik — Mon, 15 Aug 2022 12:30:17 +0000

I don't know anything about their product, but their security team has been publishing high quality research, e.g. https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-p... and https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-v...

New comment by brasetvik in "Git In Two Minutes (updated after 8 years)"

brasetvik — Sat, 06 Aug 2022 23:07:42 +0000

It's not a single digit minute read, but to me "Git from the Bottom Up" was what really made me understand git a long time ago.

https://jwiegley.github.io/git-from-the-bottom-up/

git's the kind of tool where understanding how your commands operate on the underlying data structures will probably make it a lot easier to use efficiently. (And they're beautifully simple despite how powerful and flexible they are)

As a tool you might be using for hours per week for a few more decades, it's worth the investment going beyond the "in x minutes". I tend to provide both to juniors.

Obligatory: https://xkcd.com/1597/