Hacker News: broeng

New comment by broeng in "The RAM shortage could last years"

broeng — Mon, 20 Apr 2026 08:07:54 +0000

I think Denmark is in the same situation, and recently gave a timeline of 10 years for new projects to get connected to the grid.

New comment by broeng in "India orders smartphone makers to preload state-owned cyber safety app"

broeng — Tue, 02 Dec 2025 08:40:02 +0000

I don't think any of the national id services I've heard of stores all your data in a centralized place. Usually the national id service only provides identification to the service providers that request it. Each service provider (like, your bank, hospital, pension provider) will store their own data as they've always done, they just use the service to identify you.

New comment by broeng in "GitLab discovers widespread NPM supply chain attack"

broeng — Fri, 28 Nov 2025 08:54:39 +0000

Compared to the Java ecosystem, I think there's a couple of issues in the NPM ecosystem that makes the situation a lot worse:

1) The availability of the package post-install hook that can run any command after simply resolving and downloading a package[1].

That, combined with:

2) The culture with using version ranges for dependency resolution[2] means that any compromised package can just spread with ridiculous speed (and then use the post-install hook to compromise other packages). You also have version ranges in the Java ecosystem, but it's not the norm to use in my experience, you get new dependencies when you actively bump the dependencies you are directly using because everything depends on specific versions.

I'm no NPM expert, but that's the worst offenders from a technical perspective, in my opinion.

[1]: I'm sure it can be disabled, and it might even be now by default - I don't know. [2]: Yes, I know you can use a lock file, but it's definitely not the norm to actively consider each upgraded version when refreshing the lockfile.

New comment by broeng in "Digital euro could drain up to 700B euros of deposits in bank run, ECB says"

broeng — Fri, 10 Oct 2025 12:29:16 +0000

I haven't looked into it much, but I assume the point is that it avoids the SWIFT system.

New comment by broeng in "WiFi signals can measure heart rate"

broeng — Fri, 05 Sep 2025 07:26:28 +0000

At least here in Denmark, they seem to have opted for installing bigger "pipes", instead of just laying down some fiber cables. Then in the future they can just push new cables through the pipes. An idea I bet they wish they had gotten the first time around.

New comment by broeng in "Nitro: A tiny but flexible init system and process supervisor"

broeng — Sat, 23 Aug 2025 09:09:36 +0000

What do you mean? They can be in a single service file.

New comment by broeng in "The History of F1 Design"

broeng — Thu, 07 Aug 2025 10:04:02 +0000

The Senna series from 2024 is also pretty good.

New comment by broeng in "uBlock Origin Lite now available for Safari"

broeng — Tue, 05 Aug 2025 10:13:20 +0000

It's been possible to use Content Blockers for Safari for a long time, which alters the page content. Firefox Focus came out about a decade ago, and can be used as one.

New comment by broeng in "uBlock Origin Lite now available for Safari"

broeng — Tue, 05 Aug 2025 10:11:10 +0000

It's been possible for about a decade to use Firefox Focus as a Content Blocker for Safari. I assume it's open source, "well trusted" is of course subjective.

New comment by broeng in "Tour de France confronts a new threat: Are cyclists using tiny motors?"

broeng — Tue, 29 Jul 2025 12:16:32 +0000

And earlier than that, they jumped on the train.

New comment by broeng in "EA Open Sources Command and Conquer: Red Alert, along with other games"

broeng — Fri, 28 Feb 2025 08:14:09 +0000

anal_reactor says so.

New comment by broeng in "Nvidia's RTX 5090 power connectors are melting"

broeng — Tue, 11 Feb 2025 14:55:36 +0000

No, not for a connector for 500W, on a $2000 GPU from one of the worlds biggest companies. They can do better.

New comment by broeng in "Go 1.24's go tool is one of the best additions to the ecosystem in years"

broeng — Wed, 29 Jan 2025 12:54:55 +0000

I'm not debating that. I'm pointing out, that the person replied to, said there's no reason to mix it together with the artifact dependencies.

In other words, no need to mix "dependencies" and "dev dependencies" together.

New comment by broeng in "Go 1.24's go tool is one of the best additions to the ecosystem in years"

broeng — Tue, 28 Jan 2025 12:38:59 +0000

Tbh, I think you missed this part: "[..] mixed with artefact dependencies itself".

New comment by broeng in "Why was there a wall near runway at S Korea plane crash airport?"

broeng — Mon, 06 Jan 2025 12:25:06 +0000

Maybe that section of highway could easily be cleared in time with a warning system, like when we warn for crossing trains. A wall doesn't have to be the only solution.

New comment by broeng in "CrowdStrike's impact on aviation"

broeng — Tue, 30 Jul 2024 13:24:39 +0000

My modern dishwasher is also very kind, and displays the time to end in minutes throughout the wash. Counting down from an hour. But I don't know what kind of upbringing it had, for some reason, the sneaky bastard always adds another 25 minutes, when there is supposedly only 10 minutes left.

I guess dishwasher years are like dog years. At least it definitely behaves like a teenager at 2 years old, finishing when it wants to finish. Estimates be damned.

New comment by broeng in "Zed Editor automatically downloads binaries and NPM packages without consent"

broeng — Mon, 08 Jul 2024 12:48:15 +0000

It seems like a bad design choice, that, besides allowing for running untrusted code directly at download time, also makes it difficult to properly mirror artifacts, and I'd assume, make platform portability inconsistent, at best.

New comment by broeng in "Zed Editor automatically downloads binaries and NPM packages without consent"

broeng — Mon, 08 Jul 2024 12:45:53 +0000

I'm pretty sure that's incorrect. One portion of the build-to-host buildfile was only present in the release tarball.

https://www.openwall.com/lists/oss-security/2024/03/29/4

New comment by broeng in "Zed Editor automatically downloads binaries and NPM packages without consent"

broeng — Mon, 08 Jul 2024 09:49:57 +0000

I don't really think thats more obvious. It's expected to install dev libraries, not system services, it shouldn't have that need.

New comment by broeng in "Zed Editor automatically downloads binaries and NPM packages without consent"

broeng — Mon, 08 Jul 2024 07:27:18 +0000

Why the hell does npm support a postinstall script? There really shouldn't be a need to run arbitrary code provided by the package for something like this.