Hacker News: compel2160

New comment by compel2160 in "Conventional Commits encourages focus on the wrong things"

compel2160 — Sat, 06 Jun 2026 05:27:33 +0000

Yeah, I looked through the GitHub. I've used Clojure before so it seems pretty easy to pick up.

New comment by compel2160 in "Conventional Commits encourages focus on the wrong things"

compel2160 — Sat, 06 Jun 2026 05:26:20 +0000

I get tags and atoms. It seems like the problem with class serialization is somewhat arbitrary though. It seems like both sides need the object schema ahead of time, in which case the schema can flag how it sdould be IDd / tagged.

I also wonder if atoms can be reduced for low-bandwidth transmission. Naïvly, you could just prepend a lookup table for multiple-use atoms.

I guess it seems more like niche, additional features when GGP seemed to be claiming a big step up.

New comment by compel2160 in "Conventional Commits encourages focus on the wrong things"

compel2160 — Fri, 05 Jun 2026 22:22:47 +0000

Curious: what are the primary advantages you see?

New comment by compel2160 in "SQL patterns I use to catch transaction fraud"

compel2160 — Mon, 18 May 2026 00:03:50 +0000

You know, I do keep getting random checks in the mail...

New comment by compel2160 in "'No way to prevent this,' says only package manager where this regularly happens"

compel2160 — Sat, 16 May 2026 15:57:38 +0000

The idea isn't to comprehensively make malicious code impossible - the idea is to make it difficult to sneak in. If the NSA wants to spend 500 billion$ to compromise an NPM package, there's very little we can do. But if waiting 3 days for security scans catch even 10% of malicious packages, that 's 10% fewer incidents everyone else has to deal with. And now people pwning maintainers must be much more sophisticated so their attacks are entirely undetected for that period.

New comment by compel2160 in "'No way to prevent this,' says only package manager where this regularly happens"

compel2160 — Sat, 16 May 2026 15:52:46 +0000

I don't think anyone is saying cooldowns are the only thing you need - just that it's a 30sec change that should harden your code.

Also, most malicious versions seem to be detected by tools scanning new packages. People updating without cooldowns probably aren't manualy inspecting diffs. Giving tools more time to detect things seems pretty obviously good to me. Add to that maintainers reporting they've been pwned, and the floor for sneaking malicious code is much higher.

New comment by compel2160 in "SQL patterns I use to catch transaction fraud"

compel2160 — Sat, 16 May 2026 08:58:07 +0000

Even US -> CA was maybe 10 min when I crossed a few weeks ago...

New comment by compel2160 in "Show HN: Get dopamine from real action instead of doomscrolling"

compel2160 — Thu, 14 May 2026 16:48:29 +0000

I don't do it all the time, usually just when I feel swamped with a bunch of different tasks. I also try to time box it, so no matter what I roll I work on it for a predictable length of time. I think the most effective part for me is not letting myself say no to whatever comes up - I just have to do my best. I feel like it's really helpful when I'm struggling to just set down and focus on one thing.

New comment by compel2160 in "CodingBooth – Containerized dev environments declared in the repository"

compel2160 — Thu, 14 May 2026 14:47:48 +0000

What advantages does this provide over existing solutions (Coder, DevEnv, DevPod)?

Also, can you provide a non curl based install?

New comment by compel2160 in "Show HN: Get dopamine from real action instead of doomscrolling"

compel2160 — Thu, 14 May 2026 14:42:55 +0000

I legit do something similar to this for my ADHD. I make 6,8, or 10 item long lists of tasks, then roll a die to choose what to do. I pair it with a similar list of rewards that I can roll on when I complete a task.