Hacker News: darkamaul

New comment by darkamaul in "Open Source Security at Astral"

darkamaul — Thu, 09 Apr 2026 06:16:04 +0000

I’m maybe not understanding here, but isn’t it the point of release attestations (to authenticate that the release was produced by the authors)?

[0] https://docs.github.com/en/actions/how-tos/secure-your-work/...

New comment by darkamaul in "Open Source Security at Astral"

darkamaul — Thu, 09 Apr 2026 05:34:35 +0000

With the recent incidents affecting Trivy and litellm, I find it extremely useful to have a guide on what to do to secure your release process.

The advices here are really solid and actionable, and I would suggest any team to read them, and implement them if possible.

The scary part with supply chain security is that we are only as secure as our dependencies, and if the platform you’re using has non secure defaults, the efforts to secure the full chain are that much higher.

New comment by darkamaul in "Reducing Dependabot Noise"

darkamaul — Sat, 17 Jan 2026 21:07:54 +0000

I love all the touches that went into creating the Dependabot configuration:

– Sunday at 3 a.m. for updates

– The prompt injection to skip CI

It was a fun read - I'm looking forward to it being ingested by future LLMs.

New comment by darkamaul in "Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation"

darkamaul — Sat, 17 Jan 2026 15:28:06 +0000

Second this.

I didn't expect Google (Mandiant) to release rainbow tables ever. Curious what changed internally to make that acceptable now.

New comment by darkamaul in "LLM Structured Outputs Handbook"

darkamaul — Sat, 17 Jan 2026 15:24:40 +0000

Curious what tech stack is behind this docs/cookbook page. Doesn't look like standard MkDocs/GitBook, but maybe I'm wrong.

Would love to know.

New comment by darkamaul in "Oh My Zsh adds bloat"

darkamaul — Sat, 10 Jan 2026 06:51:33 +0000

I have been using OMZ for the last 8 years but recently made the switch to plain zsh with : - starship for a better prompt - Claude ported plugins I was using from omz (extract, sudo) - custom written aliases that were muscle memory - zoxide for the a command

So far that has been a great move, my terminal tab feel snappy again. One thing I miss (but I’m sure I could find a way to replace it) is `cd ….´

New comment by darkamaul in "FFmpeg has issued a DMCA takedown on GitHub"

darkamaul — Fri, 26 Dec 2025 22:38:38 +0000

Xlssid

New comment by darkamaul in "How China built its ‘Manhattan Project’ to rival the West in AI chips"

darkamaul — Thu, 18 Dec 2025 10:50:59 +0000

I'd argue ASML's moat isn't the machine itself but the ecosystem: Carl Zeiss optics, decades of supplier relationships, institutional knowledge.

This is clearly a significant achievement, but does anyone with semiconductor experience have a sense of how far "generates EUV light" is from "production-ready tool"?

New comment by darkamaul in "[dead]"

darkamaul — Fri, 05 Dec 2025 09:29:14 +0000

According to UpDog [0], the incident only lasted 35 minutes (8:40 - 9:15). And the Cloudflare status page seems to validate this timeline.

While down times are not ideal, that's quite an impressive achievement to be able to resolve an incident of this scale in minutes - not hours.

[0]: https://updog.ai/status/cloudflare

New comment by darkamaul in "Fast trigram based code search"

darkamaul — Fri, 05 Dec 2025 08:46:31 +0000

GitHub Code Search has too many quirks compared to the zoekt powered alternatives (cs.android.com, cs.bazel.build) which feel far more intuitive.

I wish Microsoft would invest more in improving it - especially since Sourcegraph can't search private repositories, leaving GitHub's tool as the only real option for many codebases.

New comment by darkamaul in "GitHub to Codeberg: my experience"

darkamaul — Sun, 30 Nov 2025 20:44:36 +0000

I've noticed that several projects on the front page today (and over the past few days) are migrating away from GitHub.

Is there any recent event or broader trend that explains this shift?

New comment by darkamaul in "Leak confirms OpenAI is preparing ads on ChatGPT for public roll out"

darkamaul — Sat, 29 Nov 2025 13:28:48 +0000

Hoping this pushes a new generation of adblockers, but I'm skeptical it'll stay a fair fight. The next wave of ads will likely be far subtler than today's web ads - more integrated into content, harder to detect, and easier to normalize.

New comment by darkamaul in "Kagi Hub Belgrade"

darkamaul — Wed, 26 Nov 2025 14:10:02 +0000

For interested readers, here is the CEO (Vlad) answer to the ties between Kagi and Yandex (November 2024): https://kagifeedback.org/d/5445-reconsider-yandex-integratio...

New comment by darkamaul in "Kagi Hub Belgrade"

darkamaul — Wed, 26 Nov 2025 14:07:06 +0000

I'm having trouble following the suspicion here. The founder lived in Belgrade for decades before moving to the US, so opening an office there seems like a straightforward decision: you build where you have roots, local knowledge, and existing connections. That's not a red flag...

As for Serbia itself: yes, it's not in the EU, but it's been in the accession process since 2012. The timeline is slow, but the country is economically integrated with Europe. If we're treating a Serbian office as inherently suspicious, that's a bar most of the tech industry wouldn't clear.

New comment by darkamaul in "Java Decompiler"

darkamaul — Wed, 26 Nov 2025 07:26:08 +0000

One of the use case of décompilation is bug hunting / vulnerability research. And that’s still one of the use cases where AI isn’t that good because you must be precise.

I’m not saying that won’t change but I still see a bright future for reversing tools, with or without AI sidekicks (like the BN plugin)

New comment by darkamaul in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

darkamaul — Mon, 24 Nov 2025 11:05:26 +0000

The "use cooldown" [0] blog post looks particularly relevant today.

I'd argue automated dependency updates pose a greater risk than one-day exploits, though I don't have data to back that up. That's harder to undo a compromised package already in thousands of lock files, than to manually patch a already exploited vulnerability in your dependencies.

[0] https://blog.yossarian.net/2025/11/21/We-should-all-be-using...

New comment by darkamaul in "Firefox 147 Will Support the XDG Base Directory Specification"

darkamaul — Thu, 20 Nov 2025 14:56:15 +0000

I was curious about how old the original bug report was, and it appears to be 21 years old [0]!

[0] https://bugzilla.mozilla.org/show_bug.cgi?id=259356

New comment by darkamaul in "Firefox 147 Will Support the XDG Base Directory Specification"

darkamaul — Thu, 20 Nov 2025 14:50:52 +0000

This is a meaningful step! For years, XDG Base Directory compliance has been spotty across major applications. Firefox's adoption matters because it's widely used and its implementation may encourage others to follow suit.

The Arch Wiki documentation will likely need updates [1], but sadly the list of non-compliant software is far too long.

[1]: https://wiki.archlinux.org/title/XDG_Base_Directory

New comment by darkamaul in "PHP 8.5"

darkamaul — Thu, 20 Nov 2025 09:16:44 +0000

PHP's evolution since PHP 5 has been substantial, and I think this is a real problem. As someone who learned the language years ago, the pace of change (generics, attributes, match expressions, typed properties) makes modern codebases genuinely difficult to follow.

I suspect this affects many developers who cut their teeth on PHP but haven't kept up. The language has become a different beast, which is a strength for the community but a barrier to re-entry.

New comment by darkamaul in "Contributing to open-source should be required, like jury duty"

darkamaul — Tue, 11 Nov 2025 19:34:36 +0000

I think most of the comments here miss that contributions is not equal to code.

Contributions to the documentation, translations, or helping managing the community are also extremely valuable and do not require the same technical skills.