Hacker News: deredede

New comment by deredede in "Copilot edited an ad into my PR"

deredede — Mon, 30 Mar 2026 07:07:17 +0000

GitHub (still) allows you to edit files directly in the browser without using AI.

New comment by deredede in "We mourn our craft"

deredede — Sat, 07 Feb 2026 20:53:13 +0000

I know how to review code without looking at the corresponding assembly and have high confidence in the behavior of the final binary. I can't quite say the same for a prompt without looking at the generated code, even with temperature 0. The difference is explainability, not determinism.

New comment by deredede in "Start all of your commands with a comma (2009)"

deredede — Sat, 07 Feb 2026 12:24:55 +0000

I also do this.

Random flags added to core tools are done with aliases, which do not affect the launched processes, not by shadowing them in ~/bin. Shadowing in ~/bin are for cases where a newer (compared to the system-wide version) or custom version of a tool is needed.

New comment by deredede in "Rust's Block Pattern"

deredede — Sat, 20 Dec 2025 09:36:11 +0000

I like it. IIFEs always make me nervous because they look like they beg to be removed if you don't know why they are used. Using an explicit function such as `run` looks much more intentional, and provide a single intuitive place (the documentation of the `run` function) to explain the pattern.

New comment by deredede in "Linux Sandboxes and Fil-C"

deredede — Sun, 14 Dec 2025 08:52:31 +0000

You can send arbitrary commands, but they will be rejected unless you provide valid credentials first.

New comment by deredede in "Cloudflare outage on November 18, 2025 post mortem"

deredede — Wed, 19 Nov 2025 07:55:38 +0000

Not GP but I read "I'm fine with allocation failures" as "I'm OK with my program terminating if it can't allocate (but not for other errors)".

New comment by deredede in "Why I love OCaml (2023)"

deredede — Sat, 08 Nov 2025 06:30:46 +0000

Not GP but bump allocation (OCaml's GC uses a bump allocator into the young heap) mitigates this somewhat, list nodes tend to be allocated near each other. It is worse than the guaranteed contiguous access patterns of a vector, but it's not completely scattered either.

New comment by deredede in "Linus Torvalds and the Supposedly "Garbage Code""

deredede — Sun, 28 Sep 2025 07:28:47 +0000

You can give honest, unbiased feedback without insulting either people or their work.

Software engineering is a collaborative process, not an adversarial one.

New comment by deredede in "Claude Code: Now in Beta in Zed"

deredede — Thu, 04 Sep 2025 07:03:22 +0000

You should have a drop-down for selecting a tool profile next to the drop-down for model selection. Select "Minimal" for no tools.

"New text thread" should also have no tools I believe.

https://zed.dev/docs/ai/agent-panel#profiles

New comment by deredede in "We shouldn't have needed lockfiles"

deredede — Wed, 06 Aug 2025 20:01:02 +0000

I can think of plenty situations where you really want to use the dependency's types though. For instance the dependency provides some sort of data structure and you have one library that produces said data structure and a separate library that consumes it.

What you're describing with SML functors is essentially dependency injection I think; it's a good thing to have in the toolbox but not a universal solution either. (I do like functors for dependency injection, much more than the inscrutable goo it tends to be in OOP languages anyways)

New comment by deredede in "We shouldn't have needed lockfiles"

deredede — Wed, 06 Aug 2025 17:02:00 +0000

Alternative answer: both versions will be picked up.

It's not always the correct solution, but sometimes it is. If I have a dependency that uses libUtil 2.0 and another that uses libUtil 3.0 but neither exposes types from libUtil externally, or I don't use functions that expose libUtil types, I shouldn't have to care about the conflict.

New comment by deredede in "We shouldn't have needed lockfiles"

deredede — Wed, 06 Aug 2025 16:53:03 +0000

It's not "all the transitive dependencies". It's only the transitive dependencies you need to explicitly specify a version for because the one that was specified by your direct dependency is not appropriate for X reason.

New comment by deredede in "We shouldn't have needed lockfiles"

deredede — Wed, 06 Aug 2025 16:46:57 +0000

Sure, I'm happy with locking the parts I need to lock. Why would I lock the parts I don't need to lock?

New comment by deredede in "We shouldn't have needed lockfiles"

deredede — Wed, 06 Aug 2025 16:35:33 +0000

What if libinsecure 0.2.1 is the version that introduces the vulnerability, do you still want your application to pick up the update?

I think the better model is that your package manager let you do exactly what you want -- override libuseful's dependency on libinsecure when building your app.

New comment by deredede in "The Convenience Trap: Why Seamless Banking Access Can Turn 2FA into 1FA"

deredede — Tue, 29 Jul 2025 17:43:18 +0000

The article starts with this description of 2FA:

> an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more distinct types of evidence (or factors) to an authentication mechanism.

and concludes with (emphasis mine):

> For the average user, the smartphone has become a single point of failure, where the theft of one device and one piece of knowledge (the passcode) can lead to total financial compromise.

Looks like 2FA to me, not 1FA.

New comment by deredede in "The Convenience Trap: Why Seamless Banking Access Can Turn 2FA into 1FA"

deredede — Tue, 29 Jul 2025 17:39:48 +0000

If people need "`expect` scripting and a few open source packages [to] automate it to be 1 factor", it is effectively 2 factor for 99.9% of the population.

Also, if someone uses a password manager to store both the password and the OTP credential, that is still an improvement to security. Intercepting (e.g. shoulder surfing) or guessing the password is no longer enough, an attacker needs to get into the password manager's vault.

New comment by deredede in "Jujutsu for busy devs"

deredede — Tue, 22 Jul 2025 15:38:15 +0000

Some people can't install arbitrary software on their employer's hardware.

New comment by deredede in "Jujutsu for busy devs"

deredede — Tue, 22 Jul 2025 06:52:51 +0000

> It's not actually how code reviews are done by the people who wrote it.

What do you mean by that? Even if you do review by emailing patchsets those are still managed locally using branches, to my knowledge.

New comment by deredede in "Jujutsu for busy devs"

deredede — Tue, 22 Jul 2025 06:47:52 +0000

> This is excruciating in git if you ever need to make a fix to an earlier PR because you have to manually rebase every subsequent change.

Spreading the word about `git rebase --update-refs` that will automatically update any branches that point to commits along the path (very useful with stacked branches). It is less convenient than what jujutsu offers (you need to know the branches to update, where jujutsu automatically updates any dependency), but still a very useful if you don't want to or can't switch to another tool.

New comment by deredede in "Parse, Don’t Validate – Some C Safety Tips"

deredede — Mon, 14 Jul 2025 07:54:38 +0000

"Parse, don't validate" is a catchy way of saying "Instead of mixing data validation and data processing, ensure clean separation by first parsing 'input data' into 'valid data', and then only process 'valid data'".

It doesn't mean you should completely eliminate `if` statements and error checking.