Hacker News: ef2k

New comment by ef2k in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"

ef2k — Thu, 23 Apr 2026 19:52:40 +0000

The issue was a compromised build pipeline that shipped a poisoned package.

But PSA: If something is critical to the business and you’re using npm, pin your dependencies. I’ve had this debate with other devs throughout the years and they usually point to the lockfile as assurance, but version ranges with a ^ mean that when the lockfile gets updated, you can pull in newer versions you didn’t explicitly choose.

If what you're building can put your company out of business it's worth the hassle.

New comment by ef2k in "LinkedIn is searching your browser extensions"

ef2k — Thu, 02 Apr 2026 17:44:19 +0000

A few years ago, intentionally fingerprinting or tracking your users without disclosure was spyware and unethical. Alas, here we are.

Anyway, what they're calling "spectroscopy", is a combination of extension probing and doing residue detection (looking for what extensions might leave behind in the DOM).

An ad blocker is not necessarily equipped to help since the script is embedded with the application code. Since they're targetting Chrome, switching browsers will help with the probing but not the detection part and you'll still be fingerprinted.

The only way forward is for browser vendors to offer a real privacy or incognito mode where sites are sandboxed by default. When the default profile is identical across millions of users there won't be anything unique to fingerprint.

New comment by ef2k in "US Court of Appeals: TOS may be updated by email, use can imply consent [pdf]"

ef2k — Mon, 09 Mar 2026 11:55:49 +0000

This would make more sense if email was 100% guaranteed to be delivered. Not sure if this angle was argued, but just like regular mail, just because something was claimed to be delivered is not enough to prove that it was, hence the existence (in the US) of certified mail and signature return receipts.

New comment by ef2k in "My spicy take on vibe coding for PMs"

ef2k — Wed, 04 Mar 2026 07:25:00 +0000

I hear you, a lot of engineers have been there. Things are changing though, roles are evolving and the org chart is starting to flatten.

A couple of things worth separating: strategic direction in most orgs is already handed down from the VP or exec level, the PM is usually executing on that mandate.

Now that coding agents exist, both the PM and the engineer end up prompting a coding agent. So, over time, the roles converge and product ownership just becomes part of building.

New comment by ef2k in "My spicy take on vibe coding for PMs"

ef2k — Wed, 04 Mar 2026 06:56:38 +0000

That sounds more like a project or engineering manager role. Work environments obviously vary, and sometimes roles are assumed to counter dysfunction. But the PM here is the product manager, which owns the product direction. The argument is that their role can now venture into building. My comment extends it further that they can actually become the builders, absorbed into engineering and design.

New comment by ef2k in "My spicy take on vibe coding for PMs"

ef2k — Wed, 04 Mar 2026 03:32:39 +0000

My hot take: the dedicated PM role is becoming optional. Engineers already understand feasibility and tradeoffs, and they often end up informing the PM anyway, which usually comes at the cost of meetings and slow decisions. With clear quarterly goals, engineering and design can own product together. They would shape scope, ship in increments, measure, and iterate. So the "product" function still exists, but its not a separate PM attached to it.

New comment by ef2k in "Enable CORS for Your Blog"

ef2k — Mon, 02 Mar 2026 07:08:28 +0000

To be fair, they do explain their motivation. It's an in-browser RSS reader, so it's fetching the RSS feed directly without a proxy server. There's not much risk since the content is public and non-credentialed. The bigger risk is misconfiguring CORS and inadvertently exposing other paths with the wildcard.

New comment by ef2k in "I'm not worried about AI job loss"

ef2k — Fri, 13 Feb 2026 21:26:04 +0000

The article frames the premise that "everything will be fine" around people with "regular jobs", which I assume means non knowledge work, but most of public concern is on cognitive tasks being automated.

It also argues that models have existed for years and we're yet to see significant job loss. That's true, but AI is only now crossing the threshold of being both capable and reliable enough to be automate common tasks.

It's better to prepare for the disruption than the sink or swim approach we're taking now in hopes that things will sort themselves out.

New comment by ef2k in "Show HN: Pgclaw – A "Clawdbot" in every row with 400 lines of Postgres SQL"

ef2k — Thu, 12 Feb 2026 20:56:33 +0000

Nice. These are the kind of boundary pushing projects I like to see. It challenges assumptions of where application logic should live. The implications around cost, latency, and recovery are going to be interesting.

New comment by ef2k in "An AI agent published a hit piece on me"

ef2k — Thu, 12 Feb 2026 18:57:48 +0000

This brings some interesting situations to light. Who's ultimately responsible for an agent committing libel (written defamation)? What about slander (spoken defamation) via synthetic media? Doesn't seem like a good idea to just let agents post on the internet willy-nilly.

New comment by ef2k in "ai;dr"

ef2k — Thu, 12 Feb 2026 18:22:45 +0000

I really liked this post. It's concise and gets straight to the point. When it comes to presenting ideas, I think this is the best way to counter AI slop.

New comment by ef2k in "TikTok is tracking you, even if you don't use the app"

ef2k — Thu, 12 Feb 2026 16:59:39 +0000

Nothing new here. This is why they eventually rolled back Chrome's initiative to automatically reject third-party cookies. Industry backlash was that the analytics of too many sites would break. Best thing to do is to switch to a privacy centric browser.

New comment by ef2k in "Ex-GitHub CEO launches a new developer platform for AI agents"

ef2k — Wed, 11 Feb 2026 02:03:36 +0000

I landed on a similar vision last year. The more I thought about it, the moat felt fragile. GitHub or GitLab could build the same capabilities and become a natural extension of what teams already use. That said, it addresses a real problem, and the SDLC needs to evolve.

New comment by ef2k in "Agent Skills"

ef2k — Tue, 03 Feb 2026 16:12:20 +0000

I'm not disagreeing with standards but instead of creating adapters, can't we prompt the agent to create its own version of a skill using its preferred guidelines? I don't think machines care about standards in the way that humans do. If we maintain pure knowledge in markdown, the agents can extract what they need on demand.

PlowNYC – track progress of snow removal vehicles in NYC

ef2k — Sun, 25 Jan 2026 17:42:16 +0000

Article URL: https://plownyc.cityofnewyork.us

Comments URL: https://news.ycombinator.com/item?id=46756195

Points: 4

# Comments: 0

New comment by ef2k in "Transparent leadership beats servant leadership"

ef2k — Thu, 04 Dec 2025 17:29:25 +0000

I think the premise is a little shaky since a good servant leader is already transparent. But there's some good takeaways. Leaders should inform their team of what's happening behind the scenes and allow them to understand why things are playing out the way they are. Allowing people to take on more responsibility, if they want it, is a healthy sign of an organization, but it shouldn't be imposed nor expected if they already have enough on their plates.

New comment by ef2k in "The fate of "small" open source"

ef2k — Mon, 17 Nov 2025 17:31:26 +0000

> I want the things I do today to have an upside for people in the future.

I think most would agree with this, but the way things work today don't support it. As of now, AI gains are privatized while the losses are socialized. Until that one-sided imbalance is addressed, LLM's "use" of open source is unbounded and nonreciprocal.

Attribution is a big part of the human experience. Your response frames it as ego driven, but it's also what motivates people to maintain code that is not usually compensated, it's also what builds reputation, trust, communities, and even careers.

Until that’s figured out, we can still share, but maybe in ways that are closer to one another, or under distribution models that reflect the reality we’re in rather than the one we used to have.

New comment by ef2k in "The fate of "small" open source"

ef2k — Mon, 17 Nov 2025 00:42:03 +0000

> I’m still trying to figure out what kinds of open source are worth writing in this new era

Is there any upside to opensourcing anything anymore? Anything published today becomes training data for the next model, with no attribution to the original work.

If the goal is to experiment, share ideas, or let others learn from the work, maybe the better default now is "source available", instead of FOSS in the classic sense. It gives people visibility while setting clearer boundaries on how the work can be used.

I learned most of what I know thanks to FOSS projects so I'm still on the fence on this.

New comment by ef2k in "30 Days, 9 Cities, 1 Question: Where Did American Prosperity Go?"

ef2k — Fri, 14 Nov 2025 23:23:05 +0000

At least Andrew Carnegie and John D. Rockefeller had a rivalry to see who had better public works.

New comment by ef2k in "Ticker: Don't die of heart disease"

ef2k — Sat, 08 Nov 2025 19:44:37 +0000

This reminded me of the other extreme to health consciousness: the 109 year old that smoked cigars and ate ice cream every night [0].

[0] https://youtu.be/BXyfCGDnuWs?t=332