Hacker News: elisbce

New comment by elisbce in "Project Glasswing: An Initial Update"

elisbce — Fri, 22 May 2026 22:28:50 +0000

He already scanned the codebase with Codex Security and a whole bunch of other AI tools, and fixed 200-300 bugs and CVEs. On top of that Mythos found 1 more bug and 1 more CVE is already impressive.

New comment by elisbce in "Distributing Mac software is increasing my cortisol levels"

elisbce — Sun, 10 May 2026 02:49:31 +0000

If you want to take the risk and install some unsigned software on your machine, go ahead, but don't blame Apple, who is gatekeeping for the entire ecosystem for making the decision to keep the restrictions in place so that the other 2.5 billion users don't fall victims to malware defenselessly. Also, as a rule of thumb in cybersecurity, never underestimate human flaws or overestimate your ability to overcome them. Even the most brilliant experts cannot possibly know everything and make zero mistakes, let alone "the users" you are talking about. It is pure illusion that "the users" know exactly what's running on their machine under the hood. We should be thankful that Apple is willing to hold the lines and go this far to tighten security up when nobody forces them to. It is probably one of the best thing coming out of Jobs' relentless push for privacy and security on the iPhone.

New comment by elisbce in "Data Processing Benchmark Featuring Rust, Go, Swift, Zig, Julia etc."

elisbce — Mon, 02 Feb 2026 02:56:17 +0000

Totally agree. I found the results surprising because a bunch of languages are faster than C++. Then I looked closer. The requirements are self-conflicting, No SIMD, but must be production-ready. No one would use the unoptimized version in production. Also looking at the C++ implementation, they are not optimized at all. This makes this benchmark literally pointless.

New comment by elisbce in "8M users' AI conversations sold for profit by "privacy" extensions"

elisbce — Tue, 16 Dec 2025 05:13:33 +0000

Judging from their website, all links eventually point to either the VPN extension download website, or a signup link. I'm not surprised if some nation state supported APT is behind this shit.

New comment by elisbce in "An Implementation of J (1992)"

elisbce — Sun, 14 Dec 2025 05:44:24 +0000

The more I see these languages that have neither power nor readability, the more I appreciate C.

New comment by elisbce in "Datacenters in space aren't going to work"

elisbce — Mon, 01 Dec 2025 04:10:59 +0000

When SpaceX came about, they said it was impossible for the rocket to come back from space and get reused. They said it wasn't going to work to combine multiple thrusters to form a big thruster and be reliable enough. When Starlink was introduced, they said it was stupid because the bandwidth is too small to be useful. Where are we now? 10 years ago, AI couldn't even beat a high-rank amateur Go player, let alone the best of pros. Everyone takes the excuse of dimensionality curse. Now what?

People who only look at the past/present and conclude impossibility are never going to be the ones who invent the future. Even math and science evolve, let alone engineering. The problems described in this article don't even remotely feel like the kind of barriers we faced when Go was solved, when protein fold was predicted and when LLM was solving problems with one prompt. If there is a strong NEED for datacenters to be up in the space, there will eventually be datacenters in the space.

New comment by elisbce in "How good engineers write bad code at big companies"

elisbce — Sat, 29 Nov 2025 00:18:47 +0000

1. In Silicon Valley, people are not bounded by non-compete clauses and can come and go at will. So fungibility is a top priority for any tech company. The only way to do that is to make sure expertise is shared across the team and not monopolized by one or a few old-timers.

2. Eng teams that have mostly old-timers tend to get stale and slow in changes. This is bad for products that need rapid evolution or new ideas to break status quo. New engineers have way more incentives to make changes to prove themselves and collect credits, while old-timers tend to play safe and stay on the side of stability.

3. Bad coders, not new coders, write bad code.

New comment by elisbce in "Uncle Sam wants to scan your iris and collect your DNA, citizen or not"

elisbce — Wed, 05 Nov 2025 04:54:59 +0000

That's so stupid. Just because I posted a video on TikTok doesn't mean someone should be able to go to the city's public website, look me up on a yellow page and download my photo id and fingerprints.

New comment by elisbce in "Jailhouse confessions of a teen hacker"

elisbce — Tue, 23 Sep 2025 03:43:43 +0000

Yeah, blame the victims for not protecting themselves enough. How familiar.

New comment by elisbce in "Why does everyone run ancient Postgres versions?"

elisbce — Fri, 18 Oct 2024 06:14:23 +0000

Yes, it is messy when you want your MySQL databases to be mission critical in production, e.g. handling a large amount of customer data. Historically MySQL's High Availability architecture has a lot of design and implementation issues because it was an afterthought. Dealing with large amount of critical data means you need it to be performant, reliable and available at the same time, which is hard and requires you to deal with caching, sharding, replication, network issues, zone/resource planning, failovers, leader elections and semi-sync bugs, corrupted logs, manually fixing bad queries that killed the database, data migration, version upgrades, etc. There is a reason why big corps like Google/Meta has dedicated teams of experts (like people who actually wrote the HA features) to maintain their mission critical MySQL deployments.

New comment by elisbce in "Reinventing Core Data Development with SwiftData Principles"

elisbce — Thu, 17 Oct 2024 02:54:59 +0000

I wrote an app tracking my location using the latest SwiftUI and SwiftData and the performance is so bad to the point it starts to stall the UI after just a few hundred data points. Apparently the magic of SwiftData + SwiftUI is only useful for making demos and anything beyond a few hundred data points wouldn't work out of the box. Everything is done on the main thread and offloading to non-main thread creates huge headaches and breaks the UI updates. It's almost as if the dev guys at Apple were just trying to hit their WWDC OKRs by releasing something so immature and useless for production. Even just reading/writing data to local, CoreData is two to three orders of magnitude faster than SwiftData in some cases. Their newly released core location APIs for getting location updates are also full of caveats and not useful for production at all. It seems that the teams are just focused on making good-looking Swift code using fancy new language syntax sugars.

New comment by elisbce in "US weighs Google break-up in landmark antitrust case"

elisbce — Wed, 09 Oct 2024 22:41:38 +0000

So they have no problems with Microsoft, Meta, Blackrock, Berkshire, Exxon/Chevron, but Google.

New comment by elisbce in "Proton announces release of a new VPN protocol, "Stealth""

elisbce — Thu, 08 Aug 2024 19:38:05 +0000

I had custom servers banned randomly in the ballpark of 100 GB / day, but your mileage may vary.

New comment by elisbce in "Proton announces release of a new VPN protocol, "Stealth""

elisbce — Thu, 08 Aug 2024 19:36:19 +0000

I'm sure they have monitoring services to detect banned IPs and rotate on new IPs. However, in my experience, the most popular VPN providers are actually not specialized in evading GFW despite what they claim. During sensitive periods of time, most of the them couldn't be connected reliably. Those providers specializing in providing GFW evasion are called 'airports' or 'ladders' in the Chinese community and they use custom non-VPN protocols and tools for their services.

New comment by elisbce in "Proton announces release of a new VPN protocol, "Stealth""

elisbce — Thu, 08 Aug 2024 19:18:40 +0000

Yes, depends on a lot of factors like provider (different telecoms have different network settings/policies), location (GFW is multi-tiered with at least provincial boundaries, certain cities/provinces might have tighter control/policies), time/date (e.g. sensitive periods), etc. But what I'm saying is that traffic analysis is really effective. A single IP with multiple GBs on a day is on the low end and thus probably fine. GFW target potential VPN-like services which have much higher aggregate traffic over a period of time. If you have higher traffic it could trigger IP bans regardless of your custom protocol. I had custom servers setup like yours before and they die mysteriously sometimes so I had to rotate once in a while on new IPs.

New comment by elisbce in "Proton announces release of a new VPN protocol, "Stealth""

elisbce — Tue, 06 Aug 2024 18:23:48 +0000

Unfortunately it's not gonna work. The GFW periodically disturbs/resets any persistent or large-enough traffic to IPs outside of China and bans them. That's why even if you have the best obfuscation protocol (like setting up your own server outside with truly indistinguishable traffic like a normal HTTPS), you still cannot have stable connections with large traffic. The current reliable ways of evading GFW are using IPs inside China via non-GFW controlled IEPL connections. These are loopholes deliberately left by GFW in order for certain legit use cases to bypass them (like research / big international corps etc.)

New comment by elisbce in "Sam and Greg's response to OpenAI Safety researcher claims"

elisbce — Sun, 19 May 2024 01:18:38 +0000

I don't understand why people are just mad about OpenAI for their pioneering work towards AGI as if they are the only one who has skin in this game. OpenAI, Google, NVidia, MS, Meta, almost all the AI researchers who publish meaningful work in top literatures, are pushing the boundaries today and has their fair share of responsibility. They are all in it for something, money, power, control, fame, curiosity, academic recognition, whatever the incentives are. At this rate, it's already a race to the bottom and I don't believe the first place AGI was born would be able to kill it off. AGI is like nukes, it's so powerful that nobody will take the risks seriously until they have it, and nobody is going to stop pursuing it because everyone else is chasing it. If OpenAI slows down, Google will take the lead. If the US slows down, China will take the lead. That's basically the doomed future we are facing in reality.

New comment by elisbce in "Visiting the annual Braun collectors fair"

elisbce — Mon, 06 May 2024 23:01:04 +0000

Braun is the only shaver brand that I can confidently get a smooth clean shave without getting rashes or pulled beard. Esp. their series 9 which cuts even curly beard perfectly. This says a lot about their engineering design superiority.

New comment by elisbce in "We reduced the cost of building Mastodon at Twitter-scale by 100x"

elisbce — Wed, 16 Aug 2023 01:11:57 +0000

The real reason why we can't easily replicate Twitter/Facebook/Google is because we don't have the distributed storage/caching/logging/data processing/serving/job scheduling/... infrastructures that they have built internally that are designed to provide some level of guaranteed SLAs for the desired scale, performance, reliability and flexibility, not because it is hard to replicate the application logic like posting to timelines. That's also why Threads were built by a small team rather quickly -- they already have the battle-tested infras that can scale.

Any attempt to build a simplified version of the ecosystem will face the same fundamental distributed system tradeoffs like consistency/reliability/flexibility/... For example, one of the simplifications may be mixing storage/serving/ETL workloads on the same node. And the consequence is that without certain level of performance isolation, it could impact the serving latency during expensive ETL workload.

For Rama to be adopted successfully, I think it is important to identify areas where it has the most strengths, and low LOCs might not be the only thing that matters. For example, demonstrating why it is much better/easier than setting up Kafka/Spark and a database and build a Twitter clone on top of that while providing similar/better performance/reliability/extensibility/maintainability/... is a much stronger argument.

New comment by elisbce in "Adtech is built on a privacy fault line"

elisbce — Wed, 02 Aug 2023 21:29:04 +0000

Ads suck. But you know what's worse than Ads? Selfish people. If Google, YouTube and everywhere else starts asking you to pay high subscription fees for using their services, are you willing/going to pay? You looked up information for work, for life, for leisure, you spend hours online each day, gorging information and content for free. You even learned valuable things and made money using their services and information. And yet all you have to say is don't bother me while I'm leeching off your free content.