Hacker News: erikerikson

New comment by erikerikson in "AI Will Be Met with Violence, and Nothing Good Will Come of It"

erikerikson — Sun, 12 Apr 2026 15:45:35 +0000

There is?

https://www.pewresearch.org/politics/2026/03/25/americans-br...

New comment by erikerikson in "France's government is ditching Windows for Linux, says US tech a strategic risk"

erikerikson — Sat, 11 Apr 2026 17:46:20 +0000

I didn't make the claim that Europe is specifically problematic. I was noting that between extremes the GP was talking about

> Europe's treatment of perceived outsiders

Who'd've thunk it, people be tribal?

New comment by erikerikson in "France's government is ditching Windows for Linux, says US tech a strategic risk"

erikerikson — Sat, 11 Apr 2026 15:43:19 +0000

That's fair. To continue being fair, there's a lot of rough behavior happening throughout the world these days. We've forgotten how bad we can make things.

I'd suggest that in Europe also there's more than just bad thoughts for outsiders but bad words, bad treatment, and exclusion from thriving. Extreme cases include bodily harm and I'm fairly certain death but these extreme occur at a lower scale.

New comment by erikerikson in "France's government is ditching Windows for Linux, says US tech a strategic risk"

erikerikson — Sat, 11 Apr 2026 14:11:46 +0000

I agree things have improved but the GP to my first post set context to:

> Europe's treatment of perceived outsiders

You seemed to be picking a rather narrow slice of the scope.

New comment by erikerikson in "France's government is ditching Windows for Linux, says US tech a strategic risk"

erikerikson — Sat, 11 Apr 2026 13:55:45 +0000

In the UK two decades ago (admittedly not the shortest time) I heard plenty of terrible words and treatment of Pakistanis (which seemed to be used as a good enough bucket for all brown skinned people) and people with red hair. A general disdain for Continentals was a little more subdued. When I was younger France was famous for it's poor treatment of foreigners and non-francophiles. Consider all the politics and anger towards those that continue to try to cross the Mediterranean on makeshift boats or the constant complaints about "benefit thieves" who emigrate from the Eastern bloc. There are many examples and some of them are not without basis but while things have gotten less stabby-stabby there's some fairly brutal attitudes and behaviors.

New comment by erikerikson in "France pulls last gold held in US"

erikerikson — Mon, 06 Apr 2026 15:46:30 +0000

No but I read the article and that was the way it described the gain.

New comment by erikerikson in "France pulls last gold held in US for $15B gain"

erikerikson — Mon, 06 Apr 2026 13:55:49 +0000

Imagine they bought the gold in the US for 1b and sold for 16b. Yes they turned around and purchased 16b of order gold immediately but there's was still a transaction where they sold an asset for more than they bought it.

New comment by erikerikson in "How to make a sliding, self-locking, and predator-proof chicken coop door (2020)"

erikerikson — Sat, 04 Apr 2026 18:08:49 +0000

Thanks so much, good to know. We want chickens in a place with eagle problems.

New comment by erikerikson in "How to make a sliding, self-locking, and predator-proof chicken coop door (2020)"

erikerikson — Sat, 04 Apr 2026 15:18:52 +0000

The price is ridiculous but I've been happy with the design of https://www.ladiesfirstchickendoor.com/products/

In the city the door doesn't always shut but I think I could adjust that, I just haven't needed to.

New comment by erikerikson in "How to make a sliding, self-locking, and predator-proof chicken coop door (2020)"

erikerikson — Sat, 04 Apr 2026 15:13:11 +0000

How is a bantam helpful with eagles?

New comment by erikerikson in "Marc Andreessen is wrong about introspection"

erikerikson — Fri, 03 Apr 2026 17:13:52 +0000

Non-introspection is a fantastic source of strategic vulnerability. It can facilitate a bias to action which has it's clear value. However, if you are creating a highly valuable asset then it puts you in a position where you are extremely easy to manipulate and harvest. Perhaps this serves VCs quite well.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Thu, 02 Apr 2026 01:10:17 +0000

I've believe I've already written that but it is that my password manager gets compromised. It is not perfectly secure and has failure points. Given that it is separate from the second factor a successful attack against the password manager still leaves an attacker unable to login without a separate compromise of my TOTP code. Of course that can also be compromised but two compromises is strictly more difficult than one.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Wed, 01 Apr 2026 16:11:01 +0000

My password manager, as is standard for most of them, will not fill or show a password if the URL bring visited doesn't match the credential. Thus, a credential not showing is a huge red flag. The workflow is pretty standardized so any deviation is a big red flag.

Maybe you can be more specific about the attack flow you are imagining and how it will work technically to bypass my controls.

To answer your question, no and I provided details. It literally provides a second, non portable factor with a different vulnerability surface.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Wed, 01 Apr 2026 13:40:31 +0000

I disagree.

I use a password manager and systemically use long random passwords. An attacker would need to compromise my password manager, phish me, wrench me, or compromise the site the credential is associated with to get that.

Using local only TOTP (no cloud storage or portability for me, by choice) they would have to additionally phish me, wrench me, compromise my phone, or compromise my physical security to get the code.

None of these are easy except the wrench which is high risk. My password manager had standard features which make me more phishing resistant, and together they are more challenging than either apart. For example the fact that my password manager will not fill in the password on a non associated site means I am much less likely to fill in a TOTP code on an inappropriate site. Though there are vulnerable scenarios they aren't statistically relevant in the wild and the bar is higher regardless.

Now I happen to have a FIDO key which I use for my higher security contexts but I'm a fairly low value target and npm isn't one of my high security contexts. TOTP improves my security stance generally and removing it from npmjs.org weakened my security stance there.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Tue, 31 Mar 2026 17:11:06 +0000

TOTP although venerable was better than no second factor at all.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Tue, 31 Mar 2026 17:09:20 +0000

No it's not but it's better than nothing. Don't let the perfect be the enemy of the good.

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Tue, 31 Mar 2026 14:25:58 +0000

How does this stance work with your CICD?

New comment by erikerikson in "Axios compromised on NPM – Malicious versions drop remote access trojan"

erikerikson — Tue, 31 Mar 2026 14:12:21 +0000

Instead they took away TOTP as a factor.

Scaling security with the popularity of a repo does seem like a good idea.

New comment by erikerikson in "Police used AI facial recognition to wrongly arrest TN woman for crimes in ND"

erikerikson — Sun, 29 Mar 2026 18:03:30 +0000

Yes, finding out how badly wrong you were is never fun. Of course the lack of ubiquitous Oxford comma use is itself and separately displeasing.

New comment by erikerikson in "AI overly affirms users asking for personal advice"

erikerikson — Sat, 28 Mar 2026 23:00:58 +0000

Doesn't sound like a close friend to me. If I tell them what I really think they may not be a friend? Close may not mean what you think it means.

The challenge is that these social choices have a strong stratification effect and those of us who can transit the cultures are statistically rare.