Hacker News: exyi

New comment by exyi in "Reaffirming our commitment to child safety in the face of EuropeanUnion inaction"

exyi — Sun, 05 Apr 2026 18:16:16 +0000

Same tool is very handy if you hypothetically wanted to control spread of anything else, like anti ice apps for instance.

Also hash matching is so easily bypassed you can be sure they really want to add some "AI" detector as well

New comment by exyi in "Axios compromised on NPM – Malicious versions drop remote access trojan"

exyi — Tue, 31 Mar 2026 20:52:32 +0000

and cross-platform UI

New comment by exyi in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"

exyi — Wed, 25 Mar 2026 09:30:42 +0000

Do you know if there is override this specifically when I want to install a security patch? UV just claims that package doesn't exist if I ask for new version

New comment by exyi in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"

exyi — Tue, 24 Mar 2026 15:00:47 +0000

Except that LiteLLM probably got pwned because they used Trivy in CI. If Trivy ran in a proper sandbox, the compromised job could not publish a compromised package.

(Yes, they should better configure which CI job has which permissions, but this should be the default or it won't always happen)

New comment by exyi in "Python 3.15's JIT is now back on track"

exyi — Wed, 18 Mar 2026 12:37:22 +0000

If you change this you break a common optimization:

https://github.com/python/cpython/blob/3.14/Lib/json/encoder...

Default value is evaluated once, and accessing parameter is much cheaper than global

New comment by exyi in "How kernel anti-cheats work"

exyi — Sun, 15 Mar 2026 10:03:24 +0000

Every sane approach to security relies on checking you are doing permitted actions on the server, not locking down the client.

New comment by exyi in "Python Type Checker Comparison: Empty Container Inference"

exyi — Sun, 01 Mar 2026 22:22:03 +0000

Python does not need that, as it has built-in type annotation support. The annotation is any expression, so you can in theory express anything a custom type-only language would allow you (although you could make it less verbose and easier to read).

However, the it IMHO just works much worse than TS because: * many libraries still lack decent annotations * other libraries are impossible to type because of too much dynamic stuff * Python semantics are multiple orders of magnitude more complex than JavaScript. Even just the simplest question: Is `1` allowed in parameter typed `float`? What about numpy float64?

New comment by exyi in "Prism"

exyi — Tue, 27 Jan 2026 21:44:25 +0000

... or they teached GPT to use em-dashes, because of their love for em-dashes :)

New comment by exyi in "cURL removes bug bounties"

exyi — Wed, 21 Jan 2026 08:58:51 +0000

Ok, run the same prompt on a legitimate bug report. The LLM will pretty much always agree with you

New comment by exyi in "Date is out, Temporal is in"

exyi — Tue, 13 Jan 2026 09:32:51 +0000

Local would imply the date is in the current machine timezone, while PlainDateTime is zoneless. It may be in the server timezone, or anything else. The main difference is that it does not make sense to convert it to Instant or ZonedDateTime without specifying the timezone or offset

New comment by exyi in "JavaScript's For-Of Loops Are Fast"

exyi — Tue, 06 Jan 2026 12:04:45 +0000

Only until you work with a type array (Int32Array, Float64Array, etc), then it becomes 10x slower: https://jsperf.app/doyeka/11

New comment by exyi in "Super-Flat ASTs"

exyi — Wed, 10 Dec 2025 19:43:42 +0000

Usually yes, but it's still a neat trick to be aware of. For interpreted scripting languages, parsing can actually be a significant slowdown. Even more so when we start going into text-based network protocols, which also need a parser (is CSS a programming language or a network protocol? :) )

New comment by exyi in "Quest for Permissively Licensed PDF Library in C#"

exyi — Mon, 17 Nov 2025 16:07:15 +0000

The point is that a good library usually exists for some language, which is not necessarily the one you are currently using.

IMHO, we don't lack good libraries in XY, we are lacking good interop. Going through REST or stdio is quite painful just to render PDF (or export spreadsheet, ...)

New comment by exyi in "The state of SIMD in Rust in 2025"

exyi — Wed, 05 Nov 2025 20:31:25 +0000

C# portable SIMD is very nice indeed, but it's also not usable without unsafety. On the other hand, Rust compiler (LLVM) has a fairly competent autovectorizer, so you may be able to simply write loops the right way instead of the fancy API.

New comment by exyi in "Matrix v1.15"

exyi — Fri, 27 Jun 2025 06:30:43 +0000

The protocol must support it somehow already, as some bridges can send custom emojis from other platforms

New comment by exyi in "Magistral — the first reasoning model by Mistral AI"

exyi — Tue, 10 Jun 2025 16:33:23 +0000

Everyone I know of will try to click "reject all unnecessary cookies", and you don't need the dialog for the necessary ones. You can therefore simply remove the dialog and the tracking, simplifying your code and improving your users' experience. Can tracking the fraction which misclicks even give some useful data?

New comment by exyi in "Kotlin-Lsp: Kotlin Language Server and Plugin for Visual Studio Code"

exyi — Fri, 23 May 2025 08:36:43 +0000

I know about netcoredbg, but I did not have much success using it. If we count this as the C# debugger, then the tooling quality is not comparable to other mainstream languages like Scala, D or Julia.

JetBrains have their own closed debugger, which doesn't really help.

Since Rust is native code, you can use pretty much any debugger for it, there is definitely not a single implementation. Yes, Rust has a single compiler, but does C# have any other compiler than Microsoft's Roslyn? (I don't think this is a problem, though)

New comment by exyi in "Kotlin-Lsp: Kotlin Language Server and Plugin for Visual Studio Code"

exyi — Thu, 22 May 2025 08:16:45 +0000

Kotlin did not have open LSP, C# still does not have an open debugger.

The C# VSCode extension works in Microsoft's build of VSCode, not when someone else forks it and builds it themselves.

New comment by exyi in "Is Python Code Sensitive to CPU Caching? (2024)"

exyi — Sat, 05 Apr 2025 18:24:23 +0000

Then you are back to what the article discusses. Each integer is in a separate box, those boxes are allocated in one order, sorting the array by value will shuffle it by address and it will be much slower. I tested this as well, see the other comment.

New comment by exyi in "Is Python Code Sensitive to CPU Caching? (2024)"

exyi — Sat, 05 Apr 2025 18:20:46 +0000

I guess it depends on how deep you want to go, I think the real predictors are based on publicly known algorithms such as TAGE. This seems to be nice overview: https://comparch.net/2013/06/30/why-tage-is-the-best/ (it's 2013, so definitely not SOTA, but advanced enough for my taste :) )