Hacker News: fpoling

New comment by fpoling in "Twenty One Zero-Days in FFmpeg"

fpoling — Sat, 13 Jun 2026 07:40:23 +0000

For executables on Linux there are things like bubblewrap or firejail. One can also use a restrictive container. But those are strictly weaker than browser sandboxes.

The most secure way presently is to use qubes-os that allows to use a very hardened VM to run individual applications.

New comment by fpoling in "Twenty One Zero-Days in FFmpeg"

fpoling — Fri, 12 Jun 2026 22:58:22 +0000

Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox

Another option is WASM or WASM-style sandboxes if using another process is undesirable.

New comment by fpoling in "Iran Shock Jolts Asia and Europe to Speed Up Energy Transition"

fpoling — Fri, 05 Jun 2026 04:17:03 +0000

Modern solar work nicely in UK in May-August when wind is weakest due to long hours and cooler weather. However one needs more expensive panels that also work on a cloudy days.

Then in UK somebody calculated that a house needs 1MWh battery to last over winter using only solar panels that a typical suburb house can install. In 5-10 years that would cost 40K USD making it rather realistic to have. This ignore availability of industrial-scale wind which is the strongest in winter.

New comment by fpoling in "Codex just found a "workaround" of not having sudo on my PC"

fpoling — Mon, 01 Jun 2026 06:08:04 +0000

The full access to the docker socket from a user account is typically used on a development machine where malware has many other opportunities to become a root.

New comment by fpoling in "Codex just found a "workaround" of not having sudo on my PC"

fpoling — Sun, 31 May 2026 19:55:06 +0000

User namespaces significantly rise the risk of exploits and many setups disable them. One may argue that Docker should have used them when they were available, but that would break too many useful setups involving privileged containers.

New comment by fpoling in "Danish Pension Blacklists SpaceX over 'Catastrophic Governance'"

fpoling — Sat, 30 May 2026 16:13:23 +0000

In 1920 in Berlin there were more electrical taxes than gasoline one. But cheap gasoline killed electrical car industry.

Without that electrical cars would proceed to develop and batteries with high capacity would happen much sooner.

As for pollution it would not be that bad. Fuel would be expensive and cars with combustion engines would not happen on massive scale. There would be much more freight by trains and nuclear energy would be developed on much bigger scale.

New comment by fpoling in "Danish pension fund excludes SpaceX citing governance and valuation"

fpoling — Sat, 30 May 2026 13:55:26 +0000

If oil and gas would not exist, then liquid fuel would be produced from coal. With the latest processes the cost of production is like 80 dollars per barrel, but with processes that Germans developed during WWII it was probably like twice of that in modern money.

In alternative universe that would be cheaper due to massive scale, but the era of very cheap liquid fuel would never happen. So electrical cars on big scale will happen much earlier. And given that coal is much more evenly distributed on Earth, one can speculate that there would be much less reasons for conflicts.

New comment by fpoling in "It's hard to justify buying a Framework 12"

fpoling — Fri, 29 May 2026 23:41:14 +0000

ThinkPad X1 from 2 years ago was very solid and under Fedora everything but camera worked out of the box. And for camera issue I had to blame myself for not checking details of a specific model as Lenovo was offering at that time fully-Linux compatible model. It took about one and halve year before Linux fully supported it. And I already upgraded SSD on it which took less than 10 minutes.

The only complain is bad battery life. With several VMs running mostly idle it doesn’t lasts even two hours. But then I used beefy MacBook M2 at my previous work and with VMs it lasted only 4 hours.

New comment by fpoling in "Migrating from Go to Rust"

fpoling — Mon, 25 May 2026 09:03:35 +0000

With Go basic stuff like url parsing or HTTPS support is written in Go and comes with the standard library. With Rust too many necessary things are just wrappers around C and C++ making cross-compilation and reproducible builds much harder to archive.

As for availability if CGO is ok, then calling C or C++ code from Go is not that hard. Also, there is always an option to just start C++ process if extra data copies are OK.

New comment by fpoling in "Migrating from Go to Rust"

fpoling — Sun, 24 May 2026 23:31:53 +0000

With backend serving many clients with widely varying performance profile of individual requests when latency spikes happen there is no particular hot loop. Just many go routines each doing reasonable thing but with a particular request pattern hitting pathological case of GC.

New comment by fpoling in "Migrating from Go to Rust"

fpoling — Sun, 24 May 2026 23:18:37 +0000

Java with its copying GC deals fine with fragmentation albeit at the cost of more upfront memory. And even in Rust one can change the allocator to try to deal with fragmentation. But with Go there is simply no good options besides the rewrite.

New comment by fpoling in "Green card seekers must leave U.S. to apply, Trump administration says"

fpoling — Sun, 24 May 2026 22:19:51 +0000

In his last book “The Dawn of Everything” David Graeber very convincingly argued that the idea of modern democracy came from Indian tribes in Northern America.

And it is also interesting how easily European countries went back to authoritarian or even totalitarian states given the opportunity. Yet US is more resilient and one explanation is subtle influence of Indian culture that still affects US.

As for technological advantage of Europe then 3000 years ago Ancient Egypt was way more advanced than Europe. 1000 years ago Arabic countries were more advance and 500 years ago China was more advanced. And Europe was lucky that China was focused on internal problems and not territorial expansion.

New comment by fpoling in "Migrating from Go to Rust"

fpoling — Sun, 24 May 2026 21:43:48 +0000

For me the main advantage of Go over Rust is compilation speed. Then compared with Go Rust still rely on many C and C++ libraries making it problematic to cross-compile or generate reproducible builds or static binaries.

The minus side of Go is too simplistic GC. When latency spikes hit, there are little options to address them besides painful rewrite.

New comment by fpoling in "Green card seekers must leave U.S. to apply, Trump administration says"

fpoling — Sun, 24 May 2026 07:30:33 +0000

The only real advantage of European settlers was smallpox immunity. If not for that the history could move in a very different direction.

New comment by fpoling in "I’ve banned query strings"

fpoling — Sun, 10 May 2026 05:50:14 +0000

Wikipedia web server treats anything after /wiki/ literally as the name of the article.

So en.wikipedia.org/wiki/// is the article about C++ style comments

New comment by fpoling in "AI slop is killing online communities"

fpoling — Thu, 07 May 2026 22:44:39 +0000

There was a post today that Google introduced unbreakable capture that required unrooted phone to pass its QR code.

We may end up with things like that…

New comment by fpoling in "Docker 29 has changed its default image store for new installs"

fpoling — Tue, 05 May 2026 14:53:33 +0000

On my 2 years old ThinkPad laptop SSD is faster than lz4. On a fat EC2 server lz4 is faster. So one really has to test a particular config.

New comment by fpoling in "F-35 is built for the wrong war"

fpoling — Mon, 20 Apr 2026 22:09:08 +0000

If Ukraine had access to Tomahawks, Russian oil industry would not exist at this point. With drones after two and halve years of attacks with multiple hits at the same refineries Ukraine reduced Russian fuel production at best by 20%.

Flamingo is still mostly vaporware. For precise strikes against Russian factories Ukraine uses either Storm Shadow or domestic Neptun.

But that just shows again that drones are not particularly effective against most industrial targets and even against oil installations the damage is not lasting.

Or consider how US was able to destroy the bridge in Iran yet Crimea bridge and bridges in Rostov that are absolutely vital to Russian war logistics still stands.

New comment by fpoling in "F-35 is built for the wrong war"

fpoling — Mon, 20 Apr 2026 20:54:20 +0000

Yep, apparently Ukraine still cannot affect fuel production in Russia to any significant point. Drones with less than 100 kg of explosives do not do particularly significant damage. One really need to deliver like a ton or more of explosives and for that one needs bombers that can penetrate air defenses or very expensive stealth cruise missiles or big ballistic missiles.

New comment by fpoling in "Europe has "maybe 6 weeks of jet fuel left""

fpoling — Thu, 16 Apr 2026 19:36:33 +0000

Ukraine was not able to interrupt production of gasoline and diesel in Russia in a significant way after two years of targeting oil refineries. Then attacks on pipelines and their pumping stations were not effective either as Russia was able to repair damage within days and weeks. And then all Russian oil terminals on Baltic and Black seas are operational again albeit in reduced capacity after big Ukrainian attacks few weeks ago. Apparently 50-100 kg warheads that Ukrainian drones deliver is not that effective at damaging oil infrastructure.

This may change if Ukraine can sustain what they were doing last couple of months, but so far Russia benefits extremely well from US war against Iran.