Hacker News: homebrewer

New comment by homebrewer in "Tailwind and slop apps"

homebrewer — Fri, 12 Jun 2026 09:26:55 +0000

And for some reason you're describing it as it's a bad thing. I don't care much for tailwind, but bootstrap is still used for intranet applications, and is an excellent pick in that category. Why waste time writing CSS, reimplementing what has been done millions of times before you, when working on an application where function has strict precedence over form? I'd rather listen to users who fill hundreds of forms daily, understand where they struggle, and spend effort on optimizing their workflow than on pointless eye candy.

(In my experience, it's never been "this doesn't look as good as the latest version of Discord", or whatever.)

New comment by homebrewer in "Upcoming breaking changes for npm v12"

homebrewer — Wed, 10 Jun 2026 09:02:09 +0000

Your own link says that a proper package manager (e.g. pnpm) supports this out of the box.

If there are other use cases that really need post-install scripts, you can whitelist just those in pnpm. In projects I'm working with, there are often zero post-install scripts that must be enabled for everything to work properly, and it's usually from poorly cobbled packages that use them to download prebuilt binaries (well written packages, like biome or tsgo, use per-architecture subpackages).

You enable just one or two of those, and block everything else.

New comment by homebrewer in "Upcoming breaking changes for npm v12"

homebrewer — Wed, 10 Jun 2026 08:56:36 +0000

One distinguishing feature is their optional install strategy: running packages directly from compressed archives instead of unpacking them into node_modules.

https://yarnpkg.com/features/pnp

Very similar to using .jar's in Java instead of directory trees of .class files.

It's somewhat hacky though, and editor/tool support varies.

- since there are far fewer small files, it can be faster especially on Windows if you're forced to work on it for some reason

- the archives can be stored into the git repository (through git-lfs or friends), removing dependency on the internet and the package registry

New comment by homebrewer in "Malicious npm packages detected across Red Hat Cloud Services"

homebrewer — Mon, 01 Jun 2026 14:51:13 +0000

This has been improving recently; one large project built on several heavy libraries that I've been supporting since 2018 currently installs ~180 dependencies without loss of functionality compared to how it worked, and what it depended on, back in 2018.

IIRC 6 years ago the full dependency tree congealed into more than 2000 packages. One small example is React itself:

- 5 deps: https://www.npmjs.com/package/react/v/15.6.2

- 0 deps: https://www.npmjs.com/package/react/v/19.2.6

Another is switching from create-react-app with its hundreds of transitive dependencies to vite, which, according to the test I've ran just now, currently has 15. Etc.

New comment by homebrewer in "Malicious npm packages detected across Red Hat Cloud Services"

homebrewer — Mon, 01 Jun 2026 14:38:18 +0000

How large a project do you typically use dotnet for?

IME dotnet dependency situation is a tire fire, not a month goes by without another dependency biting the dust or going fully commercial with no notice. Which is fair, I suppose, but Go and Java ecosystems don't have it nearly as bad.

New comment by homebrewer in "NPM packages from Red Hat have been compromised"

homebrewer — Mon, 01 Jun 2026 14:35:21 +0000

You can isolate it through bubblewrap; I moaned about it here and there's no point in repeating it:

https://news.ycombinator.com/item?id=45041798

If you only ever use js/ts for frontend projects (like we do), it closes one major hole that I'm aware of, which still leaves at least two:

- the editor possibly starting random binaries from inside the mode_modules (such as biome, vitest, tsgo)

- escape from sandbox by using some kernel vulnerability, of which there have been many recently

New comment by homebrewer in "Openrsync: An implementation of rsync, by the OpenBSD team"

homebrewer — Sat, 30 May 2026 16:17:18 +0000

It seems to be a widely repeated "fact" which can't be traced to anything particularly authoritative:

https://archive.is/pt5fQ

https://britannica.com/topic/Claude-AI

Looks like the 2023 NYT article started it, and it uses this as reference:

> depending on which employee you ask, was either a nerdy tribute to the 20th-century mathematician Claude Shannon

Personally I always associated it with the silent protagonist from GTA3.

https://gta.fandom.com/wiki/Claude

New comment by homebrewer in "Mercurial, 20 years and counting: how are we still alive and kicking? [video]"

homebrewer — Mon, 18 May 2026 12:35:56 +0000

I've never rm-rf'ed a git repo (why would you voluntarily remove the reflog?) while also being a very mid-tier developer. The types that do also tend to reboot machines every time something goes wrong instead of looking for the exact cause of the problem and fixing it once and for all; to screw around with SQL (move subqueries here or there, add and remove indexes at random) until it runs acceptably instead of building proper understanding of how their database works, and so on. At least judging by what I've seen. Not really something to be proud of.

New comment by homebrewer in "Mercurial, 20 years and counting: how are we still alive and kicking? [video]"

homebrewer — Mon, 18 May 2026 12:21:38 +0000

You can ignore them once and then edit to your liking, git will not notice any changes to them and will assume them to be untouched.

https://git-scm.com/docs/git-update-index#Documentation/git-...

New comment by homebrewer in "Leaving the Physical World"

homebrewer — Thu, 14 May 2026 15:05:05 +0000

In poor countries like mine (and looks like GP's too), IT positions are very limited indeed. Nevertheless, it has been one of the very few sectors open to nobodies, helping us to pull ourselves out of poverty, open to those who weren't born to the right family with the right connections, or to a sugar daddy who can cover the first 25 years of our lives to go get a good education in Europe or the US.

Looks like it's being slowly taken away from us to make a few billionaires into proper trillionaires. Can't see this ending well for humanity.

And the common advice you hear on this site ("just migrate to country X") doesn't really apply to most of us. Even if you can name many examples of people doing just that, you're seeing a very narrow slice of the population; I can find many more counterexamples for each one of them.

Your weak passport won't impress anybody, almost all of the world is closed to you, you can't travel anywhere (forget migrate) without going through a lengthy and expensive process where you're treated with suspicion, and can be denied with no compensation, on every step of the way. I'm still talking about traveling here; finding work is much more difficult.

So it's really hard to move anywhere decent if you're not at the top of your profession, which in large part depends on your innate abilities, not just how many hours you put in.

I've become jaded and extremely cynical; if worst comes to worst, there's always one universal way out, which is what keeps me going for now.

New comment by homebrewer in "Google Cloud Fraud Defence is just WEI repackaged"

homebrewer — Fri, 08 May 2026 17:21:39 +0000

Lots of supposedly technically advanced users switched to Chrome en masse and promoted it on every occasion they could, because it was so much faster, simpler, safer, etc etc. Don't excuse useful idiots from their share of the blame. People warned about dangers of Chrome's growing domination for about as long as I can remember, back to at least 2012, only to be dismissed as paranoid.

New comment by homebrewer in "Maybe you shouldn't install new software for a bit"

homebrewer — Fri, 08 May 2026 07:16:36 +0000

IT is (was?) one of the very few ways for us in third-world countries to pull ourselves out of poverty by our own bootstraps, since social mobility is quite limited if you lack the right connections. I'm pleased with you being so happy about it being taken away to make more money for billionaires.

New comment by homebrewer in "Maybe you shouldn't install new software for a bit"

homebrewer — Fri, 08 May 2026 07:06:34 +0000

Has everyone here already forgotten about the WireGuard tire fire?

https://lwn.net/Articles/850098

https://news.ycombinator.com/item?id=26507507

tl;dr: deeply insecure WireGuard implementation committed directly into the FreeBSD kernel with zero review.

Was this process problem fixed?

Wi is Fi: Understanding Wi-Fi 4/5/6/6E/7/8 (802.11 n/AC/ax/be/bn)

homebrewer — Wed, 06 May 2026 16:01:50 +0000

Article URL: https://www.wiisfi.com/

Comments URL: https://news.ycombinator.com/item?id=48037760

Points: 414

# Comments: 103

New comment by homebrewer in "Follow-up to Carrot disclosure: Forgejo"

homebrewer — Thu, 30 Apr 2026 19:22:55 +0000

Previously:

https://news.ycombinator.com/item?id=47941590

Follow-up to Carrot disclosure: Forgejo

homebrewer — Thu, 30 Apr 2026 19:22:55 +0000

Article URL: https://dustri.org/b/follow-up-to-carrot-disclosure-forgejo.html

Comments URL: https://news.ycombinator.com/item?id=47967069

Points: 76

# Comments: 14

HERMES.md in commit messages causes requests to route to extra usage billing

homebrewer — Wed, 29 Apr 2026 18:54:31 +0000

Article URL: https://github.com/anthropics/claude-code/issues/53262

Comments URL: https://news.ycombinator.com/item?id=47952722

Points: 1251

# Comments: 531

New comment by homebrewer in "GitHub is having issues now"

homebrewer — Mon, 27 Apr 2026 18:30:57 +0000

Go ahead. We've been self-hosting Gitea with Drone/Woodpecker for years; either it or Forgejo will do fine if you're okay with their feature set. I sometimes wander into these GitHub threads to have a laugh; our Gitea instance has had several minutes of downtime combined over the last few years, all of them planned (to upgrade Gitea) and in the middle of the night.

New comment by homebrewer in "Firefox Has Integrated Brave's Adblock Engine"

homebrewer — Sat, 25 Apr 2026 10:36:12 +0000

It is opt-in. The amount of FUD in these threads is unbelievable, both against Mozilla, Brave, or anything else really.

New comment by homebrewer in "Qwen3.6-35B-A3B: Agentic coding power, now open to all"

homebrewer — Thu, 16 Apr 2026 19:31:05 +0000

I've been using gemma4 for translating Mongolian to English. It runs circles around Google Translate for that language pair, it's not even close.