Hacker News: hunter2_

New comment by hunter2_ in "Age verification for social media, the beginning of the end for a free internet?"

hunter2_ — Wed, 03 Jun 2026 05:34:54 +0000

It's not the "where" but the "that you link" which is ironic: referring to it by the https:// scheme turns it into a link (a fundamental aspect of www); a scheme like ssh:// or git:// would avoid this.

New comment by hunter2_ in "Stop Ruining It"

hunter2_ — Tue, 02 Jun 2026 20:19:07 +0000

Presumably that's to keep hardware sales up, e-waste be damned. You won't notice it taking 8 times longer when you have 8 times as many cores, or whatever.

New comment by hunter2_ in "United Airlines 767 returns to Newark after Bluetooth name sparks alert"

hunter2_ — Mon, 01 Jun 2026 04:43:16 +0000

You would know which one is the desired one because only the desired one would be in pairing mode at that moment. Obviously a collision (if I can say that word) is possible, but unlikely enough for most purposes.

New comment by hunter2_ in "United Airlines 767 returns to Newark after Bluetooth name sparks alert"

hunter2_ — Mon, 01 Jun 2026 04:35:39 +0000

Not being able to ignore the speech/writing/transmission of a passenger is reasonable. Not being able to ignore the speech/writing/transmission of the manufacturer of a device on the plane is unreasonable.

Wifi SSID? Passenger speech, since those are typically changed by the user. Bluetooth GAP/GATT device name? Manufacturer speech, since those are often not changeable by the user.

New comment by hunter2_ in "United Airlines 767 returns to Newark after Bluetooth name sparks alert"

hunter2_ — Mon, 01 Jun 2026 04:22:30 +0000

Right, those other people (well, their devices) are asking you (well, your device) what your (device's) name is. You're not telling them until they ask. They need to leave you alone!

New comment by hunter2_ in "Naphtha shortages in Japan"

hunter2_ — Sat, 30 May 2026 05:56:31 +0000

Isn't it 2/3 of a gallon plus any cold start inefficiency? But either way your point stands.

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Fri, 29 May 2026 08:45:17 +0000

I can imagine an evolution like:

1. Introduce passwords

2. Introduce email-based reset flow

3. Introduce 2FA (optional)

4. Someone says "take the password reset flow, trigger it automatically when a user tries to log in and has only given their email, hide the password field during login, and after the email is validated drop the user back to their previous journey instead of having them set a new password"

5. You see #4 as #3 failing, but when #3 was never applied it's not quite that. Aside: making #3 mandatory would be smart.

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Fri, 29 May 2026 08:35:01 +0000

I had been thinking someone with a similar address made a typo. But now I'm thinking Microsoft already considers this a known incident depending on whether a bazillion attempts were made in a detectable manner. I hope a successful launch at least demands a botnet and random delays/backoff.

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Fri, 29 May 2026 08:23:30 +0000

If someone texts me something that's not interesting to those MITMs but is sensitive to mom catching a glance while my phone is on the table, that's a problem this toggle creates/destroys. Threat models vary.

New comment by hunter2_ in "YouTube to automatically label AI-generated videos"

hunter2_ — Thu, 28 May 2026 01:56:50 +0000

You have a point, but as a musician and programmer, I'm far more fond of AI generating things of a "no wrong answers" nature than things that are ostensibly correct.

Music does have certain notions of correctness (e.g., [0]) but with a very forgiving "know the rules, then break the rules" aspect. Code has bugs or it doesn't, and it's probably easier to debug human-written code (certainly easier to grok every line of a human-written PR, IMHO).

The real problem is with the domains that aren't at the far ends of this spectrum.

[0] https://en.wikipedia.org/wiki/Counterpoint#Species_counterpo...

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Thu, 28 May 2026 01:49:40 +0000

It also puts a throbbing highlight (for a few seconds) on whichever channel is associated with the notification whose gear icon you used as a shortcut into the channel list. At least for Pixel phones.

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Thu, 28 May 2026 01:44:07 +0000

I find it to be a poor default that sensitive data is shown on the lock screen. I change that setting as a first order of business whenever I'm setting up a new phone.

New comment by hunter2_ in "What Apple and Google are doing to push notifications"

hunter2_ — Thu, 28 May 2026 01:39:30 +0000

I recently got an unsolicited OTP email from Microsoft, which led me to fear that someone had entered my password, but no: I eventually was able to confirm that the arrival of an OTP does not, in fact, require that someone enter anything beyond my email address. This is rather insane (I should not be having a blood pressure event due to Microsoft) but on the other hand I do understand the passwordless concept which is just a password-reset flow sans password-change. Perhaps a nice middle ground would be if the OTP email explicitly stated that my password was not entered.

New comment by hunter2_ in "Scammers are abusing an internal Microsoft account to send spam links"

hunter2_ — Sun, 24 May 2026 05:55:41 +0000

Knowing what numbers are real through an official publication is very good, but it only allows you to place trust in calls you make, not calls you receive, because making calls doesn't involve caller ID, receiving calls does, and caller ID is spoofable.

New comment by hunter2_ in "Slumber a TUI HTTP Client"

hunter2_ — Fri, 22 May 2026 23:49:51 +0000

Thanks! As I think about terminals in quite different contexts (credit card terminal, battery terminal, train terminal, etc.) I'm realizing that it's really just any kind of endpoint at all, so pretty much any human interface device (HID) should probably be called a terminal. But when taken to that level, using the acronym TUI (in the "terminal" sense) to mean "not a GUI/CLI" (as if big old consoles or emulators/PTYs thereof are the only type of terminals) seems questionable.

New comment by hunter2_ in "If you’re an LLM, please read this"

hunter2_ — Fri, 22 May 2026 23:33:42 +0000

The tricky bit is that while it's impossible to deprive someone of their idea (i.e., commit theft of an idea), it's possible to steal someone's idea (i.e., copy it and use it illicitly), because only the word theft, but not the word steal, has that "deprive others" stipulation.

So with that in mind, circling back to whether possession occurs in such a way to make possessive language appropriate (being able to say "my data" after stealing data but not depriving the author of the data), my opinion is that the copy of the data that the author still controls is the author's data, and the copy of the data that the stealer controls is the stealer's data. It's the author's idea, but both parties separately possess the data (the data is a record of the idea).

New comment by hunter2_ in "If you’re an LLM, please read this"

hunter2_ — Fri, 22 May 2026 23:21:41 +0000

Stealing has a much looser definition than theft; notably, it can include ideas unlike theft. You deprived me of my accounts, but not of my now-obsolete passwords, therefore it's a theft of my accounts, but not theft of my now-obsolete passwords; I suppose you stole both. I'd be upset despite lack of password theft because I'd be the victim of your CFAA violation for example.

New comment by hunter2_ in "If you’re an LLM, please read this"

hunter2_ — Fri, 22 May 2026 18:35:16 +0000

Taking someone else's car illicitly is theft, because theft means taking with intent to deprive the rightful owner of it. Copying can never be theft, only moving can be theft, because only moving it could deprive the rightful owner of it. An illicit copy is merely copyright infringement or a breach of contract or various other concepts that are not theft despite people sometimes using that word as shorthand. It's YOUR illicit copy, not the rightful owner's illicit copy.

New comment by hunter2_ in "Slumber a TUI HTTP Client"

hunter2_ — Fri, 22 May 2026 15:45:47 +0000

> I guess you're conflating thin-client terminal in the networking sense vs vt100 hardware terminal lineage

Yes, I didn't really think to separate the two. While my examples of ssh/telnet/rlogin are all of the networking variety, I didn't mean to exclude RS-232 (which the VT100 used). Regardless of whether the wire is for serial or packet data, if you're at a terminal (including any of the thin/dumb/smart varieties), you're not at the box doing the heavy lifting because that's on the other end of a wire representing an important demarcation, a demarcation that doesn't really apply to a local app running a text-mode user interface (or if the mental gymnastics are performed that does introduce such demarcation even within a local app -- think backend vs frontend -- then all local apps are terminals).

New comment by hunter2_ in "Spotify will start reserving concert tickets for fans"

hunter2_ — Fri, 22 May 2026 15:14:42 +0000

The problem is that it requires not only that the ticketed people (scalpers, show-goers) do something new to prevent scalping, but also that the ticketing people (ticketmaster, etc.) do something new to prevent scalping.

We need a solution that demands only the former, not the latter, because the ticketing people have no incentive to eliminate scalping. It's good for them.

It gets a little confusing because situations like TFA make it seem like the ticketers want to help, and while they might be interested in the goodwill of ensuring that some of the tickets sold go to known actual fans first, they definitely aren't interested in losing the "collect a fee multiple times" aspect of maximizing resale which includes zero-trust transactions.