Hacker News: jijji

New comment by jijji in "New Nginx Exploit"

jijji — Thu, 14 May 2026 23:20:11 +0000

yeah when I read these RCE reports about public-facing software that I know about I usually upgrade them within minutes of reading the report that's why I read these reports and you really have to take them seriously because otherwise your machine gets compromised, sooner rather than later... it seems like lately there's been no advance notice on a lot of these RCE exploits that are publicly released, I mean come on guys at least give us a few minutes to upgrade our software before releasing the exploit, it feels like the late 1980s early 1990s when there was no guardrails on disclosure, i.e. all the remotely exploitable sendmail bugs. people who fail to read these reports or read them too late wind up having millions of machines being compromised because of it. currently nginx has about a 39% - 43% share of the public facing web server market today, so its pretty serious.

New comment by jijji in "I let AI build a tool to help me figure out what was waking me up at night"

jijji — Mon, 11 May 2026 21:54:56 +0000

it could also be common sense.. you live in a noisy city and you are wondering what the noise is.... maybe it could be the city itself? how about sleep in a different smaller town and then ask yourself the same question, you'll probably get a different answer.

New comment by jijji in "Meta's embrace of AI is making its employees miserable"

jijji — Sun, 10 May 2026 01:47:07 +0000

Facebook the web site reminds me of a really bad implementation of MySpace. MySpace was better, even in 2003. There are hundreds of usability bugs that exist on various parts of the platform that for over a decade remain unfixed. For a company that has 78,000 employees, you would think one of them might want to dig in and fix the web interface bugs. What's weird is in the age of Claude Code, it would probably take one software engineer a week to fix all of them, so its really pure incompetence. I think they spend more time on automation around restricting the usage of the platform that they forgot about the user interface bugs that plague it.

Also, avoid using Meta Pay aka Facebook Payments, where a user can send a payment to another user via the Messenger app. Someone sent me money a few weeks ago, and a two weeks alter they still have the payment marked as "Completed" on the sending side, and "Cancelled" on the receiving side. I told the sender to just do a chargeback with their bank because Facebook basically stole the money. Don't use Meta Pay for sending payments to anyone. Then when you try to open a "case" about it, you call a call center in Indonesia and the people have no access to see anything about the transaction, they just send it up the chain, only to have an automated response telling you to do something that the web site doesn't even offer as an option. I don't think there is any humans in the loop, besides the Indonesian call center that has no access to any of what you're calling about.

New comment by jijji in "How Mark Klein told the EFF about Room 641A [book excerpt]"

jijji — Fri, 01 May 2026 01:30:17 +0000

in 2002 I worked at an AT&T major datacenter and watched the NSA install all the black boxes in every rack, complete with a black curtain and armed guards while they did the project (St Louis). Before that it was still going on, it just wasnt so embedded like they did in 2002.

New comment by jijji in "Claude may require identity verification in some cases"

jijji — Wed, 15 Apr 2026 11:13:04 +0000

its the same reason a pervert sniffs a girls panties

New comment by jijji in "You can't trust macOS Privacy and Security settings"

jijji — Fri, 10 Apr 2026 17:28:18 +0000

linux and unix before it has been a pretty consistent interface for decades, especially since the introduction of X windows in the 1980's..

New comment by jijji in "ML promises to be profoundly weird"

jijji — Thu, 09 Apr 2026 02:37:24 +0000

the authors reference to LLM's as "bullshit machines" is more true the less parameters you have trained in your model....as we scale up to trillions of parameters, add Mixture of Experts (MoE) architecture, this no longer is an accurate statement. Proof in point was yesterdays announcemnt of Mythos 5 model (10T parameters + MoE [1]) by anthropic where it seems to be so good at finding/exploiting vulnerabilities in source code that have been there for decades and only recently uncovered needs to be used to fix these critical vilnerabilities first before it gets released to the public, they even have a project called Glasswing [2] dedicated to letting people fix the thousands of vulnerabilities already found by the model before they release this model to the public, because it's so good at what it does... I think we're a little bit past the point of calling these models "bullshit machines" at this point...

[1] https://www.aimagicx.com/blog/claude-mythos-5-trillion-param...

[2] https://www.anthropic.com/glasswing

New comment by jijji in "A macOS bug that causes TCP networking to stop working after 49.7 days"

jijji — Wed, 08 Apr 2026 04:06:30 +0000

So, you're implying that there is a second person named Alan Cox from Swansea, Wales who worked on FreeBSD, not Linux? Where is your source for that? lol

New comment by jijji in "A macOS bug that causes TCP networking to stop working after 49.7 days"

jijji — Tue, 07 Apr 2026 16:28:00 +0000

Alan Cox of course worked on the TCP/IP stack:

"His involvement with Linux began in the early 1990s when he was working on a project that required a stable networking solution. This led him to discover Linux, which was still in its infancy at the time.

Contributions to Linux Kernel

Cox's contributions to the Linux kernel are extensive and far-reaching. He is best known for his work on the Linux networking stack, which was critical in making Linux a viable option for server environments. Cox identified and addressed numerous issues in the kernel's TCP/IP implementation, enhancing its performance and reliability." [0]

"For those not familiar with the Linux kernel contributors, Alan Cox wrote large parts of the networking stack, was the maintainer of the 2.2 branch, and was commonly considered the "second in command" to Linus Torvalds at one point: http://en.wikipedia.org/wiki/Alan_Cox" [1]

"Alan started working on Version 0. There were bugs and problems he could correct. He put Linux on a machine in the Swansea University computer network, which revealed many problems in networking which he sorted out; later he rewrote the networking software. [2]

[0] https://machaddr.substack.com/p/kernel-chronicles-insights-a...

[1] https://news.ycombinator.com/item?id=8548738

[2] https://web.archive.org/web/20200923003028/https://www.swans...

New comment by jijji in "A macOS bug that causes TCP networking to stop working after 49.7 days"

jijji — Mon, 06 Apr 2026 21:08:27 +0000

I thought Alan Cox fixed all the TCP IP bugs in the early 1990s lol

New comment by jijji in "Show HN: I made a YouTube search form with advanced filters"

jijji — Mon, 06 Apr 2026 03:11:47 +0000

The search filters and the user interface in general on YouTube is garbage. you guys need to go back to the drawing board. it really is almost impossible to find a video, you have to sort through hundreds of AI slop clickbait videos in order to get to the one that you're actually interested in finding.

New comment by jijji in "EmDash – A spiritual successor to WordPress that solves plugin security"

jijji — Wed, 01 Apr 2026 20:33:56 +0000

whether people want to admit it or not, agent encoding is kind of the norm right now and I think the fear is the stories coming out of places like Block, Inc where they announced they fired 4,000 engineers a couple days ago because of what's the obvious truth today versus 6 months ago.... one expert software engineer can do the work of 20-40 people, so why do we need so many people? it's a hard pill to swallow, it's easier to claim that agentic coding doesn't work or that the code is sloppy and it doesn't work when in reality most companies are currently using it everyday, especially the large ones.

New comment by jijji in "EmDash – a spiritual successor to WordPress that solves plugin security"

jijji — Wed, 01 Apr 2026 20:25:41 +0000

I agree with you, if you're already a competent engineer, your productivity only is improved by orders of magnitude by using coding agents that are at this point producing very good code as long as you give it the right prompts and you test your code and remove any bugs... if the code tests and all the bugs are removed, what you've got is a working product that is hard to argue that it doesn't work especially if there's been a lot of QA done on it and there's no bugs....

New comment by jijji in "Axios compromised on NPM – Malicious versions drop remote access trojan"

jijji — Tue, 31 Mar 2026 15:01:34 +0000

another week another npm supply chain attack

New comment by jijji in "Miasma: A tool to trap AI web scrapers in an endless poison pit"

jijji — Sun, 29 Mar 2026 16:16:08 +0000

why not just try to block them at the door instead of feeding them poisoned food...

New comment by jijji in "Installing a Let's Encrypt TLS certificate on a Brother printer with Certbot"

jijji — Fri, 27 Mar 2026 16:35:44 +0000

you could probably get away with just running nginx with certbot on the front end of that domain name and then have it proxy back to a script that talks to the brother printer on the back end of it to do printing, although I'm not sure why you'd want to print via the public internet

New comment by jijji in "Show HN: Turbolite – a SQLite VFS serving sub-250ms cold JOIN queries from S3"

jijji — Thu, 26 Mar 2026 20:51:27 +0000

i wonder how much that costs per hour to run any normal load? what benefit does this have versuss using mysql (or any similar rdbms) for the queries? mysql/pgsql/etc is free remember, so using S3 obviously charges by the request, or am i wrong?

New comment by jijji in "Illinois introduces OS-level age verification law"

jijji — Thu, 12 Mar 2026 21:43:44 +0000

forcing the OS to authenticate the age of the person using the machine? age verification can easily be done by using the DMV as a conduit or using login.gov as a conduit or using id.me as a conduit. these interfaces are already used by dozens of government agencies to authenticate citizens of the United States, and there doesn't need to be any special software installed on the machine

New comment by jijji in "Tell HN: I'm 60 years old. Claude Code has re-ignited a passion"

jijji — Sat, 07 Mar 2026 14:23:57 +0000

i dont know, i'm in my 50's, and been doing software engineering work every day professionally since i was 15, and i can say claude code (max) has made me at least 20x more productive... Its definitely an improvement. I think what they've got is top notch, doesnt come close to what the competition are offering, at this point.

New comment by jijji in "GPT-5.4"

jijji — Fri, 06 Mar 2026 02:49:13 +0000

I tried to use Google's Gemini CLI from the command line on linux and I think it let me type in two sentences and then it told me that I was out of credits... and then I started reading comments that it would overwrite files destructively [0] or worse just try to rewrite an entire existing codebase [1]. it just doesn't sound ready for prime time. I think they wanted to push something out to compete with Claude code but it's just really really bad.

[0] https://github.com/google-gemini/gemini-cli/issues/17583

[1] https://www.reddit.com/r/Bard/comments/1l8vil5/gemini_keeps_...