Hacker News: kpcyrd

New comment by kpcyrd in "Blocking Internet Archive Won't Stop AI, but Will Erase Web's Historical Record"

kpcyrd — Sat, 21 Mar 2026 12:52:44 +0000

You don't think non-consensually revealing somebody's identity is a problem?

Resorting to DDoS is not pretty, but "why is my violent behavior met with violence" is a little oblivious and reversal of victim and perpetrator roles.

New comment by kpcyrd in "Astral to Join OpenAI"

kpcyrd — Fri, 20 Mar 2026 01:36:17 +0000

I stopped programming in python about 8-9 years ago because the tooling was so bad.

New comment by kpcyrd in "Astral to Join OpenAI"

kpcyrd — Fri, 20 Mar 2026 01:23:08 +0000

Step 1: discontinue the public repository, step 2: sell access to your GPL codebase.

The GPL (and even the AGPL) doesn't require you to make your modified source code publicly available (Debian explicitly considers licenses with this requirement non-free). The GPL only states you need to provide your customers with source code.

New comment by kpcyrd in "Astral to Join OpenAI"

kpcyrd — Fri, 20 Mar 2026 01:09:25 +0000

I think this was more about "please choose _any_ license" because of the problem outlined here:

https://opensource.stackexchange.com/questions/1150/is-my-co...

New comment by kpcyrd in "Malus – Clean Room as a Service"

kpcyrd — Thu, 12 Mar 2026 17:30:12 +0000

I feel like this is related to these issues (with somebody attempting this approach for real):

https://github.com/chardet/chardet/issues/327

https://github.com/chardet/chardet/issues/331

New comment by kpcyrd in "Making WebAssembly a first-class language on the Web"

kpcyrd — Wed, 11 Mar 2026 22:50:39 +0000

Many of the anti-debugging techniques for desktop binaries do not work on WebAssembly: it can't jump to an address, it can't read the instruction pointer, it can't read/access it's own machine code, ...

New comment by kpcyrd in "Making WebAssembly a first-class language on the Web"

kpcyrd — Wed, 11 Mar 2026 22:46:32 +0000

Obfuscated javascript could still import a WebAssembly polyfill, if there really was any advantage in doing so: https://github.com/evanw/polywasm

Since WebAssembly instructions are much easier to reason about, you could probably auto-optimize away a lot of the obfuscation, like "this is a silly way to do X, so we can just do X directly".

New comment by kpcyrd in "Making WebAssembly a first-class language on the Web"

kpcyrd — Wed, 11 Mar 2026 22:21:58 +0000

It's mostly Rust compiled to wasm binaries. There's also TinyGo and you could use C/C++ as well, but those 3 are a lot less common as far as I can tell.

New comment by kpcyrd in "Redox OS has adopted a Certificate of Origin policy and a strict no-LLM policy"

kpcyrd — Tue, 10 Mar 2026 12:54:35 +0000

Your open source experience is very different from my open source experience.

New comment by kpcyrd in "PCB devboard the size of a USB-C plug"

kpcyrd — Mon, 09 Mar 2026 13:33:32 +0000

Running Rust on them worked well for me: https://github.com/kpcyrd/ch32v003-demo

I had to put in more effort regarding RAM use and flash size, but I managed to fit a game into the 16kb limit regardless: https://github.com/kpcyrd/game-streetcat2026

New comment by kpcyrd in "My “grand vision” for Rust"

kpcyrd — Mon, 09 Mar 2026 13:19:28 +0000

I just want to be able to call Default::default() from within const {}

New comment by kpcyrd in "100M-Row Challenge with PHP"

kpcyrd — Wed, 25 Feb 2026 16:16:49 +0000

The time you lose at the syscall boundary you may be able to win back during much shorter GC pauses.

New comment by kpcyrd in "Gentoo on Codeberg"

kpcyrd — Wed, 25 Feb 2026 14:40:04 +0000

Security, sha1 was deprecated in 2011 by NIST due to security concerns, and browsers reject sha1 certificates as invalid since 2017.

Yet programmers in 2026 for some reason are still using it when signing their git tags and commits. Unless they are using a sha256 git repository.

New comment by kpcyrd in "100M-Row Challenge with PHP"

kpcyrd — Wed, 25 Feb 2026 14:18:37 +0000

What about using the filesystem as an optimized dict implementation?

New comment by kpcyrd in "Don't pass on small block ciphers"

kpcyrd — Wed, 18 Feb 2026 14:06:30 +0000

The ch32v003 implements RISC-V without the M extension, meaning there's not even a MUL/DIV instruction.

Out of all micro controllers I've worked with, only a single one had AES cpu instructions.

New comment by kpcyrd in "Gentoo on Codeberg"

kpcyrd — Tue, 17 Feb 2026 20:37:16 +0000

I moved one of my projects from Github to codeberg because Github can't deal with sha256 repositories, but codeberg can.

New comment by kpcyrd in "Show HN: Knock-Knock.net – Visualizing the bots knocking on my server's door"

kpcyrd — Mon, 16 Feb 2026 10:43:54 +0000

Nice, are you using something like this?

    iptables -I OUTPUT -p tcp --sport 22 --tcp-flags RST RST -j DROP
    iptables -I OUTPUT -p tcp --sport 22 --tcp-flags FIN FIN -j DROP

Unfortunately this is still trivial to work around with a read timeout.

New comment by kpcyrd in "Rust at Scale: An Added Layer of Security for WhatsApp"

kpcyrd — Wed, 28 Jan 2026 09:23:50 +0000

Very cool! I'm wondering if Signal is doing something similar? libsignal is implemented in Rust, but I don't know about the other parts.

New comment by kpcyrd in "We can't have nice things because of AI scrapers"

kpcyrd — Tue, 13 Jan 2026 23:04:08 +0000

The API seems to be written in Perl: https://github.com/metabrainz/musicbrainz-server

New comment by kpcyrd in "We can't have nice things because of AI scrapers"

kpcyrd — Tue, 13 Jan 2026 23:02:20 +0000

I wish this wasn't necessary, but the next steps forward are likely:

a) Have a reverse proxy that keeps a "request budget" per IP and per net block, but instead of blocking requests, causing the client to rotate their IP, the requests get throttled/slowed down, without dropping them.

b) Write your API servers in more efficient languages. According to their Github, their backend runs on Perl and Python. These technologies have been "good enough" for quite some time, but considering current circumstances and until a better solution is found, this may not be the case anymore and performance and cpu cost per request does matter these days.

c) Optimize your database queries, remove as much code as possible from your unauthenticated GET request handlers, require authentication for the expensive ones.