Hacker News: m4r71n

New comment by m4r71n in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"

m4r71n — Thu, 23 Apr 2026 16:56:57 +0000

https://cooldowns.dev/#javascript-ecosystem ;-)

New comment by m4r71n in "Show HN: A context-aware permission guard for Claude Code"

m4r71n — Thu, 12 Mar 2026 00:40:50 +0000

The entire permissions system feels like it's ripe for a DSL of some kind. Looking at the context implementation in src/nah/context.py and the way it hardcodes a ton of assumptions makes me think it will just be a maintenance nightmare to account for _all_ possible contexts and known commands. It would be nice to be able to express that __pycache__/ is not an important directory and can be deleted at will without having to encode that specific directory name (not that this projects hardcodes it, it's just an example to get to the point).

New comment by m4r71n in "Markdown CLI viewer with VI keybindings"

m4r71n — Tue, 10 Feb 2026 23:08:03 +0000

The screenshot you added uses a transparent terminal where you can see your Discord chat in the background. You might want to remove that ;-)

New comment by m4r71n in "Agent Skills"

m4r71n — Tue, 03 Feb 2026 15:26:54 +0000

That is being discussed in https://github.com/agentskills/agentskills/issues/15.

Claude Code 2.1: The Pain Points? Fixed

m4r71n — Thu, 08 Jan 2026 15:57:37 +0000

Article URL: https://paddo.dev/blog/claude-code-21-pain-points-addressed/

Comments URL: https://news.ycombinator.com/item?id=46542485

Points: 1

# Comments: 0

AI Attribution Toolkit

m4r71n — Sat, 18 Oct 2025 19:52:32 +0000

Article URL: https://aiattribution.github.io/

Comments URL: https://news.ycombinator.com/item?id=45629940

Points: 2

# Comments: 0

New comment by m4r71n in "Designing agentic loops"

m4r71n — Wed, 01 Oct 2025 17:14:28 +0000

Ha, well look at that, not even a day later: https://fossa.com/blog/fossabot-dependency-upgrade-ai-agent/

New comment by m4r71n in "Designing agentic loops"

m4r71n — Wed, 01 Oct 2025 02:01:11 +0000

I can imagine an agentic loop that updates dependencies à la Dependabot/Renovate-style by going through the changelog of a new version, reviewing new code changes, and evaluating whether it's worth it to upgrade (or even dangerous to do so, either from stability or security point of view). Too often these tools are used to blindly respin builds with the latest and greatest versions, which is what gets most people in trouble when their NPM deps become malicious.

New comment by m4r71n in "Kagi News"

m4r71n — Tue, 30 Sep 2025 18:01:26 +0000

How would the LLM provider get any information about your reading habits from the app? The LLM is used _before_ the news content is served to you, the reader.

New comment by m4r71n in "The Theatre of Pull Requests and Code Review"

m4r71n — Thu, 25 Sep 2025 16:55:28 +0000

I actually find the relevant PR/MR discussion a lot more useful than the commit messages themselves. So any git blame is just to get a commit hash and look that up in GitLab/GitHub to see the entire change set and any comments around it. It makes me wish those comments were bundled with the merge commit somehow and could easily be accessed in the terminal where I'm viewing the git history.

New comment by m4r71n in "Chrome's New AI Features"

m4r71n — Thu, 18 Sep 2025 19:10:34 +0000

Not quite the same thing. Google's features seem to give the model the ability to control the browser, not just act upon the text within a given web page.

New comment by m4r71n in "Chrome's New AI Features"

m4r71n — Thu, 18 Sep 2025 17:33:47 +0000

I tend to agree. If this was built as a true browser enhancement, it would allow you to select the model of your choice or even plug it into a locally running LLM. This being exclusive to Gemini just juices up their usage numbers to make their investments more justifiable. I wonder if Firefox will ever introduce any similar features.

New comment by m4r71n in "Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised"

m4r71n — Tue, 16 Sep 2025 13:58:58 +0000

Since so many vendors discovered these packages seemingly independently, you'd think that they would share those mechanisms with NPM itself so that those packages would never be published in the first place. But I guess that removes their ability to sell an "early alert" mechanism through their offerings...

New comment by m4r71n in "LLM Visualization"

m4r71n — Fri, 05 Sep 2025 13:08:19 +0000

Karpathy walks through this visualization in https://www.youtube.com/watch?v=7xTGNNLPyMI, well worth a watch!

New comment by m4r71n in "PYX: The next step in Python packaging"

m4r71n — Wed, 13 Aug 2025 20:01:08 +0000

What does GPU-aware mean in terms of a registry? Will `uv` inspect my local GPU spec and decide what the best set of packages would be to pull from Pyx?

Since this is a private, paid-for registry aimed at corporate clients, will there be an option to expose those registries externally as a public instance, but paid for by the company? That is, can I as a vendor pay for a Pyx registry for my own set of packages, and then provide that registry as an entrypoint for my customers?

New comment by m4r71n in "Claude Sonnet 4 now supports 1M tokens of context"

m4r71n — Tue, 12 Aug 2025 20:09:49 +0000

How does this work under the hood? Does it build an in-memory vector database of the input sources and runs queries on top of that data to supplement the context window?

New comment by m4r71n in "Intermittent fasting strategies and their effects on body weight"

m4r71n — Sat, 09 Aug 2025 15:00:19 +0000

Alternate day fasting normally means you eat up to 500 calories on your fasting day, but then eat more than usual on normal days. So on average if you eat 500 one day and 2500 another, that is no different than eating a restricted diet of 1500 every day. The finding here is that the former results in slightly more weight loss than the latter. That restrictions in calorie intake will result in weight loss is a given.

New comment by m4r71n in "Uv: Running a script with dependencies"

m4r71n — Tue, 22 Jul 2025 12:22:17 +0000

Just better visibility into the dependencies that come with the script (exactly for things like vulnerability scanning that you mention). It's also easier for reproducibility in someone else's environment when I can give them the exact list of dependencies instead of having them resolve it themselves using the inline declarations. Explicit is better than implicit :-)

New comment by m4r71n in "Uv: Running a script with dependencies"

m4r71n — Tue, 22 Jul 2025 00:41:04 +0000

Oh nice, I was already a happy user of the uv-specific shebang with in-script dependencies, but the `uv lock --script example.py` command to create a lock file that is specific to one script takes it to another level! Amazing how this feels so natural and yet only appeared after 20+ years of Python packaging.

New comment by m4r71n in "Understanding the PURL Specification (Package URL)"

m4r71n — Thu, 05 Jun 2025 17:36:47 +0000

You can use the `oci` package type for non-Docker images (or any OCI artifacts for that matter).