Hacker News: markasoftware

New comment by markasoftware in "GPU memory snapshots: sub-second startup (2025)"

markasoftware — Sat, 10 Jan 2026 20:54:49 +0000

the thing is modal is running untrusted containers, so there's not really a concept of "some front facing" containers. Any container running an untrusted workload is at high risk / is "front facing".

If Modal's customers' workloads are mainly GPU-bound, then the performance hit of gvisor isn't as big as it might be for other workloads. GPU activity does have to go through the fairly heavyweight nvproxy to be executed on the host, but most gpu activity is longer-lived async calls like running kernels so a bit of overhead in starting / retrieving the results from those calls can be tolerated.

New comment by markasoftware in "Unlocking free WiFi on British Airways"

markasoftware — Sat, 25 Oct 2025 04:09:13 +0000

I have a friend who did similar tunneling a while ago. It also works on cruise ships.

He discovered that on some airlines (I think American?), they use an advanced fortinet firewall that doesn't just look at the SNI -- it also checks that the certificate presented by the server has the correct hostname and is issued by a legit certificate authority.

My friend got around that restriction by making the tunnel give the aa.com SNI, and then forward a real server hello and certificate from aa.com (in fact I think he forwards the entire TLS 1.2 handshake to/from aa.com). But then as soon as the protocol typically would turn into encrypted application data, he ignores whatever he sent in the handshake and just uses it as an encrypted tunnel.

(The modern solution is just to use TLS 1.3, which encrypts the server certificate and hence prevents the firewall from inspecting the cert, reducing the problem back to just spoofing the SNI).

New comment by markasoftware in "Ask HN: Abandoned/dead projects you think died before their time and why?"

markasoftware — Sun, 12 Oct 2025 14:17:09 +0000

if the world was all XHTML, then you wouldn't put an ad on your site that wasn't valid XHTML, the same way you wouldn't import a python library that's not valid python.

New comment by markasoftware in "Should I choose Ada, SPARK, or Rust over C/C++? (2024)"

markasoftware — Mon, 06 Oct 2025 02:52:11 +0000

Their example of why Ada has better strong typing than Rust is that you can have floats for miles and floats for kilometers and not get them mixed up. News flash, Rust has newtype structs, and you can also do basically the same thing in C++.

I don't know much about Ada. Is its type system any better than Rust's?

New comment by markasoftware in "Ultrasonic Chef's Knife"

markasoftware — Sun, 21 Sep 2025 13:48:52 +0000

I mostly agree that, as someone who cooks something intricate <10 times per year, a sharp knife is in fact more dangerous than a dull one.

Scott in the video makes the argument that sharp knives are safer, because you don't have to use as much force. But the only time I've ever cut myself with a knife in the kitchen have been with very sharp knives, eg one time handling it while washing the blade.

New comment by markasoftware in "LLMs are still surprisingly bad at some simple tasks"

markasoftware — Sun, 21 Sep 2025 13:23:09 +0000

as soon as an LLM makes a significant mistake in a chat (in this case, when it identified the text as Romanian), throw away the chat (or delete/edit the LLMs response if your chat system allows this). The context is poisoned at this point.

New comment by markasoftware in "Trump to impose $100k fee for H-1B worker visas, White House says"

markasoftware — Fri, 19 Sep 2025 20:29:47 +0000

per application, so per person

New comment by markasoftware in "Show HN: The text disappears when you screenshot it"

markasoftware — Thu, 18 Sep 2025 03:50:59 +0000

same thing, but a game: https://brantagames.itch.io/motus

New comment by markasoftware in "Behind the scenes of Bun Install"

markasoftware — Thu, 11 Sep 2025 21:22:14 +0000

I'm pretty confused about why it's beneficial to wait to read the whole compressed file before decompressing. Surely the benefit of beginning decompression before the download is complete outweigh having to copy the memory around a few extra times as the vector is resized?

New comment by markasoftware in "95% of AI Pilots Fail"

markasoftware — Mon, 08 Sep 2025 16:51:33 +0000

if 5% grows exponentially, it'll become 0.025%, then 0.00125%, ...

New comment by markasoftware in "NPM debug and chalk packages compromised"

markasoftware — Mon, 08 Sep 2025 16:46:19 +0000

check marks in email clients usually mean DKIM / other domain verification passed. The attack author truly owns npmjs.help, so a checkmark is appropriate.

New comment by markasoftware in "Anthropic agrees to pay $1.5B to settle lawsuit with book authors"

markasoftware — Fri, 05 Sep 2025 20:54:41 +0000

They also agreed to destroy the pirated books. I wonder how large of a portion of their training data comes from these shadow libraries, and if AI labs in countries that have made it clear they won't enforce anti-piracy laws against AI companies will get a substantial advantage by continuing to use shadow libraries.

New comment by markasoftware in "Stripe Launches L1 Blockchain: Tempo"

markasoftware — Thu, 04 Sep 2025 18:34:51 +0000

exactly. This is the main value of the "web3" era of blockchains. There's absolutely no decentralization in the way they are governed. It's just enough decentralization so that it can be argued that the users are interacting with a piece of software that the developers wrote, rather than the developers themselves, so that way there's no legal relationship between the two.

That being said, I'm not entirely sure it's a bad thing...especially outside of the US/europe banking I get the impression that banking regulations are arbitrary and political and if all we get from crypto is escape from those regulations it may be worth the extra fraud and so on.

New comment by markasoftware in "Nuclear: Desktop music player focused on streaming from free sources"

markasoftware — Wed, 03 Sep 2025 20:58:18 +0000

Half the time trying to play a song doesn't work. Dozens and dozens of javascript errors in the console, most of which seem to be legitimate (trying to parse xml as json, type errors, and other serious stuff). Electron. That's three strikes, I'm out.

New comment by markasoftware in "Sometimes CPU cores are odd"

markasoftware — Fri, 29 Aug 2025 03:51:10 +0000

How come "let's use some cool cryptography to encrypt error messages" is being considered before "let's use a strongly typed language that even web developers are starting to become fond of" as a way to prevent issues in the future?

New comment by markasoftware in "Google will allow only apps from verified developers to be installed on Android"

markasoftware — Tue, 26 Aug 2025 00:05:50 +0000

What bank is this? No bank I know /requires/ you to use a mobile app for anything; the web is enough. 2FA can usually be done via email, SMS, or a google-authenticator-compatible app.

New comment by markasoftware in "I hacked Monster Energy"

markasoftware — Sat, 23 Aug 2025 17:53:40 +0000

This isn't security research, it's unauthorized hacking. Monster has no vulnerability disclosure program. It's completely illegal to try and gain unauthorized access without a VDP, even if you attempt to responsibly disclose your findings after the fact. And frankly, you didn't /responsibly/ disclose your findings, because you are publishing this while some of the vulnerabilities are still present. I reckon you have a 5% chance of ending up in jail because of this post.

New comment by markasoftware in "Pixel 10 Phones"

markasoftware — Wed, 20 Aug 2025 17:44:15 +0000

I agree, but I got the Pixel 5 instead; the 5 is actually smaller while the screen size is larger due to the curved screen corners. It also has a fingerprint sensor, unlike the 4. That being said, I still miss the squeeze-activated flashlight on the 4.

New comment by markasoftware in "StarDict sends X11 clipboard to remote servers"

markasoftware — Tue, 12 Aug 2025 06:17:28 +0000

a bloom filter look up is by hash, and given the relatively small set of words in english, it would be pretty easy for the server to reverse the hash sent to it. Thus a bloom filter wouldn't be very private.

Additionally, a typical spell checker feature is to provide alternative, correct, spellings, rather than just telling you whether a word is correctly spelled.

I bet there's some cool way to do this with zero-knowledge or homomorphic cryptography though!

New comment by markasoftware in "Tor: How a military project became a lifeline for privacy"

markasoftware — Sat, 09 Aug 2025 15:59:18 +0000

nope they were both started within a year of each other. Lots of Tor fans will tell you that I2P is overly complicated. And indeed it seems to have had more vulnerabilities over the years.