Hacker News: mcintyre1994

New comment by mcintyre1994 in "US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf]"

mcintyre1994 — Thu, 16 Apr 2026 07:35:05 +0000

> you cannot turn a non-privileged document into a privileged one by sharing it with your lawyer after the fact.

Surely this is how all async communication with a lawyer works though? Or are gmail drafts privileged if you can make a case that it was going to be sent to your lawyer? Is a letter at your house privileged if you can make a case that it was going to be sent to your lawyer?

New comment by mcintyre1994 in "X Randomly Banning Users for "Inauthentic Behavior""

mcintyre1994 — Mon, 13 Apr 2026 07:29:48 +0000

My guess would be that they amplify tweets involving Grok as a form of advertising. I think they disabled tagging Grok for non paying users, so I guess they do it to advertise its capabilities. And because their user base is so toxic that mostly means amplifying things like that.

New comment by mcintyre1994 in "Tell HN: Docker pull fails in Spain due to football Cloudflare block"

mcintyre1994 — Sun, 12 Apr 2026 19:28:19 +0000

Dumb question but why don’t the pirate sites all host on Azure if Cloudflare is blocked and Azure isn’t?

New comment by mcintyre1994 in "EFF is leaving X"

mcintyre1994 — Thu, 09 Apr 2026 22:59:37 +0000

They’re not trying to stop anyone else being on X or saying anything there or anywhere else.

New comment by mcintyre1994 in "EFF is leaving X"

mcintyre1994 — Thu, 09 Apr 2026 22:56:46 +0000

It sounds like they don’t really get meaningful engagement/views on X anyway though. It sounds like it’s not a useful platform to reach any audience for them.

New comment by mcintyre1994 in "We moved Railway's frontend off Next.js. Builds went from 10+ mins to under two"

mcintyre1994 — Wed, 08 Apr 2026 09:21:36 +0000

Is that because LLMs default to the older pages router? Or are they actually providing a different version of the library optimised in some way for agents?

New comment by mcintyre1994 in "Germany Power Prices Turn Deeply Negative on Renewables Surge"

mcintyre1994 — Tue, 07 Apr 2026 11:14:33 +0000

In the UK you can get energy plans with a price that updates every half hour, published a day ahead. From 12:30pm - 4pm today that price is negative. It was also negative for around 16 hours of Easter Sunday. https://www.octopriceuk.app/agile

New comment by mcintyre1994 in "Gemma 4 on iPhone"

mcintyre1994 — Mon, 06 Apr 2026 08:19:14 +0000

You need some way to give it tools - the essential ones for coding are running bash commands, reading files and editing files.

You need the LLM to be able to respond with tool use requests, and then your local harness to process them and respond to it. You can read how tool calling works with eg Claude API to get the idea: https://platform.claude.com/docs/en/agents-and-tools/tool-us...

Under the hood something like Claude Code is calling the API with tools registered, and then when it gets a tool use request it runs that locally, and then responds to the API with the result. That’s the loop that enables coding.

Integrating with an IDE specifically is really just a UI feature, rather than the core functionality.

New comment by mcintyre1994 in "Post Mortem: axios NPM supply chain compromise"

mcintyre1994 — Sat, 04 Apr 2026 08:24:21 +0000

You’re right, but a colleague recently showed me this CLI for it: https://docs.npmjs.com/cli/v11/commands/npm-trust

Still needs to be published first, but looks like it automates all the annoying UI things you mentioned.

New comment by mcintyre1994 in "Post Mortem: axios NPM supply chain compromise"

mcintyre1994 — Sat, 04 Apr 2026 08:15:18 +0000

Then the malicious packages would always be published as a security fix.

New comment by mcintyre1994 in "Post Mortem: axios NPM supply chain compromise"

mcintyre1994 — Sat, 04 Apr 2026 08:14:20 +0000

In cases like this that isn’t an issue, NPM takes the malicious package down and you roll back to the previous version.

The problem would be new versions that fix security issues though, and because this is all open source as soon as you publish the fix everyone knows the vulnerability. You wouldn’t want everyone to stay on the insecure version with a basically public vulnerability for a week.

New comment by mcintyre1994 in "Post Mortem: axios NPM supply chain compromise"

mcintyre1994 — Fri, 03 Apr 2026 07:20:41 +0000

Nope, the most restrictive option available is to disallow tokens and require 2FA. I think that using exclusively hardware 2FA and not having the backup codes on the compromised machine probably would have prevented this attack though.

New comment by mcintyre1994 in "Claude Code's source code has been leaked via a map file in their NPM registry"

mcintyre1994 — Tue, 31 Mar 2026 19:20:47 +0000

See also: https://github.com/openclaw/openclaw/pulls (6,647 open PRs)

New comment by mcintyre1994 in "Axios compromised on NPM – Malicious versions drop remote access trojan"

mcintyre1994 — Tue, 31 Mar 2026 07:22:40 +0000

The frustrating thing here is that axios versions display on npmjs with verified provenance. But they don’t use trusted publishing: https://github.com/axios/axios/issues/7055 - meaning the publish token can be stolen.

I wrongly thought that the verified provenance UI showed a package has a trusted publishing pipeline, but seems it’s orthogonal.

NPM really needs to move away from these secrets that can be stolen.

New comment by mcintyre1994 in "Copilot edited an ad into my PR"

mcintyre1994 — Mon, 30 Mar 2026 10:18:27 +0000

It's definitely an ad, I think the only real question is whether it's just marketing Copilot or whether part of their partnership with other companies is advertising the integration in this way. The links all go to Copilot docs pages on the integrations, so they're not typical tracked link advertising campaigns.

New comment by mcintyre1994 in "Copilot edited an ad into my PR"

mcintyre1994 — Mon, 30 Mar 2026 07:38:11 +0000

If you click the Raycast link in one of these PRs it links to: https://gh.io/cca-raycast-docs

So I think they’re injecting this as a tip on using Copilot, that just happens to be their integration with Raycast.

I have no idea what their actual partnership with Raycast looks like, maybe this is part of what they offered them? But it’s not a traditional link to another product ad like it appears to be from Raycast being a link.

New comment by mcintyre1994 in "Don't Wait for Claude"

mcintyre1994 — Fri, 27 Mar 2026 18:43:48 +0000

Something would be deeply wrong!

New comment by mcintyre1994 in "OpenAI Has New Focus (on the IPO)"

mcintyre1994 — Thu, 19 Mar 2026 11:30:45 +0000

It only has $1m volume, so even that conclusion is a bit of a stretch. By comparison NCAA tournament has $15m, and US confirms aliens this year has $18m.

New comment by mcintyre1994 in "Pyodide: a Python distribution based on WebAssembly"

mcintyre1994 — Tue, 17 Mar 2026 13:20:15 +0000

Love all the tools mentioned in the comments, Pyodide is a fun tool. I built https://pyground.vercel.app with it a few years ago, as a quick way to run Python on a CSV/JSON file locally in the browser. For a while Python/Matplotlib was what I was most comfortable writing quick and simple analysis scripts with, and this was my go to for one-off data analysis work. You can drag-drop a file in, then some 'clever' code makes it available as `data` in the Python script so you don't have to write any parsing code yourself.

Now I'd probably just get Claude Code to write something locally, but there might be some value in a version of pyground that can use an LLM to write the Python code for you (and give it the data shape) but keeps the local execution setup the same.

New comment by mcintyre1994 in "Canada's bill C-22 mandates mass metadata surveillance"

mcintyre1994 — Mon, 16 Mar 2026 09:07:07 +0000

You only need to look at the US to see that a government dedicated to mass deportation is more authoritarian and worse for civil liberties.