Hacker News: minitech

New comment by minitech in "You can't trust macOS Privacy and Security settings"

minitech — Sat, 11 Apr 2026 18:45:44 +0000

> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).

No, that’s not true at all. Granting permission using the folder picker is required.

New comment by minitech in "Post Mortem: axios NPM supply chain compromise"

minitech — Fri, 03 Apr 2026 07:57:29 +0000

Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 03:19:13 +0000

Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:45:36 +0000

It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:17:30 +0000

No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:15:00 +0000

They meant “more appropriate [than an em dash]”. And that minus sign usage of hyphen-minus isn’t unique in Unicode either – see U+2212 MINUS SIGN.

New comment by minitech in "Tell HN: Firefox is being slowly deprecated by the industry"

minitech — Sat, 28 Mar 2026 03:50:43 +0000

People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.

New comment by minitech in "My astrophotography in the movie Project Hail Mary"

minitech — Thu, 26 Mar 2026 00:22:32 +0000

That’s what rot13 is for.

New comment by minitech in "My astrophotography in the movie Project Hail Mary"

minitech — Wed, 25 Mar 2026 14:33:45 +0000

What changed about the ending?

New comment by minitech in "Blacksky AppView"

minitech — Mon, 09 Mar 2026 00:10:54 +0000

Not that that isn’t a practical concern, but that’s not the level at which the network claims to be decentralized. Your account was banned by one participant in the hypothetical decentralized network.

New comment by minitech in "Blacksky AppView"

minitech — Mon, 09 Mar 2026 00:06:46 +0000

- “yellow” is a racist adjective for asians, “black” is not a racist adjective for black people

- there is no “white community” in the US to make the equivalent to “black community”

so you can’t really draw any useful conclusions from how string replacement on this sentence makes you feel

New comment by minitech in "Mount Mayhem at Netflix: Scaling Containers on Modern CPUs"

minitech — Wed, 04 Mar 2026 07:10:42 +0000

That’s mostly a Dockerism (and even Docker has `COPY --link` these days). The underlying tech supports independent layers.

New comment by minitech in "What does " 2>&1 " mean?"

minitech — Fri, 27 Feb 2026 06:09:51 +0000

What they point to are capabilities, but the integer handles that user space gets are annoyingly like pointers. In some respects, better, since we don’t do arithmetic on them, but in others, worse: they’re not randomized, and I’ve never come across a sanitizer (in the ASan sense) for them, so they’re vulnerable to worse race condition and use-after-free issues where data can be quietly sent to the entirely wrong place. Unlike raw pointers’ issues, this can’t even be solved at a language level. And maybe worst of all, there’s no bug locality: you can accidentally close the descriptor backing a `FILE*` just by passing the wrong small integer to `close` in an unrelated part of the program, and then it’ll get swapped out at the earliest opportunity.

New comment by minitech in "I fixed Windows native development"

minitech — Sun, 15 Feb 2026 21:17:14 +0000

Maybe vibe-coding Show HN apps is correlated with low effort and bad taste.

New comment by minitech in "When internal hostnames are leaked to the clown"

minitech — Thu, 05 Feb 2026 06:03:47 +0000

It couldn’t, but it tried.

New comment by minitech in "Lennart Poettering, Christian Brauner founded a new company"

minitech — Tue, 27 Jan 2026 22:57:00 +0000

There is. Signal uses it, for example. https://signal.org/blog/building-faster-oram/

For another example, IntegriCloud: https://secure.integricloud.com/

New comment by minitech in "Cloudflare Can't Save You from a DoS (I Checked)"

minitech — Tue, 27 Jan 2026 15:16:13 +0000

AI slop? Most egregiously nonsense part:

> **3. The Layer 7 Limitation** Cloudflare operates primarily at the application layer. Many failures happen deeper in the stack. Aggressive SYN floods, malformed packets, and protocol abuse strike the kernel before an HTTP request is even formed. If your defense relies on parsing HTTP, you have already lost the battle against L3/L4 attacks.

No idea how valid the video is. It could be accurate, it could be entirely simulated, it could be making some kind of simple mistake. (At least there’s a tiny bit more detail in the video description on Vimeo.) Anyway, good time to learn about the blanket “I’m under attack” mode and/or targeted rules.

> **2. The Origin IP Bypass** Cloudflare only protects traffic that proxies through them. If an attacker discovers your origin IP--or if you are running P2P nodes, validators, or RPC services that must expose a public IP--the edge is bypassed entirely. At that point, there is no WAF and no rate limiting. Your network interface is naked.

Revolutionary stuff.

New comment by minitech in "Google confirms 'high-friction' sideloading flow is coming to Android"

minitech — Sun, 25 Jan 2026 16:37:52 +0000

You pay a cost either way: live in a world with better funded and incentivized scammers and in a community less wealthy by a corresponding amount, or have a slightly less convenient sideloading experience.

I guess if you take the old saying extremely literally, you could conclude that every fool is guaranteed to be parted with 100% of their lifetime available money regardless of what anyone else tries to do to stop that, but that’s not true – and why old sayings (with a respectable 75% of the words right) taken literally aren’t a good basis for decision-making.

New comment by minitech in "Libbbf: Bound Book Format, A high-performance container for comics and manga"

minitech — Wed, 21 Jan 2026 16:16:58 +0000

There’s a whole field’s worth of really cool stuff about error correction that I wish I knew a fraction of enough to give reading recommendations about, but my comment wasn’t that deep – it’s just that in hashes, you obviously care about distribution because that’s almost the entire point of non-cryptographic hashes, and in error correction you only care that x ≠ y implies f(x) ≠ f(y) with high probability, which is only directly related in the obvious way of making use of the output space (even though it’s probably indirectly related in some interesting subtler ways).

E.g. f(x) = concat(xxhash32(x), 0xf00) is just as good at error detection as xxhash32 but is a terrible hash, and, as mentioned, CRC-32 is infinitely better at detecting certain types of errors than any universal hash family.

New comment by minitech in "Libbbf: Bound Book Format, A high-performance container for comics and manga"

minitech — Wed, 21 Jan 2026 15:31:14 +0000

Uniformity isn’t directly important for error detection. CRC-32 has the nice property that it’s guaranteed to detect all burst errors up to 32 bits in size, while hashes do that with probability at best 2^−b of course. (But it’s valid to care about detecting larger errors with higher probability, yes.)