Hacker News: minitech

New comment by minitech in "Project Valhalla, Explained: How a Decade of Work Arrives in JDK 28"

minitech — Fri, 19 Jun 2026 13:40:10 +0000

> How is this different from struct in C#? A struct in C# has identity

Since when? I’m pretty sure structs didn’t have identity last time I used C#, and that would be a very surprising thing to add.

New comment by minitech in "1-Click GitHub Token Stealing via a VSCode Bug"

minitech — Wed, 03 Jun 2026 09:40:17 +0000

and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev

New comment by minitech in "Gmail thinks I'm stupid, so I left"

minitech — Wed, 03 Jun 2026 01:44:22 +0000

This comment is confusing to me on so many levels. What’s with the tangent(?) about a math test your algebra teacher could have generated? Did you bring up an illiterate teacher (extreme outlier) as evidence that the general population has low comfort with written English, or…? (I’m going to resist getting into the rest of the tangent, but it’s really impressively densely perplexing.)

(edit: I’m not going to resist)

> If he could have written (in 2009) "give 20 question test for week 1 algebra II student with answer guide"

Is the “could” here just about AI not existing back then, or does “could not interact with the written language” imply that he could not have written this prompt? Why would he need the output, given that most of it is math? (If we assume he can speech-to-text the prompt, why can’t he do the same for other writing?) If the level of writing of “Write equation of a line in slope-intercept form with slope 3 and y-intercept −2” is the challenge, is he able to read it? What if the output is wrong – who’s going to verify it? Are you presenting this as a good thing? How did/would he grade handwritten written-answer questions?

New comment by minitech in "It's hard to justify buying a Framework 12"

minitech — Sat, 30 May 2026 05:34:24 +0000

Not one window, but one application. Which is, yeah, about the worst of both worlds.

New comment by minitech in "The Security of Ephemeral Pages"

minitech — Sun, 24 May 2026 01:28:28 +0000

- CSP that allows cdn.jsdelivr.net/unpkg.com (which serve anything on npm, which anyone can publish to) indiscriminately is not effective (and I’m sure some cdnjs script in an Angular-style library executes arbitrary code in otherwise-benign HTML attributes too)

- rate limiting using a key derived from the freely attacker-settable User-Agent header

- (and storing it in Netlify Blobs, “a highly-available data store optimized for frequent reads and infrequent writes“?)

- “The remaining item — constant-time comparison — is a calculated risk I have accepted for now.” What was the calculation? If Netlify Functions supports Node.js APIs as a quick search suggests, this is just `crypto.timingSafeEqual`. But even better without delving into more complicated options would be to store only a hash of the token to compare against.

New comment by minitech in "Stop MitM on the first SSH connection, on any VPS or cloud provider"

minitech — Mon, 11 May 2026 02:56:15 +0000

> in favor of some unlikely cloak and dagger interception scheme

someone who definitely understands how crypto works, describing the most basic possible MITM

New comment by minitech in "A recent experience with ChatGPT 5.5 Pro"

minitech — Sat, 09 May 2026 14:57:10 +0000

I know parameters don’t translate directly like that (and that linear and exponential aren’t the only types of growth) but a doubling as a go-to example of “not exponential growth” is pretty funny.

New comment by minitech in "Security through obscurity is not bad"

minitech — Sun, 03 May 2026 17:21:53 +0000

ASLR is (still[1]) not security by obscurity.

[1] https://news.ycombinator.com/item?id=43408079

New comment by minitech in "Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys"

minitech — Mon, 20 Apr 2026 21:13:56 +0000

> Any TLS break delayed by more than 15 minutes would be worthless.

It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?

Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…

New comment by minitech in "You can't trust macOS Privacy and Security settings"

minitech — Sat, 11 Apr 2026 18:45:44 +0000

> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).

No, that’s not true at all. Granting permission using the folder picker is required.

New comment by minitech in "Post Mortem: axios NPM supply chain compromise"

minitech — Fri, 03 Apr 2026 07:57:29 +0000

Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 03:19:13 +0000

Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:45:36 +0000

It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:17:30 +0000

No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)

New comment by minitech in "Claude Code runs Git reset –hard origin/main against project repo every 10 mins"

minitech — Mon, 30 Mar 2026 02:15:00 +0000

They meant “more appropriate [than an em dash]”. And that minus sign usage of hyphen-minus isn’t unique in Unicode either – see U+2212 MINUS SIGN.

New comment by minitech in "Tell HN: Firefox is being slowly deprecated by the industry"

minitech — Sat, 28 Mar 2026 03:50:43 +0000

People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.

New comment by minitech in "My astrophotography in the movie Project Hail Mary"

minitech — Thu, 26 Mar 2026 00:22:32 +0000

That’s what rot13 is for.

New comment by minitech in "My astrophotography in the movie Project Hail Mary"

minitech — Wed, 25 Mar 2026 14:33:45 +0000

What changed about the ending?

New comment by minitech in "Blacksky AppView"

minitech — Mon, 09 Mar 2026 00:10:54 +0000

Not that that isn’t a practical concern, but that’s not the level at which the network claims to be decentralized. Your account was banned by one participant in the hypothetical decentralized network.

New comment by minitech in "Blacksky AppView"

minitech — Mon, 09 Mar 2026 00:06:46 +0000

- “yellow” is a racist adjective for asians, “black” is not a racist adjective for black people

- there is no “white community” in the US to make the equivalent to “black community”

so you can’t really draw any useful conclusions from how string replacement on this sentence makes you feel