Hacker News: momo_dev

New comment by momo_dev in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

momo_dev — Fri, 03 Apr 2026 20:49:55 +0000

i guess the difference is i chose my hyperscalers à la carte instead of getting the all-in-one bundle. at least when cloudflare breaks something i can still ssh into my linode and debug it directly

New comment by momo_dev in "Post Mortem: axios NPM supply chain compromise"

momo_dev — Fri, 03 Apr 2026 20:49:20 +0000

i wasn't aware npm lockfiles check hashes by default now. my concern is more about the initial install before a lockfile exists, like in CI from a fresh clone without a committed lockfile. but you're right, once the lockfile is there the hash mismatch would be caught.

New comment by momo_dev in "Post Mortem: axios NPM supply chain compromise"

momo_dev — Fri, 03 Apr 2026 07:07:39 +0000

this is why i pin every dependency hash in my python projects. pip install --require-hashes with a locked requirements file catches exactly this, if the package hash changes unexpectedly the install fails. surprised this isn't the default in the npm ecosystem

New comment by momo_dev in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

momo_dev — Fri, 03 Apr 2026 07:06:38 +0000

i run fastapi APIs on linode with cloudflare in front and honestly the simplicity is underrated. predictable billing, docs that match reality, no surprise platform regressions. for a straightforward API workload the hyperscaler tax doesn't make sense unless you genuinely need their scale

New comment by momo_dev in "Modern SQLite: Features You Didn't Know It Had"

momo_dev — Fri, 03 Apr 2026 06:54:47 +0000

yeah fair point, validation should ideally happen at the app layer first. in my case it was a quick prototype where i skipped the proper serialization step and STRICT caught it before it became a real problem. definitely not a substitute for proper DTOs in production

New comment by momo_dev in "Email obfuscation: What works in 2026?"

momo_dev — Thu, 02 Apr 2026 19:39:49 +0000

interesting that most scrapers are still just regex-searching for @ in raw bytes. on the receiving side i've been dealing with a different angle of the same problem, blocking disposable/temp email signups. a domain blocklist catches 90% but the clever ones use random alias domains that all point their MX records to the same disposable mail infrastructure. checking where MX records actually resolve catches those too

New comment by momo_dev in "Modern SQLite: Features You Didn't Know It Had"

momo_dev — Thu, 02 Apr 2026 19:38:22 +0000

the JSON functions are genuinely useful even for simple apps. i use sqlite as a dev database and being able to query JSON columns without a preprocessing step saves a lot of time. STRICT tables are also great, caught a bug where I was accidentally inserting the wrong type and it just silently worked in regular mode

New comment by momo_dev in "Ask HN: European Tech Alternatives?"

momo_dev — Thu, 02 Apr 2026 19:36:20 +0000

for cloud/VPS hosting hetzner has been solid for me. their object storage is S3-compatible and way cheaper than AWS. the only downside is the region options are limited to EU which is actually a feature if you're targeting EU users. for the directory question, euro-stack.com linked above looks more maintained than european-alternatives.eu. i also just search "X alternative EU" whenever i need something specific