Hacker News: n_e

New comment by n_e in "MacBook Neo Deep Dive: Benchmarks, Wafer Economics, and the 8GB Gamble"

n_e — Thu, 14 May 2026 11:25:59 +0000

The figure is likely wrong.

My Mac is currently using 9GB of RAM including 6.5GB of cached files with Safari and a few other apps opened. They likely forgot to subtract the cache from the used memory.

New comment by n_e in "Postmortem: TanStack npm supply-chain compromise"

n_e — Mon, 11 May 2026 22:56:57 +0000

> it used to be that projects that pinned deps were called out as being less secure due to not being able to receive updates without a publish.

This is still the right advice for libraries. For security it doesn’t matter a whole lot anymore as package managers can force the transitive dependencies version, but it allows for much better transitive dependency de duplication.

For non-libraries it doesn’t matter as the exact versions get pinned in the package-lock.

New comment by n_e in "TanStack NPM Packages Compromised"

n_e — Mon, 11 May 2026 22:51:32 +0000

> Yes, you can lock deps in NPM/Cargo/etc. but that's not the default. It is the default in Go.

How is it not the default in npm?

New comment by n_e in "GitHub is sinking"

n_e — Sun, 10 May 2026 17:06:56 +0000

I'm not sure what to make of the graph.

On the one hand the acquisition of GitHub may have caused the availability to be worse.

On the other hand, the 100.00% availability before the acquisition looks suspicious, wondering if it's not just the status page being better updated.

(I'm aware of the recent availability problems with GitHub, but on the graph the problems start in 2020 and don't seem to worsen significantly)

New comment by n_e in "Should I Run Plain Docker Compose in Production in 2026?"

n_e — Tue, 05 May 2026 20:01:26 +0000

Why not use swarm? On a single node it isn't really more complicated than compose, and you get scaling and rolling deployments.

New comment by n_e in "I am worried about Bun"

n_e — Mon, 04 May 2026 20:03:04 +0000

enums and decorators mainly. There are also subtleties such as having the ts file extension in imports. Also imports aren't transpiled in cjs so you need to need es modules.

I'm using it in my projects with no issues.

New comment by n_e in "HERMES.md in commit messages causes requests to route to extra usage billing"

n_e — Wed, 29 Apr 2026 19:15:54 +0000

The reply looks like it was written by an LLM. Not that this excuses anything.

New comment by n_e in "GoDaddy gave a domain to a stranger without any documentation"

n_e — Sun, 26 Apr 2026 19:27:09 +0000

The explanation is at the end of the article: another GoDaddy customer asked for the transfer of a similar-looking domain name, and they transferred the wrong domain.

New text generator built by OpenAI considered too dangerous to release (2019)

n_e — Sun, 26 Apr 2026 15:41:26 +0000

Article URL: https://techcrunch.com/2019/02/17/openai-text-generator-dangerous/

Comments URL: https://news.ycombinator.com/item?id=47911183

Points: 4

# Comments: 0

New comment by n_e in "What async promised and what it delivered"

n_e — Sat, 25 Apr 2026 23:22:00 +0000

> 1.On a system that is handling 10k concurrent requests, the 10GB of RAM is going to be a fraction of what is installed.

My example (and the c10k problem) is 10k concurrent connections, not 10k concurrent requests.

> 2. It's not 10GB of RAM anyway, it's 10GB of address space. It still only gets faulted into real RAM when it gets used.

Yes, and that's both memory and cpu usage that isn't needed when using a better concurrency model. That's why no high-performance server software use a huge amount of threads, and many use the reactor pattern.

New comment by n_e in "What async promised and what it delivered"

n_e — Sat, 25 Apr 2026 21:40:16 +0000

> Why is reserving a megabyte of stack space "expensive"?

Because if you use one thread for each of your 10,000 idle sockets you will use 10GB to do nothing.

So you'll want to use a better architecture such as a thread pool.

And if you want your better architecture to be generic and ergonomic, you'll end up with async or green threads.

New comment by n_e in "Commenting and approving pull requests"

n_e — Sat, 25 Apr 2026 17:36:11 +0000

I'm not sure what approach you're suggesting?

Asking a more junior developer or someone who "show little interest in learning" to discuss their approach with you before they've spent too much time on the problem, especially if you expect them to take the wrong approach seems like the right way to do things.

Throwing out a PR of someone who doesn't expect it would be quite unpleasant, especially coming from someone more senior.

Why 'Atomic Habits' may not be working for you (2023)

n_e — Sat, 25 Apr 2026 09:32:10 +0000

Article URL: https://www.krishnabharadwaj.info/why-atomic-habits-may-not-be-working-for-you/

Comments URL: https://news.ycombinator.com/item?id=47900040

Points: 2

# Comments: 0

New comment by n_e in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"

n_e — Thu, 23 Apr 2026 18:16:35 +0000

> Anyone know of a better way to protect yourself than setting a min release age on npm/pnpm/yarn/bun/uv (and anything else that supports it)?

With pnpm, you can also use trustPolicy: no-downgrade, which prevents installing packages whose trust level has decreased since older releases (e.g. if a release was published with the npm cli after a previous release was published with the github OIDC flow).

Another one is to not run post-install scripts (which is the default with pnpm and configurable with npm).

These would catch most of the compromised packages, as most of them are published outside of the normal release workflow with stolen credentials, and are run from post-install scripts

New comment by n_e in "Highlights from Git 2.54"

n_e — Thu, 23 Apr 2026 16:05:49 +0000

> Why waste a round trip, build time, loss of flow and CI machine queue wait time when you can catch things early?

Because we want to be sure that the checks have passed, and that they have passed in a clean environment.

Contributors can, in addition, use git hooks, or run tests in watch mode, or use their IDE.

Also it's annoying to have slow git hooks if you commit often.

New comment by n_e in "Axios compromised on NPM – Malicious versions drop remote access trojan"

n_e — Tue, 31 Mar 2026 12:33:55 +0000

I haven't checked, but it would be surprising that the min-release-age applies to npm audit and equivalent commands

New comment by n_e in "Show HN: Sheet Ninja – Google Sheets as a CRUD Back End for Vibe Coders"

n_e — Sun, 29 Mar 2026 12:43:49 +0000

> Cloud sql lowest tier is pennies a day

Unless things have improved it's also hideously slow, like trivial queries on a small table taking tens of milliseconds. Though I guess that if the alternative is google sheets that's not really a concern.

New comment by n_e in "A Faster Alternative to Jq"

n_e — Fri, 27 Mar 2026 08:02:24 +0000

I process TB-size ndjson files. I want to use jq to do some simple transformations between stages of the processing pipeline (e.g. rename a field), but it so slow that I write a single-use node or rust script instead.

New comment by n_e in "Node.js worker threads are problematic, but they work great for us"

n_e — Sun, 22 Mar 2026 13:54:13 +0000

> but so could FFI calls to another language for the CPU bound work

Worker threads can be more convenient than FFI, as you don't need to compile anything, you can reuse the main application's functions, etc.

New comment by n_e in "The three pillars of JavaScript bloat"

n_e — Sun, 22 Mar 2026 10:26:45 +0000

I assume they were talking about the comments here, not the post which I agree is great.