<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: nicomt</title><link>https://news.ycombinator.com/user?id=nicomt</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Wed, 08 Jul 2026 07:54:55 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=nicomt" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by nicomt in "I Don't Maintain My Homelab"]]></title><description><![CDATA[
<p>I think if you set cooldowns and stick to more reputable sources, it might be okay. I do pin my versions and do manual updates in my home lab, but that's more for stability and so it increases the chances I'll catch update issues while I'm already there. I don't pretend that gives me any extra security, though, because I don't have the time to review updates beyond surface-level changelogs. I don't think the solution to supply chain issues is for every developer to be paranoid at all times. I think we need better systems built on top of existing package managers to check provenance and integrity, and to allow security researchers and automated tools to vet releases before they're distributed more broadly.</p>
]]></description><pubDate>Wed, 01 Jul 2026 11:01:23 +0000</pubDate><link>https://news.ycombinator.com/item?id=48744875</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=48744875</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48744875</guid></item><item><title><![CDATA[New comment by nicomt in "One person was able to claim 20M IPs"]]></title><description><![CDATA[
<p>You're right, like others said in the comments the 9% in the comments is from total active hosts tracked by Censys (~231 million). But I still think it's challenging to have that much reach and unlikely to be an ad campaign. Using numbers from the website bellow the cost of getting 20 million impressions would be around $43,200 on the low-end for YouTube ads and can be much higher on different platforms. That is also assuming perfect efficiency were you we have exactly one impression per IP which is unlikely to be the case.<p><a href="https://www.guptamedia.com/social-media-ads-cost" rel="nofollow">https://www.guptamedia.com/social-media-ads-cost</a></p>
]]></description><pubDate>Sat, 16 Aug 2025 23:38:13 +0000</pubDate><link>https://news.ycombinator.com/item?id=44927725</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44927725</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44927725</guid></item><item><title><![CDATA[New comment by nicomt in "One person was able to claim 20M IPs"]]></title><description><![CDATA[
<p>I find this really interesting, I can see a few different ideas on GitHub to claim IPs, but I don't see any of those reaching that scale.<p><a href="https://github.com/search?q=ipv4.games%2Fclaim&type=code&p=1" rel="nofollow">https://github.com/search?q=ipv4.games%2Fclaim&type=code&p=1</a><p>While running ads is definitely a possibility, reaching 9% of all available IPs sounds like a crazy expensive campaign. I don't know what the ratio of people to public IP is but I doubt it's one.</p>
]]></description><pubDate>Sat, 16 Aug 2025 19:53:33 +0000</pubDate><link>https://news.ycombinator.com/item?id=44926433</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44926433</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44926433</guid></item><item><title><![CDATA[New comment by nicomt in "One Dataset. No Warning. Google Took Everything. You're Not Safe Either"]]></title><description><![CDATA[
<p>Google suspended my payments account a few months ago without even notifying me. I never received a reason for the suspension, but I suspect it's related to a failed game refund from Stadia, as I see a refund error in my payment notifications. Dealing with Google Support has been a Kafkaesque loop where I have to explain the same thing over and over, only to get the same scripted instructions that take me nowhere. After this dance, they finally say they will "escalate" the issue and then close the case. At this point, I've given up and am in the process of de-googling my life.</p>
]]></description><pubDate>Mon, 04 Aug 2025 01:37:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=44781365</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44781365</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44781365</guid></item><item><title><![CDATA[New comment by nicomt in "My Self-Hosting Setup"]]></title><description><![CDATA[
<p>Yeah, that is how I use it. You can technically host any TCP including end to end encrypted data through CloudFlare tunnels but you need the cloudflared app installed on the client side to access it (SSO still works even for this case). I find having to manage certificates and installing cloudflared everywhere is too much of a hassle.
I understand that proxing through CloudFlare gives them a lot of visibility and control, but I find that risk acceptable given my application.</p>
]]></description><pubDate>Sat, 19 Jul 2025 16:03:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=44616643</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44616643</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44616643</guid></item><item><title><![CDATA[New comment by nicomt in "My Self-Hosting Setup"]]></title><description><![CDATA[
<p>> You rely on third party solution which may or may not be made to government agencies.<p>That's a fair point, but for my use case, I feel comfortable enough with CloudFlare given the trade-offs.<p>> You also need to trust they Cloudflare doesn’t make mistakes, either.<p>I think the chances of CloudFlare making a mistake are much lower than me or any other individual Developer.<p>> Cloudflare for a road warrior setup? How do you track ever changing dynamic IPs?<p>I think you need to read the docs. All of that works without any extra config when using tunnels.</p>
]]></description><pubDate>Sat, 19 Jul 2025 09:48:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=44614018</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44614018</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44614018</guid></item><item><title><![CDATA[New comment by nicomt in "My Self-Hosting Setup"]]></title><description><![CDATA[
<p>It's not open-source or self-hosted but putting it out there: CloudFlare zero-trust is amazing and free. In my setup, I have a cloudflared tunnel configured in my homelab machine and I expose individual services without a VPN or opening up my firewall. You can also set up authentication with SSO, and it happens before reaching the backend application which makes it more secure. This is easy for family and friends to use, because they don't need to setup anything from their side, just go to the URL and login.
<a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/" rel="nofollow">https://developers.cloudflare.com/cloudflare-one/connections...</a></p>
]]></description><pubDate>Sat, 19 Jul 2025 09:17:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=44613865</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=44613865</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44613865</guid></item><item><title><![CDATA[New comment by nicomt in "A Critical Look at MCP"]]></title><description><![CDATA[
<p>The post misses the mark on why a stateless protocol like MCP actually makes sense today. Most modern devs aren’t spinning up custom servers or fiddling with sticky sessions—they’re using serverless platforms like AWS Lambda or Cloudflare Workers because they’re cheaper, easier to scale, and less of a headache to manage. MCP’s statelessness fits right into that model and makes life simpler, not harder.<p>Sure, if you’re running your own infrastructure, you’ve got other problems to worry about—and MCP won’t be the thing holding you back. Complaining that it doesn’t cater to old-school setups kind of misses the point. It’s built for the way things work now, not the way they used to.</p>
]]></description><pubDate>Sat, 10 May 2025 18:10:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=43947662</link><dc:creator>nicomt</dc:creator><comments>https://news.ycombinator.com/item?id=43947662</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43947662</guid></item></channel></rss>