Hacker News: pagecalm

New comment by pagecalm in "Subscription bombing and how to mitigate it"

pagecalm — Thu, 02 Apr 2026 15:45:26 +0000

Honestly just don't send anything past the verification email until the address is confirmed. A lot of the other fixes here are working around what's really just auth libraries trusting the address on signup. Feels like that's the thing worth fixing first.

New comment by pagecalm in "Any good 2026 April Fools Pranks"

pagecalm — Wed, 01 Apr 2026 18:01:20 +0000

FFmpeg is moving to rust! https://x.com/FFmpeg/status/2039115531744334180?s=20

New comment by pagecalm in "Claude Code users hitting usage limits 'way faster than expected'"

pagecalm — Tue, 31 Mar 2026 18:27:32 +0000

Hit this myself recently, along with a bunch of overloaded errors. I think it's growing pains for where we are with AI right now.

As the tooling matures I think we'll see better support for mixing models — local and cloud, picking the right one for the task. Run the cheap stuff locally, use the expensive cloud models only when you actually need them. That would go a long way toward managing costs.

There's also the dependency risk people aren't talking about enough. These providers can change pricing whenever they want. A tool you've built your entire workflow around can become inaccessible overnight just because the economics shifted. It's the vendor lock-in problem all over again but with less predictability.

New comment by pagecalm in "Axios compromised on NPM – Malicious versions drop remote access trojan"

pagecalm — Tue, 31 Mar 2026 18:16:39 +0000

This is the part that's tough — we push everyone to keep dependencies updated and automate it with Renovate or Dependabot, but that's exactly the pipeline that would have pulled this in before anyone noticed. Lockfiles and pinning help slow it down, but most teams pair those with automated update PRs which kind of negates the point. You can reduce your dependency surface area to lower the odds but one compromised maintainer on a top-10 package and none of that matters.

New comment by pagecalm in "Slop is not necessarily the future"

pagecalm — Tue, 31 Mar 2026 18:06:07 +0000

Agreed on the economics side. Clean code saves you time and money whether a human or AI wrote it. That part doesn't change.

But I don't think the models are going to get there on their own. AI will generate a working mess all day long if you let it. The pressure to write good code has to come from the developer actually reviewing what comes out and pushing back. The incentive is there but it only matters if someone acts on it.