Hacker News: philipwhiuk

New comment by philipwhiuk in "WhatsApp Business API pricing 2026: what's free and where markup hides"

philipwhiuk — Fri, 12 Jun 2026 16:11:46 +0000

I mean surely this was always going to happen? A fixed fee just means less frequent users subsidising everyone else.

New comment by philipwhiuk in "Claude Fable is relentlessly proactive"

philipwhiuk — Fri, 12 Jun 2026 11:18:14 +0000

Isn't the whole point of a better model that it should be better at understanding you than the previous one? So the same prompt should return a better answer.

Prompting differently to the new model seems entirely backwards when trying to determine if the model has improved.

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Wed, 10 Jun 2026 13:27:54 +0000

In a tool that's dumb enough to run code from untrusted folders.

`cd folder` does nothing.

New comment by philipwhiuk in "What it feels like to work with Mythos"

philipwhiuk — Wed, 10 Jun 2026 08:53:35 +0000

> the author had to be referencing this moment in their challenge to Fable/Mythos.

Or it just swept it up in the training data given Anthropic license Reddit comments.

New comment by philipwhiuk in "What it feels like to work with Mythos"

philipwhiuk — Wed, 10 Jun 2026 08:52:41 +0000

Given that token counts are easily available not providing how much any of his examples cost is lunacy.

New comment by philipwhiuk in "Upcoming breaking changes for npm v12"

philipwhiuk — Wed, 10 Jun 2026 08:45:00 +0000

> On balance, it’s npm’s belief that the utility of having installation scripts is greater than the risk of worms. This is a tradeoff that we will continue to evaluate.

They chose...poorly

New comment by philipwhiuk in "Upcoming breaking changes for npm v12"

philipwhiuk — Wed, 10 Jun 2026 08:43:30 +0000

grep?

New comment by philipwhiuk in "Upcoming breaking changes for npm v12"

philipwhiuk — Wed, 10 Jun 2026 08:41:37 +0000

The entire use-case of that package is a security nightmare.

New comment by philipwhiuk in "Job: Head of Stonehenge"

philipwhiuk — Tue, 09 Jun 2026 16:38:21 +0000

Urgency based on medical reasons rather than financial wealth.

Crazy huh?

New comment by philipwhiuk in "Job: Head of Stonehenge"

philipwhiuk — Tue, 09 Jun 2026 16:37:12 +0000

And this is third sector.

New comment by philipwhiuk in "Albania Is Not for Sale: Kushner's $4B Resort Triggers'Flamingo Revolution'"

philipwhiuk — Tue, 09 Jun 2026 15:34:45 +0000

Stop the financialisation of everything.

(Or if you prefer because you are unable to compute that, the price is upfront $70,000 trillion (2025 prices) - cash only)

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Tue, 09 Jun 2026 13:05:03 +0000

It only spreads if you run the code...

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Tue, 09 Jun 2026 13:01:31 +0000

Some form of public communication from Microsoft Security indicating an actual threat to their ecosystem and published pipeline of work to reduce the ability of attacks to spread via GitHub actions.

They can publish self-congratulatory stuff like this: https://www.microsoft.com/en-us/security/blog/2026/06/05/sec... but they can't publish a post-mortem on their own platform?

I'm told that when Affirmed got compromised Microsoft Security descended on the org and rewrote their entire backlog. Where is the plan from GitHub that they are now taking security seriously given GitHub Actions is now a primary threat vector even for projects written by their own company.

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Tue, 09 Jun 2026 12:58:32 +0000

* GitHub [which they own] failed to detect the account was compromised

* GitHub [which they own] allowed the contribution to ignore CI

* GitHub [which they own] failed to detect suspicious content on check-in

* GitHub [which they own] isn't sufficiently integrated into Microsoft security that the compromised token wasn't rolled.

New comment by philipwhiuk in "Show HN: Gitdot – A better GitHub. Open-source, written in Rust"

philipwhiuk — Tue, 09 Jun 2026 12:41:09 +0000

Be honest and transparent about who you are what you have and what you did. If it took you a year of solid development, it'll probably look like it did. If it took you 15 minutes in Claude... well it probably looks like it did too.

If you are YC backed then say "YC Winter 2026" or whatever in your title frankly - people will work it out anyway.

They said it was a better GitHub, which is a very high bar (despite the regular complaints about GitHub). They also said it was anti-AI, despite it being vibe-coded.

Also, know your competitive space. Posting on HN is like pitching - not knowing about your competitors is not really going to work - you need an answer for, for example, why someone picks Gitdot over SourceHut.

New comment by philipwhiuk in "Job: Head of Stonehenge"

philipwhiuk — Tue, 09 Jun 2026 09:43:20 +0000

The height of the stones goes to 13!

New comment by philipwhiuk in "Job: Head of Stonehenge"

philipwhiuk — Tue, 09 Jun 2026 09:42:03 +0000

Probably FANG or finance.

New comment by philipwhiuk in "Ask HN: Why hasn't there been a real competitor to Ticketmaster yet?"

philipwhiuk — Tue, 09 Jun 2026 09:28:50 +0000

DICE are owned by Fever as of 2025.

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Tue, 09 Jun 2026 09:24:45 +0000

Azure are able to be targets of supply chain attack because of the supply chain ecosystem that they still own. It's not really a supply chain when it's still yours.

New comment by philipwhiuk in "Microsoft's open source tools were hacked to steal passwords of AI developers"

philipwhiuk — Tue, 09 Jun 2026 09:23:06 +0000

> > This is Microsoft’s second known breach over the past few weeks that has allowed hackers to compromise its open source projects, per Ars Technica.

> I, like many others love to knock on Microslop when I can, but in this case they did the right thing.

I've no idea what your problem with this sentence is. They have an organisational security problem, aided/demonstrated by lack of effort to effectively lockdown GitHub Actions and allowing MRs to circumvent CI/CD.

That this is a Microsoft problem that was present pre-AI is not up for debate. See https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO...

In the age of AI, it's now endemic and being weaponised.