Hacker News: pilgrim0

New comment by pilgrim0 in "Obsidian plugin was abused to deploy a remote access trojan"

pilgrim0 — Mon, 11 May 2026 06:02:10 +0000

Get real, kepano. You’re overestimating the consciousness of most casual users. Having godmode, RCE-capable plug-ins behind few safety warnings that most people will happily ignore to get shit done is not good engineering. I understand the constraints. In your shoes I would at minimum make a different version of the app in which you could allow these plug-ins and not put them under trivial banners within the canonical version of the app. You say you have banners, but these sit in the natural flow of the user journey, the options are clearly available and these banners are merely to exempt you from any liability, not to protect the users.

New comment by pilgrim0 in "Obsidian plugin was abused to deploy a remote access trojan"

pilgrim0 — Mon, 11 May 2026 05:40:32 +0000

Web stack plus lack of resources to architect the proper interfaces is my guess. These are software written in high level js frameworks, thus using poor dataflow patterns by default, mostly just following what is actually possible instead of employing intentional design, which would require going down some levels of abstraction and maintaining a custom fork of said frameworks. So they probably just architect plug-ins like you would instantiate a library passing a subset of the context the app uses. Basically the simplest workable thing possible. Although the disclosed hack does not mention any particular “vulnerability”. Plug-ins in obsidian are always in god mode, and the alleged hackers just tricked people in using them. Funny how an RCE waiting to happen behind a few popups is ultimately blamed on users. Shame on the developers.

New comment by pilgrim0 in "Why TUIs are back"

pilgrim0 — Sun, 03 May 2026 20:04:54 +0000

remapping capslock to esc is something nobody whom i've shamed into doing can go back from. it's just night and day. i've been thinking lately that the reason we need hjkl is vim is because the keyboard layout is actually bad for arrows. on typewriters there was no arrows, but on a computer arrows are of primary importance. i think the spacebar doesn't need to be so big, there's no reason for it to be available to both thumbs, and i think moving the small set of arrows into the left or right part of the spacebar position would be so much better for typing because the hjkl hack only work in hacker editors, but we need to use arrows a lot on normal software and it's super bad for your hand if you use it a lot. i started developing inflamations because of the way i fold my thumb to reach for the arrows without moving my entire hand.

New comment by pilgrim0 in "San Francisco, AI capital of the world, is an economic laggard"

pilgrim0 — Tue, 28 Apr 2026 05:42:35 +0000

Swimming in borrowed or imaginary cash without any hope of paying it back in the foreseeable future.

New comment by pilgrim0 in "Agentic AI systems violate the implicit assumptions of database design"

pilgrim0 — Sun, 26 Apr 2026 16:29:01 +0000

Who the hell let agents directly use a database? Even humans don’t get this privilege. So, of all things, we forgot how to write APIs now? The article suggests creating a role for the agent directly in the database. What is wrong with you people? The very title of the article defeats its own purpose. They are not designed for this so don’t let them be used like this, ffs.

New comment by pilgrim0 in "The West forgot how to make things, now it’s forgetting how to code"

pilgrim0 — Sun, 26 Apr 2026 16:15:08 +0000

The same applies to the south. It’s shocking to read tales of people spending hundreds of dollars monthly with coding agents, that’s wholly impossible for the vast majority of devs in South America, even 20 dollars is hard to justify for most households. By economic factors alone, I bet there are a lot more people learning the hard skills in places they can’t afford to be dependent on the tools.

New comment by pilgrim0 in "How to be anti-social – a guide to incoherent and isolating social experiences"

pilgrim0 — Sat, 25 Apr 2026 15:16:44 +0000

I’m also in this camp. There’s nothing better than to be lost in your own flow. However, I find these moments to be richer when someone is silently tinkering besides you, in sort of a passive interaction. Typical people tend to behave awkwardly when there’s no point or reason in talking while in the company of others. This has to be as much as a deficit as the normative definition of social awkwardness. I could never connect with these kind of people, that are always ruining silence for no reason other than trying to escape their own discomfort.

New comment by pilgrim0 in "Over-editing refers to a model modifying code beyond what is necessary"

pilgrim0 — Wed, 22 Apr 2026 18:37:34 +0000

Like others mentioned, letting the agent touch the code makes learning difficult and induces anxiety. By introducing doubt it actually increases the burden of revision, negating the fast apparent progress. The way I found around this is to use LLMs for designing and auditing, not programming per se. Even more so because it’s terrible at keeping the coding style. Call it skill issue, but I’m happier treating it as a lousy assistant rather than as a dependable peer.

New comment by pilgrim0 in "The creative software industry has declared war on Adobe"

pilgrim0 — Sun, 19 Apr 2026 21:00:52 +0000

Adobe won’t be hurt by this in the professional market because they have inter-app compatibility and a somewhat consistent language, plus you need their software to work with legacy files. Adobe is cheap, you can get the full suite for a very reasonable price. Competing software is always niche and you need to learn each one individually as they don’t share UX principles nor ontologies. They might be free now, but imagine managing individual subscriptions for each one later on; a nightmare for individuals and companies alike. Just needing to sign-up for multiple apps individually is a headache, all the emails and updates, etc. Unless someone makes a comparable and comprehensive suite, they won’t be actually competing with Adobe.

New comment by pilgrim0 in "Claude Design"

pilgrim0 — Sat, 18 Apr 2026 03:04:35 +0000

Typst is unfairly good for doing systematic designs. I wrote a template system for a complex product catalog in a couple days. Then I modeled the clients products list (exported from their ERP) to the schema and generated a hundred pages catalog instantly with flawless layout. Traditional catalog design in InDesign is extremely prone to errors and inconsistencies, not to mention time consuming if done by hand and very brittle if done with the native automation, which does not handle tabular data very well, requiring arcane non-UTF8 encodings. With Typst, if done right and input data is properly treated once, you can wholly skip the review phase which is represents a massive cost reduction. IMO doing this kind of parametric design from a DSL, either for print or digital, is something massively underrated. Surely feels like cheating. Organizing the media files is a bit more time consuming, though, even with automation. But once you organize and standardize the media repo you’re set, as you just need to do the plumbing once.

New comment by pilgrim0 in "Claude Design"

pilgrim0 — Fri, 17 Apr 2026 20:25:32 +0000

There’s no conflict here. Using a tool to automate what you have validated to be the trivial parts of a production process is the proper use of the tool. Professional designers also use this bias. For instance, I might recognize that creating a custom font or illustration is not core to my solution, so I can employ an off the shelf font or illustration and focus, say, in the written content. Same principle. The problem is most people won’t even acknowledge or validate the essential aspects of the solution and just iterate mindlessly.

New comment by pilgrim0 in "Claude Design"

pilgrim0 — Fri, 17 Apr 2026 20:02:08 +0000

Balancing requirements to achieve something you care about is doing design. I take that by “design” here you mean perhaps a particular interface or media, and you reckon that such element is not critical to your solution. If that’s the case then there’s no conflict at all. By reaching that conclusion you isolated what’s important and are correctly applying energy where it matters. This happens a lot in design, where producing or perfecting media interfaces is not necessary.

New comment by pilgrim0 in "Claude Design"

pilgrim0 — Fri, 17 Apr 2026 19:47:10 +0000

The argument is not that only designers can design, nor that everyone should design like a designer. It’s to not confuse shopping for or generating generic solutions with the activity of problem solving. Per Alexander, trivial problems, those that can be solved without balancing interactions between conflicting requirements, are not design problems. So, don’t worry and just pick what you need and like!

New comment by pilgrim0 in "Claude Design"

pilgrim0 — Fri, 17 Apr 2026 17:59:49 +0000

On Notes on the Synthesis of Form, Alexander defines design as the rationalization of the forces that define a problem. You’ll won’t find a better definition. But people tend to think design is the synthesis and its results. This misunderstanding of the role of design and the designer is responsible for all the unfit designs we encounter on a daily basis. Anyone equipped with a synthesis tool and feeling empowered to quickly and cheaply generate forms will almost inevitably become blind to the very nature of the underlying problems they set to solve. They’ll be fitting the problem to the available forms. They’ll skip the understanding, the conversations, the conflicts and disagreements, and happily and wrongly assume a design problem can be solved hermetically, in isolation. They’ll think quality is a factor of aesthetics, when in truth, aesthetics is an effect; nevertheless these effects is all they’ll have control over, as it’s all the tool can do. The tool will hinder their ability to be rational; to see the inner structures; to find the hidden but essential semantics; to create the ontologies that’ll support not only the immediate synthesis, but that will sustain the evolution of the design over its lifetime. They’ll be denied the enlightenment that comes with gradual, slow construction; the only place and moment where innovative ideas reveal themselves. They’ll be impoverished and confuse output with agency. I feel sorry for anyone that will think using tools equals doing design, because of the truly marvelous human experiences that they’ll miss, and that could never be replaced by the shallow pride of empty achievement.

New comment by pilgrim0 in "Project Glasswing: Securing critical software for the AI era"

pilgrim0 — Wed, 08 Apr 2026 00:37:36 +0000

Just a thought: The fact that the found kernel vulnerability went decades without a fix says nothing about the sophistication needed to find it. Just that nobody was looking. So it says nothing about the model’s capability. That LLMs can find vulnerabilities is a given and expected, considering they are trained on code. What worries me is the public buying the idea that it could in any way be a comprehensive security solution. Most likely outcome is that they’re as good at hacking as they’re at development: mediocre on average; untrustworthy at scale.

New comment by pilgrim0 in "Project Glasswing: Securing critical software for the AI era"

pilgrim0 — Wed, 08 Apr 2026 00:26:01 +0000

Maybe because there’s no critical and widely used software written by LLMs so far? Which says a lot about LLMs are failing to even approach the level of capabilities you would expect from all the hype? The goal has always been, even before LLMs, to find something smarter than our smarter humans. So far the success at that is really minuscule. Humans are still the benchmark, all things considered. Now they’re saying LLMs are going to be better than our best vulnerability researchers in a few months (literally what an Anthropic researcher said in a conference). Ok, that might happen. But the funny part is that the LLMs will definitely be the ones writing most of these vulnerabilities. So, to hedge against LLMs you must use LLMs. And that is gonna cost you more.

New comment by pilgrim0 in "What if the browser built the UI for you?"

pilgrim0 — Sun, 05 Apr 2026 07:36:28 +0000

You’re absolutely right. But consider big brands make for a minor percentage of sites on the web. Also recall that all those big brands have standard profiles on social media and they share the very same layout as your local dog shelter. They have no problem with that.

New comment by pilgrim0 in "What if the browser built the UI for you?"

pilgrim0 — Sun, 05 Apr 2026 07:16:07 +0000

Nice analogy with movies, but essentially it’s a category error. Movies are media, not interfaces. You consume movies, but _use_ websites. A movie is immutable. A website is dynamic. As a matter of fact, even movies follow a very common structure, from narrative, to format specs and credits. Directors and actors fit their performance to these constraints. Movies are arguably way more standard than websites.

New comment by pilgrim0 in "What if the browser built the UI for you?"

pilgrim0 — Sun, 05 Apr 2026 07:08:05 +0000

It could work if it makes production and distribution of content easier and cheaper. All social media sites without exception have standard layout and usability. There, brands encode their aesthetics through media, and brands are much more alive in these channels than on their own websites, which often lags behind their own platform profiles. Company websites are expensive to build, maintain and update. Even for a design company, say Pentagram, it’s much better to follow their work on the standard architecture of Instagram than on their own handcrafted and “beautiful” website. The relevance of corporate websites as a means to retrieve essential information is decaying. Economic factors ultimately drive decisions. If something like this existed in a solid form, it would be hard to justify spending thousands of dollars on a website. As a matter of personal opinion, UI should never be a place to express creativity. Media is a much better substrate to express personality than through user interface affordances. Nowadays all my corporate clients develop websites on the expectation that they will grant them legitimacy, and they don’t actually expect anyone to actually use or read them. As a user, I actually do prefer when a supplier has an Instagram page because their sites, if they even have one, are 100% going to be awful to read and navigate, not to mention they’ll almost certainly be outdated. The greatest barrier to something like this is simply tradition. The general idea is perfectly defensible and logical. We should be reminded that standard websites are never going away, so this is not to be a replacement, but could open the doors for small businesses and non-profits to spread rich structured information in a cheap and sovereign manner. The argument that businesses are averse to being scrapped is only true for elitist corporations. Most businesses stand to gain tremendously from having their data highly accessible from anywhere. And it’s damn easy to convince them of the benefits. Even more so considering that, if they want, they also could have their handcrafted website, which by the way would be simply a thematic structure over the very same API. You could argue that this is inevitable long term. But regarding the OPs prescribed timeline of couple years, I think it’s just naive. For this to become mainstream it would take at least a decade, if not more. Just writing the specs and tools for this would take years, easily.

New comment by pilgrim0 in "A forecast of the fair market value of SpaceX's businesses"

pilgrim0 — Thu, 02 Apr 2026 19:41:47 +0000

You could argue that space is highly useful for creating profitable narratives. You could even argue that this is the whole game.