Hacker News: pimterry

The Internet Bug Bounty paused indefinitely

pimterry — Thu, 02 Apr 2026 15:20:21 +0000

Comments URL: https://news.ycombinator.com/item?id=47615666

Points: 2

# Comments: 0

New comment by pimterry in "Tell HN: Chrome says "suspicious download" when trying to download yt-dlp"

pimterry — Tue, 31 Mar 2026 17:17:14 +0000

EV no longer skips smartscreen either nowadays. I understand that was abused, so it's treated as the same as OV. Having a certificate allows the cert itself to accumulate trust (rather than each binary independently doing so) and provides better UX and I suspect an initial small boost to trust signal, but doesn't bypass the initial distrust. There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.

New comment by pimterry in "FCC updates covered list to include foreign-made consumer routers"

pimterry — Tue, 24 Mar 2026 10:43:12 +0000

> no Gov agency would ever mandate secure firmware

Interestingly, Europe is about to try this: the Cyber Resilience Act is going to become obligatory for all sold digital products (hardware & software) by the end of 2027, with a bunch of strict minimum requirements: no hardcoded default passwords, must check for known vulnerabilities in components/dependencies, encryption for data at rest, automatic security updates by default (which must be separate from functionality updates), etc.

Remains to be seen whether this'll help, but good to see somebody have a go at fixing this.

New comment by pimterry in "Ireland shuts last coal plant, becomes 15th coal-free country in Europe (2025)"

pimterry — Mon, 09 Mar 2026 15:19:09 +0000

Europe is less industrial than in the past, but by every measure I can find many countries (especially Germany, Poland, Slovakia, Italy) are significantly more industrialized than the US - around 1.5x to 3x as much industrial activity and employment per capita, depending on the measure. Even the very least industrialized of the major EU nations (e.g. Spain, Greece) only just drop down to match the US numbers per-capita.

Migrating from Heroku to Magic Containers

pimterry — Thu, 05 Mar 2026 12:12:13 +0000

Article URL: https://bunny.net/blog/migrating-from-heroku-to-magic-containers/

Comments URL: https://news.ycombinator.com/item?id=47260712

Points: 36

# Comments: 12

A New Home for React Hosted by the Linux Foundation

pimterry — Thu, 26 Feb 2026 11:36:39 +0000

Article URL: https://react.dev/blog/2026/02/24/the-react-foundation

Comments URL: https://news.ycombinator.com/item?id=47164660

Points: 2

# Comments: 0

New comment by pimterry in "Dictionary Compression is finally here, and it's ridiculously good"

pimterry — Tue, 24 Feb 2026 08:46:23 +0000

For now, but accepted and planned for future releases by both Safari (https://github.com/WebKit/standards-positions/issues/160) & Firefox (https://bugzilla.mozilla.org/show_bug.cgi?id=1882979).

Confusables.txt and NFKC disagree on 31 characters

pimterry — Mon, 23 Feb 2026 12:55:39 +0000

Article URL: https://paultendo.github.io/posts/unicode-confusables-nfkc-conflict/

Comments URL: https://news.ycombinator.com/item?id=47121716

Points: 60

# Comments: 40

Dictionary Compression is finally here, and it's ridiculously good

pimterry — Mon, 23 Feb 2026 12:04:27 +0000

Article URL: https://httptoolkit.com/blog/dictionary-compression-performance-zstd-brotli/

Comments URL: https://news.ycombinator.com/item?id=47121233

Points: 39

# Comments: 18

New comment by pimterry in "Keep Android Open"

pimterry — Sat, 21 Feb 2026 11:47:30 +0000

Done! I wrote up both my concerns about this and how it affects app/app-store market competition, and how limitations like Play Integrity encourage apps to block usage on non-Google approved devices as well, since that's anti-competitive within the mobile device & OS market (blocking GrapheneOS, Waydroid, etc).

Supporting free competition with and within the Android market is in theory what these teams are all about so hopefully with enough voices they'll push harder on it. I'd love to see a shift here that makes non-Google/Apple-controlled mobile a possible option (even if it's a Linux-on-desktop-style niche for the foreseeable future)

New comment by pimterry in "Sizing chaos"

pimterry — Thu, 19 Feb 2026 09:20:43 +0000

This exists, https://www.sonofatailor.com/ for example. You put in a full set of your measurements, pick a type of garment, and they make it to fit and ship it, takes a couple of weeks or so.

It is more expensive, but not impossibly so, and they fairly aggressively discount for larger orders which presumably amortizes some of the overheads.

New comment by pimterry in "WiFi could become an invisible mass surveillance system"

pimterry — Wed, 11 Feb 2026 16:37:51 +0000

There's a big difference between 'presence detection' and 'tracking individuals'. Both in terms of tech and privacy impact.

New comment by pimterry in "Europe's $24T Breakup with Visa and Mastercard Has Begun"

pimterry — Tue, 10 Feb 2026 17:43:54 +0000

> for the Android case, as you use it from your bank's app, it would typically require some Google security assurances - so no Huawei phones allowed, for example

I don't know about Huawei, but actually most (all?) of the banking apps in Spain should work on a non-Google-certified Android builds. There's an community list tracking GrapheneOS compatibility at https://privsec.dev/posts/android/banking-applications-compa... and all of them currently appear supported just fine.

New comment by pimterry in "Europe's $24T Breakup with Visa and Mastercard Has Begun"

pimterry — Tue, 10 Feb 2026 17:34:10 +0000

> “Breakup” seems a bit exaggerated considering the % of payment volume which might switch to the new system.

Brazil introduced Pix in 2019, it's now the most used payment method for all transactions nationwide, ahead of both cards & cash.

India introduced UPI in 2016, it now handles >80% of digital payments there, and handles more transactions a day than Visa does worldwide.

It's totally plausible to me that a similar replacement could overtake cards completely within a decade. The lack of cross-border support means "Pay with Bizum" is a niche feature that's only useful in Spain, but if "Pay with Wero" becomes an instant & ~free payment method that works for hundreds of millions of users then it's a very different ballgame.

New comment by pimterry in "Bunny Database"

pimterry — Wed, 04 Feb 2026 12:14:28 +0000

I've been using their DNS (and CDN) for a good while. Only positive experiences - fast & rock solid. I would start a new project with them again in future.

I've also tried some of their new more experimental stuff (magic containers, edge scripting) and it's much rougher, but the core product is very good imo.

I wish they'd focus more instead there tbh, there's plenty more that could be done in terms of core content delivery, without trying to enter other (very competitive & I think much more complicated) markets like serverless hosting.

New comment by pimterry in "The Codex App"

pimterry — Tue, 03 Feb 2026 09:51:43 +0000

> the company has the money

It's not about money. It's not a tradeoff in cost vs quality - it's a tradeoff in development speed. Shipping N separate native versions requires more development time for any given change: you must implement everything (at least every UI) N times, which drastically increases the design & planning & coordination required vs just building and shipping one implementation.

Do you want to move slower to get "native feel", or do you want to ship fast and get N times as much feature dev done? In a competitive race while the new features are flowing, development speed always wins.

Once feature development settles down, polish starts to matter more and the slowdown becomes less important, and then you can refocus.

New comment by pimterry in "EU–INC – A new pan-European legal entity"

pimterry — Wed, 21 Jan 2026 17:43:09 +0000

> Similar experience in Spain, fill out 2-3 forms and it's done.

This isn't true in Spain - all company creation requires a notary, among other awkward steps (although as of relatively recently in some cases you can now do this over videoconference, without physically visiting at least). It's not as bad as what I hear of in Germany, but it's non-trivial and slow, and the banking setup process is similarly annoying and slower than it should be.

You can register as autonomo (an individual freelancer) easily with just a couple of forms, but that is not the same thing as creating a separate legal business entity (SL).

New comment by pimterry in "Children with cancer scammed out of millions fundraised for their treatment"

pimterry — Tue, 16 Dec 2025 11:55:53 +0000

In terms of waiting times to see a doctor or specialist (the only cases where stats for the US seem to be available), the US looks a touch better than average in waiting times for healthcare within comparable countries: https://www.oecd.org/en/publications/health-at-a-glance-2025....

Ahead of Canada, sure (they come worst here in both scenarios) but behind countries like the UK, Germany & the Netherlands that do have universal health care.

New comment by pimterry in "Stop Breaking TLS"

pimterry — Wed, 10 Dec 2025 09:18:29 +0000

It's definitely annoying if you work in enterprise, but on the flip side: the fact that these enterprise requirements exist is the main reason that TLS certificate configurability is possible at all, without which it would be dramatically harder (or impossible) to reverse engineer or do security & privacy research on mobile apps, IoT, etc etc etc.

Enterprise control over company devices and user control over personal devices are not so different.

A few apps do use certificate pinning nowadays, which creates similar problems, but saying "you can never add your own MitM TLS cert" is not far from certificate pinning everything everywhere all the time. Good luck creating a new home assistant integration for your smart airfryer when you can't read any of the traffic from its app.

Imo: let's make it easier! Standardize TLS configuration for all tools, make easy cert configuration of devices a legal requirement (any smart device sold with hardcoded CA certificates is a device with a fixed end date, where the CA certs expire and it becomes a brick), guarantee user control over their own TLS trust, and provide good tools to check exactly who you're trusting (and expose that clearly to users). Not really practical of course (and opens all sorts of risky games with nation state interception as well) but there are upsides here as well.

New comment by pimterry in "RCE Vulnerability in React and Next.js"

pimterry — Thu, 04 Dec 2025 09:32:27 +0000

Totally agree. Chiming in as another React dev: I really regret the last few years of choices React has made. I don't want a React-integrated BFF layer, even on greenfield projects, hooks are awful and the whole thing just gets more awkward to solve tangentially related problems.

I really do want a good frontend framework that lets me expressively build and render dynamic frontend components, but it feels like 99% of React's development in the last few years has been just been creating churn and making that core frontend experience worse and worse. Hooks solve challenges around sharing component meta-functionality but then end up far worse for all other non-trivial cases, and it seems like RSC & concurrency just break things and add constraints instead of improving any part of my existing experience.

I guess this is cool if you're building mega-projects, but it makes React actively painful to use for anything smaller. I still use it every day, but as soon as I find a good off-ramp for my product (something similar, but simpler) I will take it. Moving towards Preact & signals currently seems like the best option for existing projects so far as I can tell.