Hacker News: purkka

New comment by purkka in "Moving beyond fork() + exec()"

purkka — Sat, 06 Jun 2026 20:47:24 +0000

Nope, the kernel can load static ELF binaries. ld.so is only needed for dynamically linked binaries, and in fact many Go applications (for example, as they're statically linked) ship as containers with nothing but the single binary.

New comment by purkka in "The user is visibly frustrated"

purkka — Tue, 26 May 2026 10:43:45 +0000

I've found this to be effective as well. Claude generally immediately identifies the stupid code pattern it used and tries to fix it (with somewhat varying results).

New comment by purkka in "Cooling copper plates could slash data center energy use by 90%"

purkka — Wed, 20 May 2026 18:46:42 +0000

90% of 30% of total energy use. So, actually 27%. What a title.

New comment by purkka in "/e/OS is a complete, fully “deGoogled” mobile ecosystem"

purkka — Mon, 02 Mar 2026 09:51:49 +0000

I wonder how this compares to GrapheneOS in practice.

>Operated by Murena, your Murena Workspace account @murena.io is at the centre of the ecosystem, allowing to store, back up and retrieve your data safely on remote servers.

This sounds like their version is somewhat married to Murena. While probably better than Google, still not independent.

They're also advertising features such as "hiding your IP address [...] when you feel like it" – which sounds a lot like a VPN – without mentioning much about who the traffic is going through or how they might log it.

New comment by purkka in "Euro firms must ditch Uncle Sam's clouds and go EU-native"

purkka — Sat, 31 Jan 2026 13:06:39 +0000

The Europeans have already cooperated with Americans so that each could read each other's citizens' private messaging which would be illegal for the locals.

Keeping the data overseas by design would just make this easier.

https://en.wikipedia.org/wiki/Operation_Trojan_Shield

New comment by purkka in "Why 451 Is Good for You – Greylisting Perspectives from the Early Noughties"

purkka — Sat, 03 Jan 2026 10:07:14 +0000

Greylisting is great until it delays your email login/signup verification codes for 20 minutes. Especially if they expire in 15.

I guess this only shows how email is used for entirely orthogonal purposes now.

New comment by purkka in "Rainbow Six Siege hacked as players get billions of credits and random bans"

purkka — Sat, 27 Dec 2025 22:56:09 +0000

Per the tweet linked in the article there were also random bans in addition to the ban feed shitposting.

https://x.com/KingGeorge/status/2004902566434668686

New comment by purkka in "Log level 'error' should mean that something needs to be fixed"

purkka — Sun, 21 Dec 2025 09:36:26 +0000

Python has LiteralString for this exact purpose. It's only on the type checker level, but type checking should be part of most modern Python workflows anyway. I've seen DB libraries use this a lot for SQL parameters.

https://typing.python.org/en/latest/spec/literal.html#litera...

New comment by purkka in "Unofficial "Tier 4" Rust Target for older Windows versions"

purkka — Tue, 18 Nov 2025 13:07:39 +0000

It does, especially at the scale of operating systems.

Bugs and vulnerabilities are always being found, with fewer and fewer people in the pool that might even theoretically want to pay for fixing them.

Also, hardware does deteriorate, and the story is the same for adding software support for whatever is currently available in hardware.

New comment by purkka in "Grok 4 Fast"

purkka — Sat, 20 Sep 2025 09:53:52 +0000

Based on the various benchmarks linked here and in the OP, the name feels justifiable. "Mini" models tend to be a lot worse compared to the base model than this one seems to be.

New comment by purkka in "The untold impact of cancellation"

purkka — Fri, 01 Aug 2025 13:52:06 +0000

> Are you aware that here you are arguing for criminal sanctions on the order of 10 years in prison, for writing a letter?

It's about writing a letter that can result in someone else receiving criminal sanctions on the order of 10 years in prison, when that someone might not have even written a letter.

Provably false is essential here.

New comment by purkka in "JOVE – Jonathan’s Own Version of Emacs"

purkka — Sun, 20 Jul 2025 20:55:09 +0000

> Unlike GNU Emacs, JOVE does not support UTF-8.

If this is still true in the latest versions, I find it pretty amazing that something like this has been maintained all the way until 2023.

New comment by purkka in "Debian bookworm live images now reproducible"

purkka — Wed, 26 Mar 2025 17:40:28 +0000

Generally, yes: https://reproducible-builds.org/docs/timestamps/

Since the build is reproducible, it should not matter when it was built. If you want to trace a build back to its source, there are much better ways than a timestamp.

New comment by purkka in "Ask HN: How did the internet discover my subdomain?"

purkka — Fri, 07 Mar 2025 15:38:50 +0000

"Security through obscurity" can definitely be defined in a meaningful way.

The opposite of "bad security through obscurity" is using completely public and standard mechanisms/protocols/algorithms such as TLS, PGP or pin tumbler locks. The security then comes from the keys and other secrets, which are chosen from the space permitted by the mechanism with sufficient entropy or other desirable properties.

The line is drawn between obscuring the mechanism, which is designed to have measurable security properties (cryptographic strength, enumeration prevention, lock security pins), and obscuring the keys that are essentially just random hidden information.

Obscuring the mechanism provides some security as well, sure, but a public mechanism can be publicly verified to provide security based only on secret keys.

New comment by purkka in "Sherlock: Hunt down social media accounts by username across 400 social networks"

purkka — Thu, 26 Dec 2024 10:47:02 +0000

This is a Gmail-specific feature. I'd guess it's there for user convenience and some protection against typos (accidental or malicious).

https://support.google.com/mail/answer/7436150?hl=en

New comment by purkka in "Museum of Bad Art"

purkka — Mon, 18 Nov 2024 00:09:20 +0000

Came across this today. Especially the collection highlights on Wikipedia [0] really made my day.

[0]: https://en.wikipedia.org/wiki/Museum_of_Bad_Art#Collection_h...

Museum of Bad Art

purkka — Mon, 18 Nov 2024 00:09:20 +0000

Article URL: https://museumofbadart.org/

Comments URL: https://news.ycombinator.com/item?id=42168503

Points: 207

# Comments: 138

New comment by purkka in "Malicious SHA-1 (2014)"

purkka — Fri, 27 Sep 2024 17:21:22 +0000

> The case I was making, is that weakhash(stronghash(m)) has the security of weakhash, no matter how strong stronghash is.

I'll have to disagree. There are no known collision attacks against SHA-1(SHA-3(M)), so in the applied case, a combination can be more secure for some properties, even if it isn't in the theoretical case.

New comment by purkka in "Malicious SHA-1 (2014)"

purkka — Fri, 27 Sep 2024 12:17:31 +0000

> H0(H1(m)) has the security of just H0. Hashes are not made to protect the content of m, but instead made to test the integrity of m. As such, a flaw in H0 will break the security guarantee, no matter how secure H1 is.

But this isn't true for all flaws. For example, even with the collision attacks against SHA-1, I don't think they're even remotely close to enabling a collision for SHA-1(some_other_hash(M)).

Similarly, HMAC-SHA-1 is still considered secure, as it's effectively SHA-1-X(SHA-1-Y(M)), where SHA-1-X and SHA-1-Y are just SHA-1 with different starting states.

So there's some value to be found in nesting hashes.

[1]: https://en.wikipedia.org/wiki/HMAC#Definition

New comment by purkka in "GitHub was down"

purkka — Wed, 14 Aug 2024 23:16:50 +0000

I have to wonder how a company at the scale of GitHub can be so bad at keeping track of their status.

Now 4 out of 10 services are marked as "Incident", yet most of the others are also completely dead.