Hacker News: qixxiq

New comment by qixxiq in "Show HN: Piruetas – A self-hosted diary app I built for my girlfriend"

qixxiq — Sat, 02 May 2026 13:05:51 +0000

I’d caution against your “free forever” offer. Most people tend to backtrack on it.

There’s one case where it gets super popular, or attacked by spammers/bots, and the site becomes more effort to operate publicly than you want to do for free.

In another case your girlfriend stops using it, as well as some family, and the continued maintenance over the years feels like it isn’t worth it (because there is always maintenance.)

Either way you might want to shut it down, and promising “forever” to users feels problematic when you’re not being finically incentivised to keep it running. With the financial incentives it’s much easier to pass the burden on to someone else if you can’t run it for whatever reason too.

Ask HN: "Claws" and Human-in-the-Loop Safety

qixxiq — Sat, 28 Mar 2026 20:46:42 +0000

Hi all-

I built Sandclaw (https://github.com/qix/sandclaw) to test an idea of having a human in the loop on any write path that the agent might do. The core agent has access to read anything, but other than to the LLM provider that information is securely firewalled off.

Over time I can loosen the firewall, and allow safer actions (i.e. adding a task to my todo list is always safe), and perhaps build smarter checks to allow more autonomy. But the `DEFAULT DENY` to sending/deleting emails, browsing untrusted websites, or running shell commands.

Is there any project that actually does this? I've been searching but it looks like all the options focus on letting the agent handle when to ask, which feels... problematic.

Comments URL: https://news.ycombinator.com/item?id=47557998

Points: 1

# Comments: 1

Show HN: Sandclaw – A Safety First Agent

qixxiq — Fri, 06 Mar 2026 19:57:25 +0000

Article URL: https://github.com/qix/sandclaw

Comments URL: https://news.ycombinator.com/item?id=47280270

Points: 2

# Comments: 0

New comment by qixxiq in "Sick: Indexed deduplicated binary storage for JSON-like data structures"

qixxiq — Tue, 28 Oct 2025 14:14:21 +0000

    Current implementation has the following limitations:
      Maximum object size: 65534 keys
      The order of object keys is not preserved
      ...

    These limitations may be lifted by using more bytes to store offset pointers and counts on binary level. Though it's hard to imagine a real application which would need that.

I've worked on _many_ applications which have needed those features. Object keys is a per implementation detail, but failing at 65k keys seems like a problem people would likely hit if this were to be used at larger scales.

New comment by qixxiq in "Air Canada to Remove Free Carry-On from Basic Economy"

qixxiq — Fri, 06 Dec 2024 01:58:49 +0000

A piece of this (after just plain greed and enshittification) is inflation.

Or perhaps some type of shrinkflation, just offering less services at the same price.

New comment by qixxiq in "Jetstream: Shrinking the AT Protocol Firehose by >99%"

qixxiq — Tue, 24 Sep 2024 13:10:38 +0000

I don't have an understanding of SSE in depth, but one of the points the post is arguing for is compress once (using zstd dictionary) and send that to every client.

The dictionary allows for better compression without needing a large amount of data, and sending every client the same compressed binary data saves a lot of CPU time in compression. Streams, usually, require running the compression for each client.

New comment by qixxiq in "House passes bill to force TikTok sale from Chinese owner or ban the app"

qixxiq — Wed, 13 Mar 2024 17:14:21 +0000

I think there's one extension, although you _kind of_ covered it with "you just like the product"

Some people are addicted to the product. It's not even that they like it any more, and they can see the harm it causes, but they also can't imagine their lives without it.

I think it's a vital move by the government, but I also think it's too late.

New comment by qixxiq in "Show HN: Query Your Sheets with SheetSQL"

qixxiq — Wed, 13 Mar 2024 15:37:07 +0000

I've been using Google Sheets as a data store for some of my latest projects, and it's really (mostly) delightful.

https://www.wheremoneygo.com barely has a database, and bedsides protecting the Google access keys has minimal privacy/security risk.

The main risk, and something I've only seen once, is a corrupted database on the Google Sheets side. Since I don't want to keep backups of peoples sheets, if something goes wrong on the Google-side the entire database could be lost.

New comment by qixxiq in "Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced"

qixxiq — Tue, 07 Feb 2023 23:49:29 +0000

Honestly our findings from working at scale (Facebook, Google, Twitter, Discord, Reddit, ...) were actually the opposite.

With hand written (not arbitrary) rules it's easier to understand the intent of the attacker and build a system that they can't work around because we're blocking them at their source of income. Sure they can figure out how to post messages but unless they can include their link/payload/etc it's not worth their time.

Machine learning defences are definitely a part of what we did, but they're slower to respond to attacks and generally easier to work around.

New comment by qixxiq in "Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced"

qixxiq — Tue, 07 Feb 2023 21:10:19 +0000

I've tried to release this a couple times in the past (you'll notice the git repo has a four year history), and happy it's finally out the door. If anyone is interested in using this, or wants to talk about the strategies I'm happy to help in any way I can.

Proud of what we built at Smyte, and hoping it can find another live outside of Twitter [1] https://docs.sumatra.ai/scowl/

New comment by qixxiq in "Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced"

qixxiq — Tue, 07 Feb 2023 20:47:22 +0000

This was temporary due to the Twitter API being turned off, should be working now! (With slightly older data)

New comment by qixxiq in "Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced"

qixxiq — Tue, 07 Feb 2023 20:42:37 +0000

Sorry based on some other feedback I was just hacking away on turning off the profanity filter. Didn't think about the profile images (which we're not scanning, but typically is associated with them)

Version I'm pushing up right now has a

  LET ProfanityFilterEnabled := false;

that you'll need to tweak to turn it on.

New comment by qixxiq in "Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced"

qixxiq — Tue, 07 Feb 2023 20:15:23 +0000

Ah! Yeah extremely poor timing. The Twitter API has stopped letting me fetch the events. Going to try see if I can fix it quickly.

In the meantime the Wikipedia demo should be working, although it is far less interesting (much less data so not much spam popping up.)

SQRL: A Safe, Stateful Language for Event Streams [YC W15 Acquired by Twitter]

qixxiq — Tue, 07 Feb 2023 18:05:17 +0000

Article URL: https://sqrl-lang.github.io/sqrl/

Comments URL: https://news.ycombinator.com/item?id=34696434

Points: 2

# Comments: 0

Show HN: SQRL – Anti-spam rules language Twitter acquired in 2018, open-sourced

qixxiq — Mon, 06 Feb 2023 16:54:31 +0000

Hey all, author here! This is a demo of the rules engine we built to fight spam/abuse on the internet. It was built based on learnings from Facebook & Google, while trying to make a language that makes it simple for anti-spam analysts to quickly (and safely) deploy rules to production.

Unfortunately it looks like the Twitter event feed is temporarily down (they're blocking it, possibly as part of shutting down the API on Thursday). I have a cache of events from a little earlier that I'm going to try play through the stream.

Comments URL: https://news.ycombinator.com/item?id=34680269

Points: 200

# Comments: 44

New comment by qixxiq in "Booking.com gives €28m in bonuses to three top execs; Took €65m in State aid"

qixxiq — Fri, 28 May 2021 21:31:38 +0000

Yes, but stock ownership isn't even and so it'll again primarily go to the CEO/etc (while reducing their tax impact).

The employees earning minimum wage, and who likely don't hold any stock, won't see any of it.

New comment by qixxiq in "Selling Tiny Internet Projects for Fun and Profit"

qixxiq — Wed, 19 May 2021 12:29:55 +0000

Yes.

The buyer would might have been willing to pay $15,000+, but wanted to anchor (and start low) so went $4,500. The real max was introduced when the seller gave the $15,000 number... buyers never want to or will reveal their number (i.e. the $7500 was a lie.)

New comment by qixxiq in "Metakovan, the mystery Beeple art buyer, and his NFT/DeFi scheme"

qixxiq — Sun, 14 Mar 2021 16:08:00 +0000

A minor clarification about IPFS here:

The metadata in the NFT can (and in my opinion _should_) point to an ipfs:// style URL. The websites displaying the NFT would have to use some redirector, but the actual token would have a URL that anyone could host (known as "pinning") on the IPFS network.

New comment by qixxiq in "Beeple Mania"

qixxiq — Wed, 24 Feb 2021 19:12:03 +0000

Was released early December, was pretty confident about it-- probably should have bought more than one ;)

New comment by qixxiq in "Beeple Mania"

qixxiq — Wed, 24 Feb 2021 14:35:36 +0000

I bought one of his "Into the Ether" NFTs[1] but now I'm in a fairly interesting position. If I prove ownership of the artwork (via a signed message from the address) then Beeple will send the physical artwork to me but it'll immediately lose a high percentage of its value (currently trading at ~$90,000 from $969 original).

Right now it's owned/stored by the artist and someone buying the piece from me would be able to get it delivered directly from Beeple. That's a new level of unboxed where the piece of art is basically unseen at this point in time and can easily be guaranteed original.

[1] https://niftygateway.com/itemdetail/primary/0xd92e44ac213b9e...