<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: r2vcap</title><link>https://news.ycombinator.com/user?id=r2vcap</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Tue, 30 Jun 2026 23:42:33 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=r2vcap" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by r2vcap in "GitHub shouldn't be a dependency for publishing Rust on crates.io"]]></title><description><![CDATA[
<p>From a supply-chain perspective, Cargo is still in the same broad risk category as npm and PyPI: installing packages means trusting externally published code, including code that may execute during build or installation.<p>Rather than looking for someone to blame - in this case, GitHub - we should focus on constructive ways to harden the ecosystem.</p>
]]></description><pubDate>Wed, 24 Jun 2026 23:59:00 +0000</pubDate><link>https://news.ycombinator.com/item?id=48667029</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=48667029</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48667029</guid></item><item><title><![CDATA[Mistral AI Python package compromised on PyPI [2026-05-12]]]></title><description><![CDATA[
<p>Article URL: <a href="https://github.com/mistralai/client-python/issues/523">https://github.com/mistralai/client-python/issues/523</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48197616">https://news.ycombinator.com/item?id=48197616</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 19 May 2026 18:51:31 +0000</pubDate><link>https://github.com/mistralai/client-python/issues/523</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=48197616</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48197616</guid></item><item><title><![CDATA[New comment by r2vcap in "OpenAI’s WebRTC problem"]]></title><description><![CDATA[
<p>This is frustratingly one-sided writing. Yeah, WebRTC has limitations, but relying on a standard buys you a lot of correctness and reduces long-term engineering cost. The fact that WebRTC is complicated does not mean it is wrong; it means real-time media over the public internet is complicated.<p>Also, networking is inherently stateful. NAT traversal, jitter buffers, congestion control, packet loss, codec state, encryption, and session routing do not disappear because you put audio over TCP or WebSocket. Pretending otherwise is not architectural clarity. It is just moving the complexity somewhere less visible.</p>
]]></description><pubDate>Sat, 09 May 2026 00:41:23 +0000</pubDate><link>https://news.ycombinator.com/item?id=48070561</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=48070561</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48070561</guid></item><item><title><![CDATA[New comment by r2vcap in "GCC 16 has been released"]]></title><description><![CDATA[
<p>Yeah, GCC’s recent major releases have been remarkably regular, much like Fedora’s spring releases, and their releases seem to fit into the same broader rhythm. Hint? Red Hat.</p>
]]></description><pubDate>Thu, 30 Apr 2026 12:57:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=47961720</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47961720</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47961720</guid></item><item><title><![CDATA[New comment by r2vcap in "Bugs Rust won't catch"]]></title><description><![CDATA[
<p>Just use Fedora :)</p>
]]></description><pubDate>Wed, 29 Apr 2026 09:18:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=47945934</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47945934</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47945934</guid></item><item><title><![CDATA[New comment by r2vcap in "Cal.com is going closed source"]]></title><description><![CDATA[
<p>As LLMs improve and adoption grows, maintaining a FOSS project is becoming more complex and more expensive in terms of time and manpower. That part is easy to understand.<p>It is also become a trend that LLM-assisted users are generating more low-quality issues, dubious security reports, and noisy PRs, to the point where keeping the whole stack open source no longer feels worth it. Even if the real reason is monetization rather than security, I can still understand the decision.<p>I suspect we will see more of this from commercial products built around a FOSS core. The other failure mode is that maintainers stop treating security disclosures as something special and just handle them like ordinary bugs, as with libxml2. In that sense, Chromium moving toward a Rust-based XML library is also an interesting development.</p>
]]></description><pubDate>Thu, 16 Apr 2026 00:44:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=47787322</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47787322</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47787322</guid></item><item><title><![CDATA[New comment by r2vcap in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"]]></title><description><![CDATA[
<p>Does the Python ecosystem have anything like pnpm’s minimumReleaseAge setting? Maybe I’m being overly paranoid, but it feels like every internet-facing ecosystem should have something like this.</p>
]]></description><pubDate>Tue, 24 Mar 2026 22:33:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=47510471</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47510471</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47510471</guid></item><item><title><![CDATA[New comment by r2vcap in "Bill C-22, the Lawful Access Act: Dangerous backdoor surveillance risks remain"]]></title><description><![CDATA[
<p>It feels like many democratic leaders are starting to think the CCP model—mass surveillance of citizens—is the right direction, with growing demands for chat control, facial verification, age verification, and more. Fxxk any politician who thinks they are above the citizens in a democracy.</p>
]]></description><pubDate>Mon, 16 Mar 2026 03:50:44 +0000</pubDate><link>https://news.ycombinator.com/item?id=47395037</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47395037</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47395037</guid></item><item><title><![CDATA[New comment by r2vcap in "It's time to move your docs in the repo"]]></title><description><![CDATA[
<p>Interesting idea overall, and I would support doing this if we can.<p>Some constraints are:<p>- Non-programmers are not used to working with Git.<p>- In practice, they (usually PMs or feature designers) need to write their documents somewhere else.<p>Possible solutions are:<p>- Make non-programmers use Git as a documentation tool (upgrade your tooling or GTFO).<p>- Build a two-way sync tool so that programmers and non-programmers can work from the same source.<p><pre><code>  - However, in practice, an SSOT (single source of truth) architecture is usually much simpler. Two-way sync tends to be quite difficult, especially across different platforms.</code></pre></p>
]]></description><pubDate>Sat, 14 Mar 2026 23:35:28 +0000</pubDate><link>https://news.ycombinator.com/item?id=47382482</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47382482</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47382482</guid></item><item><title><![CDATA[New comment by r2vcap in "Claude March 2026 usage promotion"]]></title><description><![CDATA[
<p>Damn. Please use UTC.<p>From my understanding:
Peak time (non-promo): UTC 12:00–18:00 / KST (UTC+9): 21:00–03:00
Off-peak time (promo): UTC 18:00–12:00 / KST (UTC+9): 03:00–21:00<p>I guess I’ll need to do more coding during the daytime.</p>
]]></description><pubDate>Sat, 14 Mar 2026 23:24:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=47382415</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47382415</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47382415</guid></item><item><title><![CDATA[New comment by r2vcap in "Changes to OpenTTD Distribution on Steam"]]></title><description><![CDATA[
<p>Atari? I never expected to see that ancient name again. If I remember correctly, I've been playing OpenTTD for more than a decade without the original TTD assets, and I usually build it from source, so this change won’t really affect me. Still, it feels a bit strange (even if it may be somewhat legitimate) to see Atari suddenly asserting rights over it.</p>
]]></description><pubDate>Sat, 14 Mar 2026 23:11:33 +0000</pubDate><link>https://news.ycombinator.com/item?id=47382291</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47382291</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47382291</guid></item><item><title><![CDATA[New comment by r2vcap in "Bringing Chrome to ARM64 Linux Devices"]]></title><description><![CDATA[
<p>Cool. Let’s release Android NDK for Linux arm64 host, too.</p>
]]></description><pubDate>Thu, 12 Mar 2026 21:55:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=47357774</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47357774</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47357774</guid></item><item><title><![CDATA[New comment by r2vcap in "Making WebAssembly a first-class language on the Web"]]></title><description><![CDATA[
<p>The strength—and also the weakness—lies in how WASM is consumed in the browser. During instantiation, JavaScript engines validate the module and reject it if it uses unsupported instructions or features. In practice, due to browser compatibility differences, WASM modules often need to be built in multiple variants, such as a baseline version, a SIMD version, a SIMD+threads version, and so on. This is a significant pain compared to native binaries, which can rely on runtime feature detection and dynamic dispatch.</p>
]]></description><pubDate>Wed, 11 Mar 2026 22:48:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=47343433</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47343433</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47343433</guid></item><item><title><![CDATA[New comment by r2vcap in "Don't post generated/AI-edited comments. HN is for conversation between humans"]]></title><description><![CDATA[
<p>I don’t think there is a good algorithm (or guts) for differentiating between well-written comments and AI-generated comments.</p>
]]></description><pubDate>Wed, 11 Mar 2026 22:38:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=47343297</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47343297</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47343297</guid></item><item><title><![CDATA[New comment by r2vcap in "No leap second will be introduced at the end of June 2026"]]></title><description><![CDATA[
<p>That’s super interesting—I didn’t know that.<p>Before modern standardization, maintaining calendars and clocks was typically the responsibility of states or similar authorities, often guided by astronomers. Now it seems that international organizations are effectively following the early UNIX/POSIX model, and astronomers no longer have the same authority over timekeeping.</p>
]]></description><pubDate>Tue, 10 Mar 2026 11:51:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=47321971</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47321971</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47321971</guid></item><item><title><![CDATA[New comment by r2vcap in "The hidden compile-time cost of C++26 reflection"]]></title><description><![CDATA[
<p>Yuck. I’ve already noticed compilation times increasing from C++17 to C++20, and this feature makes it much worse. I guess I’ll need to audit any reflection usage in third-party dependencies.</p>
]]></description><pubDate>Tue, 10 Mar 2026 11:14:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=47321689</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47321689</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47321689</guid></item><item><title><![CDATA[New comment by r2vcap in "System76 on Age Verification Laws"]]></title><description><![CDATA[
<p>I assume you live in the free world. Some socialist states in history, such as East Germany, pushed child-rearing and early education much further into the hands of the state through extensive state-run childcare and kindergarten systems. That model is gone, and for good reason.<p>Even with schools in place, the basic responsibility for raising children still belongs to the parents. Schools can support, educate, and compensate to some extent, but they cannot replace parental responsibility.<p>I also see far too much awful news — in my country, Korea, for example — about terrible parents harassing school teachers because their children are out of control.</p>
]]></description><pubDate>Fri, 06 Mar 2026 08:50:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=47272592</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47272592</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47272592</guid></item><item><title><![CDATA[New comment by r2vcap in "System76 on Age Verification Laws"]]></title><description><![CDATA[
<p>Fxxk off, to all political actors pretending this is about child protection. Protecting children is not the job of the OS, the device manufacturer, or the internet service provider. It is the parent’s job. If you cannot supervise, monitor, and discipline your child’s internet use, that is your failure, not theirs.<p>They can provide tools, sure. But restricting adults because some parents fail at parenting is insane. That is how a totalitarian state grows: by demanding the power to monitor and control every individual.<p>If you cannot control your children, that is your fault. And if that is the case, you should think twice before having kids.</p>
]]></description><pubDate>Fri, 06 Mar 2026 08:28:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=47272437</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=47272437</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47272437</guid></item><item><title><![CDATA[New comment by r2vcap in "Discord/Twitch/Snapchat age verification bypass"]]></title><description><![CDATA[
<p>Well, it’s a clever idea. Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.<p>But in practice, this only holds if regulators are either inattentive or satisfied with checkbox compliance. If a government is competent and motivated, this approach won’t hold up—and it may even antagonize regulators by looking like bad-faith compliance.<p>I’ve also heard that some governments are already pushing for much stricter age-verification protocols, precisely because people can bypass weaker checks—for example, by using a webcam with partial face covering to confuse ID/face matching. I can’t name specific vendors, but some providers are responding by deploying stronger liveness checks that are significantly harder to game. And many services are moving age verification into mobile apps, where simple JavaScript-based tricks are less likely to work.</p>
]]></description><pubDate>Thu, 12 Feb 2026 02:44:54 +0000</pubDate><link>https://news.ycombinator.com/item?id=46984310</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=46984310</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46984310</guid></item><item><title><![CDATA[New comment by r2vcap in "Windows Notepad App Remote Code Execution Vulnerability"]]></title><description><![CDATA[
<p>A few days ago, Notepad++ got compromised—apparently by a state actor (or a proxy). And now, today, Windows’ built-in Notepad has a fresh CVE. What a life.<p>At this point, what am I supposed to do other than uninstall Windows completely? No real sandboxing, a mountain of legacy…</p>
]]></description><pubDate>Wed, 11 Feb 2026 09:02:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=46972602</link><dc:creator>r2vcap</dc:creator><comments>https://news.ycombinator.com/item?id=46972602</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46972602</guid></item></channel></rss>