Hacker News: raggi

New comment by raggi in "Linux latency measurements and compositor tuning"

raggi — Thu, 11 Jun 2026 19:11:51 +0000

fwiw I’ve been running lots of stuff under niri with proton Wayland mode for the last ~6 months on nvidia with a vrr display and it’s been fine.

Can’t diagnose here, and not meaning any descent to your experience, just a different user experience for me.

New comment by raggi in "sqlite: A CGo-free port of SQLite/SQLite3"

raggi — Sun, 07 Jun 2026 20:35:41 +0000

that’s really not true when the database is all in memory, statements are prepared, and so on.

but the overheads also stack up, the database/sql api is fairly allocation heavy too unless you do a lot of work and that friction increases quite a bit with the ffi boundary.

this is not to suggest “modernc is faster” - it’s not for a lot a workloads.

there are opportunities for optimization all over both approaches.

New comment by raggi in "Coreutils for Windows"

raggi — Tue, 02 Jun 2026 21:57:39 +0000

Wat?

winget install uutils.coreutils

New comment by raggi in "Coreutils for Windows"

raggi — Tue, 02 Jun 2026 17:23:19 +0000

uutils coreutils was/is already available and more complete than this

New comment by raggi in "The IBM-ification of Google?"

raggi — Fri, 22 May 2026 04:18:19 +0000

i was responding to the article, i hadn't bothered to read railways pm as it's not super interesting, anyway, i've read it now, here: https://blog.railway.com/p/incident-report-may-19-2026-gcp-a... and indeed they weren't at fault

New comment by raggi in "The IBM-ification of Google?"

raggi — Fri, 22 May 2026 01:24:30 +0000

> Look at the Railway GCP account ban situation. A literally billion dollar startup running on Google Cloud and Google just randomly snaps their fingers and deletes their account. Zero warning. No phone number to call. No account rep. Poof. Gone. It is actual insanity to me. A billion dollar customer gets the exact same automated middle finger as a low effort spam bot. Your B2B business is completely cooked if that is how you treat people. The enterprise cloud gravy train is right there and Google is standing on the tracks begging to get hit by the train.

If you've been around a while you know that at any business critical scale at all you establish a relationship with your cloud provider and get an account manager. When you do this, you have a number to call.

A billion dollar startup not doing this is a keen lesson for the CTO.

Yes, Google likely screwed up here, but being unprepared for account problems, having no established relationship with your provider is a critical mistake.

The article goes on to talk about Hetzner as an example: their pricing is great for individuals but they literally don't even offer account management relationships - even at scale they actively refuse them. There are equivalent stories of account terminations with Hetzner, which is also a key point: this isn't just a big business problem, at all.

New comment by raggi in "'No Way to Prevent This,' Says Only Package Manager Where This Regularly Happens"

raggi — Sat, 16 May 2026 02:21:42 +0000

subtree is better for this case, you want to encourage actual reading before running. reading won't catch everything but it catches a lot, and the burden isn't as high as people always complain about before they try it.

New comment by raggi in "'No way to prevent this,' says only package manager where this regularly happens"

raggi — Sat, 16 May 2026 02:20:36 +0000

nope, doesn't help. signatures and removal of script points have zero net effect on the value of the target that the ecosystem has, or how easy/hard it is to write a worm. the package code gets run, this is statistically true, and the exploited developers/environments will sign packages, this is also statistically true.

New comment by raggi in "'No way to prevent this,' says only package manager where this regularly happens"

raggi — Sat, 16 May 2026 02:18:00 +0000

none. they just have smaller target populations.

New comment by raggi in "'No way to prevent this,' says only package manager where this regularly happens"

raggi — Sat, 16 May 2026 02:17:23 +0000

install scripts are a distraction, just like package signatures are a distraction. adding/removing either feature has no significant impact on the wormability of this package ecosystem. installed npm code is run, with nearly zero exceptions.

New comment by raggi in "Googlebook"

raggi — Tue, 12 May 2026 23:26:15 +0000

7/25 on the merged page at time of writing are L/XL in size. Again I can't validate your claims against reality.

New comment by raggi in "CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq"

raggi — Tue, 12 May 2026 21:57:19 +0000

yeah, and it's not like people recently launched a coffee shop that accepts payments over tofu ssh and a shell provider doing the same

New comment by raggi in "Googlebook"

raggi — Tue, 12 May 2026 20:59:43 +0000

45 commits landed in the repository so far today, it's mid way through the work day in the valley. https://fuchsia-review.googlesource.com/q/status:merged

Zircon is still under development with recent RFC's extending the memory synchronization and attribution model for processes.

There was also more extension added to one of the key disk formats in March which has an eye to more flexible long term evolution and adaptation to particular device form factors.

The publicly available evidence does nothing to support your claims, entirely the opposite.

I used to work on Fuchsia, I have not for many years now and have no idea what their current roadmap looks like, but I do know where to actually look up what's been done recently, which is all public and you could do as well.

Anyway I have no idea if this has any fuchsia code in it.

New comment by raggi in "Lib0xc: A set of C standard library-adjacent APIs for safer systems programming"

raggi — Sat, 02 May 2026 20:52:41 +0000

A vast number of C++ programs import C and POSIX headers directly, so the language level distinction you wish to make isn’t all that relevant to the subject matter.

New comment by raggi in "Lib0xc: A set of C standard library-adjacent APIs for safer systems programming"

raggi — Fri, 01 May 2026 21:23:08 +0000

there are no good reasons we don't do this in the standards themselves, C, C++, and POSIX should all be working on editions that add safer APIs and mark unsafe APIs as deprecated, to start a long term migration. we know how to do this, we've had a lot of success with this. there are real engineering concerns, sure, but they're not reasons to not do it. compilers and library chains can retain support for less safe variants for plenty of time.

New comment by raggi in "Who owns the code Claude Code wrote?"

raggi — Wed, 29 Apr 2026 06:40:01 +0000

Lawyers I have spoken to have stated strongly that they believe collective works doctrine will provide strong protections for most mature and sizable software. I see no mention of these considerations here.

New comment by raggi in ""cat readme.txt" is not safe if you use iTerm2"

raggi — Sat, 18 Apr 2026 07:09:44 +0000

multiple times

New comment by raggi in "Veracrypt project update"

raggi — Wed, 08 Apr 2026 23:04:18 +0000

Cachy pushed a Limine update last weekend without any testing. It broke everyone with secure boot signing. Head proton versions are great, but games tend to turn into a laggy mess after a couple of hours and need regular restarts.

It's decent, but it's not all roses at all, and I wouldn't inflict it on non-techies yet.

New comment by raggi in "Claude Managed Agents"

raggi — Wed, 08 Apr 2026 21:08:30 +0000

Same for me in firefox and chrome. I'm sure it's one of the DNS block lists I have and some really crappy marketing tracking code.

Edit: confirmed, loads with a public DNS provider that has no blocklists.

New comment by raggi in "Vibe-Coded Ext4 for OpenBSD"

raggi — Fri, 27 Mar 2026 19:50:49 +0000

that's not a statement from a lawyer, and it's confused. there is one true thing in there which is that at least under US considerations the LLM output may not be copyrightable due to insufficient human involvement, but the rest of the implications are poorly extrapolated.

there are lots of portions of code today, prior to AI authorship, that are already not copyrightable due to the way they are produced. the existence of such code does not decimate the copyright of an overall collective work.