Hacker News: regecks

New comment by regecks in "GTFOBins"

regecks — Tue, 28 Apr 2026 07:52:04 +0000

Haha, as a former maintainer to one of these tools, it makes me laugh to see someone pop a shell. Creative, nice work, nice resource.

New comment by regecks in "Bypass PostgreSQL catalog overhead with direct partition hash calculations"

regecks — Wed, 27 Aug 2025 07:31:33 +0000

I’d be interested to see a benchmark of actually selecting rows by manually specifying the partition vs not.

This benchmark seems to be pure computation of the hash value, which I don’t think is helpful to test the hypothesis. A lot can happen at actual query time that this benchmark does not account for.

New comment by regecks in "The Evolution of Caching Libraries in Go"

regecks — Wed, 02 Jul 2025 19:47:51 +0000

We’re looking for a distributed Go cache.

We don’t want to round trip to a network endpoint in the ideal path, but we run multiple instances of our monolith and we want a shared cache tier for efficiency.

Any architecture/library recommendations?

New comment by regecks in "ArkFlow – High-performance Rust stream processing engine"

regecks — Fri, 14 Mar 2025 02:13:16 +0000

I haven’t benchmarked this, but I have recently benchmarked Spark Streaming vs self-rolled Go vs Bento vs RisingWave (which is also in Rust) and RW matched/exceeded self-rolled, and absolutely demolished Bento and Spark. Not even in the same ballpark.

Highly recommend checking RisingWave out if you have real time streaming transformation use cases. It’s open source too.

The benchmark was some high throughput low latency JSON transformations.

New comment by regecks in "NSO group iPhone zero-click, zero-day exploit captured in the wild"

regecks — Fri, 08 Sep 2023 07:03:19 +0000

It works but it shows phone numbers rather than contact names and you can’t assign a name to a number without giving access to your entire contacts … it ticks me off.

New comment by regecks in "Numbers every LLM Developer should know"

regecks — Sun, 13 Aug 2023 04:49:59 +0000

What’s this “neural information retrieval system” thing about?

I’m just hacking away and presenting the LLM with some JSON data from our metrics database and making it answer user questions as a completion.

Is this embedding thing relevant for what I’m doing? Where should I start reading?

New comment by regecks in "Systemd auto-restarts of units can hide problems from you"

regecks — Tue, 01 Aug 2023 08:48:00 +0000

I always set `RestartSec`.

New comment by regecks in "VPN use is at an all-time high – but are people safe?"

regecks — Tue, 04 Jul 2023 13:39:20 +0000

No, it isn’t. Browser root programs have certificate transparency (SCT embedding) requirements which would immediately reveal to the world if an ISP started to use a trusted root to MITM its users.

New comment by regecks in "Acme.sh runs arbitrary commands from a remote server"

regecks — Fri, 09 Jun 2023 06:32:35 +0000

I think the title buries the most horrifying part of this. The HiCA certificate authority is relying on an RCE to do an end-run around the semantics of the ACME HTTP-01 validation method.

Fucked up and they should be booted from every root program for this.

New comment by regecks in "Don't let Reddit kill 3rd party apps"

regecks — Sat, 03 Jun 2023 22:21:25 +0000

There is years and years and years of amazing content and community on Reddit. Rallying people around a replacement looks challenging. I am hopeful that it happens.

New comment by regecks in "OpenXLA Is Available Now"

regecks — Thu, 09 Mar 2023 06:20:52 +0000

ELI5 OpenXLA vs TensorRT? Are they solving the same problem, just that the former is not married to NVIDIA devices?

New comment by regecks in "Amazon S3 now automatically encrypts all new objects"

regecks — Sat, 14 Jan 2023 09:26:57 +0000

Is Amazon-managed encryption (SSE-S3) mostly a checklist/regulatory thing? Like, is it mainly protecting against somebody walking out of a DC with a storage device?

New comment by regecks in "Let's Encrypt now supports ACME-CAA: closing the DV loophole"

regecks — Sun, 18 Dec 2022 05:41:11 +0000

In this context, I think "requires DNSSEC" is an opinion at best. "Requires" is probably the wrong word.

You are welcome to use CAA accounturi without DNSSEC and it will be effective.

Your zone may be vulnerable to an active man-in-the-middle DNS attack (which is hard to pull off), but it will still be protected against somebody figuring out how to upload an /.well-known/acme-challenge/ file on your domain and issue an unauthorized certificate from a foreign ACME account. This attack is much easier - I did it against a popular mail provider a few years ago.

New comment by regecks in "Peter Eckersley just passed away"

regecks — Sat, 03 Sep 2022 07:46:39 +0000

schoen wrote a nice post here: https://community.letsencrypt.org/t/peter-eckersley-may-his-...

New comment by regecks in "FTC fines Twitter $150M for using 2FA phone numbers for ad targeting"

regecks — Wed, 25 May 2022 22:01:15 +0000

There is a clear reason not to use Authy, which is that making your data portable is extremely annoying. No export function. I ended up writing a 3rd party Authy client just to get my TOTP keys out.

For iOS users, I cannot say enough good things about https://apps.apple.com/us/app/otp-auth/id659877384. Author is responsive, encrypted backups, portable data format.

New comment by regecks in "Incident report: Spotify outage on March 8"

regecks — Fri, 11 Mar 2022 23:27:46 +0000

>Looking externally at the company they’re listed as having 50,000-100,000 employees

Uhhhh. Do you mean Apple or Spotify? Spotify's 2021 Q4 press release says:

>At the end of Q4, our workforce consisted of 7,690 FTEs globally.

New comment by regecks in "Generate Curl Command from Headers"

regecks — Thu, 23 Sep 2021 03:18:59 +0000

And then combine it with `--libcurl program.c`!

New comment by regecks in "The NPM registry is deprecating TLS 1.0 and TLS 1.1"

regecks — Tue, 24 Aug 2021 22:01:18 +0000

Thanks! And you're right, sorry for jumping on you like that.

New comment by regecks in "The NPM registry is deprecating TLS 1.0 and TLS 1.1"

regecks — Tue, 24 Aug 2021 21:52:28 +0000

It's kinda true.

I haven't been able to disable older TLS for my Cloudflare Pages domains. The setting you mentioned is ineffective for that product.

Based on what I've read on the Cloudflare forums and Discord, it's a known restriction.

New comment by regecks in "Safari extension rejected because developer not “reputable”"

regecks — Sat, 31 Jul 2021 02:33:11 +0000

As with others, I trust Apple to safeguard this information waaaay more than constantly rolling the dice with shady app publishers every time I sign up to something.

That I can sign up to TikTok with "Sign in with Apple", with an auto-generated Apple Privacy email address and literally no other information, is quite amazing and useful.