<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: rhco</title><link>https://news.ycombinator.com/user?id=rhco</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Wed, 01 Jul 2026 03:12:12 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=rhco" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by rhco in "NixOS 26.05"]]></title><description><![CDATA[
<p>You could take this one step further using Syncthing to sync important data between the workstation and laptop.<p>That's how my devices are configured, and it's amazing - if I need to travel for work, I just pick up my laptop and go. NixOS makes sure the system itself is identical (apps, most of the code configs, etc), then any app-spcific config is handled by Syncthing. It was really magical the first few times I used my laptop on the road!<p>Also, if you aren't already across it, you should look into remote builds/deployments. Basically, the regular nixos-rebuild command supports deploying over SSH. It's nice because you can do the heavy work (nix evaluation, building non-cached packages, etc) on your grunty workstation, then have them pushed across to the laptop via SSH. Then, when you want to apply that build to your PC, it'll be super fast (since everything is already evaluated & built!).</p>
]]></description><pubDate>Mon, 29 Jun 2026 19:06:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=48723679</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=48723679</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48723679</guid></item><item><title><![CDATA[New comment by rhco in "I rebooted my social life"]]></title><description><![CDATA[
<p>It's always fun seeing other Kiwis on HN, but this is the first time I've seen my hometown mentioned!<p>I do agree with your point too: perhaps emotional stimulation is also important? That can be a lot less sharp, less well-defined, but just as enriching.<p>It sounds like GP has very high standards for their friends, which is not the point IMO. I think we should have friends to broaden our horizons and expose us to new things. Intelligence is only one part of that.</p>
]]></description><pubDate>Thu, 01 Jan 2026 18:47:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=46456809</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=46456809</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46456809</guid></item><item><title><![CDATA[New comment by rhco in "The post-GeForce era: What if Nvidia abandons PC gaming?"]]></title><description><![CDATA[
<p>If Nvidia did drop their gaming GPU lineup, it would be a huge re-shuffling in the market: AMD's market share would 10x over night, and it would open a very rare opportunity for minority (or brand-new?) players to get a foothold.<p>What happens then if the AI bubble crashes? Nvidia has given up their dominant position in the gaming market and made room for competitors to eat some (most?) of their pie, possibly even created an ultra-rare opportunity for a new competitor to pop up. That seems like a very short-sighted decision.<p>I think that we will instead see Nvidia abusing their dominant position to re-allocate DRAM away from gaming, as a sector-wide thing. They'll reduce gaming GPU production while simultaneously trying to prevent AMD or Intel from ramping up their own production.<p>It makes sense for them to retain their huge gaming GPU market share, because it's excellent insurance against an AI bust.</p>
]]></description><pubDate>Tue, 23 Dec 2025 19:00:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=46368193</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=46368193</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46368193</guid></item><item><title><![CDATA[New comment by rhco in "The curious side effects of medical transparency"]]></title><description><![CDATA[
<p><a href="https://web.archive.org/web/20230429202757/https://www.newyorker.com/news/essay/the-curious-side-effects-of-medical-transparency" rel="nofollow">https://web.archive.org/web/20230429202757/https://www.newyo...</a></p>
]]></description><pubDate>Sat, 29 Apr 2023 20:42:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=35756961</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=35756961</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=35756961</guid></item><item><title><![CDATA[New comment by rhco in "We need better support for SSH host certificates"]]></title><description><![CDATA[
<p>The CA CLI tool we use supports a few auth methods, including a passphrase-like one. It likely could be set up with TOTP or a hardware token also. We only use OAuth because it's convenient and secure-enough for our use case.</p>
]]></description><pubDate>Mon, 27 Mar 2023 08:36:01 +0000</pubDate><link>https://news.ycombinator.com/item?id=35324299</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=35324299</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=35324299</guid></item><item><title><![CDATA[New comment by rhco in "We need better support for SSH host certificates"]]></title><description><![CDATA[
<p>StepCA supports quite a few authentication methods, including an "admin provisioner" (basically a passphrase that can be pasted into the CLI tools' stdin).<p>Because each of our servers are bespoke, we can use the admin provisioner when the server is first being set up (and actually, Ansible handles this part).<p>I don't have experience with it, but StepCA also has Kubernetes support, and I imagine the control plane could authenticate the pod when a cert needs to be issued or renewed.</p>
]]></description><pubDate>Mon, 27 Mar 2023 08:32:38 +0000</pubDate><link>https://news.ycombinator.com/item?id=35324281</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=35324281</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=35324281</guid></item><item><title><![CDATA[New comment by rhco in "We need better support for SSH host certificates"]]></title><description><![CDATA[
<p>That's very interesting, thank you for linking!</p>
]]></description><pubDate>Mon, 27 Mar 2023 08:27:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=35324252</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=35324252</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=35324252</guid></item><item><title><![CDATA[New comment by rhco in "We need better support for SSH host certificates"]]></title><description><![CDATA[
<p>Yes! SSH certificates are awesome, both for host- and client-verification.<p>Avoiding Trust on First Use is potentially a big benefit, but the workflow improvements for developers, and especially non-technical people, is a huge win too.<p>At work, we switched to Step CA [1] about 2 years ago. The workflow for our developers looks like:<p><pre><code>  1. `ssh client-hosts-01`

  2. Browser window opens prompting for AzureAD login

  3. SSH connection is accepted
</code></pre>
It really is that simple, and is extremely secure. During those 3 steps, we've verified the host key (and not just TOFU'd it!), verified the user identity, and verified that the user should have access to this server.<p>In the background, we're using `@cert-authority` for host cert verification. A list of "allowed principals" is embedded in the users' cert, which are checked against the hosts' authorized_principals [2] file, so we have total control over who can access which hosts (we're doing this through Azure security groups, so it's all managed at our Azure portal). The generated user cert lasts for 24 hours, so we have some protection against stolen laptops. And finally, the keys are stored in `ssh-agent`, so they work seamlessly with any app that supports `ssh-agent` (either the new Windows named pipe style, or "pageant" style via winssh-pageant [3]) - for us, that means VSCode, DBeaver, and GitLab all work nicely.<p>My personal wishlist addition for GitHub: Support for `@cert-authority` as an alternative to SSH/GPG keys. That would effectively allow us to delegate access control to our own CA, independent of GitHub.<p>[1] <a href="https://smallstep.com/docs/step-ca" rel="nofollow">https://smallstep.com/docs/step-ca</a><p>[2] <a href="https://man.openbsd.org/sshd_config#AuthorizedPrincipalsFile" rel="nofollow">https://man.openbsd.org/sshd_config#AuthorizedPrincipalsFile</a><p>[3] <a href="https://github.com/ndbeals/winssh-pageant">https://github.com/ndbeals/winssh-pageant</a></p>
]]></description><pubDate>Mon, 27 Mar 2023 02:14:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=35322129</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=35322129</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=35322129</guid></item><item><title><![CDATA[New comment by rhco in "Rust on Espressif chips – 2023 Roadmap"]]></title><description><![CDATA[
<p>That is the first thing he mentions in the post. :-)<p>The answer is "not yet". But, some of their LLVM PR's were accepted recently, which is a big milestone!</p>
]]></description><pubDate>Fri, 24 Feb 2023 19:23:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=34928780</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=34928780</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=34928780</guid></item><item><title><![CDATA[New comment by rhco in "Matter – Protocol to connect compatible devices and systems with one another"]]></title><description><![CDATA[
<p>For reference, the IEEE 802.15.4 spec is ~800 pages long. 900 pages does sound like a lot considering that Matter (AFAIK?) doesn't directly spec any hardware or transport details - those being covered in 802.15.4 and Thread.<p>Granted, we should remember that those 900 pages include base details that, probably, CSA are not planning to change in the foreseeable future. They need to be very thorough.<p>To answer your real question: device manufacturers will likely use the Matter SDK. It would be a huge undertaking for a smart-light manufacturer to re-write all of that code from scratch!</p>
]]></description><pubDate>Tue, 04 Oct 2022 20:48:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=33086596</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=33086596</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=33086596</guid></item><item><title><![CDATA[New comment by rhco in "A billion-dollar industry helping students at Australian universities cheat"]]></title><description><![CDATA[
<p>I think this idea has some serious merit, but I do wonder what the roll-out would look like - how could it be implemented practically, considering the reputation-base value of degrees.<p>For example, the value of a degree from MIT is not just the degree itself, but also quality and depth of the course work. We assume that if a student passed with A+ grades, they have a solid understanding. But we also know that, i.e., MIT teaches CS in a way that's very applicable to the CS industry, including many bits of non-standard knowledge that are not tested in the exam.<p>Imagine that MIT decides to become a degree-granting institution, and I obtain an "MIT CS Degree". How would an employer know whether I learned at a top-quality education provider and gained deep knowledge that covers more than the exam ever could -- or if I self-taught and scraped through the exam with the bare minimum knowledge.<p>I guess MIT could structure their exams so that they cover the subject deeply, but to cover 2 years worth of intense learning, surely they would need a very long (maybe impractically long) exam period?<p>Maybe I'm over-thinking this - I guess an MIT student would list on their CV "2 years studying at MIT".<p>Anyway, I think this is a fantastic idea and I'm very interested to see what other HN users think!</p>
]]></description><pubDate>Sat, 30 Jul 2022 23:56:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=32291602</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=32291602</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=32291602</guid></item><item><title><![CDATA[New comment by rhco in "Ask HN: Who decided copy+paste should copy styling/formatting?"]]></title><description><![CDATA[
<p>This is one of my many peeves with Outlooks UX. You can do Ctrl+Alt+V, which gives you an option to paste unformatted, but it's much more finger-intensive than the other shortcut.</p>
]]></description><pubDate>Thu, 12 May 2022 19:51:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=31359392</link><dc:creator>rhco</dc:creator><comments>https://news.ycombinator.com/item?id=31359392</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=31359392</guid></item></channel></rss>