Hacker News: robomc

New comment by robomc in "I am worried about Bun"

robomc — Mon, 04 May 2026 21:50:31 +0000

"I have a vague concern, so I'm now using a shittier toolchain. You shouldn't do it though." is a weird post format.

New comment by robomc in "The struggle of resizing windows on macOS Tahoe"

robomc — Sun, 11 Jan 2026 22:17:32 +0000

Yeah the really misleading part of the screenshots in this article is that it doesn't show the "resize cursor", which basically makes this a non issue.

Also, for anyone reading this who hates the general aesthetic, go into Accessibility and hit "reduce transparency". This has been a desirable setting for last few OSX versions.

New comment by robomc in "Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem"

robomc — Sun, 14 Dec 2025 20:25:27 +0000

> If the cloud service you’re using doesn’t support OIDC or any other ephemeral access keys, then you should store them encrypted. There’s numerous ways you can do this, from password managers to just using PGP/GPG directly. Just make sure you aren’t pasting them into your shell otherwise you’ll then have those keys in plain text in your .history file.

This doesn't really help though, for a supply chain attack, because you're still going to need to decrypt those keys for your code to read at some point, and the attacker has visibility on that, right?

Like the shell isn't the only thing the attacker has access to, they also have access to variables set in your code.

New comment by robomc in "I failed to recreate the 1996 Space Jam website with Claude"

robomc — Mon, 08 Dec 2025 03:49:02 +0000

He's using it correctly, in its secondary sense of "belonging or appropriate to an earlier period, especially so as to seem conspicuously old-fashioned or outdated."

New comment by robomc in "Valve is about to win the console generation"

robomc — Wed, 19 Nov 2025 21:12:11 +0000

It's not a deal breaker for me, but it doesn't sound like a recipe for "winning the console generation".

New comment by robomc in "Valve is about to win the console generation"

robomc — Wed, 19 Nov 2025 21:08:05 +0000

no but the headline is "valve is about to win the console generation"

New comment by robomc in "Valve is about to win the console generation"

robomc — Thu, 13 Nov 2025 02:52:57 +0000

Yeah I mean... can I play Fortnite, BF6 or the upcoming GTA on steamOS?

New comment by robomc in "AWS outage shows internet users 'at mercy' of too few providers, experts say"

robomc — Mon, 20 Oct 2025 20:40:10 +0000

This. And when a service goes down it's a lot easier to explain to your client/boss that "half the internet is down" than "our boutique solution is broken so it's just us actually".

New comment by robomc in "Ortega hypothesis"

robomc — Wed, 08 Oct 2025 20:51:59 +0000

To me this kind of sounds like the other side of the same thing. Lunchpail scientists accumulate data within an area of research made interesting by a landmark work by a big name. Future big names make breakthroughs by drawing together a lot of the lunchpail work. etc etc

New comment by robomc in "Amazon fined $2.5B for using deceptive methods to sign up consumers for Prime"

robomc — Thu, 25 Sep 2025 21:31:20 +0000

I found out recently that I've been paying for Prime Video since 2020. I think I did legitimately sign up for it. That's not my complaint.

But it's fairly scummy how it doesn't seem to send you any email, the payments have a very vague generic coding like "AMZ2318971239", and the actual subscription management is super buried. I only noticed it, after years of using Amazon a fair bit, when I went deep into my account panes looking for something else.

New comment by robomc in "That Secret Service SIM farm story is bogus"

robomc — Wed, 24 Sep 2025 10:25:33 +0000

You're right, it could be the sensible most likely thing AND the far-fetched thing.

New comment by robomc in "How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos"

robomc — Wed, 20 Aug 2025 01:23:21 +0000

> because researchers from Kudelski Security most likely tried different static analysis tools and they didn't work the way Rubocop did.

Yes but that's kind of the point - they say this issue that takes you directly from code execution to owning these high value credentials was only present on rubocop runnners but isn't it a bit coincidental that the package with (perhaps, since they chose it) the easiest route to code injection also happens to be the one where they "oops forgot" to improve the credentials management?

It just seems very convenient.

New comment by robomc in "How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos"

robomc — Tue, 19 Aug 2025 21:24:31 +0000

From the CEO's response:

> On January 24, 2025, security researchers from Kudelski Security disclosed a vulnerability to us through our Vulnerability Disclosure Program (VDP). The researchers identified that Rubocop, one of our tools, was running outside our secure sandbox environment—a configuration that deviated from our standard security protocols.

Honestly, that last part sounds like a lie. Why would one task run in a drastically different architectural situation, and it happen to be the one exploited?

New comment by robomc in "Being Full of Value‑Added Shit"

robomc — Thu, 12 Jun 2025 23:37:49 +0000

The tennis example is weird though. I don't think people who are bad at tennis go around claiming they're great at tennis, do they?

New comment by robomc in "Being full of value‑added shit"

robomc — Thu, 12 Jun 2025 23:34:02 +0000

So we're just posting third party blind item gossip on here huh.

New comment by robomc in "Reviving the joy and honor of working with your hands (2015)"

robomc — Tue, 11 Feb 2025 20:47:18 +0000

> It’s all part of the sharp decline in vocational education — shop class — in this nation that began in the 1980s as blue collars became unfashionable and the emphasis shifted to a college education.

Yeah that's what happened. They became "unfashionable", rather than hopelessly precarious due to structural economic changes.

New comment by robomc in "Bottles of OOP now available in Python"

robomc — Tue, 19 Nov 2024 23:02:17 +0000

Maybe this is misguided, but it feels a bit to me (comparing the ruby and js versions for example) that this is using the same code examples in both, and neither are really typical of the sorts of code people in either language community would actually write?

New comment by robomc in "Initial details about why CrowdStrike's CSAgent.sys crashed"

robomc — Sun, 21 Jul 2024 21:19:30 +0000

I wonder if there's a concern that staggering the malware signatures would open them up to lawsuits if somebody was hacked in between other customers getting the data and them getting the data.

New comment by robomc in "Show HN: Doggo – A powerful, human-friendly DNS client for the command line"

robomc — Mon, 01 Jul 2024 23:47:37 +0000

I have a silly question I guess... why does it print everything out twice?

~ doggo google.com

NAME TYPE CLASS TTL ADDRESS NAMESERVER

google.com. A IN 296s 142.250.67.14 127.0.2.2:53

google.com. A IN 296s 142.250.67.14 127.0.2.3:53

~ doggo news.ycombinator.com

NAME TYPE CLASS TTL ADDRESS NAMESERVER

news.ycombinator.com. A IN 1s 209.216.230.207 127.0.2.2:53

news.ycombinator.com. A IN 1s 209.216.230.207 127.0.2.3:53

New comment by robomc in "You'll regret using natural keys"

robomc — Wed, 05 Jun 2024 03:06:05 +0000

yeah the way he described it it's like... well who would ever do that. but foreign keying to emails or usernames is much easier to "accidentally" do and is a classic source of long-term headaches.