Hacker News: s_ting765https://news.ycombinator.com/user?id=s_ting765Hacker News RSShttps://hnrss.org/hnrss v2.1.1Fri, 10 Apr 2026 07:06:13 +0000<![CDATA[New comment by s_ting765 in "Open Source Security at Astral"]]>Double checking Github actions does not mitigate threats from supply chain vulnerabilities. Forking an action moves the trust from a random developer to yourself. You still have to make sure the action is pulling in dependencies from trusted sources which can also be yourself depending on how far you want to go.

]]>Thu, 09 Apr 2026 12:03:35 +0000https://news.ycombinator.com/item?id=47702567s_ting765https://news.ycombinator.com/item?id=47702567https://news.ycombinator.com/item?id=47702567<![CDATA[New comment by s_ting765 in "Open source security at Astral"]]>Pinning github actions by commit SHA does not solve the supply chain problem if the pinned action itself is pulling in other dependencies which themselves could be compromised. An action can pull in a docker image as a dependency for example. It is effectively security theatre. The real fix is owning the code that runs in your CI pipelines. Or fork the action itself and maintain it as part of your infrastructure.

]]>Thu, 09 Apr 2026 11:05:12 +0000https://news.ycombinator.com/item?id=47702062s_ting765https://news.ycombinator.com/item?id=47702062https://news.ycombinator.com/item?id=47702062<![CDATA[New comment by s_ting765 in "AI has suddenly become more useful to open-source developers"]]>Coding agents are like asking a genie for code. They will give you the code you ask for alright but you never know what kind of curse has been crontabbed for you.

]]>Wed, 01 Apr 2026 17:09:27 +0000https://news.ycombinator.com/item?id=47603624s_ting765https://news.ycombinator.com/item?id=47603624https://news.ycombinator.com/item?id=47603624<![CDATA[New comment by s_ting765 in "Astral to Join OpenAI"]]>It should have been FastAPI instead.

]]>Thu, 19 Mar 2026 15:28:13 +0000https://news.ycombinator.com/item?id=47441131s_ting765https://news.ycombinator.com/item?id=47441131https://news.ycombinator.com/item?id=47441131<![CDATA[New comment by s_ting765 in "Mount Mayhem at Netflix: Scaling Containers on Modern CPUs"]]>Interesting blog post. For what it's worth, I count 7 em-dashes used.

]]>Wed, 04 Mar 2026 09:25:38 +0000https://news.ycombinator.com/item?id=47245077s_ting765https://news.ycombinator.com/item?id=47245077https://news.ycombinator.com/item?id=47245077<![CDATA[New comment by s_ting765 in "Ghostty – Terminal Emulator"]]>> Ptyxis: Your Container-Oriented Terminal for GNOME

> A modern terminal emulator built for the container era. Seamlessly navigate between your host system and local containers like Podman, Toolbox, and Distrobox with intelligent detection and a beautiful, responsive GNOME interface.

https://gitlab.gnome.org/chergert/ptyxis/-/blob/main/README....

]]>Sun, 01 Mar 2026 16:39:40 +0000https://news.ycombinator.com/item?id=47208222s_ting765https://news.ycombinator.com/item?id=47208222https://news.ycombinator.com/item?id=47208222<![CDATA[New comment by s_ting765 in "Ghostty – Terminal Emulator"]]>I tried this out after getting annoyed for the 100th time by a recent bug in kgx/console that will occasionally fail to launch windows leaving incomplete windows as tabs.

Console has long since become abandonware pushing people towards ptyxis which is now the default gnome terminal. A damn shame considering console is basically complete software (the quality of software in gnome is on a downhill).

I would have given ptyxis a chance if they didn't take a basic terminal and added some fluff (features related to distrobox) on top of other annoying things I can't be bothered to remember about because I ended up removing the software every time I gave it a spin.

In just a few days I've been able to replace console with ghostty-nightly and I don't miss anything.

]]>Sun, 01 Mar 2026 15:42:51 +0000https://news.ycombinator.com/item?id=47207715s_ting765https://news.ycombinator.com/item?id=47207715https://news.ycombinator.com/item?id=47207715<![CDATA[New comment by s_ting765 in "Vibe coded Lovable-hosted app littered with basic flaws exposed 18K users"]]>Ask the LLM to create for you a POC for the vulnerability you have in mind. Last time I did this I had to repeatedly make a promise to the LLM that it was for educational purposes as it assumed this information is "dangerous".

]]>Fri, 27 Feb 2026 18:00:40 +0000https://news.ycombinator.com/item?id=47183426s_ting765https://news.ycombinator.com/item?id=47183426https://news.ycombinator.com/item?id=47183426<![CDATA[New comment by s_ting765 in "NewPipe: YouTube client without vertical videos and algorithmic feed"]]>I revived a once popular Youtube frontend called Cloudtube. All the Youtube media url deciphering is still done by Invidious and I use it more like a frontend for invidious.

https://github.com/rhee876527/clean-youtube/

]]>Sun, 15 Feb 2026 08:06:31 +0000https://news.ycombinator.com/item?id=47021925s_ting765https://news.ycombinator.com/item?id=47021925https://news.ycombinator.com/item?id=47021925<![CDATA[New comment by s_ting765 in "Lennart Poettering, Christian Brauner founded a new company"]]>Opensuse have been working on making secure boot/TPM FDE unlock easy to use for a while now. https://news.opensuse.org/2025/11/13/tw-grub2-bls/

]]>Wed, 28 Jan 2026 07:04:30 +0000https://news.ycombinator.com/item?id=46791978s_ting765https://news.ycombinator.com/item?id=46791978https://news.ycombinator.com/item?id=46791978<![CDATA[New comment by s_ting765 in "You are not required to close your <p>, <li>, <img>, or <br> tags in HTML"]]>Same with but Firefox's XML parser will not greenlight you.

]]>Sun, 11 Jan 2026 16:46:38 +0000https://news.ycombinator.com/item?id=46577268s_ting765https://news.ycombinator.com/item?id=46577268https://news.ycombinator.com/item?id=46577268<![CDATA[New comment by s_ting765 in "Sandboxing Untrusted Python"]]>Docker provides some host isolation which can be used effectively as a sandbox. It's not designed for security (and it does have some reasonable defaults) but it does give you options to layer on security modules like apparmor and seccomp very easily.

]]>Mon, 05 Jan 2026 19:04:36 +0000https://news.ycombinator.com/item?id=46503150s_ting765https://news.ycombinator.com/item?id=46503150https://news.ycombinator.com/item?id=46503150<![CDATA[New comment by s_ting765 in "A super fast website using Cloudflare workers"]]>The perfect lighthouse score might have changed since this was last updated. Am seeing 97% on accessibility.

]]>Wed, 31 Dec 2025 14:24:04 +0000https://news.ycombinator.com/item?id=46444291s_ting765https://news.ycombinator.com/item?id=46444291https://news.ycombinator.com/item?id=46444291<![CDATA[New comment by s_ting765 in "Show HN: 22 GB of Hacker News in SQLite"]]>You could check out SQLite's auto_vacuum which reclaims space without rebuilding the entire db https://sqlite.org/pragma.html#pragma_auto_vacuum

]]>Tue, 30 Dec 2025 19:57:10 +0000https://news.ycombinator.com/item?id=46437287s_ting765https://news.ycombinator.com/item?id=46437287https://news.ycombinator.com/item?id=46437287<![CDATA[New comment by s_ting765 in "How uv got so fast"]]>My gripe is with Rust rewrites. Not uv. Though I very much think uv is overhyped.

]]>Fri, 26 Dec 2025 22:01:27 +0000https://news.ycombinator.com/item?id=46396783s_ting765https://news.ycombinator.com/item?id=46396783https://news.ycombinator.com/item?id=46396783<![CDATA[New comment by s_ting765 in "How uv got so fast"]]>Rust rewrites are known for breaking (compatibility with) working software. That's all there is to them.

]]>Fri, 26 Dec 2025 20:54:12 +0000https://news.ycombinator.com/item?id=46396133s_ting765https://news.ycombinator.com/item?id=46396133https://news.ycombinator.com/item?id=46396133<![CDATA[New comment by s_ting765 in "Ask HN: What skills do you want to develop or improve in 2026?"]]>For web development I would say avoid high-level frameworks as much as you can. Most of them are built for hand-holding developers which is counterproductive to learning the fundamentals and are usually inflexible to demands outside the "happy path".

]]>Fri, 26 Dec 2025 08:09:03 +0000https://news.ycombinator.com/item?id=46390216s_ting765https://news.ycombinator.com/item?id=46390216https://news.ycombinator.com/item?id=46390216<![CDATA[New comment by s_ting765 in "How I protect my Forgejo instance from AI web crawlers"]]>I use the same exact trick from the source the article mentions.

I call it `temu` anubis. https://github.com/rhee876527/expert-octo-robot/blob/f28e48f...

Jokes aside, the whole web seems to be trending towards some kind of wall (pay, login, app etc.) and this ultimately sucks for the open internet.

]]>Mon, 22 Dec 2025 13:30:40 +0000https://news.ycombinator.com/item?id=46353957s_ting765https://news.ycombinator.com/item?id=46353957https://news.ycombinator.com/item?id=46353957<![CDATA[New comment by s_ting765 in "We pwned X, Vercel, Cursor, and Discord through a supply-chain attack"]]>You may be thinking of CSRF mitigations. XSS exploits are more dangerous and can do more than steal sessions.

]]>Thu, 18 Dec 2025 23:21:26 +0000https://news.ycombinator.com/item?id=46320200s_ting765https://news.ycombinator.com/item?id=46320200https://news.ycombinator.com/item?id=46320200<![CDATA[New comment by s_ting765 in "I got hacked: My Hetzner server started mining Monero"]]>Depends on specific app use case. Nginx doesn't work with it but valkey will.

]]>Thu, 18 Dec 2025 05:48:39 +0000https://news.ycombinator.com/item?id=46309293s_ting765https://news.ycombinator.com/item?id=46309293https://news.ycombinator.com/item?id=46309293