Hacker News: solaire_oa

New comment by solaire_oa in "GitHub Stacked PRs"

solaire_oa — Tue, 14 Apr 2026 01:19:00 +0000

Pretty cool to see stacks being given due attention. Also check out git-spice, which works with Gitlab (possibly others). Personally I use git-spice in place of all the conventional git commands.

New comment by solaire_oa in "Taste in the age of AI and LLMs"

solaire_oa — Wed, 08 Apr 2026 23:35:01 +0000

I got to the second section before I decided to scan how long it was, saw a wall of text, and decided that this article was low taste.

Moreover, the submitter of this article (probably not the author) spams ~4 submissions per day.

New comment by solaire_oa in "The cult of vibe coding is dogfooding run amok"

solaire_oa — Tue, 07 Apr 2026 02:33:00 +0000

I'm not sure I believe them though, at face value anyway. Or at least, I would suspect the entire spectrum of levels 0-9 are constantly at play at Anthropic (or any sizeable company). Fully disavowing the code as a matter of policy seems needlessly reckless.

(Thanks for visidata btw, awesome tool that helped me with a side project not long ago.)

New comment by solaire_oa in "April 2026 TLDR Setup for Ollama and Gemma 4 26B on a Mac mini"

solaire_oa — Sat, 04 Apr 2026 02:01:56 +0000

I can confirm that tool calls failed for me (Ubuntu server with charmbracelet/crush, if that matters)

New comment by solaire_oa in "EmDash – A spiritual successor to WordPress that solves plugin security"

solaire_oa — Thu, 02 Apr 2026 01:58:07 +0000

I know that it's discourteous to write-off a potentially valuable project because the release post showed a lack of self-awareness, but I think it's indicative of the larger struggle taking place: that trust is decaying.

It's decaying for a lot of the reasons displayed in the post, like you described, but the post also:

  - is overlong (probably LLM assisted)
  - is self-congratulatory
  - boosts AI
  - rewrites an existing project (vs contributing to the original)
  - conjures long-term maintenance doubt/suspicions
  - is functionally an advertisement (for CloudFlare)

So yeah, maybe EmDash is revolutionary with respect to Wordpress, but it hasn't signaled trust, and that's a difficult hurdle to get past.

New comment by solaire_oa in "Android Developer Verification"

solaire_oa — Tue, 31 Mar 2026 20:51:30 +0000

> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play

https://android-developers.googleblog.com/2025/08/elevating-...

> The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play

Bald face lies are getting baldier.

New comment by solaire_oa in "Claude Code's source code has been leaked via a map file in their NPM registry"

solaire_oa — Tue, 31 Mar 2026 16:24:44 +0000

This is good info, thanks. Can I ask how you detected that version of axios? I checked the source (from another comment) and the package.json dependencies are empty....

New comment by solaire_oa in "Claude Code's source code has been leaked via a map file in their NPM registry"

solaire_oa — Tue, 31 Mar 2026 15:50:16 +0000

I couldn't tell from the title whether is was client or the server code (although map file and NPM were hints). Looks like the client code, which is not as exciting.

New comment by solaire_oa in "ChatGPT won't let you type until Cloudflare reads your React state"

solaire_oa — Mon, 30 Mar 2026 02:46:12 +0000

Yeah, additionally gemini.google.com is also free unauthenticated, which I've been using for a very long time (a year?). Why this is being treated as news is confusing.

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sun, 29 Mar 2026 15:31:20 +0000

For sure, source is now available here https://hn-trustspark.com/src/

I can figure out how to shasum/sig the extension for heightened trust.

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 20:24:48 +0000

No problem at all! I didn't mean to be accusatory. And I wouldn't say inspecting the plugin code is against my wishes at all, no, definitely keep that hacker spirit alive! And feel free to reload the gist.

I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 20:01:45 +0000

Darn, I really thought submission rates were the lowest hanging fruit for bot detection, and it doesn't appear this is the case.

Thanks for commenting so I could see this.

For what it's worth, penalizing submission rates is not the default in the plugin itself, that's just for the demo. And also, in my testing, HN at large has "high trust" practically everywhere. My own account is consistently one of the lowest scoring that I come across, ironically. So perhaps this plugin isn't as useful as I had hoped.

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 16:25:45 +0000

Thanks! Nice, you found the alltrust.json file ha. Yes, a bg job running on an rpi leverages HN APIs and builds the alltrust file by the minute, for all "active" accounts. Technically fetching that data is all you'd need to make your own script/plugin.

It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.

New comment by solaire_oa in "Trust Signals as Sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 16:12:20 +0000

Oh wow, You're a human with a high submission rate! I assumed accounts like these were bots. I've seen a large number of accounts like yours in `/newest`, indeed, it's the reason I made the default demo penalize high submission rates. If you don't mind me asking, what are you submission habits? Do you just submit links you find interesting often? And does the karma rewards factor into your routine submissions?

(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 15:50:41 +0000

Author here. This is a good callout, there are a few reasons why it's a plugin and not open source (yet).

First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.

Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).

Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).

But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.

New comment by solaire_oa in "Trust signals as sparklines for Hacker News"

solaire_oa — Sat, 28 Mar 2026 15:37:06 +0000

Author here. I tried a bookmarklet, that was my preference, but the security headers in HN were too strict. As far as I could tell anyway.

New comment by solaire_oa in "Updates to GitHub Copilot interaction data usage policy"

solaire_oa — Sat, 28 Mar 2026 01:46:33 +0000

This points out that agentic security flaws are worse than "systemic", they're the feature. Agents are literal backdoors.

It's so bizarre to be discussing minor security concerns of backdoors, like trying to block env vars. Of course the maintainers don't care about blocking env vars. It's security theater.

Trust signals as sparklines for Hacker News

solaire_oa — Thu, 26 Mar 2026 16:43:33 +0000

Article URL: https://hn-trustspark.com/

Comments URL: https://news.ycombinator.com/item?id=47532717

Points: 82

# Comments: 46

Pascail's Wager

solaire_oa — Mon, 23 Mar 2026 19:21:12 +0000

Article URL: https://r5d.me/pascails-wager/

Comments URL: https://news.ycombinator.com/item?id=47493937

Points: 3

# Comments: 0

New comment by solaire_oa in "OpenCode – Open source AI coding agent"

solaire_oa — Sat, 21 Mar 2026 00:39:10 +0000