i feel like some of the old-school commands will benefit from long args, e.g., '--search'. at the time of writing, the current `git log` documentation[1]'s `-S' has _one_ instance of the word 'search'.

(un)related to the article, author went on to contribute documentation updates to git, which were much needed [2]

[1]: https://git-scm.com/docs/git-log#Documentation/git-log.txt--... [2]: https://jvns.ca/blog/2026/01/08/a-data-model-for-git/

Comments URL: https://news.ycombinator.com/item?id=48176015

Points: 2

# Comments: 0

is when python 3.13 [1] introduced some stricter validations and the CASB issued certs were not compliant (missing AKI); which broke REQUESTS_CA_BUNDLE/SSL_CERT_FILE for us

[1] https://discuss.python.org/t/python-3-13-x-ssl-security-chan...

i think requests is a tricky one, as it _should_ be supporting it already based on the PR [2], but looks like it was merged in the 3.x branch and idk where that is, release-wise.

there is also native TLS on linux (idk what exactly you call it); but

    cp cert.pem /usr/local/share/ca-certificates/cert.pem && update-ca-certificates

[1] https://github.com/rustls/rustls-native-certs/issues/16#issu...

[2] https://github.com/psf/requests/issues/2899

[3] https://pypi.org/project/certifi/

an 'mitm' tls proxy also gives you much better firewalling capabilities [1], not that firewalls aren't inherently leaky,

codex's a 'wildcard' based one [2]; hence "easy" to bypass [3] github's list is slightly better [4] but ymmv

[1] than a rudimentary "allow based on nslookup $host" we're seeing on new sandboxes popping up, esp. when the backing server may have other hosts.

[2] https://developers.openai.com/codex/cloud/internet-access#co...

[3] https://embracethered.com/blog/posts/2025/chatgpt-codex-remo...

[4] https://docs.github.com/en/copilot/reference/copilot-allowli...

"Emails to Outlook.com rejected due to a fault or overzealous blocking rules"

https://www.theregister.com/2026/03/04/users_fume_at_outlook...

discussed here: https://news.ycombinator.com/item?id=47246044

if you are using tailscale already, with it setup as the DNS resolver,

you can setup NextDNS as the global resolver within tailscale[1];

i'm not sure exactly how much my latency's being affected, but am at something like 900k queries/mo and don't really notice it

[1] https://tailscale.com/kb/1218/nextdns

it's not perfect [3] but gets the job done for me

[1] not as much "control" as it is "logging", of sorts; "especially when you just need to answer “what is my cluster talking to?”"

[2] https://github.com/ClickHouse/kubenetmon / https://clickhouse.com/blog/kubenetmon-open-sourced

[3] if you have a lot of short-lived containers, you're likely to run into something like this: https://github.com/ClickHouse/kubenetmon/issues/24

edit: clarifying [1]

i do not see a product upsell anywhere.

if it's an ad for the author themselves, then it's a very good one.

(ofc, that'd only mean they stop updating the status page, so eh)

https://news.ycombinator.com/item?id=38790597

4B If Statements (469 comments)

unfortunately this problem preceeds AI, and has been worsened by it.

i've seen instances of one-file, in-memory hashmap proof-of-concept implementations been requested to be integrated in semi-large evolving codebases with "it took me 1 day to build this, how long will it take to integrate" questions

AWS introduces Graviton5–the company's most powerful and efficient CPU (14 comments)

which sometimes gets annoying because branding for subdomains could be different.

https://developers.cloudflare.com/rules/custom-errors/edit-e...

Migrating the main Zig repository from GitHub to Codeberg - 883 comments

so ymmv

there's the CVE tracker you can use to ~argue~ establish that the versions you're using either aren't affected or, have been patched.

https://ubuntu.com/security/cves

https://ubuntu.com/security/CVE-2023-28531

Deleting load balancer '[object Object]'