Hacker News: thom_nic

New comment by thom_nic in "California's new bill requires DOJ-approved 3D printers that report themselves"

thom_nic — Thu, 19 Feb 2026 20:11:07 +0000

> is this pressure from the gun manufacturing lobby

Definitely not, it's pressure from the anti-gun lobby that keeps pushing "one more bill that this time will actually change violent crime statistics, we promise!"

These bills are being introduced in the states that already have the most restrictive gun control already, yet to nobody's surprise, hasn't done much to curb violent crime. But the lobby groups and candidates campaign and fundraise on the issue so they have to keep the boogeyman alive rather than admit that the policies have been a failure.

New comment by thom_nic in "DoD's public.cyber.mil is using an untrusted root CA"

thom_nic — Mon, 25 Aug 2025 16:16:36 +0000

This is fair, but I would venture to guess 99% of people including software developers and even most IT professionals completely rely on the vendor pre-installed root CAs.

New comment by thom_nic in "DoD's public.cyber.mil is using an untrusted root CA"

thom_nic — Mon, 25 Aug 2025 14:06:39 +0000

DOD Cyber Exchange, home of DISA STIGs among other resources, appears to be signed by a root CA "US DoD CCEB Interoperability Root CA 2" which does not appear to be in any browser list of trusted root CAs. This seems to have changed at some point, because public.cyber.mil used to be accessible without any browser warnings. Certificate chain:

    $ gnutls-cli --print-cert public.cyber.mil 443



DoD's public.cyber.mil is using an untrusted root CA
thom_nic — Mon, 25 Aug 2025 14:06:39 +0000

Article URL: https://www.cyber.mil/stigs/
Comments URL: https://news.ycombinator.com/item?id=45014003
Points: 2
# Comments: 3



New comment by thom_nic in "Czech gunmaker CZG buys Colt in cash and stock deal"
thom_nic — Fri, 12 Feb 2021 19:44:29 +0000

From my anecdotal observation this is true.  Gun sales are also growing among demographics not typically associated with gun ownership (non-white, non-conservative.)



New comment by thom_nic in "“I saw that you spun up an Ubuntu image in Azure”"
thom_nic — Fri, 12 Feb 2021 16:28:53 +0000

> the salesman wasn't supposed to TELL YOU that we are monitoring what you install
Exactly.  The old "I'm sorry I got caught" and not "I'm sorry I did it."



New comment by thom_nic in "Why the Arabic world turned away from science (2011)"
thom_nic — Fri, 09 Oct 2020 13:18:59 +0000

> There's always the risk that the West might internally reject the scientific revolution.
In the US I am pretty sure we are already on the decline.
I think it has to do with, during the industrial revolution and post-war, huge scientific advancements and tech grew the economy, fed capitalism by means of providing new desirable goods to consumers (e.g. dishwashers, nicer cars, etc.)
I wonder if we've reached a "peak" of consumer comfort where advances in science/ tech/ medicine are no longer frequent/ impactful enough to meaningfully satisfy consumers, (why do we care about exploring Mars?) so it's easy for people to reject it and say "we don't need science."



New comment by thom_nic in "Major Proposed Changes to Linux From Scratch"
thom_nic — Fri, 10 Jul 2020 03:44:58 +0000

I agree, for a couple reasons.  One, while you usually have to deal with a cross toolchain (usually intel-> ARM) it's easier to build and debug on a target board versus booting and rebooting your PC to see if you did everything right. Also the
I've used debootstrap to build a Debian distro for ARM with a custom kernel (for an Olimex board target or Beaglebone.)  That's very hands-off and not nearly the same "depth" as LFS.  The next step was taking the same kernel and building a busybox-based rootfs.  Then I had to make my own PID 1 and do init work to bring up services such as networking on boot which was very educational, yet busybox provides most of the "lego bricks" that you're not left writing too much from scratch.
Building to an embedded target also allows one to punt on the most annoying and complex parts of a desktop linux distro, such as the desktop environment, audio/video drivers, UEFI bootloader, etc. Building a semi-custom (e.g. Arch or Debian/debootstrap, Buildroot or OpenEmbedded) headless distro was what I'd call a "shallow dive" or gentle introduction to more of Linux's inner workings without having to understand every bit in order to get a running system.



New comment by thom_nic in "Pricing niche products"
thom_nic — Fri, 04 Oct 2019 17:04:31 +0000

This sounds a bit like the custom bicycle frame builder phenomenon as well.  Well-known builders/shops can have years-long wait lists and their builds will go for 2x, 5x or 10x the cost of a top of the line mainstream model - 10s of thousands of $$.
Granted each one is built by hand so the artisanal craft is easy to appreciate.
But exclusivity is there, because these shops are building less than a dozen bikes per year.  If you got your hands on one, wow it will turn heads when you roll up to the bier garden at the CX race.



New comment by thom_nic in "A Kernel Engineer at Microsoft's Answer to “What Do You Think about ReactOS?”"
thom_nic — Wed, 03 Jul 2019 03:17:28 +0000

I was curious, and since the author of this answer provided links to what they called leaks [1], it's not difficult to download both the leak and ReactOS source [2] and look for similarities.  So, out of curiosity, that's what I did.
I started poking at some source files at random in ntoskernel, and it only took a minute to get some "hits" from the ReactOS source:
    $ rg InitializeContextThread
    ./ntoskrnl/ke/thrdobj.c:872:        KiInitializeContextThread(Thread,
    ./ntoskrnl/ke/powerpc/thrdini.c:53:KiInitializeContextThread(IN PKTHREAD Thread,
    ./ntoskrnl/ke/i386/thrdini.c:92:KiInitializeContextThread(IN PKTHREAD Thread,
    ./ntoskrnl/ke/amd64/thrdini.c:36:KiInitializeContextThread(IN PKTHREAD Thread,
    ./ntoskrnl/ke/arm/thrdini.c:53:KiInitializeContextThread(IN PKTHREAD Thread,
    ./ntoskrnl/include/internal/ke.h:464:KiInitializeContextThread(

    $ rg NpxFrame
    ./ntoskrnl/ke/i386/v86vdm.c:473:    PFX_SAVE_AREA NpxFrame;
    ./ntoskrnl/ke/i386/v86vdm.c:480:    NpxFrame = &StackFrame->NpxArea;
    ./ntoskrnl/ke/i386/v86vdm.c:481:    ASSERT((ULONG_PTR)NpxFrame % 16 == 0);
    ./ntoskrnl/ke/i386/v86vdm.c:485:    RtlCopyMemory(KiGetThreadNpxArea(Thread), NpxFrame, sizeof(FX_SAVE_AREA));
    ./ntoskrnl/ke/i386/v86vdm.c:510:    PFX_SAVE_AREA NpxFrame = &StackFrame->NpxArea;
    ./ntoskrnl/ke/i386/v86vdm.c:512:    ASSERT((ULONG_PTR)NpxFrame % 16 == 0);
    ./ntoskrnl/ke/i386/v86vdm.c:551:    RtlCopyMemory(NpxFrame, V86Frame->ThreadStack, sizeof(FX_SAVE_AREA));

Now that said, I have no idea what I'm looking for, or if this is significant.  But since we have the source for both, it seems we can do better than speculate w/r/t how much code is similar between them.  I know that does not prove copying but I think the author's point can't be blindly dismissed.[1] https://github.com/Zer0Mem0ry/ntoskrnl
[2] https://sourceforge.net/projects/reactos/files/ReactOS/



New comment by thom_nic in "Urql: a GraphQL client library"
thom_nic — Fri, 31 May 2019 17:28:49 +0000

I clicked the article link just because I was expecting to see this guy: https://en.wikipedia.org/wiki/Steve_Urkel#/media/File:Steve_...



New comment by thom_nic in "Chaosnet"
thom_nic — Thu, 11 Apr 2019 12:45:07 +0000

Beyond the Abstract, can anyone give a TL;DR on novel or interesting things covered in this paper?



New comment by thom_nic in "Wipe and reinstall a running Linux system via SSH (2017)"
thom_nic — Mon, 11 Mar 2019 12:20:07 +0000

I actually implemented something on an embedded linux product once: a busybox initramfs that you could boot into "recovery mode," then along with dropbear, SSH into a completely in-memory system and re-flash the entire system image without having to pop out an SD card or connect a cable for DFU.
The recovery mode could even be initiated remotely, so you could re-flash a device without ever touching it.  Of course you have to be careful, if the re-flash failed you could be SOL :)  Apparently I need to go back and improve it so we can re-flash without rebooting!
These days you can use things like containers (Balena also looks very cool) to achieve a similar goal in possibly a "safer" way.  But the idea of being able to re-flash the entire system while running it felt sort of like changing the engine of a car while driving it down the freeway!



New comment by thom_nic in "Node.js Logging Made Right"
thom_nic — Tue, 05 Mar 2019 15:30:20 +0000

The issue becomes when you're calling some generic library that's unaware that it is running in a request handler.  If you want to log from deeper in some logic, maybe you've passed some data or domain objects but not a request/context/session object.  Do you pollute that logic with additional data passed in or does your library just create its own logger and call `log.info('intermediate result of some thing: XXX')` and let the CLS magic associate that with the request that generated the call?



New comment by thom_nic in "Corretto – No-cost, multiplatform, developer-preview distribution of OpenJDK"
thom_nic — Wed, 14 Nov 2018 14:51:09 +0000

I have not used Java in many years now, but I'm curious if anyone has anecdotal experience using OpenJDK in production?  Performance vs Oracle Java, bugs/ idiosyncrasies due to internal API differences, etc?



New comment by thom_nic in "Product Updates Based on Your Feedback"
thom_nic — Wed, 26 Sep 2018 03:12:47 +0000

I tried this as well, can't reproduce.
I've got a 15" "late 2013" rMBP, set display options to "more space."  I've got a total of 45 tabs open between a couple different windows (I use the userChrome hack to re-enable multiple tab rows.) Cycled between tabs, refreshed, navigated around FB, GMail, etc.  Can't get the CPU to do anything out of the ordinary.



New comment by thom_nic in "Dropbear SSH, a lightweight alternative to OpenSSH"
thom_nic — Wed, 15 Aug 2018 15:07:17 +0000

If anyone is interested in other lightweight tools to complement a minimal embedded linux distro, check out Troglobit's GitHub repo: https://github.com/troglobit.  He has a collection of tiny apps perfect for embedded systems, such as...
  - mdnsd (not in Busybox), 
  - merecat httpd (much more full-featured than busybox  httpd) 
  - inadyn dynamic DNS updater
  - finit (IMO much nicer than busybox's runsv)
  - watchdogd
  - uftpd
  - ntpd (with ipv6 support!)

He has been super responsive to requests as well.



New comment by thom_nic in "Azure Government and ICE"
thom_nic — Mon, 18 Jun 2018 16:11:52 +0000

I hate to say it, but demonizing ICE seems like the wrong thing.  It's the executive administration that direct ICE and Congress that tells ICE the laws to enforce.
That's not to say they are blameless but we could point fingers at pretty much every federal agency.  ICE is just in the crosshairs at the moment.



New comment by thom_nic in "Making a Statically-Linked, Single-File Web App with React and Rust"
thom_nic — Thu, 05 Apr 2018 15:51:59 +0000

How about a web interface on an embedded device?



New comment by thom_nic in "Announcing Flutter beta 1: Build beautiful native apps"
thom_nic — Tue, 27 Feb 2018 16:12:06 +0000

> I really don't want to learn dart
Literally half of programmers: "Ugh why can't everything be Javascript"
Other half of programmers: "Ugh Javascript is the worst language in existence"  /s
Given that javascript (esp on mobile) has a hard time reaching native performance, they presumably chose Dart because its design makes it immensely easier to target native iOS and Android without drastically augmenting JS to the point where it's no longer JS.
If there's a non-JS language that's easy to learn for a JS programmer, Dart (and I guess, TS) are it.