Hacker News: timhh

New comment by timhh in "Shunting-Yard Animation"

timhh — Sun, 10 May 2026 21:02:24 +0000

Note the shunting yard algorithm is an iterative (as opposed to recursive) version of Pratt parsing (and also precedence climbing which is virtually identical). However as normally stated it does not do proper error checking - it will accept totally invalid input.

That isn't a fundamental limit of the algorithm though; you can easily add error checking, as I did here: https://github.com/Timmmm/expr/blob/1b0aef8f91460974d526b5ba...

I'm not really sure why this is omitted.

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sun, 22 Mar 2026 14:10:57 +0000

I don't understand how you can be so confidently wrong about something so easily checked. :D

> You can't run unix_chkpwd against a local account without root because you won't be able to access /etc/shadow to get the hash.

unix_chkpwd can access /etc/shadow because it is suid.

> Otherwise you have to use the setuid version which won't let you run it directly.

Haha you mean this?

  $ unix_chkpwd
  This binary is not designed for running in this way
  -- the system administrator has been informed

Take a look at the source code I linked about 6 comments ago!

> Perhaps try checking something yourself?

I have. You haven't.

  printf 'hunter2\0' | unix_chkpwd yourusername nullok; echo $?

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sun, 22 Mar 2026 09:16:26 +0000

Definitely not for local password authentication, and I'm dubious it helps for ssh either. See my other comment.

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 21:55:50 +0000

> You obviously can't run unix_chkpwd against a local account without root.

Wrong. At least check before you say something is obvious.

> No, it's very simple.

Even more wrong: https://github.com/linux-pam/linux-pam/issues/778#issuecomme...

> feels like arguing with an LLM

I could say the same about you, repeatedly and confidently asserting falsehoods.

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 15:59:57 +0000

It is. Only the default changed. Also you can press tab if someone happens to be looking over your shoulder (and your password is so obvious they can guess it from the length).

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 15:53:56 +0000

> Yes, for local password authentication.

It's really really not. By default PAM has a difficult-to-disable 2ish second minimum delay for all authentication methods. However this is completely pointless for local password authentication because PAM checks password using unix_chkpwd, which has no delay. The comment I linked to is explaining that unix_chkpwd has a silly security theatre delay if you try to run it in a tty, but that's trivial to avoid.

If you want to brute force local password authentication you can just run unix_chkpwd as fast as you like. You don't need to involve PAM at all, so its 2 seconds delay achieves nothing.

It maybe does more for remote connections but I'm not sure about that either - if you want to check 10k ssh passwords per second what stops you making 10k separate connections every second? I don't think the 2 second delay helps there at all.

> Change both the config files and you can remove the delay if you want.

This is extremely complicated. See the comments in the issue for details.

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 07:47:06 +0000

Not for local password authentication.

https://github.com/pibara/pam_unix/blob/master/unix_chkpwd.c...

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 07:44:24 +0000

You make it sound like there was a discussion where they looked at these two alternatives and chose improving sudo over using run0. Actually I just submitted a patch for this and they accepted it. I don't work for Ubuntu and I didn't even know run0 existed until now (it does sound good though; I hope they switch to that).

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 07:40:25 +0000

Yeah I would like to fix those too but sudo is the one I encounter most. Also the existence of sudo-rs meant there was less push-back. I seriously doubt the maintainers of openssh or passwd would accept this change.

New comment by timhh in "Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords"

timhh — Sat, 21 Mar 2026 07:38:12 +0000

I did this!

I didn't actually know that Mint had enabled this by default. That would have been a useful counterpoint to the naysayers.

If you want the original behaviour you don't actually need to change the configuration - they added a patch afterwards so you can press tab and it will hide the password just for that time.

> The catalyst for Ubuntu’s change is sudo-rs

Actually it was me getting sufficiently pissed off at the 2 second delay for invalid passwords in sudo (actually PAM's fault). There's no reason for it (if you think there is look up unix_chkpwd). I tried to fix it but the PAM people have this strange idea that people like the delay. So I gave up on that and thought I may as well try fixing this other UX facepalm too. I doubt it would have happened with the original sudo (and they said as much) so it did require sudo-rs to exist.

I think this is one of the benefits of rewriting coreutils and so on in Rust - people are way more open to fixing long-standing issues. You don't get the whole "why are you overturning 46 years of tradition??" nonsense.

If anyone wants to rewrite PAM in Rust... :-D

https://github.com/linux-pam/linux-pam/issues/778

Baochip-1x: What it is, why I'm doing it now and how it came about

timhh — Wed, 11 Mar 2026 18:21:58 +0000

Article URL: https://www.crowdsupply.com/baochip/dabao/updates/what-it-is-why-im-doing-it-now-and-how-it-came-about

Comments URL: https://news.ycombinator.com/item?id=47339219

Points: 346

# Comments: 79

New comment by timhh in "A new California law says all operating systems need to have age verification"

timhh — Fri, 27 Feb 2026 22:13:05 +0000

> i.e. this doesn't require age verification at all, just a user profile age property

This is usually how they do it though. First make a dumb law with poor enforcement. People don't push back about it because it obviously won't be enforced. Wait a bit, then say "people are flagrantly violating this law, we need better enforcement". At that point it's a lot harder to say "it shouldn't be a law at all!" because nobody complained when it was brought into law.

New comment by timhh in "NASA announces overhaul of Artemis program amid safety concerns, delays"

timhh — Fri, 27 Feb 2026 22:04:27 +0000

> the capabilities are so far mostly just talk

lol what? They've caught and successfully reflown the super heavy booster, and they've mostly successfully done a soft landing of Starship in the sea. How is that remotely "just talk"?

New comment by timhh in "Sudo-rs enables pwfeedback by default for Resolute Raccoon"

timhh — Fri, 27 Feb 2026 16:47:56 +0000

I recently started using Linux again, and decided to try and fix some of its more ancient and silly UX paper cuts. This is my first success!

My attempt to fix the annoying and unnecessary 2 second delay when you mistype your password is going rather less well: https://github.com/linux-pam/linux-pam/pull/789

Does anyone want to rewrite PAM in Rust? :D

Sudo-rs enables pwfeedback by default for Resolute Raccoon

timhh — Fri, 27 Feb 2026 16:47:56 +0000

Article URL: https://discourse.ubuntu.com/t/sudo-rs-enables-pwfeedback-by-default-for-resolute-raccoon/77712

Comments URL: https://news.ycombinator.com/item?id=47182656

Points: 3

# Comments: 3

New comment by timhh in "RISC-V Vector Primer"

timhh — Thu, 12 Feb 2026 13:01:36 +0000

If you get lost in the SEW, LMUL, VLMAX, etc. stuff I made a brief explanation here:

https://blog.timhutt.co.uk/riscv-vector/

It has a visualisation of the element selection stuff at the end.

New comment by timhh in "Prek: A better, faster, drop-in pre-commit replacement, engineered in Rust"

timhh — Wed, 04 Feb 2026 22:28:26 +0000

It's going to be optional - the hooks will always fix the code if they can, but then you can supply a `--no-fix` flag (or config) if you want to tell it to not actually apply those changes to the real filesystem.

It doesn't need Landlock because WASI already provides a VFS.

New comment by timhh in "Prek: A better, faster, drop-in pre-commit replacement, engineered in Rust"

timhh — Wed, 04 Feb 2026 22:26:24 +0000

It is better because of WASI. That's what provides sandboxing.

New comment by timhh in "Arcan-A12: Weaving a Different Web"

timhh — Wed, 04 Feb 2026 22:24:08 +0000

> just a little to different and obscure

Even the style of writing screams "I'm doing something weird and I'm not going to explain it to you unless you are already a mega-fan". Reminds me of Wolfram's writing a bit. He's created a world that only he is in and then writes about it in detail as if everyone else is there too.

New comment by timhh in "The Codex app illustrates the shift left of IDEs and coding GUIs"

timhh — Wed, 04 Feb 2026 22:14:28 +0000

Not really what "shift left" means...