Hacker News: twunde

The comforting lie of sha pinning

twunde — Mon, 30 Mar 2026 13:36:23 +0000

Article URL: https://www.vaines.org/posts/2026-03-24-the-comforting-lie-of-sha-pinning/?trk=feed_main-feed-card_reshare_feed-article-content

Comments URL: https://news.ycombinator.com/item?id=47574126

Points: 4

# Comments: 0

New comment by twunde in "Why do SF billboards hit different?"

twunde — Sun, 29 Mar 2026 23:58:37 +0000

Other airports do have ads for tech companies (Seattle comes to mind) but the concentration is significantly lower.

Billboards are primarily focused on brand awareness since you can't update them frequently and you don't have amazing targeting/attribution data. They're also hyper-geographic specific. For tech companies that means that billboards are most useful when targeting either a specific conference or when targeting people that can make sales decisions.

Sf's billboard space is heavily used by the tech industry because A) you've got a high concentration of consumers for your tech product (developers, marketers, operations, product managers, etc) B) you've got a high concentration of decision-makers in terms of director/VP/execs/consultants going through that airport who may end up making a final decision on your sales. C) you've got a concentration of investors in terms of VC, private equity, angel investors. This helps bring in interest for that next round/acquisition. For your existing investors this means that they've got something to brag about. D) hometown pride. Companies tend to put billboards near where executives travel through since it's a reminder of the work that the marketer is doing. It also helps with hiring and media reputation.

If you compare SF to NYC or Boston, those other cities have a much smaller amount of their workforce in tech (22% compared to 11%). This is especially true if you think about the number of people transferring at these airports. The concentration of customers just isn't there, which is why NYC ads tend to be more consumer driven.

New comment by twunde in "We are building data breach machines and nobody cares"

twunde — Tue, 10 Mar 2026 21:48:53 +0000

For people to care of would have to be like healthcare. The Change Healthcare breach cost 2B+ and led to a huge loss in market share. Or like AMCA, which went bankrupt after the breach (Labcorp's billing company). If you're a health tech company you can no longer insure your way out of the problem over you reach a certain size.

The reality is that we need data breaches to be painful but maybe not company ending events unless it really is sensitive data. As patio11 likes to say the right level of fraud is not zero. There's a middle ground where we can increase company liability or reduce the damage caused by a beach.

New comment by twunde in "The ROI of Exercise"

twunde — Sat, 23 Aug 2025 15:25:41 +0000

If you're in the northeast US it's very common to have free or have to pay a nominal fee for public tennis courts (this may depend on the quality of your town's Park and rec department)

In NYC, it's 15/hr or 100/season. In the town I grew up in it's 20/yr for residents and 40/yr for non residents. I'm my current town it's free. And I suspect that there are waivers/discounts for folks that can't pay that amount.

New comment by twunde in "XZ Utils Backdoor Still Lurking in Docker Images"

twunde — Tue, 19 Aug 2025 03:16:21 +0000

This is much more viable than it was in the past with the advent and adoption of nvm, pyenv etc but the limiting factor becomes system dependencies. The typical example from yesteryear was upgrading openssl but inevitably you'll find that some dependency auto updates a system dependency silently or requires a newer version that requires upgrading the OS.

New comment by twunde in "Amazon Just Happens to Hold Book Sale During Independent Bookstore Day"

twunde — Sun, 27 Apr 2025 05:19:15 +0000

In new England at least, independent bookstores appear to be thriving. The town I'm in (population ~12K) has at least 5 independent bookstores, all in a town with a great library. That's an unusually high number of bookstores but most of the larger towns have at least one independent bookstore.

New comment by twunde in "Ask HN: My father passed away. How do deal with the grief?"

twunde — Wed, 26 Feb 2025 17:26:28 +0000

Something popular in my area, especially in the somatics community, are grief ceremonies ala https://www.earthdance.net/event/grieving-ourselves-whole-ex... although there are several variations. If that feels too new age-y or its not offered near where you live, it may be worth looking for grief groups/bereavement support, either through your preferred religious institution or through the local medical community (they're often supported by your local hospital)

New comment by twunde in "The Profitable Startup"

twunde — Fri, 21 Feb 2025 19:16:55 +0000

VC funding is often required for companies that require a lot of runway prior to selling. The example that comes to mind are database companies like Mongo, dgraph, scylla etc. These require a fair amount of upfront work to create the product before their usable. A different example are industries that require a fair amount of compliance like healthcare, banking etc

New comment by twunde in "Intel doesn't know how to be a foundry," Tim Cook reportedly told TSMC's CEO"

twunde — Wed, 29 Jan 2025 20:45:45 +0000

It's rare but does happen. And frankly I'd only include AWS in the counterpoint. Google really struggled with GCP. Outside of Bigquery and Spanner many/most of the services were custom built for GCP and were not used internally. Hell they built a VM service when basically everything ran on Borg internally

New comment by twunde in "Ask HN: Why aren't cost-minded SME/startups using Linux on laptops even now?"

twunde — Sun, 15 Dec 2024 00:48:29 +0000

https://arstechnica.com/information-technology/2024/04/germa... discusses some places that are moving to Linux and some places where migrations have been reverted. But from personal experience the main issues are in order:

- Is all your software supported on Linux? Are you sure? Do all the features work or are any missing/broken? Have you tested this or are you relying on Sales or docs that are likely wrong? What happens if one piece of software drops Linux support?

- Does using Linux block any future planned projects or make future projects much more complex?

- You now need to spend time with every new hire training folks on the new OS, as well as retraining existing staff.

- Are you going to piss off a lot of staff because you've made their life harder?

- For compliance/security requirements, do you have everything necessary to easily explain to auditors that these computers have the equivalent security (antivirus, monitoring, mdm all with metrics, dashboards and logs)?

Essentially this boils down to a lot of work, which impacts the future flexibility and the morale of the company in order to save a relatively small amount of money. Often times your spending more money on supporting Linux than you're actually saving.

ChromeOS is a modified version of this argument. ChromeOS comes with a strong security and compliance story, and has easy built in management. There's been some adoption in call centers but primarily it's used in schools by students because the school has been given a grant so gets them for free. Even with all that, very free businesses are adopting ChromeOS because a) some workflow they use isn't supported and b) Windows is not significantly more expensive.

New comment by twunde in "Why Scrum is stressing you out"

twunde — Sun, 15 Sep 2024 03:32:32 +0000

Daily stand-ups, the main benefit of which is that managers (EMs/PMs) get daily updates on status. Sprints themselves which promise that a certain amount of work will always get done, without any free time being wasted.

A lot of the ceremonies in general are mostly helpful to the EM/PM. How many things that you're doing are actually improving how you get work done? Especially when you consider how much time is spent on these ceremonies (sprint planning 1 hr, sprint retro 1 hour, daily standup 15-30 minutes. Plus whatever prep is needed and the interruption time.) For many companies this is a 20% or more overhead that's mainly busywork because you still need the additional meetings to understand what you're working on.

New comment by twunde in "Documenting Dance: Keeping Score (2017)"

twunde — Sat, 07 Sep 2024 17:44:00 +0000

Something adjacent is the Underscore dance's glyphs ( https://globalunderscore.com/underscore-glyphs/ ) which describe the patterns/phases of contact improvisation

State Noncompete Tracker

twunde — Fri, 23 Aug 2024 21:58:43 +0000

Article URL: https://pirg.org/edfund/resources/chromebook-churn-report-highlights-problems-of-short-lived-laptops-in-schools/

Comments URL: https://news.ycombinator.com/item?id=41333450

Points: 4

# Comments: 0

New comment by twunde in "Ask HN: Why Implement "Something Went Wrong" Error Messages?"

twunde — Fri, 23 Aug 2024 20:36:56 +0000

Cloudflare historically included trace IDs which were helpful for troubleshooting for customer support/support engineers.

New comment by twunde in "Leveraging AI for efficient incident response"

twunde — Fri, 23 Aug 2024 14:30:45 +0000

Playbooks that I've found value in: - Generic application version SLI comparison. The automated version of this is automated rollbacks (Harness supports this out of the box, but you can certainly find other competitors or build your own) - Database performance debugging - Disaster recovery (bad db delete/update, hardware failure, region failure)

In general, playbooks are useful for either common occurences that happen frequently (ie every week we need to run a script to fix something in the app) or things that happen rarely but when they do happen need a plan (ie disaster recovery)

New comment by twunde in "Smart jerks aren't worth it"

twunde — Wed, 24 Jul 2024 18:22:53 +0000

One issue I've found with cultures that emphasize no jerks is that the pendulum can swing too far that way to the point where its difficult or impossible to provide critical feedback. Not to say that you need to be a jerk to have difficult conversations, they can and should be done with empathy.

New comment by twunde in "Ask HN: How do I figure out what skills are in demand?"

twunde — Mon, 08 Jul 2024 15:42:43 +0000

The market over the last 2ish years is significantly worse then it's been over the past 10 years with the exception of Covid due to the rise of interest rates and change in tax incentives. This has hit large companies pretty hard, so there is a double whammy of fewer jobs from the biggest sources and more competition with other engineers. Anecdotally it does seem to be warming up, but it is uneven with significantly longer timelines to get a new position.

So what can you do? 1. Update your LinkedIn with descriptions of all your jobs so it looks similar to your resume. This should include technologies you've worked with. This is basically doing some SEO work so you get inbound recruiter emails (understanding that the quality of those inbounds will vary dramatically). 2. Apply to jobs directly and actually write cover letters (take a look at Who's Hiring, etc).

In terms of new skills or certifications, it's usually easier to add something adjacent to what you already do instead of learning something completely new. If you're a backend engineer, maybe you learn about data pipelines, or cloud infrastructure. If you're a front-end engineer maybe learn to write some backend code using nodejs. Put a side project on your resume, and ideally online.

New comment by twunde in "Ask HN: What is the best code base you ever worked on?"

twunde — Fri, 28 Jun 2024 18:54:42 +0000

Parts have been. Sourcegraph is basically the code search post built by ex-Googlers originally. Bazel is the open source build tool. Sadly, most of these things require major work to set up yourself and manage, but there's an alternate present where Google built a true competitor to GitHub and integrated their tooling directly into it.

New comment by twunde in "Ask HN: How Common Are Algorithmic Interviews in SRE Hiring?"

twunde — Wed, 26 Jun 2024 21:05:13 +0000

Its pretty common to see "easy" algorithm problems or potentially build a small simple app as a way to test that you can actually code. I'd say 75% of companies I've interviewed at have at least one algorithm interview with hands-on coding. This seems to be even more true at big tech companies because you're likely debugging software written in multiple languages.

New comment by twunde in "Ask HN: Why is nobody manufacturing low tech electric cars in 2024?"

twunde — Thu, 13 Jun 2024 12:55:25 +0000

If the OP is in the US, Chinese cars are unavailable since they don't meet US standards. Additionally, there is a level of protectionism that will try to prevent them from being introduced in the US.