Hacker News: twunde

New comment by twunde in "The Death of the Brick and Mortar Toy Store"

twunde — Fri, 22 May 2026 02:38:55 +0000

I can't comment about the minimum number of stores, but I do think its the correct idea. I live in a town of ~12000. We have 6.5 bookstores (including the good local thrift store as .5). Stores/restaurants do turn over fairly regularly, so its still tough, but it certainly seems viable. We get a good number of tourists, which helps but I do think you need a mix of restaurants, and a mix of different types of stores. Even as you go to nearby towns with big box stores, they all have downtowns that are doing ok with locally run businesses. Notably the downtowns all are small business focused with few if any box stores

New comment by twunde in "Maryland citizens hit with $2B power grid upgrade for out-of-state AI"

twunde — Sun, 10 May 2026 23:17:18 +0000

Within the US, energy prices for are typically split into supply and distribution rates with taxes and fees added to each of these. There are typically a large number of these fees that are passed through to the consumer, but just are bundled together to reduce confusion. An example fee is one for keeping power plants idle as extra capacity for when it's needed. Electricity has a nationwide market with different prices for spot prices vs long term although if you are big enough you can also get a direct contract to hedge your energy supply prices.

The complaint here is that PJM is spending money on upgrading the long range wires and passing that fee in a way that's not calculated for usage but instead it's likely divided evenly amongst member states. If you're upgrading wires in PA why should Maryland pay for that? These would taking in new/higher fees being passed to consumers.

The long range transmission lines are different than short term transmission lines. The long range ones appear someone to hit electricity from a power plant in California for a business in Baltimore.

New comment by twunde in "Can NPM, pnpm etc. use frontier models to check packages for malware?"

twunde — Fri, 08 May 2026 21:49:01 +0000

This is essentially what some 3rd party vendors do, which is why supply chain malware is typically found in hours now and not weeks.

The reason why npmjs, pypy and other public registries don't do this is because it would likely 10x+ the cost of their infrastructure while not bringing in much new revenue. It's also potentially orthogonal to paint customers needs since it could likely lead to downtime or at least block new releases going out

The comforting lie of sha pinning

twunde — Mon, 30 Mar 2026 13:36:23 +0000

Article URL: https://www.vaines.org/posts/2026-03-24-the-comforting-lie-of-sha-pinning/?trk=feed_main-feed-card_reshare_feed-article-content

Comments URL: https://news.ycombinator.com/item?id=47574126

Points: 4

# Comments: 0

New comment by twunde in "Why do SF billboards hit different?"

twunde — Sun, 29 Mar 2026 23:58:37 +0000

Other airports do have ads for tech companies (Seattle comes to mind) but the concentration is significantly lower.

Billboards are primarily focused on brand awareness since you can't update them frequently and you don't have amazing targeting/attribution data. They're also hyper-geographic specific. For tech companies that means that billboards are most useful when targeting either a specific conference or when targeting people that can make sales decisions.

Sf's billboard space is heavily used by the tech industry because A) you've got a high concentration of consumers for your tech product (developers, marketers, operations, product managers, etc) B) you've got a high concentration of decision-makers in terms of director/VP/execs/consultants going through that airport who may end up making a final decision on your sales. C) you've got a concentration of investors in terms of VC, private equity, angel investors. This helps bring in interest for that next round/acquisition. For your existing investors this means that they've got something to brag about. D) hometown pride. Companies tend to put billboards near where executives travel through since it's a reminder of the work that the marketer is doing. It also helps with hiring and media reputation.

If you compare SF to NYC or Boston, those other cities have a much smaller amount of their workforce in tech (22% compared to 11%). This is especially true if you think about the number of people transferring at these airports. The concentration of customers just isn't there, which is why NYC ads tend to be more consumer driven.

New comment by twunde in "We are building data breach machines and nobody cares"

twunde — Tue, 10 Mar 2026 21:48:53 +0000

For people to care of would have to be like healthcare. The Change Healthcare breach cost 2B+ and led to a huge loss in market share. Or like AMCA, which went bankrupt after the breach (Labcorp's billing company). If you're a health tech company you can no longer insure your way out of the problem over you reach a certain size.

The reality is that we need data breaches to be painful but maybe not company ending events unless it really is sensitive data. As patio11 likes to say the right level of fraud is not zero. There's a middle ground where we can increase company liability or reduce the damage caused by a beach.

New comment by twunde in "The ROI of Exercise"

twunde — Sat, 23 Aug 2025 15:25:41 +0000

If you're in the northeast US it's very common to have free or have to pay a nominal fee for public tennis courts (this may depend on the quality of your town's Park and rec department)

In NYC, it's 15/hr or 100/season. In the town I grew up in it's 20/yr for residents and 40/yr for non residents. I'm my current town it's free. And I suspect that there are waivers/discounts for folks that can't pay that amount.

New comment by twunde in "XZ Utils Backdoor Still Lurking in Docker Images"

twunde — Tue, 19 Aug 2025 03:16:21 +0000

This is much more viable than it was in the past with the advent and adoption of nvm, pyenv etc but the limiting factor becomes system dependencies. The typical example from yesteryear was upgrading openssl but inevitably you'll find that some dependency auto updates a system dependency silently or requires a newer version that requires upgrading the OS.

New comment by twunde in "Amazon Just Happens to Hold Book Sale During Independent Bookstore Day"

twunde — Sun, 27 Apr 2025 05:19:15 +0000

In new England at least, independent bookstores appear to be thriving. The town I'm in (population ~12K) has at least 5 independent bookstores, all in a town with a great library. That's an unusually high number of bookstores but most of the larger towns have at least one independent bookstore.

New comment by twunde in "Ask HN: My father passed away. How do deal with the grief?"

twunde — Wed, 26 Feb 2025 17:26:28 +0000

Something popular in my area, especially in the somatics community, are grief ceremonies ala https://www.earthdance.net/event/grieving-ourselves-whole-ex... although there are several variations. If that feels too new age-y or its not offered near where you live, it may be worth looking for grief groups/bereavement support, either through your preferred religious institution or through the local medical community (they're often supported by your local hospital)

New comment by twunde in "The Profitable Startup"

twunde — Fri, 21 Feb 2025 19:16:55 +0000

VC funding is often required for companies that require a lot of runway prior to selling. The example that comes to mind are database companies like Mongo, dgraph, scylla etc. These require a fair amount of upfront work to create the product before their usable. A different example are industries that require a fair amount of compliance like healthcare, banking etc

New comment by twunde in "Intel doesn't know how to be a foundry," Tim Cook reportedly told TSMC's CEO"

twunde — Wed, 29 Jan 2025 20:45:45 +0000

It's rare but does happen. And frankly I'd only include AWS in the counterpoint. Google really struggled with GCP. Outside of Bigquery and Spanner many/most of the services were custom built for GCP and were not used internally. Hell they built a VM service when basically everything ran on Borg internally

New comment by twunde in "Ask HN: Why aren't cost-minded SME/startups using Linux on laptops even now?"

twunde — Sun, 15 Dec 2024 00:48:29 +0000

https://arstechnica.com/information-technology/2024/04/germa... discusses some places that are moving to Linux and some places where migrations have been reverted. But from personal experience the main issues are in order:

- Is all your software supported on Linux? Are you sure? Do all the features work or are any missing/broken? Have you tested this or are you relying on Sales or docs that are likely wrong? What happens if one piece of software drops Linux support?

- Does using Linux block any future planned projects or make future projects much more complex?

- You now need to spend time with every new hire training folks on the new OS, as well as retraining existing staff.

- Are you going to piss off a lot of staff because you've made their life harder?

- For compliance/security requirements, do you have everything necessary to easily explain to auditors that these computers have the equivalent security (antivirus, monitoring, mdm all with metrics, dashboards and logs)?

Essentially this boils down to a lot of work, which impacts the future flexibility and the morale of the company in order to save a relatively small amount of money. Often times your spending more money on supporting Linux than you're actually saving.

ChromeOS is a modified version of this argument. ChromeOS comes with a strong security and compliance story, and has easy built in management. There's been some adoption in call centers but primarily it's used in schools by students because the school has been given a grant so gets them for free. Even with all that, very free businesses are adopting ChromeOS because a) some workflow they use isn't supported and b) Windows is not significantly more expensive.

New comment by twunde in "Why Scrum is stressing you out"

twunde — Sun, 15 Sep 2024 03:32:32 +0000

Daily stand-ups, the main benefit of which is that managers (EMs/PMs) get daily updates on status. Sprints themselves which promise that a certain amount of work will always get done, without any free time being wasted.

A lot of the ceremonies in general are mostly helpful to the EM/PM. How many things that you're doing are actually improving how you get work done? Especially when you consider how much time is spent on these ceremonies (sprint planning 1 hr, sprint retro 1 hour, daily standup 15-30 minutes. Plus whatever prep is needed and the interruption time.) For many companies this is a 20% or more overhead that's mainly busywork because you still need the additional meetings to understand what you're working on.

New comment by twunde in "Documenting Dance: Keeping Score (2017)"

twunde — Sat, 07 Sep 2024 17:44:00 +0000

Something adjacent is the Underscore dance's glyphs ( https://globalunderscore.com/underscore-glyphs/ ) which describe the patterns/phases of contact improvisation

State Noncompete Tracker

twunde — Fri, 23 Aug 2024 21:58:43 +0000

Article URL: https://pirg.org/edfund/resources/chromebook-churn-report-highlights-problems-of-short-lived-laptops-in-schools/

Comments URL: https://news.ycombinator.com/item?id=41333450

Points: 4

# Comments: 0

New comment by twunde in "Ask HN: Why Implement "Something Went Wrong" Error Messages?"

twunde — Fri, 23 Aug 2024 20:36:56 +0000

Cloudflare historically included trace IDs which were helpful for troubleshooting for customer support/support engineers.

New comment by twunde in "Leveraging AI for efficient incident response"

twunde — Fri, 23 Aug 2024 14:30:45 +0000

Playbooks that I've found value in: - Generic application version SLI comparison. The automated version of this is automated rollbacks (Harness supports this out of the box, but you can certainly find other competitors or build your own) - Database performance debugging - Disaster recovery (bad db delete/update, hardware failure, region failure)

In general, playbooks are useful for either common occurences that happen frequently (ie every week we need to run a script to fix something in the app) or things that happen rarely but when they do happen need a plan (ie disaster recovery)

New comment by twunde in "Smart jerks aren't worth it"

twunde — Wed, 24 Jul 2024 18:22:53 +0000

One issue I've found with cultures that emphasize no jerks is that the pendulum can swing too far that way to the point where its difficult or impossible to provide critical feedback. Not to say that you need to be a jerk to have difficult conversations, they can and should be done with empathy.

New comment by twunde in "Ask HN: How do I figure out what skills are in demand?"

twunde — Mon, 08 Jul 2024 15:42:43 +0000

The market over the last 2ish years is significantly worse then it's been over the past 10 years with the exception of Covid due to the rise of interest rates and change in tax incentives. This has hit large companies pretty hard, so there is a double whammy of fewer jobs from the biggest sources and more competition with other engineers. Anecdotally it does seem to be warming up, but it is uneven with significantly longer timelines to get a new position.

So what can you do? 1. Update your LinkedIn with descriptions of all your jobs so it looks similar to your resume. This should include technologies you've worked with. This is basically doing some SEO work so you get inbound recruiter emails (understanding that the quality of those inbounds will vary dramatically). 2. Apply to jobs directly and actually write cover letters (take a look at Who's Hiring, etc).

In terms of new skills or certifications, it's usually easier to add something adjacent to what you already do instead of learning something completely new. If you're a backend engineer, maybe you learn about data pipelines, or cloud infrastructure. If you're a front-end engineer maybe learn to write some backend code using nodejs. Put a side project on your resume, and ideally online.