Hacker News: uto

New comment by uto in "Malicious versions of Nx and some supporting plugins were published"

uto — Thu, 28 Aug 2025 05:34:03 +0000

I observed a VS Code plugin compromise itself after running: "npx exec nx@latest --version".

Is it really that easy to get infected, or am I missing a more dangerous step it took? If this behavior is common, doesn’t it mean you could be exposed even without using a vulnerable plugin version, since it auto-runs @latest scripts just to check the version?

New comment by uto in "Apple: We're not handing over Safari URLs to Tencent, just IP addresses"

uto — Tue, 15 Oct 2019 03:14:25 +0000

They already started censoring the emoji keyboard in HK, this would be even easier to justify as it is "protecting the user".

New comment by uto in "What are some good Linux friendly laptops?"

uto — Thu, 25 Apr 2019 06:56:56 +0000

I've been running Fedora 29 on the Surface Pro 4 for a month or so now. I agree this form factor is almost perfect for a laptop. The screen and keyboard are great for coding.

I'm not sure if I'd recommend this as a primary work machine since you have to compile your own kernel to enable some of the features (touch screen, hibernation etc). Other than that it's been stable and better than I had anticipated.

New comment by uto in "German federal office publishes Windows 10 telemetry analysis"

uto — Mon, 26 Nov 2018 01:12:48 +0000

Pi-hole seems to block windows telemetry domains by default. I don't know how complete the blocking is but there are a lot of domains like the ones listed in this thread on my top blocked domains list.

New comment by uto in "Skylake's Linux power management is dreadful you shouldn't buy until it's fixed"

uto — Thu, 14 Apr 2016 07:46:05 +0000

Interesting. Could you tell which model you have? I have had very few problems in general on my SP4 i7-16GB model. I've had to reset the device maybe once or twice in the last ~4 months.

New comment by uto in "Show HN: Using Google AMP to build a Medium-style Jekyll site that loads in 65ms"

uto — Tue, 15 Mar 2016 06:01:04 +0000

So what's the best practice when it comes to valid html? This seems like a cool technology but trying to validate the https://www.ampproject.org/ site, the w3c validator fails so bad it's not even able to list all errors. The example post does a bit better but is still pretty far from valid html5.

Is there a way to do it in a standardised way or should that even be desired? All browsers I've tried seem to render it fine and quickly (assuming js and the normal bells and whistles).