Hacker News: wakamoleguy

New comment by wakamoleguy in "Tidal AI Policy"

wakamoleguy — Mon, 29 Jun 2026 13:57:52 +0000

There is only zero incentive if the filter detects AI music reliably. It's still a race between effective detection and cost to generate content, isn't it?

Don't Make Gates Optional, Make Them Flexible

wakamoleguy — Fri, 26 Jun 2026 21:40:05 +0000

Article URL: https://wakamoleguy.com/p/flexible-gates

Comments URL: https://news.ycombinator.com/item?id=48692330

Points: 4

# Comments: 0

New comment by wakamoleguy in "The Future of Email"

wakamoleguy — Fri, 12 Jun 2026 14:57:49 +0000

> A person reading a suspicious email might notice that the sender’s domain has an extra character, or that something about the request feels off. An AI assistant scanning your inbox for items that need action may not slow down to check those things.

I don't quite buy this in either direction (although they are both couched as possibilities, which makes it a pretty safe statement). Humans might notice, but years of annual mandated phishing trainings has led me to believe that humans as a whole are generally not great at noticing.

AI agents OTOH mostly do as they are prompted. If the human prompting them tells them to check these things, they will likely check much more consistently than any human. If the prompt doesn't say to check, the agent won't. But that again falls back to what the human might or might not think about.

New comment by wakamoleguy in "Moving away from Tailwind, and learning to structure my CSS"

wakamoleguy — Sat, 16 May 2026 13:51:10 +0000

What a strange take. LLMs produce plausibly correct output, which is exactly where plain JavaScript and DOM manipulation will result in a spaghetti mess.

Frameworks like React that add structure to the data flow, component encapsulation, and a huge repertoire of patterns to train on, plus Typescript for immediate compile-time feedback loops… those are what LLMs thrive on.

New comment by wakamoleguy in "They Said It Would Cost $54M. We Said "No Thanks.""

wakamoleguy — Thu, 14 May 2026 12:17:06 +0000

I disagree. Especially with AI, it’s far too easy to generate and insert an image with no time, energy, or eye for detail.

Authors do it because it supposedly leads to better engagement, shows up bigger on social media, and breaks up the text. But generally, unless the visual content meaningfully adds to the text content, users will largely ignore it.

New comment by wakamoleguy in "Reviving BrowserID in 2026"

wakamoleguy — Sun, 26 Apr 2026 16:14:41 +0000

Thanks! I have been learning about FedCM recently, but I need to read more. My understanding is that it requires the relying party to allowlist which IdPs it trusts, is that correct? That always seemed like it would make it gravitate towards social sign-ins, and harder for self-hosted email domains to participate.

I haven't come across the Email Verification Protocol yet, will take a look! At a glance, the flow seems almost identical to BrowserID. I'm curious how the UX looks.

New comment by wakamoleguy in "Reviving BrowserID in 2026"

wakamoleguy — Sun, 26 Apr 2026 12:31:14 +0000

That’s real, yeah. I also remember a couple concerns around that privacy as well. One being that if your IdP controls your email, they could probably figure out what sites your communicating with anyways. And perhaps a timing issue with when relying parties fetch the public key to verify assertions?

For bespoke projects, a lot of the privacy concerns go away once I’m using my own authentication in the first place (I control the full stack). So then the value would come more from federation (which is hard to bootstrap) or developer experience. I do still think BrowserID has something going for it there, potentially.

I do wonder if I’ll miss the centralized session management, though. I’m building this IdP to be modular, so I could try a different protocol on top of the user management core down the road.

Thanks for sharing!

New comment by wakamoleguy in "Reviving BrowserID in 2026"

wakamoleguy — Sun, 26 Apr 2026 12:15:51 +0000

That’s how this project started, with trying to take the Persona repo and bringing it up to date. There were two challenges… first, don’t underestimate how hard it is to take a decade old Node repo and run it today. There are no types, many dependencies don’t work on modern Node versions, and upgrading them all together is a nightmare. BrowserID is not a very complex protocol, so rebuilding it gave me an opportunity to use new tools (TypeScript, Bun, Jose for crypto).

And the second reason is that I don’t want to try to be Mozilla Persona. The fallback IdP is a great idea, but y’all have no reason to trust me to be the one to run it. I can sidestep that issue for my own needs today, avoid the complexity of sending emails, and if for some reason this project does pick up any steam we can figure out whether/how to add that functionality down the road.

New comment by wakamoleguy in "Reviving BrowserID in 2026"

wakamoleguy — Sun, 26 Apr 2026 12:05:15 +0000

I’ve tried it in the past. This was a few years ago, so it’s possible it’s changed since then. But the reason I’m not choosing it for myself today is that it relies on either Sign in with Google (fine) or magic links to verify the user. I really don’t want to manage email delivery for this project, which is admittedly a stubborn personal choice. It just adds a lot of complexity that I don’t care to spend time on for hobby projects.

New comment by wakamoleguy in "Reviving BrowserID in 2026"

wakamoleguy — Sun, 26 Apr 2026 11:59:01 +0000

The biggest one I’ve come across is the ability to manage and revoke sessions from a centralized location. With BrowserID, you can’t just sign out of your IdP and expect all relying parties’ sessions to invalidate. Instead, BrowserID asserts that you controlled the email at a point in time, and then it’s up to the site to decide how to manage the session afterwards.

3rd party cookie blocking makes this worse, since it’s difficult to silently refresh your session by checking with the IdP behind the scenes. I believe Auth0 uses a hidden iframe for this, which uses 3rd party cookies and looks a lot like a tracking pixel. Without that refresh mechanism, though, relying parties are pushed to have longer lived sessions, which makes the lack of a global revocation worse.

Reviving BrowserID in 2026

wakamoleguy — Sun, 26 Apr 2026 02:38:51 +0000

Article URL: https://wakamoleguy.com/p/reviving-browserid-in-2026

Comments URL: https://news.ycombinator.com/item?id=47906770

Points: 31

# Comments: 13

New comment by wakamoleguy in "Youth Suicides Declined After Creation of National Hotline"

wakamoleguy — Wed, 22 Apr 2026 18:03:17 +0000

And yet the data shows that they did decline. I'm sure they could be much better, and the response will vary from state to state.

New comment by wakamoleguy in "I wrote to Flock's privacy contact to opt out of their domestic spying program"

wakamoleguy — Tue, 14 Apr 2026 19:41:20 +0000

The data ownership is really interesting, as many threads here are going into. I wonder if it's possible to sidestep that entirely, though! Under the CCPA, "personal information" is defined as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked — directly or indirectly — with a particular consumer or household. That says nothing about ownership.

To the extent that Flock is only storing the data on behalf of their customers, I'd understand they wouldn't be required to delete it. But to the extent that they are indexing it, deriving from it, aggregating it across customers, and sharing it via their platform, it seems they should be required to remove that data from those services.

But then again, I am not a lawyer!

New comment by wakamoleguy in "One item purchased, ten emails"

wakamoleguy — Wed, 08 Apr 2026 18:49:23 +0000

Is there a technical limitation why these never seem to be grouped into a thread? I generally appreciate the updates on my package, but I also value a tidy inbox.

New comment by wakamoleguy in "Shooting down ideas is not a skill"

wakamoleguy — Sun, 05 Apr 2026 02:31:37 +0000

These are all risks. Not all risks need to be mitigated, but some can be. Others can be accepted. Saying “Python is too slow for production scale, but our goal is a small proof of concept,” is a valid answer even if it doesn’t “solve” the complaint. And if you don’t even have that answer, then the burden is not your problem. The lack of due diligence is.

Hello, MDX. Hello, Islands. Goodbye, MDX

wakamoleguy — Mon, 30 Mar 2026 15:35:37 +0000

Article URL: https://wakamoleguy.com/p/hello-mdx-hello-islands-goodbye-mdx

Comments URL: https://news.ycombinator.com/item?id=47575644

Points: 2

# Comments: 0

New comment by wakamoleguy in "A Theory of the World as run by large adult children"

wakamoleguy — Sun, 15 Mar 2026 14:34:28 +0000

I mean, that LLM idea _sounds_ ridiculous, but similar ideas have worked really well in machine learning for games like Chess and AI.

One Task at a Time, Even with AI

wakamoleguy — Fri, 13 Feb 2026 15:06:42 +0000

Article URL: https://wakamoleguy.com/p/one-task-at-a-time-even-with-ai

Comments URL: https://news.ycombinator.com/item?id=47003542

Points: 2

# Comments: 0

AI-DLC Solves the Wrong Bottleneck

wakamoleguy — Wed, 11 Feb 2026 21:07:09 +0000

Article URL: https://wakamoleguy.com/p/ai-dlc-solves-wrong-bottleneck

Comments URL: https://news.ycombinator.com/item?id=46980975

Points: 3

# Comments: 0

New comment by wakamoleguy in "Amazon Ring's lost dog ad sparks backlash amid fears of mass surveillance"

wakamoleguy — Wed, 11 Feb 2026 20:43:53 +0000

It was some attempt at reductio ad absurdum. If you are concerned about letting Alexa into your home, you must be as irrational as Chris Hemsworth. Edit: I'm misusing reductio ad absurdum, but somebody will please tell me what the fallacy here is called.