Hacker News: wereHamster

New comment by wereHamster in "Filing the corners off my MacBooks"

wereHamster — Sat, 11 Apr 2026 07:42:45 +0000

I bought a light HF acid (rust remover) so I can properly clean titanium parts before anodizing. Worked like a charm...

New comment by wereHamster in "Apple Business"

wereHamster — Tue, 24 Mar 2026 16:44:09 +0000

business.apple.com doesn't work in Firefox, it redirects you to https://business.apple.com/abm_unsupported_browser?reason=Br...

Fuck you Apple.

New comment by wereHamster in "Global Warming Has Accelerated Significantly"

wereHamster — Fri, 06 Mar 2026 15:27:45 +0000

China is already slowing down the addition new fossil fuel power plants. Yes, they still build new ones, yes they generate a lot of emissions. But they are also adding more than the rest of the world combined of renewable (solar, wind) electricity generation each year. Realistically, if China stopped 100% of emissions tomorrow, they'd be in much better position to replace it with clean alternatives than most other countries.

New comment by wereHamster in "Understanding ZFS Scrubs and Data Integrity"

wereHamster — Tue, 20 Jan 2026 09:45:16 +0000

A loooong time age (OpenSolaris days) I had a system that had corrupted its zfs. No fsck was available because the developers claimed (maybe still do) that it's unnecessary.

I had to poke around the raw device (with dd and such) to restore the primary superblock with one of the copies (that zfs keeps in different locations on the device). So clearly the zfs devs thought about the possibility of a corrupt superblock, but didn't feel the need to provide a tool to compare the superblocks and restore one from the other copies. That was the point when I stopped trusting zfs.

Such arrogance…

New comment by wereHamster in "Go.sum is not a lockfile"

wereHamster — Thu, 08 Jan 2026 16:18:38 +0000

Ok. So to answer the question whether the code for v1.0.0 that I downloaded today is the same as I downloaded yesterday (or whether the code that I get is the same as the one my coworker is getting) you basically have to trust Google.

New comment by wereHamster in "Go.sum is not a lockfile"

wereHamster — Thu, 08 Jan 2026 13:02:15 +0000

Let's assume I publish a github repo with some go code, and tag a particular commit with tag v1.0.0. People start using it and put v1.0.0 into their go.mod file. They use the golang proxy to fetch the code (and that proxy does the "verification", according to your comment). Now I delete the v1.0.0 tag and re-create the tag to point to different (malicious) commit. Will the golang proxy notice? How does it verify that the people that expect the former commit under the v1.0.0 tag will actually get that and not the other (malicious) commit?

New comment by wereHamster in "Go.sum is not a lockfile"

wereHamster — Thu, 08 Jan 2026 09:20:55 +0000

Now I understand :) thanks for clarifying

New comment by wereHamster in "Go.sum is not a lockfile"

wereHamster — Thu, 08 Jan 2026 08:44:42 +0000

A lock file, in my world, contains a cryptographic hash of dependencies. go.mod does not, it only lists tags, which are (in git) movable references.

If go.sum has "no observable effect on builds", you don't know what you're building and go can download and run unverified code.

I'm not a go developer and must be misunderstanding something...

New comment by wereHamster in "Deliberate Internet Shutdowns"

wereHamster — Mon, 22 Dec 2025 14:14:51 +0000

I just recently learned of Meshtastic (https://en.wikipedia.org/wiki/Meshtastic) and MeshCore (https://meshcore.nz/), which provide a platform for private and group messaging over P2P LoRa. They don't depend on internet, rely on the community to provide routing nodes, and thus harder to block for governments. It's gaining steam in Europe and can already be used for messaging across wide distances. It's slow though, so forget streaming videos or images. It can only carry messages. But that's often enough to coordinate or spread news.

New comment by wereHamster in "Pricing Changes for GitHub Actions"

wereHamster — Wed, 17 Dec 2025 12:19:01 +0000

I repurposed old M1/M4 Mac Mini's at my workplace into GitHub action runners. Works like a charm, and made our workflows simpler and faster. Persisting the working directory between runs was a big performance boost.

New comment by wereHamster in "Not all OCuLink eGPU docks are created equal"

wereHamster — Mon, 29 Sep 2025 23:18:02 +0000

I just ordered the BD790i X3D mainboard. A while ago Minisforum has been known for their slow BIOS updates, but hope that they have improved their processes since. I'll see…

New comment by wereHamster in "Slack has raised our charges by $195k per year"

wereHamster — Sat, 20 Sep 2025 10:09:16 +0000

We got rid of all Rails apps (that needed a backend). We've moved our Postgres databases to Neon, and run our docker containers on Google Cloud Run (these are containers that don't need to run 24/7, we're paying just a few cents each month, also cold starts are much faster and more reliable than on Heroku).

New comment by wereHamster in "Slack has raised our charges by $195k per year"

wereHamster — Thu, 18 Sep 2025 08:14:36 +0000

We just managed to shut down our last Heroku service a week ago. Good riddance.

New comment by wereHamster in "Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised"

wereHamster — Wed, 17 Sep 2025 06:14:14 +0000

AGPL is a no-go for many companies (even when it's just a tool that touches your code and not a dependency you link to).

New comment by wereHamster in "Campfire: Web-Based Chat Application"

wereHamster — Sun, 07 Sep 2025 18:33:20 +0000

Could it be that they removed /all/ comments from the codebase when they made it public, to not release some sensitive information that was in them?

New comment by wereHamster in "Ask HN: The government of my country blocked VPN access. What should I use?"

wereHamster — Thu, 28 Aug 2025 19:23:04 +0000

A year ago I was traveling through Uzbekistan while also partly working remotely. IKEv2 VPN was blocked but thankfully I was able to switch to SSL VPN which worked fine. I didn't expect that, everything else (people, culture) in the country seemed quite open.

New comment by wereHamster in "BGP.Tools: Browse the Internet Ecosystem"

wereHamster — Thu, 24 Jul 2025 08:56:40 +0000

> Either way, scanning that space is probably a waste of bandwidth

That's what the DoD wants you to think ;)

New comment by wereHamster in "Bypassing GitHub Actions policies in the dumbest way possible"

wereHamster — Wed, 11 Jun 2025 23:04:09 +0000

securityscorecard is easy to integrate (it's a cli tool or you run it as a github action), one of the checks it performs is "Pinned-Dependencies": https://github.com/ossf/scorecard/blob/main/docs/checks.md#p.... Checks that fail generate an security alert under Security -> Code scanning.

New comment by wereHamster in "Stability by Design"

wereHamster — Fri, 09 May 2025 08:55:10 +0000

To be fair, React itself has been exceptionally stable compared to the rest of the JavaScript / Node.js ecosystem. It's the other packages that are causing build failures, not React. Yes, React did deprecate and eventually remove some features, and those were real breaking changes. But it was at a far lower pace than every other package out there.

New comment by wereHamster in "Google Fixes Android Kernel Zero-Day Exploited in Attacks"

wereHamster — Fri, 07 Feb 2025 12:24:54 +0000

Isn't it tragic that both Android and WUFFS are built by the same company? Sounds almost like the left hand doesn't know what the right hand is doing (or willingly ignores).