Hacker News: werrett

New comment by werrett in "Agents need control flow, not more prompts"

werrett — Fri, 08 May 2026 04:48:37 +0000

c.f. Linear for Agents

New comment by werrett in "Silicon Valley is turning scientists into exploited gig workers?"

werrett — Fri, 17 Apr 2026 13:27:51 +0000

Yes, let’s pay down the deficit by cutting funding to the sciences. While the latest war is running at ~1 billion a day (we’re in day 48 btw).

https://iran-cost-ticker.com/

New comment by werrett in "My smart sleep mask broadcasts users' brainwaves to an open MQTT broker"

werrett — Sat, 14 Feb 2026 19:44:50 +0000

Yawp. T’was Strava. https://www.theguardian.com/world/2018/jan/28/fitness-tracki...

New comment by werrett in "Awakening Bell"

werrett — Tue, 30 Sep 2025 08:55:55 +0000

There’s Zenitizer by an indie dev

https://apps.apple.com/us/app/meditation-timer-zenitizer/id6...

New comment by werrett in "Trump Orders National Guard to Washington and Takeover of Capital’s Police"

werrett — Tue, 12 Aug 2025 06:49:22 +0000

While appalling I don’t think you would find it 'crushing', even ignoring the jibe about expat conclaves.

Costa Rica’s 17 in 100k is ~2.5 times bigger than the US’ 6 in 100k people killed by homicide.

Thanks to gun crime, the US’ homicide rates are at least 7x the rest of the first world, anglophone, countries where rates are sub 1 in 100k.

By that measure it is 2-3x more confronting, to move from the United Kingdom to the States than it is from the US to Costa Rica.

New comment by werrett in "Anthropic revokes OpenAI's access to Claude"

werrett — Sat, 02 Aug 2025 03:08:53 +0000

You guys are tripping. EULAs have had anti-competition, anti-benchmarking, anti-reverse engineering and anti-disparagement clauses since the late 90s.

These unknown companies called Microsoft, Oracle, Salesforce, Apple, Adobe, … et al have all had these controversies at various points.

New comment by werrett in "The Myth of Developer Obsolescence"

werrett — Tue, 27 May 2025 11:41:16 +0000

> something being a liability and something having upkeep costs are not the same thing.

What would your definition of /liability/ be then? 'An ongoing commitment to pay future costs' is a pretty good one.

New comment by werrett in "I'm Peter Roberts, immigration attorney, who does work for YC and startups. AMA"

werrett — Fri, 16 May 2025 22:09:44 +0000

At least one person has been subject to secondary screening and ultimately denied entry on the accusation that they had two phones.

> I thought I was just going to be given my passport and sent on my way, or maybe asked a couple of questions, but they made some pretty outlandish accusations. They said, ‘We know you have two mobile phones. We’ve been tracking your calls. We know you’ve been selling drugs’.

https://www.theguardian.com/us-news/2025/apr/11/australian-w...

New comment by werrett in "Accountability Sinks"

werrett — Sat, 03 May 2025 14:20:56 +0000

This is the ultimate nihilistic take on security.

Yes, 'cyber' security has devolved to box checking and cargo culting in many orgs. But what's your counter on trying to fix the problems that every tech stack or new SaaS product comes without of the box?

For most people when their Netflix (or HN) password gets leaked that means every email they've sent since 2004 is also exposed. It might also mean their 401k is siphoned off. So welcome the annoying and checkbox-y MFA requirements.

If you're an engineer cutting code for a YC startup -- Who owns the dependancy you just pulled in? Are you or your team going to track changes (and security bugs) for it in 6 months? What about in 2 or 3 years?

Yes, 'cyber' security brings a lot of annoying checkboxes. But almost all of them are due to externalities that you'd happily blow past otherwise. So -- how do we get rid annoying checkboxes and ensure people do the right thing as a matter of course?

New comment by werrett in "New Study: Waymo is reducing serious crashes and making streets safer"

werrett — Thu, 01 May 2025 20:52:57 +0000

I’m a fellow cyclist in SF and can only wholeheartedly second this. To add some extra anxiety, I’m usually riding a cargo bike, ferrying a child to or from daycare.

I still remember the first time I went through a four-way stop intersection and saw a driverless car idling, waiting for its turn. It was weird and nerve-wracking. Now… I’d much prefer that to almost any other interaction at the same spot.

New comment by werrett in "Tailscale has raised $160M"

werrett — Wed, 09 Apr 2025 06:54:52 +0000

I've got conflicted feels about Tailscale. I love their product and a bunch of the people I know use their free tier, including myself.

But their enterprise strategy destroys their good will. I can only assume it's focused on killing old school VPN products. The free tier that we love is a marketing expense. And it’s not even a conversion play.

People are complaining about ~10/user/month -- add basic things that you'd need to manage more than 10 peeps (SAML/SCIM support) and you're talking ~20/user/month. For us, a small sub 200 person company, they immediately lost their chance. We have lots of problems in the security space, some we're willing to spend more than 20/user/month to solve. Legacy network access is not one of them.

New comment by werrett in "ASML's boss has a warning for Europe"

werrett — Sat, 29 Mar 2025 18:21:23 +0000

I doubt it’s a real threat but it would be a country that would happily unsubscribe from US export bans. So Israel or Singapore would be two good options for the chip industry. South Korea or Switzerland you could argue for but are probably less realistic. Maybe Canada now, lol.

New comment by werrett in "ASML's boss has a warning for Europe"

werrett — Sat, 29 Mar 2025 18:15:01 +0000

As well as being disingenuous your whole argument is beside the point. ASML isn’t threatening to move to the US.

The current administration has created day light between the US and EU governments and ASML is using this leverage to try and get the Dutch to ignore US export bans.

Here are some choice exerts so you can continue to avoid clicking on TFA:

> The pressure on asml began to build in 2019, when the Dutch government, at America's urging, barred the company from exporting its advanced euv machines to China... President Donald Trump's second term brings the threat of still tighter controls

> Referring to the Dutch government's willingness to follow America's lead on export bans, Mr Fouquet says that Europe must "decide for itself what it wants" and "should not be dictated to by anyone else".

New comment by werrett in "ASML's boss has a warning for Europe"

werrett — Sat, 29 Mar 2025 18:09:28 +0000

Did you even read the article? ASML is chaffing against American-led export regulations. The Trump government is still very keen on restricting China’s ability to make cutting edge chips.

The threat to move is probably empty. But it’s not a threat to move to the place that is generating their head winds.

New comment by werrett in "‘Bluey’s World’: How a Cute Aussie Puppy Became a Juggernaut"

werrett — Sat, 22 Mar 2025 08:33:20 +0000

Here ya go:

King Stingray does Coldplays's 'Yellow' https://youtu.be/sr3iI8gg2fo

Denzel Curry does Rage against the Machine's 'Bulls on Parade' https://youtu.be/ZY4ywyFXdik

New comment by werrett in "Popular GitHub Action tj-actions/changed-files is compromised"

werrett — Sat, 15 Mar 2025 09:01:56 +0000

Yes. It was probably a maintainer's creds being compromised.

The [malicious commit is masquerading as a commit from Renovate](https://github.com/tj-actions/changed-files/commit/0e58ed867...)((https://github.com/apps/renovate) but it's not a `verified` commit (and so it's trivial for a bad actor to masquerade as them).

https://stackoverflow.com/questions/67609381/why-do-all-my-g...

New comment by werrett in "Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos"

werrett — Sat, 15 Mar 2025 03:17:18 +0000

I mean maybe! But only if you've removed all of the usage of this compromised `tj-actions/changedfiles` action, across all your repos and their branches.

Otherwise, if you continue to use it and it will run anytime there has been a push. Potentially on any branch, not just `main`! Depending on your GH config.

Unless you've blocked `tj-actions/changed-files` you're banking on the bad actor not coming back tonight and making malicious commit that exfils those secrets to pastebin.com.

New comment by werrett in "Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos"

werrett — Sat, 15 Mar 2025 03:13:06 +0000

You can pin GitHub Actions to specific versions or specific commits. But note you can change version tags arbitrarily. In this specific case, the bad actor changes all of the version tags to point to their malicious commit: https://github.com/tj-actions/changed-files/tags

So to avoid that you'd have to pin your GitHub Action to specific commits as outlined in this SO post: https://stackoverflow.com/a/78905195

New comment by werrett in "Popular GitHub Action tj-actions/changed-files is compromised"

werrett — Sat, 15 Mar 2025 03:10:12 +0000

No idea. But they didn't do a great job -- they broke the action, which caused build failures that people were going to notice.

The malicious commit only landed at 09:57 PDT today (March 14) in one specific action (out of a number that is quite popular). Maybe they were planning on coming back and doing proper exfil?

New comment by werrett in "Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos"

werrett — Sat, 15 Mar 2025 03:07:07 +0000

Only commit hashes are safe. In this case the bad actor changed all of the version tags to point to their malicious commit. See https://github.com/tj-actions/changed-files/tags

All the tags point to commit `^0e58ed8` https://github.com/tj-actions/changed-files/commit/0e58ed867...