Hacker News: zaitanz

New comment by zaitanz in "Ask HN: What are you working on? (June 2026)"

zaitanz — Mon, 15 Jun 2026 02:39:59 +0000

A X.509 Certificate lifecycle management, and secrets management SaaS designed from the ground up for home labs all the way up to enterprises. Built in PHP/Laravel and Rust.

https://www.zaita.com

Show HN: TLS Certificate Management and PKI

zaitanz — Fri, 22 May 2026 03:54:09 +0000

Hello! This project is a TLS/X.509 certificate manager and PKI. Designed to provision and install your TLS certificates across public and private endpoints. It's something I created for my home lab, but has quickly expanded as I have been experimenting more and more with AI development tooling.

You can see the product overview: https://www.zaita.com It's architecture and usage is nicely documented: https://docs.zaita.com

Unfortunately, you do need to sign up to have a play, but there is a demo instance that doesn't require a credit card. Just enter an email (I won't send you any emails) and password.

Keen for feedback. I've found the major players in the industry are only interested in Enterprise arrangements. I wanted something I could use in my home lab across my many docker containers etc, but still had cool features like network discovery and certificate transparency log scanning.

Comments URL: https://news.ycombinator.com/item?id=48231769

Points: 10

# Comments: 0

Artificial Intelligence is like the Ford Model T

zaitanz — Sun, 11 May 2025 23:51:38 +0000

Article URL: https://www.zaita.com/blog/ai-is-like-ford-model-t

Comments URL: https://news.ycombinator.com/item?id=43958277

Points: 3

# Comments: 0

New comment by zaitanz in "Show HN: Boldly go where Gradient Descent has never gone before with DiscoGrad"

zaitanz — Sun, 26 May 2024 22:06:32 +0000

So this confuses me slightly and I am keen to know the advantage of using this. I work on projects that heavily use auto-differentiation for complex models. The models are defined by user input files at run-time, so the state and execution pathway of the model is unknown at compilation time. Would this help?

Given that all auto-differentiation is an approximation anyways. I've found existing tooling (CppAD, ADMB, ADOL-C, Template Model Builder (TMB)) work fine. You don't need to come up with a differentiable problem or re-parameterize. Why would I pick this over any of those?

New comment by zaitanz in "How to write unit tests in C++ relying on non-code files?"

zaitanz — Fri, 23 Feb 2024 03:21:03 +0000

The platforms I work on function solely on user defined input files. For unit tests we have example configuration files stored in the application as strings (and #ifdef'd away for non unit test builds). Then we split the file loading to allow loading from memory (string/stream).

This works so well, we actually package a library with our binary that contains the unit tests so the end user can run them locally without having to download/build anything. This has been super useful in identifying calculation differences between Linux/Windows/MacOS and processors. When a user reports an issue, we can ask them to run the unit tests just by running (./binary --test) and then give us the results.

New comment by zaitanz in "Does my site need HTTPS?"

zaitanz — Mon, 31 Jan 2022 22:53:03 +0000

If you have cronjobs/scheduled tasks running every day to try and renew the certificate (as recommended), then you'd not have any issues with them revoking. Any certificates that are going to be revoked will be renewed before then; this is how LE works. They gave 5 days notice, and during that 5 day period any certificates that will revoked would be renewed.

For multiple servers running the same domain, you can configure them all the same and they will get certificates fine. If required, they will get a new certificate from LE; if this is not required then LE will provide the current certificate to the server. There maybe a short time where the actual certificate on two servers maybe different, but both would still be considered valid. So there really shouldn't be any plumbing required. (edit: This is dependent on you having a sensible way to load balance them. If you're just running IP round-robin then it's going to be difficult, but that is what scp and custom routes are for).

I use LE for multiple domains, on multiple systems. Internal and external with no issue. I've even had certificates revoked by LE and it's never had any operational impact.

New comment by zaitanz in "Ask HN: What's the best way to secure your workstation?"

zaitanz — Sun, 28 Nov 2021 23:30:06 +0000

In general, we will always start from a position of considering a developer machine to be infected. This is part of the Zero trust approach to security. We work with defense in depth. If the developer machine isn't trustworthy, and the developer isn't trustworthy, how do we best protect our systems and client data?

As you move through from code to production we have multiple stage gates and steps.

- From a code perspective, we use dependency and code scanning (yarn audit, sonarcloud, sonarcube etc). Sonarcloud has nice IDE integrations.

- Code is pushed and is picked up by a pipeline, further scans are done looking for vulnerabilities/CVEs etc. If any significant ones are found, the pipeline fails (yarn audit, sonarcloud, sonarcube, Palo Alto container scanner, docker bench etc)

- The pipeline deploys to test and does automated checking

- Prior to a production deployment, the pipeline must be manually approved.

- Once in production, we use further scanning and monitoring (Security Hub/Centre, Tenable, SIEM)

Our developers have no direct ability to change the production systems in any way. But, they can write code and commit to our Git repository as much as they want. Everything from that point is automated (except for manual approvals).

Ransomware – Unauthorized access to Fujifilm servers

zaitanz — Wed, 02 Jun 2021 23:44:27 +0000

Article URL: https://www.fujifilm.com/jp/en/news/hq/6642#

Comments URL: https://news.ycombinator.com/item?id=27375401

Points: 64

# Comments: 49

New comment by zaitanz in "Minecraft – A Game of Slavery and Torture"

zaitanz — Tue, 16 Mar 2021 23:03:00 +0000

Oh that's really interesting and an area I hadn't considered writing about. But forced breeding in animals and the villagers is very much part of setting up the farms and villager professions.

New comment by zaitanz in "Minecraft – A Game of Slavery and Torture"

zaitanz — Tue, 16 Mar 2021 22:51:23 +0000

Ahhh yes. The chicken farms where the chickens are flushed down a hole and automatically killed and cooked for you.

Minecraft – A Game of Slavery and Torture

zaitanz — Tue, 16 Mar 2021 22:39:59 +0000

Article URL: https://blog.zaita.com/minecraft-slavery-and-torture/

Comments URL: https://news.ycombinator.com/item?id=26484160

Points: 5

# Comments: 4

Digital Automation of Security Assurance Work-Flows

zaitanz — Mon, 22 Feb 2021 21:45:15 +0000

Article URL: https://blog.zaita.com/automating-security-assurance/

Comments URL: https://news.ycombinator.com/item?id=26231083

Points: 1

# Comments: 0

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Sat, 30 Jan 2021 06:42:13 +0000

Thank you for your reply. I'm going to just lift your explanation as it's much better than my own.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Sat, 30 Jan 2021 01:21:46 +0000

Most likely. You can check with the pastebin code https://pastebin.com/thTapSgn . Local and Thread outputs should be the same.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:30:36 +0000

This is very true. Once upon a time -o3 would enable fast-math. We're very careful to ensure we use test models to verify the outputs of release binaries. Enabling fast-math as you have said optimises the equations in a way that produces different results.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:21:46 +0000

TBH. I had no idea this was a thing either. I was incredibly confused when I identified a single piece of code that was producing an variation in result.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:16:48 +0000

Yes this is technically true, but it manifests itself through use of the MinGW compiler. When I first noticed the problem, there was very little indication as to the cause.

TBH I accredit dumb luck more than anything to finding the cause of this. It took many hours.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:15:05 +0000

Op here. There is a huge amount of scientific code written in C++. Just have a look through https://www.coin-or.org/

This code was specifically C++ because we had the intention of integrating with libraries like CppAD and ADOL-C.

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:13:37 +0000

Op here. Yea this only occurs on Windows with MinGW. Visual C++ and Clang do not have this issue. None of the Linux compilers I tested also had this issue.

And yea you're right on the associative mistake. Will correct this :)

New comment by zaitanz in "Weird compiler bug – Same code, different results"

zaitanz — Fri, 29 Jan 2021 23:12:28 +0000

Op Here. Yes you are correct. Been very sleep derived when I wrote this (newborns eh). I'll update this.

I didn't want to go too far into the background of floating point math in the post as it wasn't ultimately the issue, just something I was mindful of.