Hacker News: zekica

New comment by zekica in "Framework Laptop 13 Pro"

zekica — Tue, 21 Apr 2026 19:25:44 +0000

Mainly because Microsoft wants to have "connected standby": the CPU is running in a low power mode (not powered off like "old" S3 sleep), can be turned on periodically and can turn on other devices even when the computer is "sleeping".

My Zen2 based Lenovo laptop has 6-7 hours of battery when doing basic tasks in both Windows and Linux, but sleep on Linux lasts a week while on Windows it's empty in 24 hours.

New comment by zekica in "Keep Android Open"

zekica — Thu, 16 Apr 2026 17:22:06 +0000

This post is everything wrong with the world today. Installing software should not be gate-kept.

Who's to say that some current or future government in the US wouldn't use the data to prosecute dissent guaranteed by the constitution?

New comment by zekica in "Claude Code Down"

zekica — Mon, 06 Apr 2026 17:05:58 +0000

And it can fail in great ways. Last example: I asked claude for a non-trivial backup and recovery script using restic. I gave it the whole restic repo and it still made up parameters that don't exist in the code (but exist in a pull request that's been sitting not merged for 10+ months).

New comment by zekica in "Ubuntu now requires more RAM than Windows 11"

zekica — Sun, 05 Apr 2026 13:03:35 +0000

I think this is a snap issue.

New comment by zekica in "Renewables reached nearly 50% of global electricity capacity last year"

zekica — Thu, 02 Apr 2026 18:28:54 +0000

And they are the only real solution. Demand fitting production is never going to work unless we give up all the autonomy.

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:42:46 +0000

SNI routing is such a bad way to do what should be L3 problem that people implemented PROXY protocol to send information about user's endpoint address without doing MITM.

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:39:09 +0000

All desktop/mobile OSes today use "Stable privacy addresses" for inbound traffic (only if you are hosting something long-term) and "Temporary addresses" for outbound traffic and P2P (video/voice calls, muliplayer games...) that change quickly (old ones are still assigned to not break long-lived connections but are not used for new ones).

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:34:47 +0000

You can do fc00::/7 in addition to public addresses so your lights don't have public address while your phone does.

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:33:16 +0000

And the worst part about CGNAT is that you have two bad solutions:

Either EIM/EIF (preferably with hairpinning) where you can practically do direct connections but you have to limit users to a really low number of "connections" breaking power users.

Or EDM/EDF where users have a higher number of "connections" but it's completely impossible to do direct connections (at least not in any video/voice calling system).

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:26:57 +0000

Trivially easy do direct connections between devices (if desired), no issues when creating VPNs between networks using private ranges.

What would be the disadvantage?

New comment by zekica in "New patches allow building Linux IPv6-only"

zekica — Wed, 01 Apr 2026 18:25:29 +0000

Temporary addresses are used by any Linux distro using NetworkManager (all desktop ones). For server distros, it can differ.

New comment by zekica in "Hacking old hardware by renaming to .zip [video]"

zekica — Sat, 28 Mar 2026 07:54:13 +0000

.docx and .xlsx are also just zip files with XML and attachments. The bad thing is that the XML is Word's internal document structure serialized and behavior for some values is only defined in Microsoft's code.

New comment by zekica in "The gold standard of optimization: A look under the hood of RollerCoaster Tycoon"

zekica — Mon, 23 Mar 2026 11:05:32 +0000

Even gcc's -O0 will do the bitshift, but even dividing with 5 on x86_64 will not do idiv:

        imul    rdx, rdx, 1717986919
        shr     rdx, 32
        sar     edx
        sar     eax, 31
        sub     edx, eax
        mov     eax, edx

New comment by zekica in "WireGuard Is Two Things"

zekica — Thu, 12 Mar 2026 05:59:26 +0000

Minor nitpick: dynamic memory allocation is not used when processing packets, but is when adding/removing clients via netlink.

New comment by zekica in "AirSnitch: Demystifying and breaking client isolation in Wi-Fi networks [pdf]"

zekica — Fri, 27 Feb 2026 07:45:52 +0000

Yes, VLAN isolation prevents this - devices in different VLANs use different GMK keys even when connected to the same network.

New comment by zekica in "AirSnitch: Demystifying and breaking client isolation in Wi-Fi networks [pdf]"

zekica — Thu, 26 Feb 2026 16:25:17 +0000

This only works for one SSID. Even then, one thing that can mitigate this is using Private-PSK/Dynamic-PSK on WPA2, or using EAP/Radius VLAN property.

On WPA3/SAE this is more complicated: the standard supports password identifiers but no device I know of supports selecting an alternate password aside from wpa_supplicant on linux.

New comment by zekica in "LLMs as the new high level language"

zekica — Sun, 08 Feb 2026 07:12:28 +0000

You can't think all the way about refining your prompt for LLMs as they are probabilistic. Your re-prompts are just retrying until you hit a jackpot - refining only works to increase the chance to get what you want.

When making them deterministic (setting the temperature to 0), LLMs (even new ones) get stuck in loops for longer streams of output tokens. The only way to make sure you get the same output twice is to use the same temperature and the same seed for the RNG used, and most frontier models don't have a way for you to set the RNG seed.

New comment by zekica in "Microsoft will give the FBI a Windows PC data encryption key if ordered"

zekica — Sat, 24 Jan 2026 15:08:35 +0000

Only if that authenticator/password manager app is not end-to-end encrypted.

New comment by zekica in "Wine 11.0"

zekica — Mon, 19 Jan 2026 06:41:00 +0000

Both. LGPL doesn't distinguish between commercial and non-commercial use.

New comment by zekica in "GrapheneOS is the only Android OS providing full security patches"

zekica — Sat, 06 Dec 2025 17:10:10 +0000

They have different goals:

GrapheneOS wants to make a FOSS Android with the security model that makes it hard for any bad party to break into the phone.

LineageOS wants to make a FOSS Android that respects user's privacy first and foremost - it implements security as best as it can but the level of security protections differs on different supported devices.

Good news is that if you have a boot passphrase, it's security is somewhat close to GrapheneOS - differing in that third parties with local access to the device can still brute-force their access whereas with GrapheneOS they can't - unless they have access to hardware level attacks.