HackerLangs
TopNewTrendsCommentsPastAskShowJobs

minitech

2,524 karmajoined قبل 11 سنة
24Ω snake and opinionated client-side JavaScript MVVM framework.

comments

minitech
·أول أمس·discuss
Correct, it’s a common misconception/sloppy wording.
minitech
·قبل 9 أيام·discuss
Digitally rented content is rented. My music via Bandcamp/iTunes, my games from their developers’ websites/itch.io/GOG, and my ebooks are owned (for the purposes of the “owned”/“rented” distinction people are making here). Not all physical things are owned, either. Wrong distinction. We can ask for better with respect to digital.
minitech
·قبل 12 يومًا·discuss
Alternative what? Government?
minitech
·قبل 22 يومًا·discuss
> How is this different from struct in C#? A struct in C# has identity

Since when? I’m pretty sure structs didn’t have identity last time I used C#, and that would be a very surprising thing to add.
minitech
·الشهر الماضي·discuss
and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev
minitech
·الشهر الماضي·discuss
This comment is confusing to me on so many levels. What’s with the tangent(?) about a math test your algebra teacher could have generated? Did you bring up an illiterate teacher (extreme outlier) as evidence that the general population has low comfort with written English, or…? (I’m going to resist getting into the rest of the tangent, but it’s really impressively densely perplexing.)

(edit: I’m not going to resist)

> If he could have written (in 2009) "give 20 question test for week 1 algebra II student with answer guide"

Is the “could” here just about AI not existing back then, or does “could not interact with the written language” imply that he could not have written this prompt? Why would he need the output, given that most of it is math? (If we assume he can speech-to-text the prompt, why can’t he do the same for other writing?) If the level of writing of “Write equation of a line in slope-intercept form with slope 3 and y-intercept −2” is the challenge, is he able to read it? What if the output is wrong – who’s going to verify it? Are you presenting this as a good thing? How did/would he grade handwritten written-answer questions?
minitech
·الشهر الماضي·discuss
Not one window, but one application. Which is, yeah, about the worst of both worlds.
minitech
·قبل شهرين·discuss
- CSP that allows cdn.jsdelivr.net/unpkg.com (which serve anything on npm, which anyone can publish to) indiscriminately is not effective (and I’m sure some cdnjs script in an Angular-style library executes arbitrary code in otherwise-benign HTML attributes too)

- rate limiting using a key derived from the freely attacker-settable User-Agent header

- (and storing it in Netlify Blobs, “a highly-available data store optimized for frequent reads and infrequent writes“?)

- “The remaining item — constant-time comparison — is a calculated risk I have accepted for now.” What was the calculation? If Netlify Functions supports Node.js APIs as a quick search suggests, this is just `crypto.timingSafeEqual`. But even better without delving into more complicated options would be to store only a hash of the token to compare against.
minitech
·قبل شهرين·discuss
> in favor of some unlikely cloak and dagger interception scheme

someone who definitely understands how crypto works, describing the most basic possible MITM
minitech
·قبل شهرين·discuss
I know parameters don’t translate directly like that (and that linear and exponential aren’t the only types of growth) but a doubling as a go-to example of “not exponential growth” is pretty funny.
minitech
·قبل شهرين·discuss
ASLR is (still[1]) not security by obscurity.

[1] https://news.ycombinator.com/item?id=43408079
minitech
·قبل 3 أشهر·discuss
> Any TLS break delayed by more than 15 minutes would be worthless.

It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?

Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…
minitech
·قبل 3 أشهر·discuss
> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).

No, that’s not true at all. Granting permission using the folder picker is required.
minitech
·قبل 3 أشهر·discuss
Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).
minitech
·قبل 3 أشهر·discuss
Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)
minitech
·قبل 3 أشهر·discuss
It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.
minitech
·قبل 3 أشهر·discuss
No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)
minitech
·قبل 3 أشهر·discuss
They meant “more appropriate [than an em dash]”. And that minus sign usage of hyphen-minus isn’t unique in Unicode either – see U+2212 MINUS SIGN.
minitech
·قبل 4 أشهر·discuss
People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.
minitech
·قبل 4 أشهر·discuss
That’s what rot13 is for.