HackerLangs
TopNewTrendsCommentsPastAskShowJobs

TZubiri

1,879 karmajoined vor 6 Jahren
{ Roles: Backend dev,

Language stack: CPython, Operating System: POSIX, Jurisdiction: Argentina, Games: [Piano,Chess], contact: hackernews at tomaszubiri dot $ThatCommercialVerisignTLD ( Sorry for the puzzle, but you know how it is with spam.) }

Submissions

Ask HN: Anyone notice World Cup video feeds look like AI?

4 points·by TZubiri·vor 19 Tagen·2 comments

Asked ChatGPT to disable the copy.fail module, it enabled it instead

chatgpt.com
3 points·by TZubiri·vor 20 Tagen·0 comments

Asked ChatGPT, how to recover data from disk, "run wipefs"

chatgpt.com
1 points·by TZubiri·vor 24 Tagen·4 comments

GitHub Source code leaked. Be prepared

twitter.com
8 points·by TZubiri·vor 2 Monaten·4 comments

Xkcd 2510 (2021 AD) describes LLM generated code

xkcd.com
8 points·by TZubiri·vor 3 Monaten·0 comments

NullFramework: A no-op framework (for Python)

github.com
2 points·by TZubiri·vor 5 Monaten·3 comments

comments

TZubiri
·vor 2 Stunden·discuss
Why the air quotes? Evading a ban and using (potentially ill gotten) residential ips to circumvent that refusal of service, is a bad actor.
TZubiri
·vor 2 Stunden·discuss
>We have not gone with tools like Anubis, partly because it causes annoying delays for those trying to get to the site, but also partly because it seems inevitable that the scrapers will eventually find their way around it. Indeed, there are some indications that is already happening. A proof-of-work requirement is not a huge obstacle when you have millions of other people's machines to do the work on.

The first argument that it introduces delays to users is solid, but I would advise reconsidering on the second one that a PoW workaround will be found. The moment it does you'll be able to tell because Bitcoin will crash to 0.

Will bots use infected computers to do compute to work around it? Maybe, but it requires a CPU in addition to a network reputation, 2 mechanisms are stronger than one.
TZubiri
·gestern·discuss
Did you see the article about how security is becoming PoW? Whoever spends more tokens wins
TZubiri
·gestern·discuss
Some see a 30 year old system and think "outdated", I see a 30 year old system and think "time tested."

Clearly a process per connection is more stable and that's what I'm using.

It's unclear what problem such optimizations are solving anyway, with the old way you could only support a million concurrent users with a single server? Are we missing out on supporting ten million concurrent users with 2 servers instead of 10? Ostensibly reducing the minimum db hardware opex for a 10B$ company from 10k$/month to 2k$/month?
TZubiri
·vorgestern·discuss
>You never really could.

You can, open a TCP socket on port 25 to $IP, and just start sending email headers.

You can also use local domains, no DNS.

You can also leave a file in the /var/mail directory with the filename of the user.
TZubiri
·vorgestern·discuss
>Missed opportunity to get rid of SPF.

> you should reject it, regardless where it came from.

Just don't use it yourself then?

"v=spf1 ?all"
TZubiri
·vorgestern·discuss
Right, and when you don't configure DMARC successfully and the recipient requires DMARC, then you cannot send email successfully.
TZubiri
·vorgestern·discuss
Is this standarized terminology in some RFC like SMTP? Or is it presumably some well established folk lingo?
TZubiri
·vorgestern·discuss
You can't have the cake and eat it too.

Either you use cheap infrastructure that attackers can buy by the bulk for sybil attacks.

Or you pay a reasonable price for a slice of an IP block that doesn't share its reputation with elcheapos.
TZubiri
·vorgestern·discuss
When contacting support:

"Please upload a screenshot of the error by dragging a zip of the png file."
TZubiri
·vorgestern·discuss
And if there's a form or something with a backend? Just break?
TZubiri
·vorgestern·discuss
The argument would be that they sell the kevlar and the guns

Kevlar:

https://developers.cloudflare.com/bots/ https://www.cloudflare.com/products/turnstile/

Guns:

https://support.cloudflarewarp.com/

To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.

But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.

To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.

By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
TZubiri
·vor 3 Tagen·discuss
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2022...
TZubiri
·vor 3 Tagen·discuss
Nope, I've rented a dedicated server through OVH and I never had to touch a single cable or change a single disk.

I also dealt with owned servers and I had to deal with power outages and gas based generators, internet outages caused by too high trucks taking out a data line, and UPS beeping because their battery life was nearing zero.

So there's a non trivial difference there.
TZubiri
·vor 3 Tagen·discuss
If you write a program in python, say a hello world:

'

def hello_world():

  print("hello, world")
'

Is that not python? Yet it uses a subset of python?

That program can be run by either a python runtime, or a python subset runtime.

Now if you were to run a python subset program, like a hello world, you would get:

'

def hello_world():

  print("hello, world")
'

Whoah, it's the same thing.

Turns out every program you write with a subset of a language, is valid for the super language.

Subjectively also, if the subset is big enough, it feels like that language, if it uses 'def' for functions, that's python. 'I know it when I see it' kinda deal.

I think the confusion comes from the mathematical folk reading "subset of X is X", and implying that "subset of X=X". But this is natural language, not mathematical language, when I say that "dog is mammal", I'm not saying that "dog = mammal" I'm saying that "dog ∈ mammal", and "subset of python ∈ python"
TZubiri
·vor 4 Tagen·discuss
There seems to be some confusion, although one other user interpreted the same thing, I still believe it's a misinterpretation.

I said dedicated servers, I never said anything about owning or managing the hardware. You can rent a dedicated server.

The decision to virtualize and the decision to own the hardware are separate decisions.
TZubiri
·vor 4 Tagen·discuss
that compiles to C presumably, not to machine code
TZubiri
·vor 4 Tagen·discuss
>1. It's not Python by any means, it's a subset with its own runtime, its own quirks and nuances;

A subset of python is python. Half a tomato is still tomato

>2. It will be impossible to maintain parity with CPython without AI assistance

What does that even mean? If you would have said that it's impossible to update to python 3.15 of further, I'd get it.
TZubiri
·vor 4 Tagen·discuss
hey, here's a good rule of thumb.

If you share resources, that reduces costs, but increases security risks.

choose whether to share a filesystem, an OS, a kernel, hardware, or just use a dedicated server.

The economics of sharing resources are all in a tiny sliver of the budget spectrum, the shoestring budget range :

0-1$/mo: serverless

1$-5$/mo containers

5$-200$/mo Virtual Machine(s)

200$-1Billion$/month , at least one dedicated server

So if your hourly is worth anywhere upwards of 5$/hr, and your project has any semblance of seriousness, just use a dedicated server, and avoid a whole class of LPE vulnerabilities just to save some $.

Businesses have expenses, let's stop pretending that all of these non dedicated server infrastructures are serious. Shell out 200$/month or stick to hobby status.

No, I don't sell dedicated servers, but I should
TZubiri
·vor 5 Tagen·discuss
Those that ask for trust, deserve no trust.