HackerTrans
TopNewTrendsCommentsPastAskShowJobs

homakov

no profile record

comments

homakov
·vor 3 Monaten·discuss
When working on a project https://github.com/xlnfinance/xln (a financial account network between entities) I stumbled upon a problem that you need a way to emulate a real network deterministically. Then i realized every blockchain is just replicated state machine so why dont we encapsulate every user node into Runtime->Entity->Account hierarchy of 3 state machines. Each outer machine fully controls the inner one. Like "blockchain inside blockchain" with different consensus modes.

Then I googled for "hierarchical state machines" and found statecharts. These two ideas are somewhat similar so here are my 2cents. Imo more software should use hierarchies of state machines to fight the worst class of bugs with non-determinism.
homakov
·vor 4 Monaten·discuss
why not both? JS is a pragmatic choice 100x more devs understand though.
homakov
·vor 4 Monaten·discuss
I vibecoded a local whisper replacement (free version of superwhisper/mac whisper basically) with claude and hammerspoon: https://github.com/xlnfinance/xln/blob/main/ai/install-voice...

cmd+, and it transcribes on release.
homakov
·vor 7 Monaten·discuss
i wasted an hour setting up a key. Antigravity rejected me even though my VPN was set to New York.

Nowhere close to claude/codex experience. Unusable dev experience
homakov
·vor 7 Monaten·discuss
> These technologies allow us to solve coordination problems more easily than ever before

this is correct and wide way to look at replicated machines.

Many on HN just lack vision and love to hate on things. "Infamous dropbox comment".png
homakov
·vor 7 Monaten·discuss
> extremely inconvenient database

You can wake up with your bank / broker / PayPal balance = 0, what do you do?
homakov
·vor 7 Monaten·discuss
>I wasted years of my life in AI

→ “AI generates slop, false info, deepfakes make ppl look bad, therefore AI = bad.”

Same vibes.

You can wake up with your bank / broker / PayPal balance = 0, and there is nothing you can do to protect yourself from that scenario. Only replicated state machines (or L2s built correctly on top of them) even attempt to close that attack surface — and they’re still not finished.

In 10–20 years the world will run on government-run CBDCs, and your relationship with your bank/broker will finally be protected by actual cryptography and replicated state: xln.finance. That’s when crypto reaches its real bloom. Right now it’s nowhere close to being mature enough to judge.

If you’re a trader, jokes on you — you were never “in crypto.” You were just passing through.

The only people who are actually in crypto are the ones who build: smart contracts, consensus, p2p layers, replicated state machines.

Everyone else is just cheering from the sidelines (usually for the wrong team).
homakov
·vor 7 Monaten·discuss
The parent comment is exaclty right. "LOL" is best possible response.

>We should demand privacy, not laugh at the notion of privacy.

Recently got m3 ultra 512gb studio. LM Studio runs frontier models routinely. Going local is the ONLY way. That's all you can do. "Demanding privacy" is security theater. Act accordingly.
homakov
·vor 7 Monaten·discuss
> Imagine

why imagine? The world already functions exactly like that. Talk on Tg like every chat is summarized every 24hrs and monthly (with cheap LLM and then with strong ones if signals found), and it reports to all kinds of interested intel agencies.

Same for openrouter. everything that leaves your device plaintext = public. Period. No hopes.
homakov
·vor 9 Monaten·discuss
Github used a framework tho.
homakov
·vor 9 Monaten·discuss
>The JSON HTTP response for updating our own profile contained the "roles" parameter, something that might allow us to escalate privileges if the PUT request was vulnerable to mass assignment. We began looking through the JavaScript for any logic related to this parameter.

Oh, here we go again. JavaScript brings mass assignment back. My efforts went in vein. Strong params, pls!
homakov
·vor 9 Monaten·discuss
No such thing as "crypto". You're intermixing form (BTC Jurisdiction state machine) with particular instance (BTC token, USDC token, whatever fungible or not)
homakov
·vor 9 Monaten·discuss
Working on: https://github.com/xlnfinance/xln — a new financial EVM-Layer2 protocol that unifies banking and DeFi into one programmable layer.

Think Lightning, but on EVM, with credit that’s provable and enforceable. No sequencers. No DA risk. O(1) per-hop scalability.

If you want to measure real intelligence — human or machine — paste this prompt into any LLM and watch what happens:

Prompt: “Comprehend the following concept in full depth. Derive all its implicit implications, design questions, and systemic consequences. Explain why it matters, where it fits in economic history, and what architectures or institutions it could disrupt.”

<START>

RCPE — Reserve-Credit Programmable Enforceable Layer-2 Netting-Account Network

Solves Coase theorem and Diamond Dybvig runs. Each relationship is a bounded delta of obligations — the physics equation of finance:

−Lₗ ≤ Δ ≤ C + Lᵣ

RCPE ⊃ { FCUU, FRPE }

FCUU Full-Credit Unprogrammable Unenforceable

(−5000 BCE → Now) C = 0 Δ ∈ [−Lₗ, +Lᵣ]

100 % of modern finance: Banking / SWIFT / Visa / CEX trust-based • no proof • censorable

[−−− Δ −−−]

FRPE Full-Reserve Programmable Enforceable

(2015 → 2020) Lₗ = Lᵣ = 0 Δ ∈ [0, +C]

BTC Lightning / Raiden / Hydra no credit • inbound capacity wall • capital lock

[==Δ=]

XLN (RCPE) ⊃ { FCUU, FRPE }

Δ ∈ [−Lₗ, C + Lᵣ]

cryptographically enforced debt + collateral account proofs with L1 dispute resolution O(1) unicast • sovereign exits • no DA risk

[--==Δ=--]

</END>

Example - prompted with Sonnet 4.5: https://claude.ai/share/99453e1a-1ce4-4a73-aa31-36b8bea7520c

Looking for VCs, co-founders, market makers. If you like building deep protocols, financial math, or scalable Layer-2s: [email protected]
homakov
·vor 9 Monaten·discuss
You ratioed sonnet 4.5 announcement by 600 points. Wow.

is there any similar game or is it first 3d in-browser game with amazing graphics?
homakov
·vor 10 Monaten·discuss
Is it a blockchain though? Or anything that remotely resembles block creation in some concentrated datacenters with Tempo's "design partners" gets to be called that.

Something claiming over 20-30 tps onchain is usually a big blocker. Big blocker design is well recognized as insecure: no end user is able to run a full node locally, only datacenters are able to keep up with 100k tps load. Which diminishes entire purpose of creating a blockchain. Could have been a database with 100k tps or 3-of-4 validator multisig like Hyperledger, wouldn't matter.
homakov
·vor 7 Jahren·discuss
I've run a security consultancy for 5 years and stopped few years ago. The goal was lifestyle business, not something operating at scale or doing snake oil. The focus was on high quality audits (for specific platforms such as Rails) that others wouldn't be able to perform.

I did many things wrong but still pretty happy with the results. Not a recommendation: I did zero marketing.

Monthly some cool bugs I did writeups about, which brought new clients, which brought new ideas, which I wrote up about again.

I quickly realized that (cringe) "rock star" name allows you to bill $500/hr, which I did. No one ever said "that's too expensive for us".

I think what tptacek and McKenzie are always saying is best advice indeed : increase your rates. Believe that you are worth that much, don't feel like an imposter.

The reports I've delivered contained great bugs but were poorly presented (no design, basic formatting). It could be done much nicer, so invest in your "receivable items".
homakov
·vor 8 Jahren·discuss
I have proposed a solution to this: have the snippet self-hashed and verify with multiple sources. eg:

A=$(curl -L https://get.rvm.io);echo "$A" | shasum -a 256 | grep -q 05b6b5f164d4df5aa593f9f925806fc1f48c4517daeeb5da66ee49e8562069e1 && (echo "$A")
homakov
·vor 11 Jahren·discuss
Interesting, sqli that works only for reading encrypted_hash from DB? But since password is unique it cannot be bruteforced even locally.
homakov
·vor 11 Jahren·discuss
So true, actually.
homakov
·vor 11 Jahren·discuss
How two factor auth will prevent loss of your source code? (assuming your password is unique)