HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thewisenerd

no profile record

Submissions

Code Orange: Fail Small is complete. The result is a stronger Cloudflare network

blog.cloudflare.com
2 points·by thewisenerd·il y a 2 mois·0 comments

comments

thewisenerd
·il y a 10 jours·discuss
podman's been great for me on macOS for testing stuff quick; which earlier used to need a whole limactl[3]/virt thing.

you can set it up with qemu-user-static for --platform linux/amd64; i don't remember which i exactly used, or if official docs have been updated for it but looked something like [1]

there is one sneaky bug in qemu that breaks uv [2] for cross-platform targets so i keep having to fall back to lima for that, but great otherwise.

[1]: https://www.itix.fr/blog/qemu-user-static-with-podman/ [2]: https://github.com/astral-sh/uv/issues/16024 , https://gitlab.com/qemu-project/qemu/-/work_items/3130 [3]: https://lima-vm.io/
thewisenerd
·il y a 12 jours·discuss
puppy linux on a live USB here :)
thewisenerd
·il y a 15 jours·discuss
from the author's mastodon post [0]

    I just published Fintech Engineering Handbook distilled from 6 years of tears, sweat and swears. 
    It’s a free ~25-page resource with various hints and patterns around handling money. 
    Tell me what you think!
other than that, peruse the commits on the source [1], or wait for the author to respond.

[0]: https://mas.to/@krever/116814803588993437

[1]: https://github.com/Krever/fintech-engineering-handbook/commi...
thewisenerd
·il y a 20 jours·discuss
semantics become extremely relevant when "proxies" start caching.
thewisenerd
·il y a 24 jours·discuss
mine's `scratch/`

hasn't tripped me up (yet)
thewisenerd
·il y a 2 mois·discuss
> we brought down image creation time to mere seconds, even for images that were multiple GiB in size

this sounds interesting; for e.g., was wondering the other day if we could build images without actually pulling base images.. everytime we compile, we copy artifact(s) onto a multi-hundred MB base image which definitely doesn't need to be pulled everytime.
thewisenerd
·il y a 2 mois·discuss
on youtube: https://www.youtube.com/watch?v=E7vFdy4BEAY

not sure if i saw the link in the blog; but the youtube video attaches TFA as the companion blog post.
thewisenerd
·il y a 2 mois·discuss
> None of these are the most efficient way to do this (you can use git show and git log -S or maybe git grep to accomplish something similar), but personally I always forget the syntax and navigating a filesystem feels easier to me.

i feel like some of the old-school commands will benefit from long args, e.g., '--search'. at the time of writing, the current `git log` documentation[1]'s `-S' has _one_ instance of the word 'search'.

(un)related to the article, author went on to contribute documentation updates to git, which were much needed [2]

[1]: https://git-scm.com/docs/git-log#Documentation/git-log.txt--... [2]: https://jvns.ca/blog/2026/01/08/a-data-model-for-git/
thewisenerd
·il y a 3 mois·discuss
slightly related, one of the more interesting issues i've faced due to mitm tls by the $job mandated CASB (cloud-access security broker)

is when python 3.13 [1] introduced some stricter validations and the CASB issued certs were not compliant (missing AKI); which broke REQUESTS_CA_BUNDLE/SSL_CERT_FILE for us

[1] https://discuss.python.org/t/python-3-13-x-ssl-security-chan...
thewisenerd
·il y a 3 mois·discuss
thankfully more and more projects are supporting the "standard" SSL_CERT_DIR/SSL_CERT_FILE environment variables [1]

i think requests is a tricky one, as it _should_ be supporting it already based on the PR [2], but looks like it was merged in the 3.x branch and idk where that is, release-wise.

there is also native TLS on linux (idk what exactly you call it); but

    cp cert.pem /usr/local/share/ca-certificates/cert.pem && update-ca-certificates
all languages also seem to have packages around providing cert bundles which get used directly (e.g., certifi [3]), which does cause some pain

[1] https://github.com/rustls/rustls-native-certs/issues/16#issu...

[2] https://github.com/psf/requests/issues/2899

[3] https://pypi.org/project/certifi/
thewisenerd
·il y a 3 mois·discuss
we recently moved to a similar approach, inspired by gondolin which does the same: https://earendil-works.github.io/gondolin/secrets/

an 'mitm' tls proxy also gives you much better firewalling capabilities [1], not that firewalls aren't inherently leaky,

codex's a 'wildcard' based one [2]; hence "easy" to bypass [3] github's list is slightly better [4] but ymmv

[1] than a rudimentary "allow based on nslookup $host" we're seeing on new sandboxes popping up, esp. when the backing server may have other hosts.

[2] https://developers.openai.com/codex/cloud/internet-access#co...

[3] https://embracethered.com/blog/posts/2025/chatgpt-codex-remo...

[4] https://docs.github.com/en/copilot/reference/copilot-allowli...
thewisenerd
·il y a 3 mois·discuss
well, there was this, a while back: "experiencing a critical and recurring email delivery issue affecting recipients at outlook.com, live.com, hotmail.com, and msn.com"

"Emails to Outlook.com rejected due to a fault or overzealous blocking rules"

https://www.theregister.com/2026/03/04/users_fume_at_outlook...

discussed here: https://news.ycombinator.com/item?id=47246044
thewisenerd
·il y a 3 mois·discuss
they should also charge a reasonably larger annual fee for reserving a short suffix and allow re-selling custom word prefixes..
thewisenerd
·il y a 7 mois·discuss
inb4 "tailscale hurr durr",

if you are using tailscale already, with it setup as the DNS resolver,

you can setup NextDNS as the global resolver within tailscale[1];

i'm not sure exactly how much my latency's being affected, but am at something like 900k queries/mo and don't really notice it

[1] https://tailscale.com/kb/1218/nextdns
thewisenerd
·il y a 7 mois·discuss
one of the non-intrusive approaches i have for this [1] is kubenetmon[2] which uses a kernel feature called nf_conntrack_acct to have counters for (src, dst).

it's not perfect [3] but gets the job done for me

[1] not as much "control" as it is "logging", of sorts; "especially when you just need to answer “what is my cluster talking to?”"

[2] https://github.com/ClickHouse/kubenetmon / https://clickhouse.com/blog/kubenetmon-open-sourced

[3] if you have a lot of short-lived containers, you're likely to run into something like this: https://github.com/ClickHouse/kubenetmon/issues/24

edit: clarifying [1]
thewisenerd
·il y a 7 mois·discuss
it's an ad, for what?

i do not see a product upsell anywhere.

if it's an ad for the author themselves, then it's a very good one.
thewisenerd
·il y a 7 mois·discuss
it'd be great if they can couple this with an SLA for GitHub actions so we won't have to end up paying as much..

(ofc, that'd only mean they stop updating the status page, so eh)
thewisenerd
·il y a 7 mois·discuss
discussed 2 years ago,

https://news.ycombinator.com/item?id=38790597

4B If Statements (469 comments)
thewisenerd
·il y a 7 mois·discuss
> Hey! I asked AI for this code, do you think this will work? I think you should use it.

unfortunately this problem preceeds AI, and has been worsened by it.

i've seen instances of one-file, in-memory hashmap proof-of-concept implementations been requested to be integrated in semi-large evolving codebases with "it took me 1 day to build this, how long will it take to integrate" questions
thewisenerd
·il y a 7 mois·discuss
discussed a couple days ago: https://news.ycombinator.com/item?id=46191993

AWS introduces Graviton5–the company's most powerful and efficient CPU (14 comments)