HackerTrans
TopNewTrendsCommentsPastAskShowJobs

wlkr

no profile record

Submissions

Nottingham Uni says student records raided after ShinyHunters claims cyberattack

theregister.com
2 points·by wlkr·पिछला माह·0 comments

Leaked plan to end US elections points to WW3. Stephen Fry [video]

youtube.com
7 points·by wlkr·2 माह पहले·1 comments

M5Stack CardputerZero – Pocket Raspberry Pi Computer for Hackers

shop.m5stack.com
2 points·by wlkr·3 माह पहले·1 comments

Phel: A Functional Lisp Dialect for PHP Developers

phel-lang.org
2 points·by wlkr·8 माह पहले·1 comments

Matrix collapses: Mathematics proves universe cannot be a computer simulation

interestingengineering.com
3 points·by wlkr·8 माह पहले·0 comments

comments

wlkr
·20 दिन पहले·discuss
I had a look at the top submissions on the /r/wigglegrams subreddit [0]. It seems that some (including some of those featured in the article) are the more prototypical stereoscopic wigglegram, whereas others are more a stylistic effect.

[0]: https://www.reddit.com/r/wigglegrams/top/?screen_view_count=...
wlkr
·पिछला माह·discuss
Some wider context on this for anyone OOTL.

https://www.theregister.com/security/2026/06/10/nightmare-ec...
wlkr
·2 माह पहले·discuss
I also hate crappy car tablets. For context, though, according to the Ferrari CEO, they are 50% cheaper [0]. I'm not convinced that should matter on a premium badge car (or any car, given safety concerns), but that's for Ferrari's customers to decide.

[0]: https://www.thedrive.com/news/touch-controls-are-50-cheaper-...
wlkr
·2 माह पहले·discuss
At this point I would very much like to get off Mr Bones' Wild Ride but I fear this is going to continue to happen because, from my own exploration at least, a large number of commercial detection strategies are directed at the repo/device/developer level when loading/using a package.

This seems analogous to how we tackle email spam and general malware. It means that there is almost always a target valuable enough for bad actors to continue trying. However, unlike email (mostly...), package managers are centralised authorities (and anything out-of-band is surely the developers problem?).

My ill-informed feeling is that we might need to change the culture of lazy versioning with rapid releases and focus on stable, deeply scanned versions at registries. There will be some effect of volume and scale so I could be off, but it still seems telling that this impacts high-churn languages more often.

I don't know, I would love a comprehensive article that explores the landscape right now.
wlkr
·2 माह पहले·discuss
I didn't say it was necessarily more credible, although I understand that was mentioned further up.

Personally I found the article (not the tweets) much more useful to understand the context of all this, as someone very out of the loop. Certianly more useful to me than a long list of very specific, in my option largely LLM output, points about a codebase I'm entirely unfamiliar with with claims that seem to need a legal team and court case to be meaningful. Slop is somewhat unfair and I'm happy to be disagreed with.
wlkr
·2 माह पहले·discuss
This is much better than the current slop post. Could it be swapped, please @dang?
wlkr
·2 माह पहले·discuss
This might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases.

Looking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.

I've cross-posted my comment from the current SAP supply chain attack thread [0].

[0]: https://news.ycombinator.com/item?id=47964003
wlkr
·2 माह पहले·discuss
This might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases.

Looking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.
wlkr
·2 माह पहले·discuss
This is a brilliantly accessible study, and ripe for some fun follow-ups. It would be interesting to replicate in other continents and with different species. I suspect the mystery will be readily resolved through hypothesis testing under controlled conditions.
wlkr
·3 माह पहले·discuss
Somewhat related HN discussions from a while back when New Zealand sought to do the same [1] [2]. Worth noting that it was later scrapped [3].

[1]: https://news.ycombinator.com/item?id=33970717

[2]: https://news.ycombinator.com/item?id=33967454

[3]: https://www.theguardian.com/world/2024/apr/19/new-zealand-sm...
wlkr
·3 माह पहले·discuss
Hopefully this doesn't seem like advertising - I'm not affiliated with the project in any way. I just particularly enjoy playing with cyberdecks [1] and stumbled upon this while browsing. I continue to have a lot of fun with the uConsole and SDR, but I've long wanted a Cardputer with a bit more oomph. I should add, if anyone is interested in a uConsole, brace yourself for the shipping times... [2].

[1]: https://www.reddit.com/r/cyberDeck/

[2]: https://www.reddit.com/r/ClockworkPi/comments/1fk893z/shippi...
wlkr
·3 माह पहले·discuss
Yes, I also assumed an imperfect system with cases of fraud for the medical exam question and was quite surprised by the overly simplistic response.
wlkr
·4 माह पहले·discuss
Interesting! There's a lot I don't know about this, but I know a little more now. I'll admit, I naively thought this would be more regular than it appears to be [0].

[0]: https://en.wikipedia.org/wiki/Leap_second
wlkr
·6 माह पहले·discuss
I'm very interested to see how some VPN providers react to this. For a zero logs VPN provider, if such a thing can really exist, how big of a problem is this? Presumably many customers pay with a debit/credit card already so there's some PII on file? Usage remains the same? Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.

Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
wlkr
·8 माह पहले·discuss
This seems to have been posted a few times over the years, e.g. [0]. I was impressed and pleased to see that I hadn't missed the boat on this, and in fact, the project seems to still be going very strong [1]!

[0]: https://news.ycombinator.com/item?id=26184044

[1]: https://github.com/phel-lang/phel-lang
wlkr
·8 माह पहले·discuss
Thanks for responding, and, especially recognising the name, thanks for all your work on the Clojure ecosystem! To answer the question, for me personally, it would be largely full-stack web and data science tooling, but that's just me. I was moreso thinking out loud about the posted project and highlighting libraries that could be semi-official or strongly recommended by the community. The Clojure community offers many different libraries that, on the surface, are similar, even if each addresses a particular set of concerns. For a lowly idiot like me without enough time to spend writing code in Clojure, I'd love to just be directed to those used by the experts and have solid backing and anticipated longevity - 'gold star' libraries.
wlkr
·9 माह पहले·discuss
Perhaps a bit cynical, but it seems that as Microsoft continue to shove ads in absolutely everywhere and track everything they possibly can, Apple are content to be just marginally better rather than actually having meaningfully higher standards. Of course, it's business as usual, but we are boiling the frog for the next generation by tolerating it.
wlkr
·9 माह पहले·discuss
It would be helpful to see some additional stats, like the number of issues and the last update. Of course, these are only heuristics, but they are still helpful to see. It's often pointed out that one of the great things about Clojure is that the libraries generally don't need updating that often because the language is pretty stable. However, quite often I do find that libraries have a number of long open issues or depend on outdated, sometimes insecure, versions of Java libraries. I realise that I'm complaining about free code, so 'fork it and contribute' is a valid response, but at the risk of further fragmentation and yet another library that exists for just a short period.

Separately, I do wish Clojure would adopt a bit more of an opinionated way of doing things and coalesce around some solid core/common libraries that the official docs could point to. This year, Clojure didn't make it into the named languages list on the Stack Overflow developer survey (1.2% in 2024). It's clear that it's not all that popular, even though there's some commercial backing and a friendly community, and there just aren't enough developers to support a myriad of different ways of doing things. I do feel there needs to be a focus on getting beginners in, and that means helping them to do things easily.
wlkr
·10 माह पहले·discuss
This is a good article, but in my opinion overlooks changes to the existing display accessibility features as a result of liquid glass (although I appreciate it can't cover absolutely everything). I enable high contrast in light mode (along with some other tweaks, like clearer button indicators). Unfortunately, this is quite a bit worse for me in Tahoe. I'm hoping it improves with future updates but it's annoying. I'm otherwise neutral to slightly negative on liquid glass so far.
wlkr
·10 माह पहले·discuss
It's not quite as pronounced for me, but it still seems to be a bit off. The CSS suggests that the intended font is GT America Extended.