HackerTrans
TopNewTrendsCommentsPastAskShowJobs

CoderLuii

no profile record

Submissions

Show HN: DubVox – Translate audio to any lang while keeping the speaker's voice

dubvox.coderluii.dev
2 points·by CoderLuii·3 mesi fa·1 comments

Show HN: HolyCode – OpenCode in Docker. Use your Claude subscription. 30 tools

github.com
2 points·by CoderLuii·4 mesi fa·1 comments

comments

CoderLuii
·3 mesi fa·discuss
[dead]
CoderLuii
·3 mesi fa·discuss
[dead]
CoderLuii
·4 mesi fa·discuss
this is painfully accurate. ive worked in security for years and the tools we trust the most get the least scrutiny because everyone assumes "well its a security tool, it must be secure." the irony is these tools usually run with the highest privileges in the pipeline. trivy sits in CI with access to every secret in your environment and nobody questions it because its supposed to be the thing protecting you.
CoderLuii
·4 mesi fa·discuss
the docker side of this is painful too. every extra dependency in any language means a bigger image, more layers to cache, more things that can break during a multi-arch build. ive been building images that are 4GB because of all the node and python tooling bundled in. micro packages make it worse because each one adds metadata overhead on top of the actual code.
CoderLuii
·4 mesi fa·discuss
160K total is impressive. most landing pages i see are shipping 2-3MB of js before the first paint. the "write your own code" approach gets laughed at but when you actually do it the result is faster, easier to debug, and you dont wake up one morning to find out one of your 200 dependencies got compromised.
CoderLuii
·4 mesi fa·discuss
been doing something similar. the projects ive been building recently use as few dependencies as possible and honestly the maintenance burden dropped significantly. when something breaks you actually know where to look instead of digging through 15 layers of node_modules. people said the same thing to me about it not scaling but the opposite turned out to be true.
CoderLuii
·4 mesi fa·discuss
from a security perspective this is even worse than it looks. every one of those micro packages is an attack surface. we just saw the trivy supply chain get compromised today and thats a security tool. now imagine how easy it is to slip something into a 7 line package that nobody audits because "its just a utility." the download count incentive makes it actively dangerous because it encourages more packages not fewer.
CoderLuii
·4 mesi fa·discuss
this is exactly where i landed too. i build docker images that bundle node tooling and every time i think i understand the build system something changes. require vs import, cjs vs esm, babel vs swc vs esbuild, then half your dependencies use one format and half use the other. the worst part is when you containerize it because now you need it all to work in a clean linux environment with no cached state and suddenly half the assumptions break.