HackerLangs
TopNewTrendsCommentsPastAskShowJobs

minitech

2,524 karmajoined 11 anni fa
24Ω snake and opinionated client-side JavaScript MVVM framework.

comments

minitech
·l’altro ieri·discuss
Correct, it’s a common misconception/sloppy wording.
minitech
·9 giorni fa·discuss
Digitally rented content is rented. My music via Bandcamp/iTunes, my games from their developers’ websites/itch.io/GOG, and my ebooks are owned (for the purposes of the “owned”/“rented” distinction people are making here). Not all physical things are owned, either. Wrong distinction. We can ask for better with respect to digital.
minitech
·12 giorni fa·discuss
Alternative what? Government?
minitech
·22 giorni fa·discuss
> How is this different from struct in C#? A struct in C# has identity

Since when? I’m pretty sure structs didn’t have identity last time I used C#, and that would be a very surprising thing to add.
minitech
·mese scorso·discuss
and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev
minitech
·mese scorso·discuss
This comment is confusing to me on so many levels. What’s with the tangent(?) about a math test your algebra teacher could have generated? Did you bring up an illiterate teacher (extreme outlier) as evidence that the general population has low comfort with written English, or…? (I’m going to resist getting into the rest of the tangent, but it’s really impressively densely perplexing.)

(edit: I’m not going to resist)

> If he could have written (in 2009) "give 20 question test for week 1 algebra II student with answer guide"

Is the “could” here just about AI not existing back then, or does “could not interact with the written language” imply that he could not have written this prompt? Why would he need the output, given that most of it is math? (If we assume he can speech-to-text the prompt, why can’t he do the same for other writing?) If the level of writing of “Write equation of a line in slope-intercept form with slope 3 and y-intercept −2” is the challenge, is he able to read it? What if the output is wrong – who’s going to verify it? Are you presenting this as a good thing? How did/would he grade handwritten written-answer questions?
minitech
·mese scorso·discuss
Not one window, but one application. Which is, yeah, about the worst of both worlds.
minitech
·2 mesi fa·discuss
- CSP that allows cdn.jsdelivr.net/unpkg.com (which serve anything on npm, which anyone can publish to) indiscriminately is not effective (and I’m sure some cdnjs script in an Angular-style library executes arbitrary code in otherwise-benign HTML attributes too)

- rate limiting using a key derived from the freely attacker-settable User-Agent header

- (and storing it in Netlify Blobs, “a highly-available data store optimized for frequent reads and infrequent writes“?)

- “The remaining item — constant-time comparison — is a calculated risk I have accepted for now.” What was the calculation? If Netlify Functions supports Node.js APIs as a quick search suggests, this is just `crypto.timingSafeEqual`. But even better without delving into more complicated options would be to store only a hash of the token to compare against.
minitech
·2 mesi fa·discuss
> in favor of some unlikely cloak and dagger interception scheme

someone who definitely understands how crypto works, describing the most basic possible MITM
minitech
·2 mesi fa·discuss
I know parameters don’t translate directly like that (and that linear and exponential aren’t the only types of growth) but a doubling as a go-to example of “not exponential growth” is pretty funny.
minitech
·2 mesi fa·discuss
ASLR is (still[1]) not security by obscurity.

[1] https://news.ycombinator.com/item?id=43408079
minitech
·3 mesi fa·discuss
> Any TLS break delayed by more than 15 minutes would be worthless.

It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?

Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…
minitech
·3 mesi fa·discuss
> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).

No, that’s not true at all. Granting permission using the folder picker is required.
minitech
·3 mesi fa·discuss
Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).
minitech
·3 mesi fa·discuss
Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)
minitech
·3 mesi fa·discuss
It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.
minitech
·3 mesi fa·discuss
No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)
minitech
·3 mesi fa·discuss
They meant “more appropriate [than an em dash]”. And that minus sign usage of hyphen-minus isn’t unique in Unicode either – see U+2212 MINUS SIGN.
minitech
·4 mesi fa·discuss
People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.
minitech
·4 mesi fa·discuss
That’s what rot13 is for.