HackerLangs
TopNewTrendsCommentsPastAskShowJobs

quectophoton

no profile record

Submissions

Zealous Autoconfig (2008)

xkcd.com
1 points·by quectophoton·5 mesi fa·0 comments

Atlas: Manage your database schema as code

github.com
2 points·by quectophoton·5 mesi fa·0 comments

comments

quectophoton
·12 giorni fa·discuss
> The equivalent would be if I got carded every time I stepped out of my house just in case I might decide to buy alcohol later.

More like requiring ID verification in fridges just to be able to open them, because they might contain alcohol (probably followed by RFID stuff or something).
quectophoton
·12 giorni fa·discuss
> For one role we got ~70 applications and all CVs looked obviously AI-written.

Were those ~70 applications all of them, or were those ~70 applications the result of an AI filtering from a larger amount?

If the latter, are you sure your AI is not filtering out the hand-written CVs and giving you the ones that have been AI-assisted or AI-written (with or without "the usual AI signs")?
quectophoton
·2 mesi fa·discuss
Don't forget:

* No relative imports.

* The `require` directives from the `go.mod` files of your dependencies are always ignored.

Those two combined, mean that there's no easy way to fork a dependency. It's doable, but some of the maintenance overhead could have been avoided.

We don't even get a `go mod tidy` flag that lets us say, "yes, I understand the risks, just copy any `replace` directives that you find in my dependencies". With a flag like that, even if the `replace` directive is still copied everywhere, at least it's automatically copied during a routine `go mod tidy` invocation.

They already have `// indirect` comments, so those could have a `// indirect, replaced by X` comment or something like that.
quectophoton
·2 mesi fa·discuss
> My recommendation for DNS - on servers - would be to install unbound locally and use that.

At least on Ubuntu 26.04, you can't easily bind Unbound on a WireGuard interface because of services dependency order, so the Unbound service errors during system boot because the WireGuard interface doesn't exist yet. And IIRC neither `ip-transparent` nor `interface-automatic` fixed it.

On Alpine Linux all this just works.
quectophoton
·2 mesi fa·discuss
And when you don't need the Steam Deck for gaming anymore, it is still useful as a home server.
quectophoton
·2 mesi fa·discuss
I don't know, if I didn't know Mullvad or GrapheneOS, and saw ad on TV, I'd probably check it out.

Or an ad about an ISP with IPv6 support, at the very least it would make me check if my current ISP finally added support, and consider options otherwise.

Or one about some new colocation service that happens to open near my location, you bet I'd check out their website and maybe even pay them a visit.

(I don't watch TV, but my point stands.)
quectophoton
·2 mesi fa·discuss
> I am sure ads can work on me, and the HN crowd, if I was targeted.

EU-based cloud, 100% sovereignty, AGPL code, colocation services included. Prepaid balance and SEPA direct debit supported.

[Read more]
quectophoton
·2 mesi fa·discuss
If `docker` is already there, why even bother with `sudo` when you can just:

    docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
Chances are that the person who set up Docker didn't do it properly.
quectophoton
·2 mesi fa·discuss
If it helps, I didn't find anything wrong with your comment.

I appreciate the link and the info :)
quectophoton
·2 mesi fa·discuss
> Humans must not anthropomorphise AI systems.

Can someone explain why this is a bad thing, while at the same time it's a good thing to say stuff like "put a computer to sleep", "hibernate", "killing" processes, processes having "child" processes, "reaping", "what does the error say?", "touch", etc?

To me that's just language, and humans just using casual language.
quectophoton
·2 mesi fa·discuss
A text input field for entering your command line(s), with a text log for the output, does indeed seem to be the crabs of software. Usually with some abstractions that allow you to write longer scripts[1] and just refer to them by a short name or alias, and compose those scripts together from your command prompt.

You could say it's the terminal[2] user interface.

[1]: https://www.merriam-webster.com/dictionary/script

[2]: https://www.merriam-webster.com/dictionary/terminal
quectophoton
·2 mesi fa·discuss
> 1. Go, when I first saw code I wrote almost a decade ago still compiles and runs in Go, I decided to use Go for everything. There were some initial troubles when I started using it a decade ago, but now it's painless.

And fewer dependencies, and fewer vulnerabilities (if any at all, depending on your few dependencies).

Go is "only" a pain when you want to use your own copy of packages (because `replace` directives are always ignored everywhere except on the "root" package), and whenever you want to work with private Git repositories outside of the forges that have hardcoded config in the Go code (like GitHub) (because Go assumes there's an HTTPS server, and the only way to force it to use only SSH is with ugly workarounds AFAIK).

But despite this I still prefer it for personal projects because I can come back after not touching it for years, and the most I need to do is maybe update `golang.org/x/net` or something like that.
quectophoton
·2 mesi fa·discuss
> I'm also not impressed with a carrot disclosure that looks like this. Running a python script to compromise a locally hosted instance? Bruh, you have physical hardware and host shell access. That python script could be doing anything including running as root.

> Show us the exploit hitting a remote server.

Watch out, their script works on HN too, as a proof here's me logging in to YOUR computer's root account (a bit more redacted for obvious reasons):

    $ python3 ./poc/chain_alpha.py --target dangus > out.txt
    $ grep Backdoor out.txt |  sed -r 's@[^:]+$@ [REDACTED]@g'
    [+]   Backdoor admin created: [REDACTED]
    $ grep IP out.txt |  sed -r 's@[^:]+$@ [REDACTED]@g'
    [+]   IPv4 address for dangus: [REDACTED]
    $ grep 'debug2: shell' out.txt
    [+]   debug2: shell request accepted on channel 0
    $ tail -n12 out.txt 
    ================================================================
    [+] COMMAND EXECUTION CONFIRMED!
    ================================================================
    
    Server-side output (received via SSH, with `set -x`):

      + id -u
      0
      + id -g
      0
    
    ================================================================
    $ sha256 ./poc/chain_alpha.py
    c10d28a5ff74646683953874b035ca6ba56742db2f95198b54e561523e1880d7  ./poc/chain_alpha.py
quectophoton
·4 mesi fa·discuss
Out of curiosity, do you have (and want to share) stats about requests per second? It's always nice to know these things for future reference.

No worries if not :)
quectophoton
·4 mesi fa·discuss
I think there was an SMBC comic about this topic, but I don't think I can find it, and the site doesn't exactly make it easy. I don't even remember if it was pre-2020 or not.

It was about how people would get a thing (a robot?) that would repeat whatever they said but in a more fancy way (or something along those lines), to make them sound smarter. Then the people would start depending on these robots to communicate at all, to the point their speech degrades and they start making unintelligible noises that the robots still translate into actual speech.

EDIT: Found it, from 2014: https://smbc-comics.com/index.php?id=3576
quectophoton
·4 mesi fa·discuss
Years later: "The current measures are a step in the right direction, but we have found them insufficient. We are now requiring the use of this specific proprietary binary blob for any action related to the verification process. It will conveniently run as a daemon so its exposed API will be accessible to any application that needs to query it, and it will automatically update itself so you don't have to worry about it, just set it up once and forget about it."

It might also include some additional text like "we have decided to collaborate with systemd to integrate this proprietary binary blob, to maximize the reach and eliminating any pains in the setup process caused by the vibrant ecosystem of package managers, while at the same time avoiding disrupting the development process of the Linux kernel".
quectophoton
·4 mesi fa·discuss
If I had to use AI with neovim I'd probably use https://github.com/ThePrimeagen/99 or one with a similar workflow.
quectophoton
·4 mesi fa·discuss
Except instead of sending through post offices, it'd probably be through "runners" like on Mirror's Edge.
quectophoton
·4 mesi fa·discuss
And even then, getting interviews is one thing, but getting offers is something completely different.

And there's also the advantage of having a current job, instead of an increasingly larger jobless gap that not only decreases your chances over time, but also contributes to the cycle of "less chance -> wider gap -> increased anxiety -> less chance".

Fumble the first few months due to a combination of a lack of interviewing practice, and of job postings that never intended to hire anyway or that are looking for someone that checks literally all their shopping list of boxes, all while still dragging you for a 4-8 journey, and suddenly your position is not that good anymore.
quectophoton
·4 mesi fa·discuss
Not exactly a "news" site, but this is still an example site that you'd expect would have a feed:

https://mistral.ai/news/