HackerLangs
トップ新着トレンドコメント過去質問紹介求人

minitech

2,524 カルマ登録 11 年前
24Ω snake and opinionated client-side JavaScript MVVM framework.

コメント

minitech
·一昨日·議論
Correct, it’s a common misconception/sloppy wording.
minitech
·9 日前·議論
Digitally rented content is rented. My music via Bandcamp/iTunes, my games from their developers’ websites/itch.io/GOG, and my ebooks are owned (for the purposes of the “owned”/“rented” distinction people are making here). Not all physical things are owned, either. Wrong distinction. We can ask for better with respect to digital.
minitech
·12 日前·議論
Alternative what? Government?
minitech
·22 日前·議論
> How is this different from struct in C#? A struct in C# has identity

Since when? I’m pretty sure structs didn’t have identity last time I used C#, and that would be a very surprising thing to add.
minitech
·先月·議論
and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev
minitech
·先月·議論
This comment is confusing to me on so many levels. What’s with the tangent(?) about a math test your algebra teacher could have generated? Did you bring up an illiterate teacher (extreme outlier) as evidence that the general population has low comfort with written English, or…? (I’m going to resist getting into the rest of the tangent, but it’s really impressively densely perplexing.)

(edit: I’m not going to resist)

> If he could have written (in 2009) "give 20 question test for week 1 algebra II student with answer guide"

Is the “could” here just about AI not existing back then, or does “could not interact with the written language” imply that he could not have written this prompt? Why would he need the output, given that most of it is math? (If we assume he can speech-to-text the prompt, why can’t he do the same for other writing?) If the level of writing of “Write equation of a line in slope-intercept form with slope 3 and y-intercept −2” is the challenge, is he able to read it? What if the output is wrong – who’s going to verify it? Are you presenting this as a good thing? How did/would he grade handwritten written-answer questions?
minitech
·先月·議論
Not one window, but one application. Which is, yeah, about the worst of both worlds.
minitech
·2 か月前·議論
- CSP that allows cdn.jsdelivr.net/unpkg.com (which serve anything on npm, which anyone can publish to) indiscriminately is not effective (and I’m sure some cdnjs script in an Angular-style library executes arbitrary code in otherwise-benign HTML attributes too)

- rate limiting using a key derived from the freely attacker-settable User-Agent header

- (and storing it in Netlify Blobs, “a highly-available data store optimized for frequent reads and infrequent writes“?)

- “The remaining item — constant-time comparison — is a calculated risk I have accepted for now.” What was the calculation? If Netlify Functions supports Node.js APIs as a quick search suggests, this is just `crypto.timingSafeEqual`. But even better without delving into more complicated options would be to store only a hash of the token to compare against.
minitech
·2 か月前·議論
> in favor of some unlikely cloak and dagger interception scheme

someone who definitely understands how crypto works, describing the most basic possible MITM
minitech
·2 か月前·議論
I know parameters don’t translate directly like that (and that linear and exponential aren’t the only types of growth) but a doubling as a go-to example of “not exponential growth” is pretty funny.
minitech
·2 か月前·議論
ASLR is (still[1]) not security by obscurity.

[1] https://news.ycombinator.com/item?id=43408079
minitech
·3 か月前·議論
> Any TLS break delayed by more than 15 minutes would be worthless.

It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?

Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…
minitech
·3 か月前·議論
> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).

No, that’s not true at all. Granting permission using the folder picker is required.
minitech
·3 か月前·議論
Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).
minitech
·3 か月前·議論
Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)
minitech
·3 か月前·議論
It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.
minitech
·3 か月前·議論
No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)
minitech
·3 か月前·議論
They meant “more appropriate [than an em dash]”. And that minus sign usage of hyphen-minus isn’t unique in Unicode either – see U+2212 MINUS SIGN.
minitech
·4 か月前·議論
People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.
minitech
·4 か月前·議論
That’s what rot13 is for.