I think it is due to the homotopy type theory book. There is an elegant connection between category theory and type theory. I guess most of the people submitting category theory to hacker news (or any graduate math) just do it to flex and seem clever.
The precise mathematical definition of obfuscation and what is considered obfuscation for an average software engineer are two very different things.
In fact, the article is only about indistinguishability obfuscation. What is mostly discussed in this thread is the notion of virtual black box obfuscation (VBB).
VBB has been proven to be impossible in the general case (see https://www.wisdom.weizmann.ac.il/~oded/PS/obf4.pdf). There are a few special programs where VBB is feasible, such as point functions, but in general in cannot be achieved.
Indistinguishability obfuscation (iO) means that if you obfuscate two programs that compute the same function, then you cannot distinguish them. Or put in different words, if you get two obfuscated programs, then there is no better way than random guessing (except for a factor that is negligible in some security parameter) to find out if they stem from the same original program.
I am much more familiar with the development in the chess world.
Since Deep Blue beat Kasparov in 1997, there was a lot of progress in the development and the architecture of chess engines. Back then, we did not have neural networks. A lot of the strategies of chess engines are now used by chess grandmasters. As an example, the value of the activity of pieces was underrated in contrast to the value of material.
As there are more generations of chess engines than go engines, it would be quite interesting to pull something similar off against them. My intuition is that it maybe works against Leela, as LeelaChess basically uses only neural networks (think alphago but for chess), whereas it should not work with Stockfish, as some parts of Stockfishs evaluation function are still adjusted by hand.
Users cannot be enumerated using the login, but using the signup. The author then argues that they should add the user enumeration function to the login.
This is similar to: The door is locked, but the window is open. And then consequently it makes no sense to close the door at all, as an attacker can sneak through the window.
Instead, the window should be locked as well, i.e., it should be impossible to enumerate users with the signup function.
Don't bother with that large table at the bottom.