HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mtlynch

14,552 karmajoined há 9 anos
I blog about software and entrepreneurship at https://mtlynch.io

I'm writing a book to help developers improve their writing at https://refactoringenglish.com

Submissions

How to Write an Effective Software Design Document

refactoringenglish.com
3 points·by mtlynch·há 12 dias·1 comments

How to Write an Effective Software Design Document

refactoringenglish.com
3 points·by mtlynch·há 15 dias·1 comments

How to Write an Effective Software Design Document

refactoringenglish.com
4 points·by mtlynch·há 17 dias·8 comments

My Arduino spins faster when Claude burns more tokens

terminalbytes.com
5 points·by mtlynch·há 2 meses·1 comments

Job Search – Unreasonable Expectations

eric.mann.blog
1 points·by mtlynch·há 2 meses·0 comments

North Korea uses AI to industrialize attacks on developers

expel.com
6 points·by mtlynch·há 3 meses·0 comments

Claude Code Found a Linux Vulnerability Hidden for 23 Years

mtlynch.io
10 points·by mtlynch·há 3 meses·2 comments

Which Design Doc Did AI Write?

refactoringenglish.com
2 points·by mtlynch·há 3 meses·1 comments

Which Design Doc Did a Human Write?

refactoringenglish.com
2 points·by mtlynch·há 4 meses·0 comments

Which Design Doc Did a Human Write

refactoringenglish.com
4 points·by mtlynch·há 4 meses·0 comments

My eighth year as a bootstrapped founder

mtlynch.io
318 points·by mtlynch·há 5 meses·111 comments

My Eighth Year as a Bootstrapped Founde

mtlynch.io
1 points·by mtlynch·há 5 meses·1 comments

My Eighth Year as a Bootstrapped Founder

mtlynch.io
2 points·by mtlynch·há 5 meses·0 comments

My Eighth Year as a Bootstrapped Founder

mtlynch.io
6 points·by mtlynch·há 5 meses·2 comments

My AI got a GitHub account

maragu.dev
1 points·by mtlynch·há 6 meses·0 comments

The Most Popular Blogs of Hacker News in 2025

refactoringenglish.com
692 points·by mtlynch·há 6 meses·133 comments

The Most Popular Blogs on HN in 2025

refactoringenglish.com
10 points·by mtlynch·há 6 meses·3 comments

My First Impressions of MeshCore Off-Grid Messaging

mtlynch.io
1 points·by mtlynch·há 7 meses·0 comments

My First Impressions of MeshCore Off-Grid Messaging

mtlynch.io
2 points·by mtlynch·há 7 meses·0 comments

My First Impressions of MeshCore Off-Grid Messaging

mtlynch.io
13 points·by mtlynch·há 7 meses·4 comments

comments

mtlynch
·há 8 horas·discuss
I'm having trouble understanding what you mean.

If I say, "I run 5 miles every day" and my old neighbor says, "I lived next door to him until 9 months ago, and he definitely doesn't run 5 miles a day," and then I show my GPS logs proving I've been running 5 miles a day for the last 9 months, I am correct and my ex-neighbor is incorrect.

If Sumner had said, "We've been fuzzing our code for years," then Kelley could justifiably say that's incorrect. But Sumner is saying that currently Bun fuzzes their code, which is true, so Kelley appears to be incorrect to claim it is a "fabrication."
mtlynch
·há 16 horas·discuss
Andrew was wrong. He stealth edited his post to hide it. https://news.ycombinator.com/item?id=48854921
mtlynch
·anteontem·discuss
> For me, using Fuzzilli for testing a Zig code is not fuzzing, it's integration testing. If you're running code externally (e.g. wrapping binary) you cannot guarantee that side effect isn't caused by IO. I consider fuzzing a low level activity with many external variables removed.

I've never heard anyone restrict the definition of "fuzzing" in this way. If I repeatedly generate inputs to a program and then run the program with those inputs, that's fuzzing. It doesn't matter if there's IO or not.

> Depending on where you are and how you communicate semantics matter more or less. It's very similar to compiler/transpiler. E.g. TypeScript "Compiler" is called compiler but in fact it's transpiler (it emits other high-level language as a result).

It's still a compiler. It translates code from one language to another. You can argue whether we need the term "transpiler," but a source-to-source compiler is a compiler.
mtlynch
·anteontem·discuss
Yes, "their" refers to Bun's code, not the Zig compiler's code. Fuzzili is a fuzzing engine for JavaScript, so integrating it into Bun means that Fuzzili is fuzzing Bun.[0]

From the Bun post[1]

> We fuzz Bun's runtime APIs 24/7 using Fuzzilli, the JavaScript engine fuzzer used by V8 & JavaScriptCore

From Andrew Kelley's post today[2]:

> The post claims they were fuzzing their Zig code, while during our calls the whole Bun team told us that they were not fuzzing anything. This appears to be an outright fabrication.

Sumner says that the Bun team has been fuzzing Bun's Zig code. Kelley says that this is a fabrication. Sumner showed proof that the Bun team has been fuzzing Bun's Zig code.

It looks like Kelley is incorrect and made an unfounded claim. The generous interpretation is that at the time Kelley and Sumner had a more collaborative relationship, Sumner was not fuzzing Bun's Zig code, but I'd expect Kelley to check if anything had changed since then before publicly accusing Sumner of lying in this week's Bun blog post.

[0] https://github.com/googleprojectzero/fuzzilli

[1] https://bun.com/blog/bun-in-rust

[2] https://andrewkelley.me/post/my-thoughts-bun-rust-rewrite.ht...
mtlynch
·há 8 dias·discuss
This is what Jason Cohen did when he was getting WPEngine off the ground. He messaged 40 WordPress consultants on LinkedIn and offered to pay them higher than their hourly rate since it was a one-off task.[0]

Out of 40 messages, 38 replied and agreed to a phone call, and none of them actually asked for the money.

[0] https://mtlynch.io/notes/designing-the-ideal-bootstrapped-bu...
mtlynch
·há 12 dias·discuss
OP here. Happy to take any feedback or questions about this post.
mtlynch
·há 15 dias·discuss
Author here.

Happy to answer any questions or take feedback about this post.
mtlynch
·há 16 dias·discuss
> The problems for services such as GitHub with scaling are reducing cost per customer. That's even more pertinent when discussing inference at scale.

I don't think that's true. When I look at GitHub's incident history,[0] it doesn't read to me like a company that's struggling to cut costs. It looks like a company that's trying to do a million things to serve a million use cases, and the growing interconnections between all those distinct services and workflows cause unexpected failures.

[0] https://www.githubstatus.com/history
mtlynch
·há 16 dias·discuss
Not GP, but just being smaller makes it easier to achieve reliability. Like if you're a git forge with 100 similar customers, you can likely achieve an order of magnitude better reliability than GitHub, who is trying to serve millions of customers with wildly different needs.
mtlynch
·há 17 dias·discuss
The target audience of the app is me and my wife. This is a "home-cooked meal" app.[0] If it's useful to other people, I'm glad, but I'm primarily building it for myself for the pleasure of building and the satisfaction of a tool that works exactly how I want it to work.

You could approximate it with email, but I want things that you can't do with email like letting recipients control the frequency of emails, making high-res images available without bloating everyone's inboxes.

[0] https://www.robinsloan.com/notes/home-cooked-app/
mtlynch
·há 17 dias·discuss
Thanks for reading!

>But I spent five years on a solo app and never wrote anything close to this. Not on principle event, just the design just kept moving.

Yeah, I agree that for solo projects, it makes sense to greatly scale down the design phase. In a lot of cases, you'd scale design down to zero if you need user feedback to figure out what to build.

But even for solo projects, if I keep at it for months or years, I eventually get to the point where some problem is hard enough that I need to do some upfront design, even if it's not as formal as a whole design doc.
mtlynch
·há 17 dias·discuss
It's for private photo sharing with family or close friends. It's more like an open-source, self-hostable TinyBeans or PhotoCircle. I explain the motivation more in the design doc:

https://refactoringenglish.com/excerpts/write-an-effective-d...
mtlynch
·há 24 dias·discuss
Was it this it this one by Eaton Works?

https://news.ycombinator.com/item?id=42462354
mtlynch
·mês passado·discuss
The gokrazy team being Michael Stapelberg : )

https://github.com/gokrazy/rsync/graphs/contributors
mtlynch
·há 2 meses·discuss
These are all different submitters. HN is supposed to detect duplicate links.
mtlynch
·há 2 meses·discuss
> Most are not serious, and we’ve quietly fixed them, thanked the researcher, and went our merry way... These come from a wide variety of locations and people, and sometimes, but not always, are looking for bug bounties.

I take it that Metabase is both not paying bug bounties and not using these tools internally?

If that's the case, Metabase is not going to get meaningful investment from researchers who want to fix issues, but they'll get increased attention from malicious attackers who have no qualms exploiting the vulnerabilities for profit.

LLMs have made it a lot easier for people to find vulnerabilities in software. Open-source makes it easier, but we already have non-AI tooling (IDA Pro, Ghidra) that's good at binary reverse engineering, and LLMs can use that output to find vulnerabilities as well.

This year, as I select products to use for sensitive data, I've been paying a lot more attention to whether they offer bug bounties and for how much. For example, I like Kagi for search and thought about trying Orion, their web browser. Then, I saw that Kagi's been paying $100 for UXSS vulnerabilities.[0] For comparison, Firefox pays $8-10k,[1] and Chrome pays up to $10k for the same class of bug.[2]

[0] https://help.kagi.com/kagi/privacy/bug-bounty-program.html

[1] https://www.mozilla.org/en-US/security/client-bug-bounty/

[2] https://bughunters.google.com/about/rules/chrome-friends/chr...
mtlynch
·há 2 meses·discuss
Parent wrote a great blog post about this for anyone interested in the details:

https://blog.noforeignland.com/off-grid-boat-communications-...
mtlynch
·há 2 meses·discuss
That would be even worse than our already bad system.

The system is already pretty bad because vendors underinvest in security, and then to fix it, researchers have to volunteer their time to investigate with no guarantee of payment. If the vendor could force researchers to hand over findings for free, nobody would want to do security research except hobbyists having fun. They're basically signing up for hours of tedious forced labor to explain vulnerabilities to the vendor.

I wish there was legislation that allowed the government to fine vendors for security vulnerabilities like this where the amount scales based on how much user data they leaked. And it could function like other whistleblower systems where a researcher who spots a leak can report it to the government and collect 50%. That way, if the vendor says, "We're not paying you," the researcher can turn around and collect the money from fines.
mtlynch
·há 2 meses·discuss
Oh, I'm glad!

Yeah, I don't think you'll find it a red-pill kind of book at all. I know what you mean about books like The 48 Laws of Power feeling like the world is 100% zero sum, so everything is about dominating or outplaying people.

How to Win Friends and Influence People is very much focused on win-win. There is an agenda to make friends and influence people, as you'd guess from the title, but the strategies are about taking a genuine interest in people and making them feel good.

It's almost 100 years old, so the style is kind of hokey, and only about half the advice resonated with me, but there are 3-4 lessons that had a major impact on me.
mtlynch
·há 2 meses·discuss
One of the things I like about this is that OP is giving people genuine compliments without any particular agenda.

It reminds me of one of my favorite parts of How to Win Friends and Influence People by Dale Carnegie, where he tells a story about complimenting someone, and a student asks what he was hoping to gain from offering the compliment. Carnegie is incensed:

> I was waiting in line to register a letter in the Post Office at Thirty-Third Street and Eighth Avenue in New York. I noticed that the registry clerk was bored with his job[...] So while he was weighing my envelope, I remarked with enthusiasm: “I certainly wish I had your head of hair.”

> He looked up, half-startled, his face beaming with smiles. “Well, it isn’t as good as it used to be,” he said modestly. I assured him that although it might have lost some of its pristine glory, nevertheless it was still magnificent. He was immensely pleased. We carried on a pleasant little conversation, and the last thing he said to me was: “Many people have admired my hair.”

> I told this story once in public; and a man asked me afterwards: “What did you want to get out of him?”

> What was I trying to get out of him!!! What was I trying to get out of him!!!

> If we are so contemptibly selfish that we can’t radiate a little happiness and pass on a bit of honest appreciation without trying to screw something out of the other person in return—if our souls are no bigger than sour crab apples, we shall meet with the failure we so richly deserve.

> Oh yes, I did want something out of that chap. I wanted something priceless. And I got it. I got the feeling that I had done something for him without his being able to do anything whatever in return for me. That is a feeling that glows and sings in your memory long after the incident is passed.