HackerTrans
TopNewTrendsCommentsPastAskShowJobs

brw

no profile record

Submissions

Remembering mayhem

blog.metabrainz.org
7 points·by brw·4 ay önce·0 comments

[untitled]

1 points·by brw·6 ay önce·0 comments

comments

brw
·5 ay önce·discuss
Most AUR helpers (well, the ones I've used at least, those being yay and pacaur) include the option to show a diff of PKGBUILD (and other provided files) for AUR package upgrades
brw
·6 ay önce·discuss
Yea I was pleasantly surprised by how simple the code is when I read it. Honestly a great example of what termbox2 is capable of. Very nice!

And now I know about termbox2, which looks very cool. Looking through the example projects[1] in the README I also found ictree[2], which does exactly what I was looking for yesterday (turning the output of `find` into an ncdu-like/interactive tree interface). I didn't manage to find something for that through googling around or asking LLMs, but thanks to you posting this here I did, so thanks!

[1] https://github.com/termbox/termbox2#examples

[2] https://github.com/NikitaIvanovV/ictree
brw
·6 ay önce·discuss
This one does not have a sign-up wall no, however some of their other articles do (e.g. https://www.404media.co/inside-the-telegram-channel-jailbrea..., also from today)
brw
·6 ay önce·discuss
I've asked dang about this before and he answered that it gets killed automatically because of the sign-up wall on some of their articles and that their articles weren't considered suitable for HN in the past:

> does that mean every 404media.co article submission gets killed immediately by software and has to be vouched for before people can vote/comment on it?

Yes.

> Is that the case for every site with a signup wall as a sort of penalty

It depends on whether there are workarounds. Last I checked, 404media.co didn't have those. Your counterexample proves that it does, at least sometimes. Or maybe they changed something?

I'm open to unbanning that site but I'd like to be more sure than I am that this will continue to be the case in the future; and I guess I'd also like to see a few more good (for HN) articles from there before unbanning it. For a long while, all the articles I saw were pretty shallow and fluffy.


That was in 2024 so perhaps it's time for a re-evaluation. I'll shoot him another message.
brw
·6 ay önce·discuss
What about changing the committer timestamp slightly until you find a match like https://github.com/mattbaker/git-vanity-sha? That would make it entirely invisible
brw
·7 ay önce·discuss
I totally agree! This is actually a very good summary of the value prop for atproto honestly. Definitely saving this. ("credible edit" -> "credible exit" I'm assuming.)

It certainly took a while for me to grasp how all the different components in the atproto stack function and work together, but the decoupling actually makes so much sense and I've also become a huge fan of it for all of the reasons you mention. It really feels like a natural extension of Web 2.0 to me.

Re: Tangled

Tangled does actually host a default knot server at https://knot1.tangled.sh. You should be able to select it when you create a repo?

But yes Tangled's component infrastructure is kind of unique. Only the social data (issues, PRs, comments, stars, follows, etc.) is stored in your data repository on your PDS. The git server requires a separate "knot" server.

It's described a bit more in-depth here[1]. As far as I understand it's basically just the git repo hosting part of Tangled's AppView, split off into its own thing to make it possible to self-host it. This means you stay in control of your repo data but also get the benefits of having an actual server with a remote git repo as the authoritative source for the purpose of collaboration, which is what people are generally used to when collaborating using git.

You're probably correct in that the "normal" way would be to have the Tangled AppView act as the git server, but have it store the remote git repo on your PDS. But as records in your PDS data repository are either JSON documents or unstructured blobs I guess it's kind of hard to use that for a git repo, which is largely filesystem dependent. I imagine it would require some kind of translation layer. Or something like git-bundle[2] maybe?

[1] https://wilb.me/3lzyhogtv2s2r

[2] https://git-scm.com/docs/git-bundle
brw
·7 ay önce·discuss
On that note there's also https://tangled.org built on atproto which (kind of?) solves that. You have one identity (the same one for all atproto apps) which you use to interact with any tangled repository (including those on self-hosted servers).

With its support for self-hosted CI runners it could also be a good alternative for people looking to move now that GitHub has decided to charge for those.
brw
·7 ay önce·discuss
Blacksky's AppView did get a mention in his 2025 predictions review[1], but perhaps it's not exactly considered "self-sustainable" yet? I haven't kept up with it in a while either so I'm also not sure on whether it is or isn't.

[1] https://www.timothychambers.net/2025/12/20/my-open-social-we... (at the very bottom)
brw
·7 ay önce·discuss
Woah that's actually huge. I've been very interested in tangled from an atproto perspective but I had no idea it had that as well. Wonder why that isn't talked about more. Seems like an amazing feature to potentially pull some people away from GitHub/GitLab after they've have been asking for years for a better stacking workflow.

I've been going through a lot of different git stacking tools recently and am currently quite liking git-branchless[1] with GitHub and mergify[2] for the merge queue, but it all definitely feels quite rough around the edges without first-party support. Especially when it comes to collaboration.

Jujutsu has also always just seemed a bit daunting to me, but this might be the push I needed to finally give both jj and tangled a proper try and likely move stuff over.

[1] https://github.com/arxanas/git-branchless

[2] https://mergify.com
brw
·8 ay önce·discuss
See also:

EU Council approves Chat Control mandate for negotiation with Parliament | https://news.ycombinator.com/item?id=46062777
brw
·8 ay önce·discuss
See also: "Apple's App Store Full Front End Source Code" https://news.ycombinator.com/item?id=45804664
brw
·10 ay önce·discuss
I wonder why npm doesn't block pre/postinstall scripts by default, which pnpm and Bun (and I imagine others) already do.

EDIT: oh I scrolled down a bit further and see you said the exact same thing in a top-level comment hahah, my bad
brw
·10 ay önce·discuss
Isn't that what lockfiles are for? By default `npm i` downloads exactly the versions specified in your lockfile, and only resolves the latest versions matching the ranges specified in package.json if no lockfile exists. But CI/CD pipelines should definitely be using `npm ci` instead, which will only install packages from a lockfile and throws an error if it doesn't exist.
brw
·10 ay önce·discuss
These days compromised packages are often detected automatically by software that scans all packages uploaded to npm like https://socket.dev or https://snyk.io. So I imagine it's still useful to have those services scan these packages first, before they go out to the masses.

Measures like this also aren't meant to be "final solutions" either, but stop-gaps. Slowing the spread can still be helpful when a large scale attack like this does occur. But I'm also not entirely sure how much that weighs against potentially slowing the discovery as well.

Ultimately this is still a repository problem and not a package manager one. These are merely band-aids. The responsibility lies with npm (the repository) to implement proper solutions here.

> The responsibility lies with
brw
·10 ay önce·discuss
there's apparently an npm RFC from 2022 proposing a similar (but potentially slightly better?) solution https://github.com/npm/rfcs/issues/646