Show HN: Sping – An HTTP/TCP latency tool that's easy on the eye
https://dseltzer.gitlab.io/sping/docs/I've frequently found myself using [nvitop](https://github.com/XuehaiPan/nvitop) to diagnose GPU/CPU contention issues.
The two best things about it are:
- It's easy to install if I can access pip in the container
- It makes a compelling screenshot (which helps me communicate with coworkers.)
With those two lessons in mind: Here is Sping!
Purpose: Help observe and diagnose latency issues at layer 4+ (TCP/HTTP/HTTPS)
Two good things about it:
- It's easy to install if you have pip. (Available at [service-ping-sping](https://pypi.org/project/service-ping-sping/) on PyPi)
- It makes a compelling screenshot.
Not sure if this is the kind of thing that anyone else would be interested in. But I've enjoyed making it and intend to keep using it.
Very nice! We all really need a tool that IT can use to diagnose problems along the path. Like more user friendly nping —tr
Just fyi, looks like the shortened command defaults has a bug based on the docs @ https://pypi.org/project/service-ping-sping/
(i.e. # HTTP monitoring with interactive UI sping google.com )
sping johnqdeveloper.com
Usage: sping [OPTIONS] URL
Try 'sping --help' for help.
╭─ Error ──────────────────────────────────────────────────────────────────────╮
│ Invalid value for '--palette': <ColorPalette.SUNSET: 'sunset'> is not one of │
│ 'sunset', 'ocean', 'forest', 'volcano', 'galaxy', 'arctic', 'neon', │
│ 'monochrome'. │
╰──────────────────────────────────────────────────────────────────────────────╯
Thank you for reporting this!
Would you mind telling me what environment you found this behavior in, and how you installed the app?
I've been testing in ubuntu containers doing:
pip3 install service-ping-sping --break-system-packages
Thank you so much!!*EDIT:*
I think this is to do with me not being specific about what version of typer I depend upon... working on it now!
This is now fixed in 0.2.11. Thanks @johnQdeveloper
From Hackathon to YC
https://www.producthunt.com/p/april-yc-s25/from-hackathon-to-ycBusy beaver hunters reach numbers that overwhelm ordinary math
https://www.quantamagazine.org/busy-beaver-hunters-reach-numbers...I really like the Busy Beaver stuff. I wish I had been exposed to it (at lest enough to play with it some) in high school. It reminds me some of Jorge Luis Borges' story "The Library of Babel".
Does anybody know of other interesting problems in the Busy Beaver space?
Fictionally, maybe the Mandelbrot Maze mentioned in Arthur C. Clarke’s 3001:
> Their approach was more subtle; they persuaded their host machine to initiate a program which could not be completed before the end of the universe, or which - the Mandelbrot Maze was the deadliest example - involved a literally infinite series of steps.
https://archive.org/stream/SpaceOdyssey_819/3001_The_Final_O...
https://www.scottaaronson.com/papers/bb.pdf
This paper contains many conjectures around BB that could be interesting to some.
The two versions of Parquet
https://www.jeronimo.dev/the-two-versions-of-parquet/When working with your own datasets, v2 is a must. If you are willing to make trade offs you can get insane compression and speed.
Arrow defaults to v2.6, and I've seen a few places downgrade to 2.4 for compatibility.
Never seen any v1 in the wild.
Why doesn't this show in the examples in the article? Do you have examples?
Is 4chan the perfect Pirate Bay poster child to justify wider UK site-blocking?
https://torrentfreak.com/uk-govt-finds-ideal-pirate-bay-poster-b...My local MP won’t do anything and basically dismissed me as a pedo/terrorist for even considering talking against the OSA.
What can be done if those who represent you, don’t?
More made up problems for a fundamentally inept government to solve because fixing real problems like a broken healthcare system is hard and not a guaranteed political win.
Thanks Starmer, you're a worthless turd and no different than your predecessor.
The Online Safety Act was passed when the Tories were still in government.
Rolling that back essentially makes you a prime minister that believes children should have unfettered access to porn, self-harm material, gore, and that the outspoken parents of kids who've killed themselves after accessing this material shouldn't be listened to. At least, that's how the media (on all sides) would spin it. Not really a fight worth picking.
Ghrc.io appears to be malicious
https://bmitch.net/blog/2025-08-22-ghrc-appears-malicious/Damn, this can pick a typo from a CI job and do mean things.
Is the danger here token replay? It's using Bearer tokens, so it's not sending a password over:
<https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Aut...>
Threats section for Bearer tokens: <https://datatracker.ietf.org/doc/html/rfc6750#section-5.2>
Does OAuth reuse tokens across domains? If not, doesn't this just mean it is requesting an auth token for ghrc (the "fake" domain) but it can't access any auth tokens for ghcr (the real domain)?
Blog author (and OCI maintainer) here. The request to get a bearer token sends the password or PAT using the basic auth header, base64 encoded, but otherwise clear-text. That's the request the www-authenticate header is triggering. Once the token is received, the registry uses that to verify access, and that eventually expires. But the attacker isn't getting the token, they are requesting the credentials that would be used to acquire a bearer auth token.
We put a coding agent in a while loop
https://github.com/repomirrorhq/repomirror/blob/main/repomirror....Now I want to put one of these in a loop, give it access to some bitcoin, and tell it to come up with a viable strategy to become a billionaire within the next month.
Give it a spin
Prison isn’t set up for today’s tech so we have to do legal work the old way
https://prisonjournalismproject.org/2025/08/19/prisons-outdated-...Prison is like a SCIF you can never leave.
Why can’t they just change the rules?
At some point surely everyone involved can see it’s just silly
because they don't trust inmates with computers and they also don't trust their lawyers
My ZIP isn't your ZIP: Identifying and exploiting semantic gaps between parsers
https://www.usenix.org/conference/usenixsecurity25/presentation/...Maybe an argument to use zlib consistently.
An argument for a better defined file format specification perhaps, but I don't think it's necessarily a good thing for everyone to use or have to use the same implementation.
Tampering with signed binaries sounds pretty serious
Making games in Go: 3 months without LLMs vs. 3 days with LLMs
https://marianogappa.github.io/software/2025/08/24/i-made-two-ca...What model did you use?
The only reason I can think of is some sort of virtue signaling, like to promote one self. But even then why not spending ~6 months and super polish the game that would make you look like a rockstar? Eventually using ai in the process to learn where it can be useful... otherwise i don't understand
Can you show us what you have shipped solo and share how many users it has?
Because if you have nothing, let me remind you that talk is cheap.
Y Combinator files brief supporting Epic Games, says store fees stifle startups
https://www.macrumors.com/2025/08/21/y-combinator-epic-games-ami...And where do they think startups would be today if the App Store had never existed? They’re complaining that their goose, even though it lays golden eggs, needs to be fed every now and then.
> “Y Combinator — and the larger venture capital community — have long been hesitant to back app-based businesses that were poor investments due to the Apple Tax,”
This could be good, if it encourages people to re-learn the value of open standards, like Web is supposed to be, rather than helping to perpetuate the proprietary app stores.
Also, I think it's noteworthy that, once a company gets customers locked into a proprietary app store, they show their true extremely greedy, abusive, and indifferent side to third-party developers. No matter how warm and fuzzy a brand they craft for consumers.
Are Bay Area libertarian techbros ironically going to try to rely on government regulation to keep the awful proprietary app stores tolerable, or will they rediscover what industry has known for decades about the value of open standards, and direct their efforts consistent with that?
Peak app store was doodle jump. It's been all downhill from there
A Brilliant and Nearby One-off Fast Radio Burst Localized to 13 pc Precision
https://iopscience.iop.org/article/10.3847/2041-8213/adf62fIs kJy as a brightness unit the abomination I think it is?
You nerd sniped me :) In this context, I believe it is a kilo-Jansky, not a kilo-Joule * year.
Every day Hacker News titles, stories, and comments have acronyms and abbreviations I've never seen before, and I have to search for the term to know what it's talking about. I know what a parsec is, but I've never actually seen the pc abbreviation used before. At least I learn something new every day.
How to check if your Apple Silicon Mac is booting securely
https://eclecticlight.co/2025/08/21/how-to-check-if-your-apple-s...s/booting securely/running only the code Apple approves of/g
You can run unverified code if you build it yourself. You can distribute unverified code by just paying $99/year to Apple. Not great, but still no need for specific code approval.
I had to do this today for a Universal Audio Apollo audio interface. Glad it’s on a dedicated machine.
https://help.uaudio.com/hc/en-us/articles/360057137692-Apple...
Trees on city streets cope with drought by drinking from leaky pipes
https://www.newscientist.com/article/2487804-trees-on-city-stree...I wonder how much human health is impacted by these leaky pipes.
I would like to see a city where pipes are guaranteed leak free, for example by making them double walled with high pressure air in the outer layer, and then seeing if disease levels in the city are lower.
We already have this data in a way, from cities where there is no running water and people rely on bottled water for drinking and washing.
That’s not biased at all.
How many paths of length K are there between A and B? (2021)
https://horace.io/walksOdd to use Berlelamp-Massey to recover a linear recurrence, when Cayley-Hamilton already directly gives you a linear recurrence whose characteristic polynomial is that of the matrix.
I'm not sure what to make of the fact that for the abstract matrix problem in the original post, I thought about it for a moment without making any progress, but then for the knights on the phone pad problem it took me just two moments (about twenty seconds) to come up with the third solution -- and for context, I'm a product manager with a history as a developer. It would take me less than five minutes to code it up.
I wish I hadn't read the fourth solution description -- the language used wasn't clear at all to me, but it was enough to point me in the right direction, or maybe I'm just that clever?
That said, I don't like interview questions like that -- there's very much a component of you either get it or you don't. The interviewer says they talk people through it, and if they're good at that, great. But if not, a question like that is (in my book) unfair.
But to get the polynomial you need to take the determine of A -lambda I, which runs in n^3. Next question then why doesn’t this Berlelamp-Massey method then effectively give you determinants in n^2?
Burner Phone 101
https://rebeccawilliams.info/burner-phone-101/Just a note, Android and iPhones have abysmal security once police have physical access after first unlock (AFU) once your phone is rebooted.
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...
I feel like any article on burner phones that glosses over acquisition with "buy phone and service in cash" misses the point.
Buying a phone anonymously is much harder than "just cash". Most places demand name & address for sign-up, and if you're unlucky want to see an ID.
You really should think through where and how you buy, how to find the "off the back of a truck" places, where to get SIMs, how to pay for renewal in untraceable money and without a CC, etc.
Everything I know about good API design
https://www.seangoedecke.com/good-api-design/> You should let people use your APIs with a long-lived API key.
Sigh... I wish this were not true. It's a shame that no alternatives have emerged so far.
There are other options that allow long-lived access with naturally rotating keys without OAuth and only a tiny amount of complexity increase that can be managed by a bash script. The refresh token/bearer token combo is pretty powerful and has MUCH stronger security properties than a bare API key.
To add on, are they talking about access tokens or refresh tokens? It can’t be just one token, because then when it expires you have to update it manually from a portal or go through the same auth process, neither of which is good.
And what time frame is “long-lived”? IME access tokens almost always have a lifetime of one week and refresh tokens anywhere from 6 months to a year.
Cloudflare incident on August 21, 2025
https://blog.cloudflare.com/cloudflare-incident-on-august-21-202...Didn't even notice
Bash Strict Mode
http://redsymbol.net/articles/unofficial-bash-strict-mode/Or just don't use Bash. Python is a great scripting language, and won't blow your foot off if you try to iterate through an array.
Other than that, yeah, if you must use bash, set -eu -o pipefail; the IFS is new and mildly interesting idea to me.
> The idea is that if a reference is made at runtime to an undefined variable, bash has a syntax for declaring a default value, using the ":-" operator:
Just note that defaulting an undefined variable to a value (let's use a default value of "fallback") for these examples is,
${foo-fallback}
The syntax, ${foo:-fallback}
means "use 'fallback' if foo is unset or is equal to "". (The :, specifically triggers this; there's a bunch of others, like +, which is "use alternate value", or, you'll get the value if the parameter is defined, nothing otherwise. if [[ "${foo+set}" == "set" ]]; then
# foo is not undefined.
fi
And similarly, ${foo:+triggered}
will emit triggered if foo is set and not empty.)See "Parameter Expansion" in the manual. I hate this syntax, but it is the syntax one must use to check for undefined-ness.
This honestly should be the default for all scripts. There are so many little annoyances in bash that would make it great if they were changed and improved. Sadly there's just no changing certain things.
My number one wishlist feature was a simple library system. Essentially just let me source files by name by searching in some standard user location. I actually wrote and submitted patches for this but it just didn't work out. Maintained my own version for a while and it was nice but not enough to justify the maintenance burden. Bash's number one feature is being the historical default shell on virtually every Linux distribution, without that there's no point.
At least we've got shellcheck.
I use essentially this, but I think this post is over 10 years old (needs a date), and it's now INCOMPLETE.
bash introduced an option to respect rather than ignore errors within command sub processes years ago. So if you want to be safer, do something like:
#!/bin/bash
set -euo pipefail
shopt -s inherit_errexit
That works as-is in OSH, which is part of https://oils.pub/(edit: the last time this came up was a year ago, and here's a more concrete example - https://lobste.rs/s/1wohaz/posix_2024_changes#c_9oo1av )
---
But that's STILL incomplete because POSIX mandates that errors be LOST. That is, it mandates broken error handling.
For example, there what I call the "if myfunc" pitfall
set -e
my-deploy-func # errors respected
if ! my-deploy-func; then # errors lost
echo failed
fi
my-deploy-func || echo fail # errors lost
But even if you fix that, it's still not enough.---
I describe all the problems in this doc, e.g. waiting for process subs:
YSH Fixes Shell's Error Handling (errexit) - https://oils.pub/release/latest/doc/error-handling.html
Summary: YSH fixes all shell error handling issues. This was surprisingly hard and required many iterations, but it has stood up to scrutiny.
For contrast, here is a recent attempt at fixing bash, which is also incomplete, and I argue is a horrible language design: https://lobste.rs/s/kidktn/bash_patch_add_shopt_for_implicit...
Show HN: Clearcam – Add AI object detection to your IP CCTV cameras
https://github.com/roryclear/clearcamThis runs YOLOv8 + bytetrack with Tinygrad detections (depending on user config) are saved and can be sent to the companion iOS app along with a notification, all video processing is done locally, all footage is encrypted before leaving your computer, and the sending notifications + videos part is optional. This uses tinygrad, so it runs well on my apple silicon macs and should be able to run on a lot of hardware (or will be able to when I remove other deps).
Do we still call it CCTV if it's an IP network?
“CCTV” has better optics than “surveillance camera”.
You can use IP on a LAN with no outside access.
Halt and Catch Fire Syllabus (2021)
https://bits.ashleyblewer.com/halt-and-catch-fire-syllabus/This looks like one of the best weekend plans I've seen in a long time. Will see if anyone locally is up for it.
The length of the plan seems like a DnD campaign in terms of length though, it's roughly 3 months of consistent activities, but it may be worth it.
Personally, I felt HCF was a much better reflection of the tech industry compared to Silicon Valley.
While I love both shows to death, I feel HCF really nailed a lot of the emotional and interpersonal aspects that come with entrepreneurship, venture capital, and engineering leadership.
It was also great watching HCF with my dad who started his career during the tail end of the show, and could call out a number of the technical aspects (eg. PBXes, the COBOL vs OOP wars, the search engine wars, etc).
I liked HCF as a show but I couldnt stand Cameron. It seems like you could always rely on her to do the wrong thing
Iterative DFS with stack-based graph traversal (2024)
https://dwf.dev/blog/2024/09/23/2024/dfs-iterative-stack-basedThanks for sharing! I had come across similar kinds of issues on my annual LeetCode prep and this very clear articulation is very helpful. Props to the author for making this so easy to visualize.
I’m surprised this isn’t a more common and well known issue.
I stumbled upon this issue when trying to convert a recursive DFS to iterative because my recursive DFS was running out of stack space.
The solution produced by this iterative version was wrong, completely different from the recursive implementation.
It’s fascinating how many primitive, basic algorithms are probably implemented incorrectly but work just well enough that no one ever cares or notices… reminds me of how so many text books have an incorrect or overflowing version of binary search.
This is already the standard stack based DFS?
def dfs(graph, source):
n = len(graph)
visited = set()
stack = [source]
while stack:
node = stack.pop()
if node in visited:
continue
visited.add(node)
for nbr in graph[node]:
stack.append(nbr)
So I don't know what all the confusion is about...Stepanov's biggest blunder? The curious case of adjacent difference
https://mmapped.blog/posts/43-stepanovs-biggest-blunderFor anyone wanting to go deeper, Knuth's Concrete Mathematics covers the discrete calculus topics mentioned here (and much more).
I think it's also because C++ has no generic concept of "zero"; otherwise one could have defined the first element of adjacent_difference(v) as v(1)- zero<typeof(v)>, and it would have been type-stable.
I think that would fix the issue at the type level (up to a point; for unsigned types, the "correct" type for the result of a subtraction is underdetermined -- it could be any of {same type, larger signed type, same-size signed type} depending on the circumstances).
But I think the more serious niggle is the fact that that first element shows up in the output at all. OTOH, I suppose you could write a discard_first iterator adaptor that ignores the first write and increment and passes the rest through to the underlying output iterator.
GNU cross-tools: musl-cross 313.3M
https://github.com/cross-tools/musl-crossGCC toolchain glibc-linked binaries with musl libraries and headers, including musl dynamic loader
Out of the glibc tarpit
> glibc-linked binaries with musl libraries
Why have any glibc? GCC et al. work fine compiled against musl (as proven by ex. Alpine only doing musl). Or is it for running on GNU/Linux systems (can't you statically link the build chain?)?
NASA's Juno mission leaves legacy of science at Jupiter
https://www.scientificamerican.com/article/how-nasas-juno-probe-...Aren't NASA considering the proposal to rendez-vous with 3I/ATLAS (aka C/2025 N1 ATLAS)??? [1]
1: https://www.sciencealert.com/nasa-probe-could-intercept-inte...
Nobody at NASA takes anything Avi Loeb says seriously.
It also happens that NASA is too busy doing damage control to consider anything new. But even if they were, it won't be because Loeb suggested it.
No, they are not, because the probe doesn't have anywhere near enough fuel to do this. I suggest stopping use of any news source you have that would print this crap.
Comet AI browser can get prompt injected from any site, drain your bank account
https://twitter.com/zack_overflow/status/1959308058200551721Nobody could have predicted this /s
Joke aside, it's been pretty obvious since the beginning that security was an afterthought for most "AI" companies, with even MCP adding secure features after the initial release.
How does this compare to the way security was implemented by early websites, internet protocols, or telecom systems?
Must we learn the same lessons over and over again? Why? Is our industry particularly stupid? Or just lazy?
Claim: GPT-5-pro can prove new interesting mathematics
https://twitter.com/SebastienBubeck/status/1958198661139009862Gamechanger! And worrisome for us laymen.
In the thread, they note a human had already come up with (and published) an even better solution.
I cannot wait that all we hold to be holy and sacred about the human mind, to be slowly unravelled by ai. It will remove the chains of the status associated with these fields, and allow people to move into higher modes of being
OS Yamato lets your data fade away
https://github.com/osyamato/os-yamato2. Why Let Data Disappear? •In a world obsessed with saving everything, we rarely ask: Should we? •OS Yamato embraces intentionality and impermanence. •Notes, messages, and journals start as , blossom into , and wither into if left untouched. •Reopening revives them — forgetting lets them go. •There’s no pressure to archive or manage an endless inbox.
This system is inspired by mujo (無常) — the Japanese philosophy that all things change and nothing is permanent.
⸻
3. How It Works (Technical Highlights) • Each item (message, post, etc.) has a lastOpenedAt timestamp. • Scheduled jobs (or lazy rechecks) determine expiration. • Opening the item resets its lifespan. • Visual transitions (→→) are animated via CSS. • Data isn’t hard-deleted instantly — it’s softly marked, and revived through interaction. • Download is always available. Nothing is locked in.
I keep hearing "web OS" a lot lately. Have people forgotten what "OS" means? "Website" or "webapp" if you must.
Show HN: I Built a XSLT Blog Framework
https://vgr.land/content/posts/20250821.xmlA few weeks ago a friend sent me grug-brain XSLT (1) which inspired me to redo my personal blog in XSLT.
Rather than just build my own blog on it, I wrote it up for others to use and I've published it on GitHub https://github.com/vgr-land/vgr-xslt-blog-framework (2)
Since others have XSLT on the mind, now seems just as good of a time as any to share it with the world. Evidlo@ did a fine job explaining the "how" xslt works (3)
The short version on how to publish using this framework is:
1. Create a new post in HTML wrapped in the XML headers and footers the framework expects.
2. Tag the post so that its unique and the framework can find it on build
3. Add the post to the posts.xml file
And that's it. No build system to update menus, no RSS file to update (posts.xml is the rss file). As a reusable framework, there are likely bugs lurking in CSS, but otherwise I'm finding it perfectly usable for my needs.
Finally, it'd be a shame if XSLT is removed from the HTML spec (4), I've found it quite eloquent in its simplicity.
(1) https://news.ycombinator.com/item?id=44393817
(2) https://github.com/vgr-land/vgr-xslt-blog-framework
(3) https://news.ycombinator.com/item?id=44988271
(4) https://news.ycombinator.com/item?id=44952185
(Aside - First time caller long time listener to hn, thanks!)
I got my file extensions mixed up, thought this was going to be a "Use M$ Excel as an IDE" type post.
Haven't seen this much interest in XML/XSLT in 20 years.
I guess I just don't get the point. In order for the page to load it needed to make four round trips on the server sequentially which ended up loading slower than my bloated javascript spa framework blog on a throttled connection. I don't really see how this is preferential to html, especially when there is a wealth of tools for building static blogs. Is it the no-build aspect of it?
Will at centre of legal battle over Shakespeare’s home unearthed after 150 years
https://www.theguardian.com/culture/2025/aug/21/will-at-centre-o...Are living relatives still fighting over the home?
The article says it was demolished in the 1700s
To summarize the article, I think...
A will was rediscovered that was written by Shakespeare's granddaughter's husband, who never owned the home, stating that his cousin should get the house.
The husband died first, the granddaughter (who actually owned the house) remarried, and the cousin never got the house. The granddaughter later died, and the home was demolished shortly thereafter, almost 350 years ago, and at least 200 years before this legal document was last in the news.