Very nice! We all really need a tool that IT can use to diagnose problems along the path. Like more user friendly nping —tr

Just fyi, looks like the shortened command defaults has a bug based on the docs @ https://pypi.org/project/service-ping-sping/

(i.e. # HTTP monitoring with interactive UI sping google.com )

  sping johnqdeveloper.com     
  Usage: sping [OPTIONS] URL
  Try 'sping --help' for help.
  ╭─ Error ──────────────────────────────────────────────────────────────────────╮
  │ Invalid value for '--palette': <ColorPalette.SUNSET:   'sunset'> is not one of │
  │ 'sunset', 'ocean', 'forest', 'volcano', 'galaxy', 'arctic', 'neon',          │
  │ 'monochrome'.                                                                  │
  ╰──────────────────────────────────────────────────────────────────────────────╯

Thank you for reporting this!

Would you mind telling me what environment you found this behavior in, and how you installed the app?

I've been testing in ubuntu containers doing:

    pip3 install service-ping-sping --break-system-packages

*EDIT:*

I think this is to do with me not being specific about what version of typer I depend upon... working on it now!

This is now fixed in 0.2.11. Thanks @johnQdeveloper

I really like the Busy Beaver stuff. I wish I had been exposed to it (at lest enough to play with it some) in high school. It reminds me some of Jorge Luis Borges' story "The Library of Babel".

Does anybody know of other interesting problems in the Busy Beaver space?

Fictionally, maybe the Mandelbrot Maze mentioned in Arthur C. Clarke’s 3001:

> Their approach was more subtle; they persuaded their host machine to initiate a program which could not be completed before the end of the universe, or which - the Mandelbrot Maze was the deadliest example - involved a literally infinite series of steps.

https://archive.org/stream/SpaceOdyssey_819/3001_The_Final_O...

https://www.scottaaronson.com/papers/bb.pdf

This paper contains many conjectures around BB that could be interesting to some.

When working with your own datasets, v2 is a must. If you are willing to make trade offs you can get insane compression and speed.

Arrow defaults to v2.6, and I've seen a few places downgrade to 2.4 for compatibility.

Never seen any v1 in the wild.

Why doesn't this show in the examples in the article? Do you have examples?

My local MP won’t do anything and basically dismissed me as a pedo/terrorist for even considering talking against the OSA.

What can be done if those who represent you, don’t?

More made up problems for a fundamentally inept government to solve because fixing real problems like a broken healthcare system is hard and not a guaranteed political win.

Thanks Starmer, you're a worthless turd and no different than your predecessor.

The Online Safety Act was passed when the Tories were still in government.

Rolling that back essentially makes you a prime minister that believes children should have unfettered access to porn, self-harm material, gore, and that the outspoken parents of kids who've killed themselves after accessing this material shouldn't be listened to. At least, that's how the media (on all sides) would spin it. Not really a fight worth picking.

Damn, this can pick a typo from a CI job and do mean things.

Is the danger here token replay? It's using Bearer tokens, so it's not sending a password over:

<https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Aut...>

Threats section for Bearer tokens: <https://datatracker.ietf.org/doc/html/rfc6750#section-5.2>

Does OAuth reuse tokens across domains? If not, doesn't this just mean it is requesting an auth token for ghrc (the "fake" domain) but it can't access any auth tokens for ghcr (the real domain)?

Blog author (and OCI maintainer) here. The request to get a bearer token sends the password or PAT using the basic auth header, base64 encoded, but otherwise clear-text. That's the request the www-authenticate header is triggering. Once the token is received, the registry uses that to verify access, and that eventually expires. But the attacker isn't getting the token, they are requesting the credentials that would be used to acquire a bearer auth token.

Now I want to put one of these in a loop, give it access to some bitcoin, and tell it to come up with a viable strategy to become a billionaire within the next month.

Give it a spin

Prison is like a SCIF you can never leave.

Why can’t they just change the rules?

At some point surely everyone involved can see it’s just silly

because they don't trust inmates with computers and they also don't trust their lawyers

Maybe an argument to use zlib consistently.

An argument for a better defined file format specification perhaps, but I don't think it's necessarily a good thing for everyone to use or have to use the same implementation.

Tampering with signed binaries sounds pretty serious

What model did you use?

The only reason I can think of is some sort of virtue signaling, like to promote one self. But even then why not spending ~6 months and super polish the game that would make you look like a rockstar? Eventually using ai in the process to learn where it can be useful... otherwise i don't understand

Can you show us what you have shipped solo and share how many users it has?

Because if you have nothing, let me remind you that talk is cheap.

And where do they think startups would be today if the App Store had never existed? They’re complaining that their goose, even though it lays golden eggs, needs to be fed every now and then.

> “Y Combinator — and the larger venture capital community — have long been hesitant to back app-based businesses that were poor investments due to the Apple Tax,”

This could be good, if it encourages people to re-learn the value of open standards, like Web is supposed to be, rather than helping to perpetuate the proprietary app stores.

Also, I think it's noteworthy that, once a company gets customers locked into a proprietary app store, they show their true extremely greedy, abusive, and indifferent side to third-party developers. No matter how warm and fuzzy a brand they craft for consumers.

Are Bay Area libertarian techbros ironically going to try to rely on government regulation to keep the awful proprietary app stores tolerable, or will they rediscover what industry has known for decades about the value of open standards, and direct their efforts consistent with that?

Peak app store was doodle jump. It's been all downhill from there

Is kJy as a brightness unit the abomination I think it is?

You nerd sniped me :) In this context, I believe it is a kilo-Jansky, not a kilo-Joule * year.

https://en.wikipedia.org/wiki/Jansky

Every day Hacker News titles, stories, and comments have acronyms and abbreviations I've never seen before, and I have to search for the term to know what it's talking about. I know what a parsec is, but I've never actually seen the pc abbreviation used before. At least I learn something new every day.

s/booting securely/running only the code Apple approves of/g

You can run unverified code if you build it yourself. You can distribute unverified code by just paying $99/year to Apple. Not great, but still no need for specific code approval.

I had to do this today for a Universal Audio Apollo audio interface. Glad it’s on a dedicated machine.

https://help.uaudio.com/hc/en-us/articles/360057137692-Apple...

I wonder how much human health is impacted by these leaky pipes.

I would like to see a city where pipes are guaranteed leak free, for example by making them double walled with high pressure air in the outer layer, and then seeing if disease levels in the city are lower.

We already have this data in a way, from cities where there is no running water and people rely on bottled water for drinking and washing.

That’s not biased at all.

Odd to use Berlelamp-Massey to recover a linear recurrence, when Cayley-Hamilton already directly gives you a linear recurrence whose characteristic polynomial is that of the matrix.

I'm not sure what to make of the fact that for the abstract matrix problem in the original post, I thought about it for a moment without making any progress, but then for the knights on the phone pad problem it took me just two moments (about twenty seconds) to come up with the third solution -- and for context, I'm a product manager with a history as a developer. It would take me less than five minutes to code it up.

I wish I hadn't read the fourth solution description -- the language used wasn't clear at all to me, but it was enough to point me in the right direction, or maybe I'm just that clever?

That said, I don't like interview questions like that -- there's very much a component of you either get it or you don't. The interviewer says they talk people through it, and if they're good at that, great. But if not, a question like that is (in my book) unfair.

But to get the polynomial you need to take the determine of A -lambda I, which runs in n^3. Next question then why doesn’t this Berlelamp-Massey method then effectively give you determinants in n^2?

Just a note, Android and iPhones have abysmal security once police have physical access after first unlock (AFU) once your phone is rebooted.

https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...

I feel like any article on burner phones that glosses over acquisition with "buy phone and service in cash" misses the point.

Buying a phone anonymously is much harder than "just cash". Most places demand name & address for sign-up, and if you're unlucky want to see an ID.

You really should think through where and how you buy, how to find the "off the back of a truck" places, where to get SIMs, how to pay for renewal in untraceable money and without a CC, etc.

> You should let people use your APIs with a long-lived API key.

Sigh... I wish this were not true. It's a shame that no alternatives have emerged so far.

There are other options that allow long-lived access with naturally rotating keys without OAuth and only a tiny amount of complexity increase that can be managed by a bash script. The refresh token/bearer token combo is pretty powerful and has MUCH stronger security properties than a bare API key.

To add on, are they talking about access tokens or refresh tokens? It can’t be just one token, because then when it expires you have to update it manually from a portal or go through the same auth process, neither of which is good.

And what time frame is “long-lived”? IME access tokens almost always have a lifetime of one week and refresh tokens anywhere from 6 months to a year.

Didn't even notice

Or just don't use Bash. Python is a great scripting language, and won't blow your foot off if you try to iterate through an array.

Other than that, yeah, if you must use bash, set -eu -o pipefail; the IFS is new and mildly interesting idea to me.

> The idea is that if a reference is made at runtime to an undefined variable, bash has a syntax for declaring a default value, using the ":-" operator:

Just note that defaulting an undefined variable to a value (let's use a default value of "fallback") for these examples is,

  ${foo-fallback}

  ${foo:-fallback}

  if [[ "${foo+set}" == "set" ]]; then
    # foo is not undefined.
  fi

  ${foo:+triggered}

See "Parameter Expansion" in the manual. I hate this syntax, but it is the syntax one must use to check for undefined-ness.

This honestly should be the default for all scripts. There are so many little annoyances in bash that would make it great if they were changed and improved. Sadly there's just no changing certain things.

My number one wishlist feature was a simple library system. Essentially just let me source files by name by searching in some standard user location. I actually wrote and submitted patches for this but it just didn't work out. Maintained my own version for a while and it was nice but not enough to justify the maintenance burden. Bash's number one feature is being the historical default shell on virtually every Linux distribution, without that there's no point.

At least we've got shellcheck.

I use essentially this, but I think this post is over 10 years old (needs a date), and it's now INCOMPLETE.

bash introduced an option to respect rather than ignore errors within command sub processes years ago. So if you want to be safer, do something like:

    #!/bin/bash
    set -euo pipefail
    shopt -s inherit_errexit 

(edit: the last time this came up was a year ago, and here's a more concrete example - https://lobste.rs/s/1wohaz/posix_2024_changes#c_9oo1av )

---

But that's STILL incomplete because POSIX mandates that errors be LOST. That is, it mandates broken error handling.

For example, there what I call the "if myfunc" pitfall

    set -e

    my-deploy-func  # errors respected

    if ! my-deploy-func; then   # errors lost
      echo failed
    fi
    my-deploy-func || echo fail  # errors lost

---

I describe all the problems in this doc, e.g. waiting for process subs:

YSH Fixes Shell's Error Handling (errexit) - https://oils.pub/release/latest/doc/error-handling.html

Summary: YSH fixes all shell error handling issues. This was surprisingly hard and required many iterations, but it has stood up to scrutiny.

For contrast, here is a recent attempt at fixing bash, which is also incomplete, and I argue is a horrible language design: https://lobste.rs/s/kidktn/bash_patch_add_shopt_for_implicit...

Do we still call it CCTV if it's an IP network?

“CCTV” has better optics than “surveillance camera”.

You can use IP on a LAN with no outside access.

This looks like one of the best weekend plans I've seen in a long time. Will see if anyone locally is up for it.

The length of the plan seems like a DnD campaign in terms of length though, it's roughly 3 months of consistent activities, but it may be worth it.

Personally, I felt HCF was a much better reflection of the tech industry compared to Silicon Valley.

While I love both shows to death, I feel HCF really nailed a lot of the emotional and interpersonal aspects that come with entrepreneurship, venture capital, and engineering leadership.

It was also great watching HCF with my dad who started his career during the tail end of the show, and could call out a number of the technical aspects (eg. PBXes, the COBOL vs OOP wars, the search engine wars, etc).

I liked HCF as a show but I couldnt stand Cameron. It seems like you could always rely on her to do the wrong thing

Thanks for sharing! I had come across similar kinds of issues on my annual LeetCode prep and this very clear articulation is very helpful. Props to the author for making this so easy to visualize.

I’m surprised this isn’t a more common and well known issue.

I stumbled upon this issue when trying to convert a recursive DFS to iterative because my recursive DFS was running out of stack space.

The solution produced by this iterative version was wrong, completely different from the recursive implementation.

It’s fascinating how many primitive, basic algorithms are probably implemented incorrectly but work just well enough that no one ever cares or notices… reminds me of how so many text books have an incorrect or overflowing version of binary search.

This is already the standard stack based DFS?

  def dfs(graph, source):
    n = len(graph)
    visited = set()
    stack = [source]
    
    while stack:
      node = stack.pop()
      if node in visited:
        continue 
      visited.add(node)
      for nbr in graph[node]:
        stack.append(nbr)

For anyone wanting to go deeper, Knuth's Concrete Mathematics covers the discrete calculus topics mentioned here (and much more).

I think it's also because C++ has no generic concept of "zero"; otherwise one could have defined the first element of adjacent_difference(v) as v(1)- zero<typeof(v)>, and it would have been type-stable.

I think that would fix the issue at the type level (up to a point; for unsigned types, the "correct" type for the result of a subtraction is underdetermined -- it could be any of {same type, larger signed type, same-size signed type} depending on the circumstances).

But I think the more serious niggle is the fact that that first element shows up in the output at all. OTOH, I suppose you could write a discard_first iterator adaptor that ignores the first write and increment and passes the rest through to the underlying output iterator.

GCC toolchain glibc-linked binaries with musl libraries and headers, including musl dynamic loader

Out of the glibc tarpit

> glibc-linked binaries with musl libraries

Why have any glibc? GCC et al. work fine compiled against musl (as proven by ex. Alpine only doing musl). Or is it for running on GNU/Linux systems (can't you statically link the build chain?)?

What's different from https://toolchains.bootlin.com/ ?

Or using Zig?

Aren't NASA considering the proposal to rendez-vous with 3I/ATLAS (aka C/2025 N1 ATLAS)??? [1]

1: https://www.sciencealert.com/nasa-probe-could-intercept-inte...

Nobody at NASA takes anything Avi Loeb says seriously.

It also happens that NASA is too busy doing damage control to consider anything new. But even if they were, it won't be because Loeb suggested it.

No, they are not, because the probe doesn't have anywhere near enough fuel to do this. I suggest stopping use of any news source you have that would print this crap.

Nobody could have predicted this /s

Joke aside, it's been pretty obvious since the beginning that security was an afterthought for most "AI" companies, with even MCP adding secure features after the initial release.

How does this compare to the way security was implemented by early websites, internet protocols, or telecom systems?

Must we learn the same lessons over and over again? Why? Is our industry particularly stupid? Or just lazy?

Gamechanger! And worrisome for us laymen.

In the thread, they note a human had already come up with (and published) an even better solution.

I cannot wait that all we hold to be holy and sacred about the human mind, to be slowly unravelled by ai. It will remove the chains of the status associated with these fields, and allow people to move into higher modes of being

2. Why Let Data Disappear? •In a world obsessed with saving everything, we rarely ask: Should we? •OS Yamato embraces intentionality and impermanence. •Notes, messages, and journals start as , blossom into , and wither into if left untouched. •Reopening revives them — forgetting lets them go. •There’s no pressure to archive or manage an endless inbox.

This system is inspired by mujo (無常) — the Japanese philosophy that all things change and nothing is permanent.

⸻

3. How It Works (Technical Highlights) • Each item (message, post, etc.) has a lastOpenedAt timestamp. • Scheduled jobs (or lazy rechecks) determine expiration. • Opening the item resets its lifespan. • Visual transitions (→→) are animated via CSS. • Data isn’t hard-deleted instantly — it’s softly marked, and revived through interaction. • Download is always available. Nothing is locked in.

I keep hearing "web OS" a lot lately. Have people forgotten what "OS" means? "Website" or "webapp" if you must.

I got my file extensions mixed up, thought this was going to be a "Use M$ Excel as an IDE" type post.

Haven't seen this much interest in XML/XSLT in 20 years.

I guess I just don't get the point. In order for the page to load it needed to make four round trips on the server sequentially which ended up loading slower than my bloated javascript spa framework blog on a throttled connection. I don't really see how this is preferential to html, especially when there is a wealth of tools for building static blogs. Is it the no-build aspect of it?

Are living relatives still fighting over the home?

The article says it was demolished in the 1700s

To summarize the article, I think...

A will was rediscovered that was written by Shakespeare's granddaughter's husband, who never owned the home, stating that his cousin should get the house.

The husband died first, the granddaughter (who actually owned the house) remarried, and the cousin never got the house. The granddaughter later died, and the home was demolished shortly thereafter, almost 350 years ago, and at least 200 years before this legal document was last in the news.