Unlurker

↙ time adjusted for second-chance

What the hell is this? The linked paper: https://arxiv.org/pdf/2505.20314 claims the squiggles they introduce are apparently a model to solve Levy-optimal parallel reduction of lambda terms. But the author has no affiliation, it's very weird they're calling this "lambda-reduction" and it heavily smells of AI slop? I hope I'm wrong but it doesn't look right. Can anyone with expertise in this field chime in?

HN Guidelines: "Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative."

I'm not being "generically" negative, I'm being very specifically negative. We have a paper from someone not working in the field, with no affiliation, and with an abstract that claims to "solve the longstanding enigma with groundbreaking clarity", a sentence never before uttered by a human being in flesh and blood, and that feels like it takes 4 (four) citations to justify that lambda calculus is Turing-complete, a fact that's well-known to every undergraduate student. I'm sorry if this gives reviewer #2 vibes, but this doesn't look right to me and I'm asking if someone with actual expertise in the field can clarify what's happening.

The author, Daniel Augusto Rizzi Salvadori' and Github user, ' https://github.com/danaugrs ' align. Couldn't comment on the actual content, though.

Mixpanel Security Breach (mixpanel.com)

Does this win the award of the least transparent disclosure ever? It is not clear from this what happened, whether data was leaked, how many of their customers were affected, what kind of "attack" it is, whether this was due to "SMS" or their security (or lack of).

I _hate_ how this is written. At no point does it disclose explicitly: * What systems were accessed * What information was potentially exposed * Just how "proactively" they've been about this (no timeline) * Numbers... The scale of any of it --- Some comments from quoted portions of article > Mixpanel detected a smishing campaign ... Doesn't give any details on who the companion targeted, or how, or how widespread. > We took comprehensive steps to contain and eradicate unauthorized access and secure impacted user accounts. So there was definitely _some_ sort of unauthorized access, but doesn't say to which accounts or in what systems > Performed global password resets for all Mixpanel employees So... definitely sounds like they expected compromise of Mixpanel employee credentials

It makes you wonder if Mixpanel would have disclosed this if not for OpenAI more or less forcing them to.

@sama has raised lots of $ so why risk these types of issues by outsourcing what you have the funding to build and control in-house? plausible deniability? (similar with their prev? use of auth0)

Why would an AI startup waste velocity and money to build their own analytics platform or identity provider?

Sam Altman.

Thanks.

It doesn't seem that confusing. The blog post says that they "proactively communicated with all impacted customers" not that they've only emailed impacted customers. Recieving an email doesn't imply you were affected, just that the lack of all email saying "you were affected" means you were not impacted by this event. In the event you had closed your account a year ago they may have deleted your information from their systems. No way for you to be impacted, but also no way to tell you that, so the lack of the email is the message in that case.

The fact an email was sent from their system implies they kept at least the email. from there one could assume they may have kept more data than the email, I would also be confused, especially if I only was emailed after the incident

Is it? I read that they disabled mixpanel while the incident was ongoing?

It literally could not be more clear "As part of our security investigation, we removed Mixpanel from our production services" "After reviewing this incident, OpenAI has terminated its use of Mixpanel."

Email from OpenAI: Transparency is important to us, so we want to inform you about a recent security incident at Mixpanel, a data analytics provider that OpenAI used for web analytics on the frontend interface for our API product (platform.openai.com). The incident occurred within Mixpanel’s systems and involved limited analytics data related to your API account. This was not a breach of OpenAI’s systems. No chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed. What happened On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized access to part of their systems and exported a dataset containing limited customer identifiable information and analytics information. Mixpanel notified OpenAI that they were investigating, and on November 25, 2025, they shared the affected dataset with us. What this means for you User profile information associated with use of platform.openai.com may have been included in data exported from Mixpanel. The information that may have been affected was limited to: Name that was provided to us on the API account Email address associated with the API account Approximate coarse location based on API user browser (city, state, country) Operating system and browser used to access the API account Referring websites Organization or User IDs associated with the API account

Of course if transparency really was important to them they would have disclosed this prior to sending your private information off to mixpanel...

That's a mixpanel breach if the unauthorised access was mixpanel staff accounts. If someone phishes your gmail account, there is no gmail breach.

They also reset all passwords of all Mixpanel employees; that surely sounds like either Mixpanel staff accounts were compromised, or the breach was conducted via a staff account. I really don't understand the point in downplaying this shitshow.

If Mixpanel is subprocessor of GDPR'd data from OpenAI, OpenAI is obliged to notify affected European customers about the data breach within 72hrs.

Correct. And they're already out of that window.

↙ time adjusted for second-chance

G0-G3 corners, visualised: learn what "Apple corners" are (printables.com)

One thing they don’t mention is that smooth G2/G3 corners will print horribly (with FDM) if added to vertical corners, there just aren’t enough layers even with a 0.2mm nozzle. While dreaming up Apple-like objects I quickly discovered 3D-printing them with good surface finish is nearly impossible. Best we can do is Mac mini-like flat tops. Like most other manufacturing methods, its limitations heavily influence the design.

As someone who modeled surfaces like this for a living: G0 Positional Continuity: The surfaces touch without gap, but there may be a sharp corner. Example: the corners of a cube G1 Tangential Continuity: G0 but additionally the surfaces have the same slope (are tangential) at the point where they touch. Example: adding a circular fillet to the corners of a cube This is where most basic CAD modellers would stop. The problem with just putting a cylindrical or a spherical fillet in a corner is that you basically go from a flat surface (zero curvature) to a surface with some curvature on a whim. If your surface is reflective that means you go from a flat mirror to a strongly distorting one instantly, this will visually appear as a edge even if there is none. Curvature btw. is just the reciprocal of radius (1/r) If we talk about forces (e.g. imagine a skateboard ramp) you go flat (no centripetal force) to circular (constant centripetal force) without any transition inbetween. In effect this will feel like a bump that can throw inexperienced skateboarders of their feet. This means tangential transitions often do not cut it. G2 Continuity: In addition to being G0 and G1 you additionally ensure the curvature is the same where both surfaces meet. This usually means instead of going from a flat surface into a circle you go into a curve that starta out flat and then bends slowly into a radius. Now the curvature of a curve can be drawn as a curvature comb. You basically take the curvature at any point of the curve and draw the value as the length of a line that is perpendicular to the curve. G1 is if the perpendicular lines at the ends of the two curves align. G2 is if the curvature comb at the end of the two lines additionally has the same height (indicating the same curvature at the transition point). G3 is basically just ensuring that the two curvature combs are tangential at the point where they meet. G4 is ensuring that the curvature combs are not only tangential, but have the same curvature. G5 is taking the curvature of the curvature... By this point you may be able to sense a pattern.

I thought this was going to talk about all the competing, different corners radiuses on MacOS windows (is plural of radius radiuses? or radii?)

I am sure we can now obsess over their different continuities as well as radii. (Either is fine)

Linux Kernel Explorer (reverser.dev)

Very neat. It reminds me a bit of how pages in the Talmud are laid out. From a gentile perspective, it was very interesting to me to see how hundreds (thousands?) of years of commentary are contained within the same page. https://www.reddit.com/r/interestingasfuck/comments/1acgks3/a_layout_of_a_page_in_the_talmud_why_jews_insist/ https://triberuth.wordpress.com/2016/09/23/my-talmud-layout-notes/ Code isn't linear the same way, and pages don't make as much sense, but that idea of layers of commentary rings out in this Linux Kernel Explorer as well. I very much like the notes on the side!

Also: https://elixir.bootlin.com/linux/v6.17.9/source Elixir works better on mobile despite being around for years.

Thanks for the observation about mobile responsiveness, I will improve it!

Am I the only one that can't access the website due to certificate problems with the .dev?

I cannot reproduce. Would you mind sharing a bit more? The certificate is handled by Cloudflare Pages.

My bad, the network I was connected to didn't like the certificate for some reason. Cool project!

How is this different from https://elixir.bootlin.com/linux

Even if it was the same, how problematic would it be ?

I don't see all those versions, and for some reasons my fans turned on with the elixir link lol

Elixir is a great tool for exploring and cross-referencing the Linux codebase but for a new person, Linux can come across as very intimidating and complicated. The above explorer makes it very interesting to explore the codebase. This is kind of like an interactive book on Linux internals, with every topic being referenced through code.

Look at the content in the right sidebar, this is like an interactive guide to the kernel.

Penpot: The Open-Source Figma (github.com/penpot)

Clojure huh???? never see that outside financial system

Also, when it comes to UI elements this is my go to vector editor. Keeps things simple, has good ways of handling units and layout. A pleasure designing custom icons, or quick graphical elements. Plus a great export system to keep things organized. There are many things you can do besides full app flows, it doesn't dictate how you use it. Really reminds me of early Sketch and how productive I was with it. Its wild that this is open source.

It is my go-to vector editor as well. But a large pain point is that text elements cannot be vectorized or converted to paths or shapes. So your designs cannot be exported meaningfully because there is no guarantee that the receiving end will have the same fonts you designed with. Exporting to svg may look completely different when opened elsewhere if your designs have any text elements.

https://icons8.com/lunacy Not open source however

Thank you both, had no idea about existence of lunacy (the app).

> unlimited storage Surely it's not actually unlimited. I wish such claims wouldn't be as common in the industry.

It likely is as it is not general purpose storage. Even though your Linux iso's are called "images", they can not be added to a penpot design file - sorry to say.

HN users want to know if you're allowed to host the whole Internet on it.

Creative people could start encoding terabytes of movies inside of Penpot documents.

Figma has become absolutely shocking in the past few years. The performance is so bad these days. It doesn’t help that almost every designer doesn’t care to split things into more than one document. I’ve seen Figma documents with hundreds of screens.

> It doesn’t help that almost every designer doesn’t care to split things into more than one document That’s how these tools encourage you to use them. If the tool crumbles under its own usage modalities, that’s because it’s poorly designed, not the user’s fault.

Figma is also one dude.

1.65k employees according to Wikipedia.

Migrating the main Zig repository from GitHub to Codeberg (ziglang.org)

Wow. I think that's a serious mistake. Maybe GitHub is no longer so great and snappy but nowhere to justify moving something that needs: 1. Money, 2. Exposition, to something obscure just because it's a bit better. It's Git with an UI anyway, there isn't such large difference. I don't care about the fact the post is harsh: it's the content that it is broken from my POV because. It is absolutely legit to do something like that, in theory, but when you are handling a project that - at this point - is also the chosen language of a non trivial amount of folks, you need to act not just following what you like, but what is better for the project in the long time, and it is very hard to see how going away from GitHub (the fucking big market of open source software in the main city plaza -- let's use the same post tones) is better for Zig. What I think it is better is, of course, not absolutely better, but let's zoom on this issue root cause . It is the classical developer intolerance for tool that are not "as they wish/think", which is very common among technical people, but is a POV, I mean this "tool oriented" workflow, where this little feature/customization matters so much in your life (instead of adapting a bit and do not care), that I believe is a problem in our industry, and also has effects on the design philosophy of many programmers, that are too details oriented. Coders spend the majority of their life in the terminal, not on in GitHub. To check issues / PR there is not this Stranger Things Upside Down nightmare. Another problem with that is that you know what you are leaving, but you don't really know what you find in the new place. GitHub used to go down often in the early days. Now they may not be snappy and unfortunately like 99% of the web felt for this Javascript framework craziness. But the site is always up, I bet has disaster recovery and serious backup policy, and so forth. Can you find this so obviously in other smaller places?

GitHub Actions are seriously broken and that alone is a technically sound enough reason to move: the sleep.sh bullshit has degraded the performance of our CI for a long time, as it regularly livelocks in an endless while(true) spin runner agents, who stop processing new jobs. The agent itself has poor platform support also because it has a runtime dependency on .NET, and lately GH Actions started running jobs out of order with the result that old jobs would starve and time out, causing PRs to turn up red for no real reason. It's a real problem to run a project like Zig if your CI doesn't work. I guess we could have paid for an external CI service, but that as well would depend on GitHub APIs, so we would have gained what, a couple years? Given the current trajectory of GitHub I wouldn't trust them to maintain those APIs correctly for any longer than that (and as far as I know the current vibe-scheduling issues might already be reflected in the APIs that third party CI providers would use). Let's not forget that "GitHub is an AI company now".

Looking at these comments, it's painfully apparent how many think that being polite in your communication is more important than actually doing something. I agree it would have been nicer if the message was more polite. But if you compare that to having the backbone follow through with meaningful long-term changes against a corporation you don't trust or respect, there shouldn't even be a discussion. And don't even get me started with the people who come in here just to point out that Codeberg isn't perfect either.

> I agree it would have been nicer if the message was more polite. But if you compare that to having the backbone follow through with meaningful long-term changes against a corporation you don't trust or respect, there shouldn't even be a discussion. You’re framing it as either/or when it isn’t. You can push for real change and communicate like an adult. The two aren’t in conflict; often they reinforce each other.

> it's painfully apparent how many think that being polite in your communication is more important than actually doing something So you want people to talk about actions, not manners. Great. > And don't even get me started with the people who come in here just to point out that Codeberg isn't perfect either. Except actions they did with Codeberg...? Sharing their experience about Codeberg isn't off-topic in a thread about a major repo migrating to Codeberg.

The fetish for "manners" has stood in the way of every single positive societal change. It's exactly what MLK meant with the white moderate favoring a negative peace over positive change: the Negro's great stumbling block in his stride toward freedom is not the White Citizen's Counciler or the Ku Klux Klanner, but the white moderate, who is more devoted to "order" than to justice; who prefers a negative peace which is the absence of tension to a positive peace which is the presence of justice; who constantly says: "I agree with you in the goal you seek, but I cannot agree with your methods of direct action"

If by dig you mean lazily sweep the front door while listening to dance music, then yes, I agree with you :)

Lmao absolutely right

> it’s abundantly clear that the talented folks who used to work on the product have moved on to bigger and better things, with the remaining losers eager to inflict some kind of bloated, buggy JavaScript framework on us in the name of progress. > More importantly, Actions is created by monkeys This writing really does not reflect well on Zig. If you have technical issues with Github, fine: cite them. But leave ad hominems like "losers" and "monkeys" out of it.

But he is right

For those who haven't seen the actual issue that links to, I'd take a closer look. Pretty insane: https://github.com/actions/runner/issues/3792#issuecomment-3182746514

It doesn't reflect well, but also, is it not fairly par for the course from a BDFL type? Surely Linus Torvalds has said meaner things at some point on a listserv. Why does this guy get blasted for it? Because people still have generally positive sentiment towards Github? Just a day or 2 ago some other article was making similarly "ad hominem" attacks towards anonymous Youtube PMs, it got tons of upvotes and nobody clutched their pearls for the poor PMs. The Github/MS engineers who maintain actions (whose poor performance probably isn't even the result of any single individuals bad code), will be fine. Seems like the HN mob is just as capricious as the author in deciding who gets as pass or not.

> Surely Linus Torvalds has said meaner things at some point on a listserv. It boggles the mind why people keep using Linus as an excuse to justify rudeness. Linus apologised , he recognised what he did for years was not OK, and took time off to reflect and become a better person. > Seems like the HN mob is just as capricious as the author in deciding who gets as pass or not. Are all the people who commented in that submission commenting on this one? No? Then it’s not the same group of people, and opinions are different. There’s no “mob”, HN isn’t a hive mind. If it were, you’d be part of it and agree.

He’s talking about people who wrote the code. Those are actual people. You’ve abstracted them away as “Microsoft” and decided they don’t deserve any empathy.

a lot of "actual people" are also suffering from dunning kruger and just love to build stupid shit that nobody wants in horrific ways.

Many people are tired of the toxic positivity common in corporate speak, which lets poor performers off the hook, and prevents high-quality talent from speaking freely. "A complete lack of empathy" is a bit of a stretch, no? Calling someone a monkey is fairly lighthearted, while getting the point across that maybe they should take stock of the awareness of their abilities.

Here’s a “high performer” realising that it was his toxicity that was the problem, and he needs to fix it. > This week people in our community confronted me about my lifetime of not understanding emotions. My flippant attacks in emails have been both unprofessional and uncalled for. > Especially at times when I made it personal. In my quest for a better patch, this made sense to me. I know now this was not OK and I am truly sorry. The above is basically a long-winded way to get to the somewhat painful personal admission that hey, I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely. And he did. And the project he heads is better for it. You don’t need to call people names to run a project well. Linus learned that. It’s time that other people who failed to grow up learn it too.

> blowing it up out of proportion is just as toxic One person decided that something wasn't for them. How is that in the same league as someone in a leadership position being unprofessional?

I personally don't care too much for hierarchies, so I didn't factor this in. You can be toxic at any level.

GitHub was very snappy in the early days. I remember how refreshing I found GitHub when it was new. I don't know when but sometime after 2020 it has just been going downhill.

The same could be said of Jira. I could switch on the dev console in the Browser, and see which one loads the largest amount of Javascript, but I'd be disappointed with both.

You can express dissatisfaction and anger „naturally“ without calling people losers and monkeys.

Yeah, its rude to actual monkeys - they did nothing wrong!

> You can express dissatisfaction and anger „naturally“ without calling people losers and monkeys. I can't speak for others. But if I am screwing up as badly as GitHub is, I'd rather someone calls me a loser and monkey for it. It's like someone splashing ice cold water on my face and showing me the reality. It's going to be very uncomfortable, yes. But I'll learn from it and try not to screw up so badly again. I find this kind of natural outburst refreshing really.

That’s a theoretically admirable attitude if true (I don’t doubt you believe it, and maybe even do it successfully, but often how we react differs from how we think or say we’d react) but definitely not universal. A more common and probable outcome is people clamming up and becoming defensive, actively rejecting the criticism because of how it was delivered. Though best case scenario, the people working on these features agree and can point their managers to the post as an example of growing discontent. I doubt it’ll have an effect, though. GitHub is now under the AI division at Microsoft.

> Amusingly, this post violates Zig's own code of conduct: https://ziglang.org/code-of-conduct Not sure it does. Right there in the same link you posted: This document contains the rules that govern these spaces only: The ziglang organization on Codeberg #zig IRC channel on Libera.chat Zig project development Zulip chat

That's a bit of a weasel exit, isn't it? Does not violate the letter of the document, but it does violate its spirit.

Codes of conduct are perfunctory virtue signalling. Do we really need a unique set of "rules" posted on every project? They all sound like they were written by the same AI bot. That said, it's telling that the Zig leader can't even follow them. The rules should just be taken down.

Not even virtue, codes of conduct just signals leftist control over an organisation.

US leftists, or non-US leftists?

Ah yes, asking people to behave like decent human beings is much less common to the right

Every org has a code of conduct and this is nothing new. How seriously it is taken in each case is a different issue. Code of conduct usually amount to some rules that say “don’t be an asshole to others”. Can’t see why this is problematic or “virtue signaling”.

CoCs are like HoAs. The people behind them are usually well-intentioned, and they certainly have their place, yet they're still quite dangerous. If the wrong kind of person gets into a position of enforcement, they can basically do whatever they wish, with no due process, recourse or principles of law being observed.

Then blast the product, not the people who built it.

The product isn't some result of a series of "oopsies". The worst aspects of bad and/or user-hostile software products are that way because the people working at these companies want them to be that way. Unless you want to call them just that incompetent. I assume they'd complain about that label too. In short: No it's not "the product", the people building it are the problem. Somehow everyone working in big tech wants all the praise all the time, individually, but never take even the slightest bit of responsibility fro the constant enshittification they drive forward..

If it was a company, you'd say the CoC is meant for lackeys, not for C-suites.

No, it's meant for interactions inside the company, not towards random giant corporations outside of it.

You would be happier working in a kindergarten. I truly mean that. Think about it. Not trying to be rude.

If you call people at work monkeys when you don't like their work, you're closer to Kindergarten than you think.

> As a bonus, we look forward to fewer violations (exhibit A, B, C) of our strict no LLM / no AI policy, which I believe are at least in part due to GitHub aggressively pushing the “file an issue with Copilot” feature in everyone’s face. Also, the big part of that issue is people are incentivized to make their GitHub profile look good to have a higher chance of getting hired. Any non-mainstream platform is not as compelling to get social credits.

> Also, the big part of that issue is people are incentivized to make their GitHub profile look good to have a higher chance of getting hired. Do people really get hired for bunch of PRs to random repos on GH or just think they will? My impression has always been that GH profile is completely ignored by both recruiters and interviewers.