Unlurker|Replay|About
Microsoft denies rewriting Windows 11 in Rust using AI (windowslatest.com)
The original LinkedIn post is pretty wild. I wonder if he did a fat line of coke before writing that, or if it actually were any concrete plans that have been worked out.
> Our North Star is "1 engineer, 1 month, 1 million lines of code" Can someone explain this? Are they suggesting that (eventually) one engineer can produce 1 million lines of Rust code in a month? Or replace 1 million lines of C code?
The simple fact that they have to deny it, meaning such an absurd is widely considered plausible, is already a sign of their reputation.
Microsoft please get your tab to autocomplete shit together (ivanca.github.io)
Sometimes I don't mind being the dinosaur still on Sublime Text. It may not have kept up with the times, but at least it's not being enshittified.
Change to real Visual Studio for C#. Visual Studio Code is complete garbage in comparison.
dunno if you tried VS2026 C#, but it's worse. I have no extensions (besides the default Copilot) and it's a never ending battle of just trying to get the normal intellisense to show up. What's worst is that the copilot autocomplete suggestions fill in made up methods/properties. Why can't it look at intellisense to get the real ones?
1. Use println 2. That's fine, they'll just build some cloud feature
> 1. Use println Printf debugging is a usability and productivity disaster compared to an actual debugger.
Asterisk AI Voice Agent (github.com/hkjarral)
I developed a stack on Cloudflare workers where latency is super low and it is cheap to run at scale thanks to Cloudflare pricing. Runs at around 50 cents per hour using AssemblyAI or Deepgram as the STT, Gemini Flash as LLM and InWorld.ai as the TTS (for me it’s on par with ElevenLabs and super fast)
Do you have anything written up about how you're doing this? Curious to learn more...
What if the goal is to keep gaslighting you until you give up your demands?
you bought something from the wrong company, and you arent gonna get helped by phone, bot, or person
you actually answer unknown callers?
Yes. I own a business.
Tell HN: Merry Christmas
Merry Christmas, everyone! Treasure these moments you get with those you care about it. Time is our most valuable asset.
Merry Christmas!
Merry Christmas!
Merry Christmas everyone. It was a pleasure interacting with you all this year and I hope for many more.
Merry Christmas!! you gentle nerds you! Peace to us all.
Merry Christmas, hackers!
I'm taking a moment to recognize once more the work that user @atdrummond (Alex Thomas Drummond) did for a couple years to help others here. I did not know him, don’t think I ever interacted with him, and I did not benefit from his generosity, but I admired his kindness. Just beautiful. Ask HN: Who needs holiday help? (Follow up thread) - https://news.ycombinator.com/item?id=38706167 - Dec 2023 (9 comments) Ask HN: Who needs help this holidays? - https://news.ycombinator.com/item?id=38492378 - Dec 2023 (210 comments) Tell HN: Thank You - https://news.ycombinator.com/item?id=34140096 - Dec 2022 (42 comments) Tell HN: Everyone should have a holiday dinner this year - https://news.ycombinator.com/item?id=34122118 - Dec 2022 (58 comments) Unfortunately, Alex died a few months after his last round of holiday giving, about 1½ years ago now. Tell HN: In Memory of Alexander Thomas Drummond - https://news.ycombinator.com/item?id=40508725 - May 2024 (5 comments) If you read the comments in that last thread, know that @toomuchtodo followed through last year and kept the tradition alive. Amazing and magnificent. Ask HN: Who needs help this holidays? - https://news.ycombinator.com/item?id=42291246 - Dec 2024 (46 comments)
Damn.. :(
* , _/^\_ < > * /.-.\ * * `/&\` * ,@.*;@, /_o.I %_\ * * (`'--:o(_@; /`;--.,__ `') * ;@`o % O,*`'`&\ * (`'--)_@ ;o %'()\ * /`;--._`''--._O'@; /&*,()~o`;-.,_ `""`) * /`,@ ;+& () o*`;-';\ (`""--.,_0 +% @' &()\ /-.,_ ``''--....-'`) * * /@%;o`:;'--,.__ __.'\ ;*,&(); @ % &^;~`"`o;@(); * /(); o^~; & ().o@*&`;&%O\ jgs `"="==""==,,,.,="=="==="` __.----.(\-''#####---...___...-----._ '` \)_`"""""` .--' ') o( )_-\ `"""` `
Since I might have peoples' attention for a moment (Can no longer edit my original post). Might I suggest the King William's college quiz this Christmas? https://kwc.im/wp-content/uploads/2025/12/GKP_2025_26.pdf
Thought it was obfuscated C code, then I realized it’s a tree or something
Challenge issued. I wouldn't be surprised if someone comes up with obfuscated C code that looks like a christmas tree and prints out wishes by the end of the day/season. Merry Christmas!
Phoenix: A modern X server written from scratch in Zig (git.dec05eba.com)
Seems interesting that they're not using the XML protocol specs for code gen, the way the Xorg server does.
Same author behind https://git.dec05eba.com/gpu-screen-recorder/about/ , the best screen recorder for wayland imo (I had tried other alternatives but none of them helped in recording at 4k 60fps, this worked out of the box).
I finally caved and switched to Wayland 6 months ago or so. Things just work so much more smoothly.
Some things do but for some details I'm amazed what I need to do to make it work, like going to sleep with multiple displays. Maybe it's a sway thing and I'm not complaining at all, crafting a solid minimal configuration has its charms. I'm just thinking why did it take me so long to do the switch. I still keep X around, but not sure how long. Like keeping vim around after switching to nvim few years back..
I disagree. The choices in the Linux ecosystem lead to unnecessary fragmentation and development/packaging nightmares. I say let X11 die, bury it, and never let it rise again. Then we can all focus on making just one display server as good as possible.
Which one? The Gnome Wayland, the KDE Wayland, the xroots wayland, Weston, or one of the others? Each one is an independent implementation of a Wayland compositor, with a differing, incompatible set of extensions. X11 was a single, pretty janky implementation. Wayland is the worst of both worlds -- it's cleaned up a little, but it's still kinda janky. In exchange for a little bit of cleanup, mainly around bitmap fonts, it's no longer a unified protocol. And to top it off -- it kept the worst part of the X11 protocol, the XKB extension, but got rid of input handling entirely, which means that every platform needs to reach for platform specific code to implement reading from the mouse and keyboard. Yay.
> The choices in the Linux ecosystem lead to unnecessary fragmentation and development/packaging nightmares. You cannot possibly use this as an argument in Wayland's favor. X11 sucked because it baked everything, including multiple outdated kitchen sinks, into a single Xorg monolith. Wayland sucks because it factors out everything, including really important features, into optional extensions, ensuring that anything more interesting than "draw pixels to a window" will always be different on every single compositor.
Accessibility is apparently a big problem with wayland. E.g., the most popular / ?only? app that supports hardware eye trackers on Linux does not work with wayland, and states that it likely never will as wayland does not provide what it needs to add support (it is also the most popular app for voice/noise control). Even basic things like screen readers are apparently still an issue with wayland. Without a strong accessibility story, systems running wayland would have been banned at my last employer (a college). Personally, I have a 3200x2400 e-ink monitor that has a bezel that covers the outer few columns of pixels. I use a custom modeline to exclude those columns from use. And, a fractional scaling of .603x.5 on this now 3184x2400 monitor to get 1920x1200 effective resolution. Zero idea how to accomplish this with wayland-- I do not think it is possible, but if anyone knows a way, I am all ears. I ran into, at least, ten issues without solutions/work-arounds (like the issue with my monitor) when I tried to switch this year, after getting a new laptop. Reverted to a functional, and productively familiar, setup with X.
I don't know about other DE, but at least with Plasma there is a "overscan" option to compensate for hidden borders.
Python 3 was actively antagonistic to Python 2 code for no reason other than to lecture us about how we were doing things wrong, writing code to support 2 and 3 to help transition was dumb etc etc. For example, in python 2 you could explicitly mark unicode text with u"...". That was actively BLOCKED with python 3.0 which supposedly was about unicode support! The irony was insane, they could of just no-oped the u"". I got totally sick of the "expert" language designers with no real world code shipping responsibilities lecturing me. Every post about this stuff was met by comments from pedantic idiots. So every string had to have a helper function around it. Total and absolute garbage. They still haven't explained to my satisifaction why not support u"..." to allow a transition more easily to 3. Luckily sanity started prevailing around 3.5 and we started to see a progression - whoever was behind this should be thanked. The clueless unicode everything was walked back and we got % for bytes so you could work with network protocols again (where unicode would be STUPID to force given the installed base). We got u"" back. By 3.6 we got back to reasonable path handling on windows and the 3 benefits started to come without antagonistic approaches / regressions from 2. But that was about 8 years? So that burnt a lot of the initial excitement.
> Python 3 was actively antagonistic to Python 2 code for no reason other than to lecture us about how we were doing things wrong, writing code to support 2 and 3 to help transition was dumb etc etc. > [...] > By 3.6 we got back to reasonable path handling on windows and the 3 benefits started to come without antagonistic approaches / regressions from 2. But that was about 8 years? So that burnt a lot of the initial excitement. So it's a great analogy. Wayland started out proudly proclaiming that it intentionally didn't support features in the name of "security" but everyone should "upgrade" because this was totally better, and has been very slowly discovering that actually all the stuff it willfully dropped was useful and has mostly evolved back to near feature parity with Xorg.
For people who absolutely have to have X11 this looks like a better plan than XLibre.
I’m not sure this satisfies X11 needs without remote display capability.
I wonder why Valve disagrees.
Valve ships a Wayland compositor that just runs XWayland for apps and doesn't even expose the Wayland socket by default. I'm really not sure how we're supposed to count that.
↙ time adjusted for second-chance
CSRF protection without tokens or hidden form fields (blog.miguelgrinberg.com)
reminds me of something similar https://news.ycombinator.com/item?id=46321651 e.g. serve .svg only when "Sec-Fetch-Dest: image" header is present. This will stop scripts
Or sending Content-Security-Policy: script-src 'none' for everything that isn’t intended to be a document. Or both.
> If we were to re-write browser standards today, cross-domain POST requests probably just wouldn't be permitted. That would be a terrible idea IMO. The insecurity was fundamentally introduced by cookies, which were always a hack. Those should be omitted, and then authorization methods should be designed to learn the lessons from the 70s and 80s, as CSRF is just the latest incarnation of the Confused Deputy: https://en.wikipedia.org/wiki/Confused_deputy_problem
Ah, so true. That's what i mean! Cross domain requests that pass along the target domain's cookies. As in, probably every cookie would default to current __Host-* behavior. (and then some other way to allow a cookie if you want. Also some way of expressing desired cookie behavior without a silly prefix on its name...)
The OWASP CSRF prevention cheat sheet page does mention SameSite cookies, but they consider it defense in depth: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-cookie-attribute .
Because of clientside Javascript CSRF, which is not a common condition.
Right now the problem is what the author already mentions - the use of Sec-Fetch-Site (FYI, HTTP headers are case insensitive :) - is considered defense in depth in OWASP right now, not a primary protection. Unfortunately OWASP rules the world. Not because it's the best way to protect your apps, but because the corporate overloads in infosec teams need to check the box with "Complies with OWASP Top 10"
Since when are they case sensitive? https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers says otherwise. It's possible for a server to treat them as case sensitive, but that seems like a bad idea.
The OWASP Top 10 is a list of vulnerabilities, not a checklist of things you have to actually "do".
How I Left YouTube (zhach.news)
> Do say: "I optimized a high-throughput distributed system to prioritize user retention metrics, reducing latency by 150ms through a custom caching layer." Ugh. Pain. I'm hiring, and I've been filtering out resumes that are heavy on these kinds of metrics. Because I literally get thousands of entries with these kinds of wording. Often with excessively precise numbers, like "by 23.5%". My problem is that it's hard to tell the amount of real work it took to do that. It might have been as stupid as creating an additional index in the database, or it might have involved a deep refactoring across multiple systems with a zero-downtime gradual rollout. I would prefer something like: "I worked as the hands-on leading developer to do a large-scale refactor on the highly loaded front-end network routing system, resulting in user-visible latency decrease on the Youtube front page". For me the key words are: "hands-on" (and not just writing a product brief and getting resources for it), "large-scale refactor" (so likely not just creating an additional database index), "highly loaded".
FWIW, I agree that less ink on a resume is usually a higher signal, and I also find that indicators for “ownership”, social trust, autonomy, and proxies thereof are more valuable than number go up narratives. But sometimes people feel like they must play this game to get past the pre-interview loop screen; I’ve interviewed plenty of people with number go up narratives who’ve done exceptionally well. It’s challenging to make hard and fast rules!
>At one prominent tech company, I underwent 13 separate interviews for a single role. In what insane world does this make any amount of sense?
It really doesn't make much sense. The article was actually insightful on this point, or at least this matches my experience: > it suggests they operate on a consensus-based model that stifles autonomy The one place where I experienced a lot of rounds of interviews (at least 8 interviews, I think) was at the Wikimedia Foundation. It's an organization that is very explicitly built on consensus-based decision making. There were many great things about working there and at first it was very different from typical corporate culture. In some ways it was stifling, at least for someone who isn't a savvy politician. By the time I left in 2021, they had fully adopted the same kind of leveling system as discussed here, with all of the same political and structural constraints on advancement.
Yeah, no. Most companies do not have that exact hierarchy. Maybe at FAMGA etc, but most engineering jobs are not there.
Sure, not that exact hierarchy. But a hierarchy. At other places it might be Senior, Principal, Director, etc. at some places they’re given, at other places you fight for it. Variations of leveling.
 Top