Hacker Newsnew | past | comments | ask | show | jobs | submit | tjoff's favoriteslogin

Came here to say this. Qpdf is my go-to for manipulating pdf files on the command line. Encrypting, decrypting, extracting and merging pages.

It's Apache-licensed and written in C++.


> For example when submitting a write operation, the memory location of those bytes must not be deallocated or overwritten.

> The io-uring crate doesn’t help much with this. The API doesn’t allow the borrow checker to protect you at compile time, and I don’t see it doing any runtime checks either.

I've seen comments like this before[1], and I get the impression that building a a safe async Rust library around io_uring is actually quite difficult. Which is sort of a bummer.

IIRC Alice from the tokio team also suggested there hasn't been much interest in pushing through these difficulties more recently, as the current performance is "good enough".

[1] https://boats.gitlab.io/blog/post/io-uring/


Pocket ID[1] is what I use, and I cannot recommend it enough. It's an incredible project.

[1] https://pocket-id.org


You can make the NS record for the _acme-challenge.domain.tld point to another server which is under your control, that way you don't have to update the zone through your DNS hoster. That server then only needs to be able to resolve the challenges for those who query.

For an expanding array in a 64 bit address space, reserving a big region and mmaping it in as you go is usually the top performing solution by a wide margin. At least on Linux, it is faster to speculatively mmap ahead with MAP_POPULATE rather than relying on page faults, too.

And, if you find you didn't reserve enough address space, Linux has mremap() which can grow the reserved region. Or map the region to two places at once (the original place and a new, larger place).


I've watched and re-watched Aaed's videos on the capstan drive, it's great stuff. High speed, high torque, compliance, effectively no backlash. It's fascinating to watch a legit engineering mind at work.

The "declaring script dependencies" thing is incredibly useful: https://docs.astral.sh/uv/guides/scripts/#declaring-script-d...

  # /// script
  # dependencies = [
  #   "requests<3",
  #   "rich",
  # ]
  # ///
  import requests, rich
  # ... script goes here
Save that as script.py and you can use "uv run script.py" to run it with the specified dependencies, magically installed into a temporary virtual environment without you having to think about them at all.

It's an implementation of Python PEP 723: https://peps.python.org/pep-0723/

Claude 4 actually knows about this trick, which means you can ask it to write you a Python script "with inline script dependencies" and it will do the right thing, e.g. https://claude.ai/share/1217b467-d273-40d0-9699-f6a38113f045 - the prompt there was:

  Write a Python script with inline script
  dependencies that uses httpx and click to
  download a large file and show a progress bar
Prior to Claude 4 I had a custom Claude project that included special instructions on how to do this, but that's not necessary any more: https://simonwillison.net/2024/Dec/19/one-shot-python-tools/

Now do one for signing Linux packages with <insert anything else but GnuPG>...

In other words, if you're an open source startup and want to avoid being AWS'd, choose dual AGPL + commercial (with IP transfer CLAs).

Neat project and approach! I got fed up with expensive registries and ended up self-hosting Zot [1], but this seems way easier for some use cases. Does anyone else wish there was an easy-to-configure, cheap & usage-based, private registry service?

[1]: https://zotregistry.dev


It took me a while to find, but here is a BestOf Reddit comment from 16 years ago where a user Saydrah discusses communicating with Cuttlefish for an hour with her fingers https://www.reddit.com/r/funny/s/TBfh8u9MGX

I am about a quarter of the way through Modern Library’s top 100 and it has been a worthwhile journey. It is “just” literary fiction but it is among the best humanity has produced. I have learned so much about the human condition, my ability to articulate ideas has improved tremendously, and I feel like my mind has been “freed from the tyranny of the present” (to quote Cicero).

https://sites.prh.com/modern-library-top-100


> Everything we've seen here is still normal C, but often we want to associate a function with a type. For instance, the area function we have shown above only works with rectangles, but what if we had circles as well? We'd end up with two functions, one called area_rectangle and one called area_circle.

This is not to call the article into question but only to show that C11 does support generics, allowing for:

  printf("Rectangle area: %.2f\n", area(rect));
  printf("Circle area: %.2f\n", area(circle));
Full code here:

https://gist.github.com/williamcotton/a8f429e891cbba5abfadcc...


> Through some digging, I found that when a desktop enters S3 sleep, the system cuts power to PCIe GPUs

I am not sure how correct this assumption is. S3 is supposed to cut power to everything but RAM, but for example Gigabyte Aorus motherboards are notorious for an NVMe SSD sleep bug that randomly prevents the system from properly sleeping or waking.

This is fixed by adding the following udev rule:

  # Generic PCIe fix for sleep bugs by preventing wakeup from any PCIe port
  ACTION=="offline", SUBSYSTEM=="pci", DRIVER=="pcieport",     ATTR{power/wakeup}="disabled"
   
or more targeted:

  # Gigabyte sleep fix by preventing wakeup from problematic PCIe port, depends on motherboard model
  ACTION=="offline",  SUBSYSTEM=="pci", ATTR{vendor}=="0x8086", ATTR{device}=="0x43bc", ATTR{power/wakeup}="disabled"
   
You can find any glitched PCIe wakeup device with:

  1. cat /proc/acpi/wakeup (you'll have to trial and error your way through the wakeup devices if it isn't immediately clear)
  2. cat /sys/class/pci_bus/*/*/yourWakeupDevicePci/uevent | grep PCI_ID
  3. prepend "0x"
You also have the option of:

  udevadm info --attribute-walk /dev/whatever
  
but for that you need to know some basic identifier of your glitchy device.

Or if you want to shellscript it (less reliable than letting udev do it for you and needs to be done via systemd service file or another automation):

  # Gigabyte sleep fix, port depends on mobo model
  /bin/bash -c 'if grep 'RP05' /proc/acpi/wakeup | grep -q 'enabled'; then echo 'RP05' > /proc/acpi/wakeup; fi'";

Yes I really hate this (and other) Linux sleep issues.

Here's a resource I found that walks through the ideas of the protocol, starting with simple implementations that have a problem, and then solving the problem one by one: https://privacypass.github.io/protocol/

I think that's the best conceptual overview of a crypto protocol I've ever seen.


If anyone wants to learn about BGP (especially day-to-day stuff for peering scenarios), the Network Startup Resource Center out of U.Oregon has a good series of videos going through things:

* https://learn.nsrc.org/bgp


Using `cat file.txt | ...` has always felt more natural to me, so I still use it.

If I need to build a long command I've been using the excellent `up` tool to do it, e.g. `cat file.txt | up`

https://github.com/akavel/up


> In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules ... Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.

This is not new - every time I update macOS, some of the system settings are changed to default including some in the firewall. And I have to painstakingly go through all of it and change it. Also, the few times I've reinstalled or updated macOS, I've always noticed that it takes longer for the installation if your system has access to the internet - so now I've made it a practice to switch of the router while installing or updating macOS or ios. (With all the AI bullshit being integrated everywhere in Windows, macOS and Android etc., I expect this kind of "offloading" of personal data, and downloading of data, to / from AI servers to keep increasing, especially during updates, to "prepare" for the new AI features in the newer OS updates. No internet means the installer is forced to skip it for later, saving you some valuable time, and hopefully you get to change the default setting before it starts up again. Whatever the claims of AI processing done on the Mac or iDevices itself, some "offloading" to their servers, will still happen, especially if the default settings - which you can change only after the OS is installed - also enables analytics and data collection.)

(More here https://news.ycombinator.com/item?id=26418809 and on this thread - https://news.ycombinator.com/item?id=26303946 ).


If you're interested in DIY security+AI, check out Frigate NVR(https://frigate.video/), Scrypted(https://www.scrypted.app/) and Viseron(https://viseron.netlify.app/).

I haven't tried this but I have used https://github.com/MichielDerhaeg/build-linux during my trainings and all my students quite enjoyed the experience. It basically builds a Kernel, libc, busybox, init etc. and gets the whole thing running inside qemu.

I found it quite educational and worth the little time I spent on it.


Probably the highest quality retrieval is with: https://github.com/oyvindln/vhs-decode

which reads the raw data off a variety of tape formats and converts it to video. Grew out of the domesday project for lasterdiscs


That time of the year when everyone can see there is craftsmanship in the tiny details.

https://littlebigdetails.com is exactly that


If you want to do code-CAD for anything substantial and you haven't yet developed a significant dependency on OpenSCAD, do your brain a favour and spend at least some time with CadQuery, Build123D or (if you prefer JS to Python) Replicad.

As impressive as NopSCADlib and BOSL2 are (and OMG they are, when you consider what they have to work with!), OpenSCAD is a one-way, declarative CSG environment that essentially only outputs mesh formats. It's really not that much better than working with three-dimensional pixels. You won't really be able to analyse, iterate over or measure your models, easily build on faces, do easy chamfers or fillets, export STEP files, make use of constraint-based designs, model assemblies, or so many other things that "CAD" means in the 21st century. All the tools that help you do this on OpenSCAD are layers and layers of task-specific hacks and clever bodges.

I totally get wanting to make models with version-controlled text files instead of GUI CAD (which can be a sort of weird battle to learn for a programmer), and I get wanting to avoid FreeCAD. I just don't really get wanting to limit oneself to such a limited concept of a 3D "model"!

The three alternative systems I mention are all based around bindings to (or in Replicad's case, cross-compilation of) OpenCASCADE, which is a bRep CAD kernel capable of much richer interactions. It is not without its faults, but arguably code-CAD spares you from some of the inscrutability that trips up FreeCAD's interactive model.


I'm surprised rateless fountain codes aren't mentioned! If you enjoy this sort of thing, you'll find the Luby Transform Code fascinating: https://en.wikipedia.org/wiki/Luby_transform_code

This paper is a really nice overview with more detail: https://switzernet.com/people/emin-gabrielyan/060112-capilla...

LT codes are used as the "outer code" in the linear time RaptorQ encoding specified in RFC6330: https://www.rfc-editor.org/rfc/rfc6330


Totally in love with the idea of building a custom watch. I’ve done it too and it only cost $80!

Body $30 https://www.casio.com/us/watches/casio/product.A158WA-1/

Movement $40 https://www.crowdsupply.com/oddly-specific-objects/sensor-wa...

I’ve added a new astronomical face and rejigged the world clock for my rellies (showing AW for Australian Western time.) Dirt simple changes but it’s thrilling to have something that’s partly mine. Because it is based on the Casio body it’s also an iconic design classic too.

I believe a version with tzdata in it is in the works by the author. My thanks to everyone involved in the project and everyone on HN who got me into this hobby!


After trying a few different CLI mail clients---mutt/neomutt, s-nail, etc.---I've come to love the approach of mblaze[0], _i.e._ just a collection of commands to interact with maildirs, which can be separately managed by OfflineIMAP or whatever.

I'm curious how mblaze+offlineimap compares to other similar setups: nmh[1], fdm[2], and getmail.

[0]:https://github.com/leahneukirchen/mblaze

[1]:https://www.nongnu.org/nmh/

[2]:https://github.com/nicm/fdm


For anyone interested in the basics of nuclear weapons, I highly recommend the "Nuclear 101: How Nuclear Bombs Work" lectures by Matthew Bunn, a man heavily involved in nuclear arms control.

His lectures are always highly entertaining, a real pleasure to watch.

This is a clip from his lecture explaining the basics of thermonuclear warheads:

https://youtu.be/YMuRpx4T2Rw

And the full “Nuclear 101” lecture, in two parts:

https://youtu.be/zVhQOhxb1Mc

https://youtu.be/MnW7DxsJth0


Reminder that https://github.com/google/wuffs exists too.

I've recently made a similar (more modular) project which compiles various features and patches them into a Firefox profile. It can compile themes, hardening, userscripts, userstyles and more into a clean firefox profile, basically removing the bloat from firefox while still being fully customizable: https://github.com/explosion-scratch/firebuilder

There's also the video of this talk: https://www.youtube.com/watch?v=7ne0GArfeMs

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: