This is cool. I am currently using GitHub codespaces and I would love a version of it with nothing but a web based terminal. I don't need all the other windows they put around it. This might be it.

Trying my way around it now. Not sure what is going on:

    me: apt install apache
    the shell: exe.dev repl: command not found: "apt"

What is "exe.dev repl"? Am I not in a shell?

    me: bash
    the shell: exe.dev repl: command not found: "bash"

Damn, it seems the "shell" is not a Linux shell?

[exe.dev co-founder here] Hi there, I am not sure exactly where you are, but your VM is ubuntu derived and definitely starts with apt and bash. Perhaps try `ssh yourvm.exe.xyz`?

Thanks for trying it!

I can't use a native ssh client. I am using a browser. I clicked on "Shell" on top of the screen.

Oh, I think I found a real shell now! You have to click "VMs" then on the VM and then "Terminal".

Yay, this is great!

While at tailscale you built sketch.dev only to actually build this product ? Love it. Ultimate yak shave. Kind of how like Antithesis was the product inside foundationdb.

What you connect to first is the exe.dev jump server/management interface. You can ssh into your vm from there. Try typing help

Nmap 52.35.87.134 (exe.dev) Returns many open ports

Linux

Isn't Bluesky supposed to be decentralized?

How can some party lock you out of it?

Well Bluesky/the protocol behind it is decentralized

but the dm (direct message) functionality itself isn't decentralized and bluesky even mentions it/shows it that its unencrypted and centralized iirc

Although I enjoy the public key/private key ideas, If you wish to talk encrypted, one of the best ways to do such could be having signal if you don't mind centralization

But if you want decentralization some options i can recommend are matrix,simplex,session etc.

But to be honest, there is a good point that you raise about how to talk decentralized on bluesky

well, one of the ideas that I can think of right now, is that someone can use https://keyoxide.org/ and paste in their public key and also connect both bluesky and matrix and then have the keyoxide as part of something public like a comment

The problem in this is that it becomes tedious and does add more friction to the whole thing but definitely possible.

Paste my private keys into a form control on the web? What could go wrong?

Who doesn't review all the several megabytes of minified JavaScript for every page they visit?

he's asking you to paste his public key, not your private one.

If you choose to use a centralized frontend to access Bluesky (everyone does this) and that frontend has to follow laws because it's run by a corporation... that's what you get.

There is no way to access your DMs except using Bluesky's centralized backend server.

Since even after 2 hours nobody is discussing the actual font, let me tell you what comes to my mind when I read anything about Google and design:

They got phone design right.

I just can't get my head around it that even Apple, which is supposed to be THE design company, is making phones that can't lay on a table without wobbling like a barstool on a crooked floor. It just feels so broken to me. So detrimental to my sense of aesthetics.

Google phones tackled it with an elegant solution. Thanks for that. I wouldn't know what phone to use if Pixels didn't exist.

The irony is that you're still not discussing the font

That's his point. Since nobody else is, he's not going to either.

Apple probably has swathes of real-world usability data showing that virtually no-one uses their phone for prolonged periods of time while it's laying down on a hard flat surface.

You may be right about the aesthetics (and Lord Jobs may well have agreed with you) but they may have made the tradeoff consciously.

One can say "they probably had data to support it" about virtually any decision. It is not really a defense from critique. It may have been deliberate, but it still feels wrong and bad.

I think the point is it feels wrong and bad to benign number of people.

Hot take: a wobbly phone is much easier to pick up from the table.

Original iPhone got design right.

I don't think there's a single modern smartphone that I like. My latest favourite smartphone was iPhone 4S. No camera bump. Perfect size, fits well in my hand, operable with one thumb. Perfect display size, enough to present all information I need. Perfectly usable without ugly case.

> Perfectly usable without ugly case.

Why would you buy an ugly case and not a clean and well designed, functional one ?

If you liked the original iPhone design, getting a rounded and hand fitting case would be the go too IMHO (on the size difference, there's no way out at this point)

My previous phone was the iphone 8. It’s trully a world of difference in usability compared to the iPhone 13 I’m using now. I have big hands, so I can ise the latter one-handed, but a lot of people I’ve seen don’t.

Why not the excellent iPhone 13 Mini?

My only beef with that one was the slippery soap-bar edges if used without a case. Otherwise, yep, perfect size, disappears in pocket.

My favorite phone of all time (based on hand feel and appearance) was the OnePlus One. It had its software problems, but every phone I've held since then has been a disappointment in the hand.

What bugs me most is that Apple DID do this (I still hold that iPhone SE 1 is the goat) and then decided to drop it because it wasn't as profitable.

I've just got a new Samsung and it's wobbling too. I hate this. Why can't they at least put the cameras in the middle? Or maybe horizontally centred? Or they could just put another bumper on the other side to make it symmetrical. I'm looking for a cover to balance this out, but no luck so far.

iPhone 17 pro max is balanced with their standard case.

Just so you know, HN in general does not appreciate Reddit rudeness. Your comment would have been fine if not for that last sentence.

Wasn't meant to be rude. More confused, because it's really a unique criteria to pick a phone by.

I think HN mostly doesn't appreciate any defense of Apple or other large companies. I really should stay away from any threads that turn into collections of complaints about big companies because the audience they draw is only interested in negative comments about the companies.

Some of these companies are now designing the phone on the assumption you're going to case it. No other reason to make a Pixel camera bump w/ scratch-vulnerable screen stick out so far.

If that is the case, then either the phone should come with a case or it should not be marketed as a complete product.

How about making the phone more durable by adding 1 mm to its thickness, so that a 50 gram, 4 mm thick case won't need to be added.

I used my case not so much to protect my device, although it definitely does, but so I can hold onto the damn thing.

Without a case it's like holding the last gasps of a bar of almost flat soap. Also keeps it from sliding off surfaces.

If a phone needs a case, then phones should be sold with a case included. I hate cases and have never put one on my phone--and have never had a phone break or crack.

1°) Gesture navigation is entirely optional.

2°) Android followed UX/UI 101 about where to put frequently used buttons: where you can reach them with your thumb. Basic design, right ? Apple iOS: the close/back button is usually on the top left corner, unreachable by right-handed users that only constitutes 90% of people, number about the same in all countries and cultures. That's only one example, but that bag where it comes from is deep.

You should take a few steps back before displaying publicly polarizing opinions and maybe nuance your words a bit.

1) that’s like saying good UX is entirely optional - sure it is but users will still complain

2) disregarding another blatant discrimination of left-handed users: I switch a couple times per week between android and iOS devices for various reasons and the android UX is so janky and unintuitive it hurts - it might just be my particular device and it’s much better in other cases.

This might be extremely polarising but I agree with GP.

> 1°) Gesture navigation is entirely optional.

It is the default on all modern Android flavors and the overwhelming majority (>90%) of users sticks with defaults. It is likely Google is going to deprecate the navigation bar within a couple of Android versions.

> Apple iOS: the close/back button is usually on the top left corner, unreachable

You clearly never used iOS, because you just backswipe. You rarely if ever touch back buttons.

Not that I disagree although you're fighting the wrong fight. The big problem is controls being on the top instead of the bottom. Neither Apple nor Google has attempted to fix this, only Samsung partially has with OneUI. And they can't force developers to adhere to "content top, controls bottom". Ironically enough Apple had this fixed until iOS.. 12? From 7-12, the control center was at the bottom. All they had to was move the notification centre there and figure out a way to make it compatible with a gesture bar.

> right-handed users that only constitutes 90% of people

People tend to one-hand their phone with their non-dominant hand to keep their dominant hand usable.

> You should take a few steps back before displaying publicly polarizing opinions and maybe nuance your words a bit.

I use and develop for both platforms. You just sound like an angry, unknowledgeable fanboy.

Perhaps take heed to your own advice :+)

Edit: if you want an example of something that Android does way better: notification management via notification categories. I get to disable stupid promotional or "typing.." notification categories from an app, whilst maintaining functional ones. iOS should take a page from Android there.

The wobbling is the worst part of the hardware on my iPhone mini, annoys me probably more than fifty times per week.

Because I often unlock it when it is on the desk I also miss Touch ID a lot, because with Face ID I also have to lean forward every time for it to recognise me.

    vulnerable to remote code execution from
    systems on the same network segment

Isn't almost every laptop these days autoconnecting to known network names like "Starbucks" etc, because the user used it once in the past?

That would mean that every FreeBSD laptop in proximity of an attacker is vulnerable, right? Since the attacker could just create a hotspot with the SSID "Starbucks" on their laptop and the victim's laptop will connect to it automatically.

If you run FreeBSD on your laptop you don't auto connect to public WiFi.

Joking, but not that much :)

Your wifi chip probably isn’t supported tbh.

This is the real joke.

FreeBSD 15 had a massive improvement with WiFi, however if you let your Computer auto-connect to a "unknown" Network...well that's not good.

My question was about known networks.

As far as I know, access points only identify via their SSID. Which is a string like "Starbucks". So there is no way to tell if it is the real Starbucks WiFi or a hotspot some dude started on their laptop.

>So there is no way to tell if it is the real Starbucks WiFi or a hotspot some dude started on their laptop.

Aka "unknown" or "public" Network....don't do that.

There is nothing wrong with using public networks. It's not 2010 anymore. Your operating system is expected to be fully secure[1] even when malicious actors are present in your local network.

[1] except availability, we still can't get it right in setups used by regular people.

Unless you run FreeBSD, apparently

You don't use public networks?

And when you connect to a non-public WiFi for the first time - how do you make sure it is the WiFi you think it is and not some dude who spun up a hotspot on their laptop?

Why does it matter? I mean I guess it did in this case but that is considered a top priority bug and quickly fixed.

I guess my point is the way the internet works is that your traffic goes through a number of unknown and possibly hostile actors on it's way to the final destination. Having a hostile actor presenting a spoofed wifi access point should not affect your security stance in any way. Either the connection works and you have the access you wanted or it does not. If you used secure protocols they are just as secure and if you used insecure protocols they are just as insecure.

Now having said that I will contradict myself, we are used to having our first hop be a high security trusted domain and tend to be a little sloppy there even when it is not. but still in general it does not matter. A secure connection is still a secure connection.

WPA2-entreprise and WPA3 both have certificate chains checking exactly to avoid such attacks

Hmm. Are you sure that your stack wouldn't accept these discovery packets until after you've successfully authenticated (which is what those chains are for) ?

Take eduroam, which is presumably the world's largest federated WiFi network. A random 20 year old studying Geology at Uni in Sydney, Australia will have eduroam configured on their devices, because duh, that's how WiFi works. But, that also works in Cambridge, England, or Paris, France or New York, USA or basically anywhere their peers would be because common sense - why not have a single network?

But this means their device actively tries to connect to anything named "eduroam". Yes it is expecting to eventually connect to Sydney to authenticate, but meanwhile how sure are you that it ignores everything it gets from the network even these low-level discovery packets?

I may be missing something, but it is almost a guarantee that you would not receive a RA in this scenario? eduroam is using WPA2/WPA3 enterprise, so my understanding is that until you authenticate to the network you do not have L2 network access.

Additionally, eduroam uses certificate auth baked into the provisioning profile to ensure you are authenticating using your organizations IdP. (There are some interesting caveats to this statement that they discuss in https://datatracker.ietf.org/doc/html/rfc7593#section-7.1.1 and the mitigation is the usage of Private CAs for cert signing).

dozens of people will be affected

Plenty of things do work better as a native application. Packaging is a pain across the board nowadays. Apple is pretty good, you pay a yearly fee if you want your executable signed and notorized, but they make it very hard to run without that (for the lay person). Windows can run apps without them being signed but it gives you hell and the signing process is awful and expensive. Linux can be a packaging nightmare.

What works better as a native application?

And that website is hosted somewhere, you’re using several layers of network providers, the registrar has control over your domain, the copper in the ground most likely has an easement controlling access to it so your internet provider literally can just cut off access to you whenever they want, if you publish your apps to a registry the registry controls your apps as well.

There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.

A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.

Not wanting centralization under one company does not equal advocating for "trustless society".

All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.

Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.

Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.

So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).

If aws decided to block your access to their ecosystem you would lose so so so much more than Apple blocking your access to theirs. If the US decided what you said, t1 networks would restrict your access across much of the planet.

Your logic makes no sense since you can easily switch to Google or whatever other smartphone providers there are (China has a bunch).

But of course those providers can also cut you off, so what I said still applies.

First off, AWS cutting off your AWS account does not block you from visiting other websites that use AWS, it just means you can't use AWS itself as a customer. Apple's ecosystem OTOH means that OP's issue with iCloud disabled their account globally across all Apple services, not just within iCloud itself (and in fact, to further illustrate the difference, losing access to your AWS console account doesn't cut off your account for Amazon.com shopping).

> Your logic makes no sense since you can easily switch to Google or whatever other smartphone providers there are (China has a bunch).

The person above was asking about why they *as a developer* would want to risk their time and effort developing for iOS. Any work developing for iOS in e.g. switft or objective-c, is not portable for other platforms like Android. If they lose their Apple account, any time they spent developing for iOS-specific frameworks is totally wasted, is their point.

> If the US decided what you said, t1 networks would restrict your access across much of the planet.

No offense, but you have no clue what you're talking about. There are in fact court orders where internet access is restricted as part of criminal sentencing. Here's a quick example guide [1]. No part of that involves network providers cutting you off.

[1] https://www.uscourts.gov/about-federal-courts/probation-and-...

How on earth do you imagine a "t1 network" provider would determine that a person using their network from the UK is actually a person from the US with a court order against using their network? And to be clear, the court orders don't compel ISPs to restrict access, or attempt to enforce blocks like you are suggesting.

If you're full in Apple ecosystem, like my GF, you get:

- Shared clipboard across devices - Shared documents - Shared browser - Shared passwords - Free, quality office suite - Interoperable devices (use iPhone as camera on Mac, for example) - Payments across different devices (use clock to pay, for example, shared with your iPhone)

All of this with just one account without any third-party service.

And billion of things more, probably, I'm not a full Apple head.

Strange, I don't need any of that.

And when I hang out with people who ARE in Apple's ecosystem, to me it seems they struggle more to get things done than me.

Why would I want a shared clipboard across multiple devices?

> Why would I want a shared clipboard across multiple devices?

I guess you've never had to type something first on your laptop to paste in a phone app, or vice versa.

Or open a link from a phone messaging app in your laptop browser.

In the rare case (maybe once per month or so) where that happens, I start a script on my laptop that starts a webapp both the phone and the laptop can open in their browser and send text to each other.

The overhead of starting it and typing "laptop.tekmol" into the browser on both machines is only a few seconds.

That seems mich saner to me than to constantly have some interaction between the two devices going on.

> That seems mich saner

Normal people just message themselves on tg or wherever you send and receive messages.

Geeks use KDE Connect.

Whatt you do is weird.

What is the business model behind open source projects like bun? How can a company "aquire" it and why does it do that?

In the article they write about the early days

    We raised a $7 million seed round

Why do investors invest into people who build something that they give away for free?

The post mentions why - Bun eventually wanted to provide some sort of cloud-hosting saas product.

Everyone could offer a cloud-hosted saas product that involves bun, right?

Why invest into a company that has the additional burden of developing bun, why not in a company that does only the hosting?

The standard argument here is that the maintainers of the core technology are likely to do a better job of hosting it because they have deeper understanding of how it all works.

There's also the trick Deno has been trying, where they can use their control of the core open source project to build features that uniquely benefit their cloud hosting: https://til.simonwillison.net/deno/deno-kv#user-content-the-...

Hosting is a commodity. Runtimes are too. In this case, the strategy is to make a better runtime, attract developers, and eventually give them a super easy way to run their project in the cloud. Eg: bun deploy, which is a reserved no op command. I really like Buns DX.

Yep. This strategy can work, and it has also backfired before, like with Docker trying to monetize something they gave away for free.

Free now isn't free forever. If something has inherent value then folks will be willing to pay for it.

Well, if they suddenly changed the license, we'd get a new Redis --> Valkey situation. Or even more recently, look at minio no longer maintaining their core open source project!

I mean if you're getting X number of users per day and you don't need to pay for bandwidth or anything, there's gotta be SOME way to monetize down the line.

If your userbase or the current CEO likes it or not.

Ads. Have you seen the dotenv JavaScript package?

And don't forget when Caddy was putting ads in your servers via a `Caddy-Sponsors` header.

(It was reverted after the situation gained visibility, as is tradition.)

Wow. I am unstarring Caddy. That's absolutely wild.

FWIW they do seem to regret it, but goes to show how very tempting it is for projects to go down the ads route once they have users.

VCs do not invest for a modest return.

No, but faced with either a loss or a modest return, they'll take the modest return (unless it's more beneficial to not come tax season). Unicorns are called unicorns for a reason.

The question was why do investors invest

    you accidentally knock a hole in your wall,
    it’s probably cheaper to buy a flatscreen TV
    and stick it in front of the hole

What I recently did is that I 3D-printed an object with PLA that exactly fit the whole and just glued that in with assembly glue.

What does the HN panel say? Is it a solution? Or does it have any downside?

I commend you for your imagination. Can I ask how you crafted the object to match the dimensions? I’m brand new to 3D printing and currently climbing the learning curve of printing itself but will want to start learning about doing my own modeling soon.

The only criticism I’d make is that patching drywall is dead simple and cheap and so your solution seems possibly a bit overengineered (and, while I’m at it, that Andreesen’s observation is both facile and meaningless and is probably a reflection more of the bids Marc Andreesen’s house manager gets than anything insightful about labor costs in America).

The hole was of simple enough shape that I could just design it manually. I used SCAD, which is kind of a programming language supported by some tools that can convert it to STL.

I've personally used the Lidar sensors on my iPhone with an app like Polycam to some degree of success. I was doing a scan of a massive oak tree in my backyard to plan out the treehouse tab location and associated treehouse for my kids but fell flat after the model was created (Sketchup is truly enshittified). I'd imagine a similar process for creating the "fill" for the void in the wall.

Thanks, appreciate the recommendation! Polycam looks pretty pricy - is the subscription necessary for casual scanning, or does the free version work? I assume I would need at least the basic subscription.

I’m happy to pay for software, but I really don’t care for subscriptions. (Why no, holding back the tide is not going well at all, why do you ask?)

Welll, if you were good at drywall already, drywall patches would be faster and better. But if you are good at printing and scanning, and you enjoy that process, then it’s fine.

The challenge with the example is that “success” is personal preference. With plenty of examples, the success criteria are external.

It's fine.

The biggest actual problem would be in a fire, the PLA will burn and let the fire into the wall cavity, where drywall would maintain a barrier for much longer - that is why we have drywall in the first place, it is a decent fire barrier.

It's an acceptable solution only if you used it as an excuse to buy a 3D scanner.

I would simply do the normal thing of covering the hole with drywall patch screen, covering that over with drywall joint compound, letting it dry, sanding, and painting. This is an under $50 trip to Lowes, and certainly cheaper than a flatscreen TV.

Cosmetically it's probably fine. The downsides all have to do with predictability and the ability to reason about what the wall is made of in the future.

A person who goes to eg hang a picture frame or shelf there will encounter a different material with different load bearing properties than expected. Pushing into the center of that area with EG a drill bit will not have the same physical response or give, and depending on how it was braced/integrated with the surrounding wall, the patch itself may be pushed or pulled out of place. Similar for anyone that leans on that area if it's at such a height.

The solution I was taught as a child is to saw the hole square, put a section of 2×4 behind it spanning the hole, held in place with a drywall screw through the drywall on each side of the hole, cut a square chunk of drywall small enough to fit in the hole, put a drywall screw through the middle of it into the 2×4, and tape, mud, sand, and paint.

I suspect that this procedure is faster and easier than taking a 3-D scan of the hole, 3-D printing a PLA patch, and gluing it in, but it does require most of an hour and the appropriate materials on hand.

It's a fine solution but surely just patching the drywall yourself wouldn't be that hard. It's really not a difficult process.

It's a solution. There are better solutions, and far worse solutions (anyone who has worked to get a deposit back on a college rental has probably developed a few of their own), and most of them are all still fine because drywall isn't (shouldn't be) structural.

Crucially, even if you are completely unwilling to take a stab at a fix yourself, hiring a local handyman to patch a hole via some good enough technique should still be far cheaper in most places than buying a nice new TV.

But nothing is gonna ever beat buying a 2nd-hand framed picture or plaque or movie poster or grabbing a flyer from the junkmail on your porch and tacking it over the hole... And if you're determined to fix holes with a TV, you can probably find one used for about as cheap / free as any of the other choices. Which is what makes this such a stupid example - the cost of TVs, like framed images or furniture, spans from $0 to "as much as you're willing to pay". Hiring someone can also be arbitrarily expensive, but can by definition never be 0. So the comparison is rhetorical trickery and demonstrates nothing.

...other than, apparently, Andreessen's dissatisfaction with paying tradespeople.

It works so :shrug: I did the same to replace a part of a door frame I had to remove to make space for a washing machine 4 mm too wide. Nobody sell 400 mm of door frame so i just copied the frame shape, printed in 3 parts, and that was it. Filament color matched the frame one so I didn't have to paint.

> Can't we build a social network with a simple protocol:

> 1: Each user has a private key that they use to sign their messages.

> 2: Each user keeps a list of instances who announced that one of their members follows them. When the user posts something, they broadcast the post to those instances.

> Shouldn't this be enough?

> It could all be url based. One user, one url.

I might be misremembering how it works, but this sounds conceptually similar to how Ghost (the blog platform) works after their recent 6.0 update. They now support federation, posting on Bluesky and Mastodon, etc.

For a small network and low "follower" counts, yes.

But the moment you start scaling to potentially millions of posters each with a disjoint set of millions of followers the M:M connections for broadcast become problematic. The result of a chatty enough group would look identical to a DDOS to many/most of the nodes.

Every instance would only get the messages that its members have subscribed to. How can any system be more efficient than this?

A $5/month VM could ingest millions of messages per day. What's the problem?

Taylor Swift is the problem. In terms of the system design and architecture, it's an interview question for a distributed systems engineers. You've got a superstar user, with 89 million followers, how do you scale every aspect of your system to handle when she posts? Naturally you're object and say that Taylor Swift isn't going to moving to TekMolTwitter, but pwg said it won't work after a certain size and you said why not, and the short answer is that it doesn't scale past N users, and you can just cheat and say N is higher than you want to care about. We could do a bit of back of the envelope math to see that notifying 15 million users will saturate the gigabit link on you're $5 VPS if each notification packet is 64 bytes, and then design all sorts of queues and caches and redis and and and. It's a fun interview question (and practical problem for Twitter/X) but at the end of the day, if you believe in it, just go build it and get all of your friends and family to join TekMolTwitter (or Mastodon). It's entirely within your capabilities in 2025 to just go out and make something like that, so the thing is, if this is a something that you believe in you can just go do it. No one's stopping you.

https://highscalability.com/the-architecture-twitter-uses-to...

The reality is people aren't gonna bother when Facebook/Instagram/Snapchat/Twitter/TikTok/Substack/etc is right there.

Build it and get your friends to join you.

That falls apart as soon as one single node is a bad actor and starts sending out DDOS floods.

To add one simple, fundamental objection that scuppers your whole plan: Who allocates usernames? What happens if two instances have two seperate joesmiths?

Because the technical aspect of building the software like is the most fun and nerd–sniping, but perhaps the least important part in the process of building an audience and encouraging people to adopt it.

I am using Git submodules for dependencies. My approach to a situation like this:

    1: Clone gh.com/someone/LibBar to gh.com/me/LibBar
    2: Fix the bug
    3: Send pull request to someone
    5: git submodule set-url lib/LibBar https://gh.com/me/LibBar.git
       git submodule sync lib/LibBar
       git submodule update --init --remote --recursive lib/LibBar
       cd lib/LibBar/; git checkout main; cd ../..
       git add .; git commit -m "Use my own version of lib/LibBar"

And keep using my fork until upstream accepted my pull request. Then I switch the url of the dependency back.