More

kreco · 2026-05-23T11:10:54 1779534654

> I don’t think changing from zig to rust suddenly means that don’t know what a certain file contains or how it works or how it relates to other files.

What if there was some malicious code within the 1 million lines?

OtomotO · 2026-05-23T11:24:42 1779535482

What if there was some malicious code within the 1 million previous lines?

The problem is trust... About nobody has the time and the resources to read 1 million lines of code, keep everything in their head and derive whether there are problems...

ethin · 2026-05-23T16:15:54 1779552954

The other is pure complexity. We can reasonably trust the Zig implementation because it had a lot of talented people working on it. But then they threw it out and rewrote it in Rust, and it's like okay a huge number of tests pass but:

1. Are we positive the AI didn't cheat when getting some or most of them to pass? Are we sure it didn't just cheat on even 1 percent of them?

2. Are we positive that the AI didn't introduce bugs that the tests didn't think about because there was no need to think about that before (because actual people understood the code)? And therefore, those things go untested, and nobody can write good competent tests for them because nobody understands the code in the first place.

kreco · 2026-05-15T13:34:18 1778852058

Now I can!

kreco · 2026-05-15T13:11:04 1778850664

I quadruple checked and I can't see it anywhere.

kreco · 2026-05-15T13:06:22 1778850382

Worth mentioning that the whole git history is gone, the Rust code does not have any human crafted history, which entirely defeat its purpose.

Also, with a million line of code unreviewed by humans, there could be some sneaky backdoor in it.

This makes me think that people are actually under-reacting to this Bun rewrite.

postalrat · 2026-05-15T13:18:24 1778851104

I use bun and never thought human crafted history was its purpose.

kreco · 2026-05-13T13:56:26 1778680586

Using a programming language is not the same as using a service.

I can't seen any reason for this to be "the biggest issue".

pjmlp · 2026-05-13T14:11:13 1778681473

Attack vectors and supply chain, every piece of the puzzle matters.

There is no accident that folks like Oxide go through the trouble to control the whole stack, hardware, software, programming language toolchains they are using, only working with vendors that provide them every single documentation and customisation points they need.

Unfortunely we lack an European Oxide.

jeffrallen · 2026-05-13T17:12:52 1778692372

They use Go and Rust. If Oxide thinks they can keep the supply chain risks of their langiage ecosystems under control, I think the rest of us can too.

pjmlp · 2026-05-13T18:53:59 1778698439

Yes, and are in the position of maintaining their own forks if needed, or doing reviews when updating them.

Is everyone else?

kreco · 2026-05-11T09:48:51 1778492931

It's a really cute idea.

Could see how many kid stories you would be able to make and read on a tablet.

kreco · 2026-05-06T07:34:36 1778052876

> To create records for more than one domain, you need to write a personal support email.

I'm not all familiar with this so I don't understand why it's not a ticket or any other non-automated action even for a single domain ?

I mean what is "the standard" that would actually allow a robot to register a domain to a DNS registry ?

sshine · 2026-05-08T14:14:48 1778249688

> what is "the standard" that would actually allow a robot to register a domain to a DNS registry ?

For DNS, the standard is Terraform.

For domain registry (the fact that a domain even exists, not what it points to), there are no end-user facing standards.

kreco · 2026-04-30T16:36:42 1777567002

The DNS was mostly an example, I'm very ignorant regarding the network stack, but I would naively believe that the administrator of the internet router would have the ability to filter a lot of content without the client to be able to bypass it.

Like at work there are some website I cannot visit, and I'm not sure I can change DNS to change that (but maybe I can, I've never tried).

kreco · 2026-04-27T15:18:50 1777303130

This is such hackernews comment.

Not everything is about money.

I can use Pgbackrest in my side project which does not generate any money. Maybe my side project is another open source project where no one give me money, but I'm still contributing to the open source ecosystem, maybe I reported bugs which help everyone.

There are so may details and possible reasons to not give money and use open source software, but your negative and naive comment totally miss them.

kreco · 2026-04-24T11:29:35 1777030175

Penalizing people is slow and does not scale as much as AI creations that can be mass produced.