homakov (u/homakov) - Readit News

homakov commented on Stripe Launches L1 Blockchain: Tempo tempo.xyz... · Posted by u/_nvs

homakov · 8 days ago

Is it a blockchain though? Or anything that remotely resembles block creation in some concentrated datacenters with Tempo's "design partners" gets to be called that.

Something claiming over 20-30 tps onchain is usually a big blocker. Big blocker design is well recognized as insecure: no end user is able to run a full node locally, only datacenters are able to keep up with 100k tps load. Which diminishes entire purpose of creating a blockchain. Could have been a database with 100k tps or 3-of-4 validator multisig like Hyperledger, wouldn't matter.

homakov commented on An illustrated guide to OAuth ducktyped.org/p/an-illust... · Posted by u/egonschiele

ted_dunning · 19 days ago

Your comments are so highly abbreviated as to be nearly impossible to understand. I suspect that unintelligibility is leading to it being heavily downvoted.

The addition of the comment about LLMs isn't really helping.

homakov · 19 days ago

I wasn’t criticizing the guide — just pointing out real OAuth2 pitfalls that still affect users.

The spec itself made mistakes:

• Silent account hijack via “Connect this provider.”

• Redirect leaks of code (via Referrer) or access_token (via #hash).

• CSRF because state was optional and often ignored.

The point is: these aren’t obscure edge cases, they’re structural issues baked into the protocol.

homakov commented on An illustrated guide to OAuth ducktyped.org/p/an-illust... · Posted by u/egonschiele

homakov · 19 days ago

IMO OAuth2 is very poorly designed. It has several structural issues: "Connect this OAuth provider" hijack your main account, redirect hijack allows to leak either auth codes through Referrer or access_token through #hash passing, "state" CSRF token is optional and usually ignored etc

I have an old writeup on that and solution to it https://sakurity.com/oauth - better analyze it with LLM if interested in authorization protocols

homakov commented on Psilocybin bests SSRI for major depression in first long-term comparison medscape.com/viewarticle/... · Posted by u/Thomvis

homakov · a year ago

Every psychodelic experience is unique & random, even if the title was the opposite and in their study SSRI turned out to be better doesn't mean it will be better for you.

From my personal experience, SSRI (zoloft) felt like a temporary coffee-like stimulant. Psilocybin (or easier to handle synthetic analog 4-aco-dmt) provided short-acting relief from depression and some new perspectives. But ketamine is truly a magic pill if done right. After glow is about a month, and the trip takes 2-3 hrs max. FDA-approved, see Spravato. I feel like at some point ketamine therapy at scale would make SSRIs obsolete, it's just better and faster.

homakov commented on Ask HN: What are you working on (September 2024)? · Posted by u/david927

okr · a year ago

Maybe a hotel will do? You can also rent an apt and buy a mobile AC yourself. Which i did this summer, for the few days it gets really hot.

homakov · a year ago

A hotel is temporary, i wanted to stay May to September.. Yes mobile AC is the best plausible option but it's quite weak compared to split-AC and requires a partially open window.

homakov commented on Ask HN: What are you working on (September 2024)? · Posted by u/david927

nicbou · a year ago

I built an English-speaking website that helps immigrants settle in Berlin.[0] It has been my full time job for a while. Most English speakers know about it, but it's nearly invisible to Germans, who would also benefit from the content and tools I have worked on.

I'm currently adding an automated AI translation feature to my custom static site generator, so that I can translate the website to multiple languages and reach more people. I'm trying to make the process as seamless and automated as possible, because I'm running this website solo, and there are only so many hours in a day.

It's a surprisingly tricky endeavour! As usual, the first 80% are easy. It's getting the last 20% right that requires a lot of work. There are so many small hurdles. For instance, translating the URL structure and translating the URLs within the content, getting the translations to be accurate, getting the SEO right, translating the templates and the JS tools I've built, keeping the costs low.

[0] https://allaboutberlin.com

homakov · a year ago

(on an unrelated note): I tried to move to Berlin for summer but quickly discovered almost no apartments have AC, I mean strong South Asia-level AC. It was a major no for me as I cannot sleep with temp above 20C, 18C is perfect. Any idea how to find an AC apartment next summer on local estate apps? Any "checkbox" somewhere to tick?

homakov commented on Jailbroke my Kindle to use it as an e-ink monitor gist.github.com/adtac/eb6... · Posted by u/adtac

adtac · a year ago

That would indeed be much simpler! I'm skeptical that the browser is powerful enough to handle a usable frame rate since every frame would have to go from the network -> DOM -> browser app memory -> frame buffer. The browser can barely keep up with the Kindle store / Goodreads, but it'd be nice to be proven otherwise since it'd make it much easier to get this working ootb on brand new Kindles.

homakov · a year ago

i had similar idea to turn kindle to second monitor

https://www.youtube.com/shorts/6dcc0hLe0mc

frame rate was too bad so i just bought dasung paperwhite :)

homakov commented on Jailbroke my Kindle to use it as an e-ink monitor gist.github.com/adtac/eb6... · Posted by u/adtac

homakov · a year ago

Why jailbreak? Just use internal kindle browser to stream screenshots of your desktop.

homakov commented on Regex character "$" doesn't mean "end-of-string" sethmlarson.dev/regex-$-m... · Posted by u/BerislavLopac

homakov · a year ago

This led to a few serious bugs in Ruby-based apps. Always use \A\z

https://homakov.blogspot.com/2012/05/saferweb-injects-in-var...

https://sakurity.com/blog/2015/02/28/openuri.html

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html