More

sunbum · 2026-02-24T08:11:55 1771920715

If it was 8086 they would have written 8086

voidUpdate · 2026-02-24T08:23:36 1771921416

They write both. They write x86 repeatedly in the article and title, then show an instruction matrix that doesn't include, for example, the 468 CMPXCHG instructions or the crypto extensions PCLMULHQHQDQ instruction. Best I can guess, they mean 8086, which they think is equivalent to x86

rebane2001 · 2026-02-24T08:27:28 1771921648

Why is the 8086 not equivalent to x86? PCLMULHQHQDQ is from the CLMUL extension, which only began appearing in CPUs in the early 2010s - are CPUs from before then not x86?

voidUpdate · 2026-02-24T08:36:55 1771922215

x86 is an overarching group. Each processor is backwards compatible, I believe, so a 486 can run 8086 code, but they are not equivalent. If I download an x86 version of a program, I don't expect it to be written only in 8086 instructions

rebane2001 · 2026-02-24T08:45:49 1771922749

When you download an x86 program you're making a lot of other assumptions too, such as what the target operating system and hardware are. Even 8086 MSDOS software won't directly work in this emulator because it's not emulating DOS nor an IBM compatible, it has it's own addresses for the I/O. It's still x86 though.

rootnod3 · 2026-02-24T08:18:10 1771921090

> What you're seeing above is a C program that was compiled using GCC into native 8086 machine code being executed fully within CSS.

They did write 8086 in the text, but x86 in the title.

sunbum · 2026-02-22T20:11:44 1771791104

You could also swap to an distro where apt ugprade can't brick things, and where if you manually mess up you can rollback cough cough nixos cough cough

sunbum · 2026-02-22T13:32:44 1771767164

Agreed, write raw SQL, this has never had any security impact whatsoever[1]

- Your friendly local pentester

[1] - https://en.wikipedia.org/wiki/SQL_injection

lowsong · 2026-02-22T13:51:08 1771768268

Parameterized queries have been a thing for decades, which mitigate SQL injection attacks.[1] This is true of the examples in the post too, they used this:

  query = """
            SELECT * from tasks
            WHERE id = $1
            AND state = $2
            FOR UPDATE SKIP LOCKED
        """
  rec = await self.db.fetchone(query=query, args=[task_id, TaskState.PENDING], connection=connection)

[1] https://en.wikipedia.org/wiki/SQL_injection#Parameterized_st...

Lockal · 2026-02-23T09:39:55 1771839595

Parameterized queries fail to protect from SQL injection for decades, because database engine developers fail to listen. What could work instead, if any parameter could be safely injected:

    SELECT $1, $2($3) FROM $4
    WHERE $5 $6 $7
    GROUP BY $1
    ORDER BY $8 $9

but at that point SQL loses its point and turns into MongoDB query language.

christophilus · 2026-02-22T13:49:41 1771768181

Porsager’s Postgres package does a great job of letting you feel like you’re writing raw sql, but avoids the attack vectors.

Anyway, I agree that ORMs are pretty terrible. I like writing SQL or using a lightweight builder like Kysely. Was a huge Dapper fan back in my C# days.

There are plenty of reasonable alternatives to ORMs that don’t open you to SQL injection attacks.

sunbum · 2026-02-05T16:59:06 1770310746

What?

sunbum · 2026-01-02T17:57:06 1767376626

https://media.ccc.de/v/39c3-css-clicker-training-making-game... The CSS clicker talk was really entertaining as well as just technological amazing!

sunbum · 2025-12-05T09:03:09 1764925389

Because it doesn't use cloudflare duh.?

PrayagS · 2025-12-05T09:14:08 1764926048

From their response headers, it seems like the request is coming from NGINX directly. How do they defend themselves against DOS attacks?

sunbum · 2025-12-05T10:11:06 1764929466

Big server. And if it goes down it goes down? Who cares, it's hackernews.

otherme123 · 2025-12-05T09:09:43 1764925783

I have a handful of sites DNS/NS through Cloudflare, with their certificates, and they are working OK.

sunbum · 2025-11-06T09:01:06 1762419666

Why does that link redirect to a fart sound hosted on Wikipedia?

SpikedCola · 2025-11-06T16:36:06 1762446966

  // Vidrun, born of the sea-wind through the spruce
  // Vidrun, green-tinged offshoot of my bough, joy and burden of my life
  // Vidrun, fierce and clever, may our clanâ€™s wisdom be yours:
  //
  //     Never read Hacker News
  // - Aphyr, "Hexing the technical interview"
  if (document.referrer.startsWith("https://news.ycombinator.com")) {
      document.location = "https://upload.wikimedia.org/wikipedia/commons/d/d4/Human_fart.wav"
  }

> https://www.boringcactus.com/assets/site.js

GaggiX · 2025-11-06T10:22:17 1762424537

I find it always hilarious when websites check the referer for HN and do some random shit. "Alive internet theory"

heavensteeth · 2025-11-06T09:15:53 1762420553

The author doesn't like HN.

dspillett · 2025-11-06T11:45:01 1762429501

This is sort of thing is why I have a “they don't want me there, and I'm fine with that” list in my PiHole config.

dmit · 2025-11-06T10:08:22 1762423702

The Referer header strikes again. You'd think the typo in its name would be the worst thing about it, but nope.

bakugo · 2025-11-06T10:05:41 1762423541

A quick glance at the website in question suggests that its owner may not be particularly mentally mature.

sunbum · 2025-10-24T20:22:09 1761337329

You might want to read the link first.

sunbum · 2025-07-23T06:02:19 1753250539

Kagi, an absolute must for me these days.

sunbum · 2025-07-17T07:29:49 1752737389

There is lorem ipsum text when viewed on mobile.

nelsonfigueroa · 2025-07-17T08:12:10 1752739930

I don’t see any myself, unless they quickly fixed it after your comment