More

hokkos · 2026-02-21T13:09:30 1771679370

Most CVE now are pure spam without value, all I get is dev dependencies affected by regex that could take too long, scanner should do a better job to differentiate between dependencies and dev dependencies.

hokkos · 2026-02-16T22:04:19 1771279459

this ai is too much "aligned" to return anything of value, considering the content it has to look into and the questions it needs to answer.

lukeigel · 2026-02-16T22:48:42 1771282122

Bring your own key and use Claude. We found that it's most willing to run deep research queries here.

pillefitz · 2026-02-17T05:30:37 1771306237

Which model is being used? Is there an unrestricted open weight model that could be used?

dvrp · 2026-02-16T22:14:31 1771280071

What do you mean?

As in, OpenAI, Anthropic, and Google's models won't follow instructions regarding forensics for this?

NamlchakKhandro · 2026-02-17T08:32:52 1771317172

Who here is naive enough to think that this little loop hole hasn't been nicely tied off?

upmind · 2026-02-18T06:16:42 1771395402

They should use Grok, it feels the most open out of the big 4

hokkos · 2026-02-14T21:52:43 1771105963

If AI is soo productive why do they even sell it and don't hoard it for themselves to build a competing offer to everything ?

solumunus · 2026-02-14T21:55:23 1771106123

No one is claiming that level of productivity.

bigstrat2003 · 2026-02-14T23:48:19 1771112899

Oh yes they are. People are claiming 100x improvements, which is completely insane. But they do claim it.

solumunus · 2026-02-15T08:04:51 1771142691

OK sure, there are always lunatics on the fringe, but OP is casting that argument out as if they’re attacking a mainstream opinion.

hokkos · 2026-01-23T22:14:16 1769206456

looking at the code examples i don't see the point of JSX, seems to decrease type safety and typing completion

hokkos · 2025-12-15T00:06:42 1765757202

I use https://typespec.io to generate openapi, writing openapi yaml quickly became horrible past a few apis.

WickyNilliams · 2025-12-15T00:13:29 1765757609

Ha yes, see one of my other comments to another reply.

I never got to use it when I last worked with OpenAPI but it seemed like the antidote to the verbosity. Glad to hear someone had positive experience with it. I'll definitely try it next time I get the chance

hokkos · 2025-11-29T13:09:31 1764421771

it's because you only do it once per project.

hokkos · 2025-11-24T17:05:44 1764003944

some lib literally publish a new package at every PR merged, so multiple times a day.

hokkos · 2025-10-07T14:46:06 1759848366

it reminds me of the EXI compression for XML that can be very optimized with a XSD Schema with a schema aware compression, that also use the schema graph for optimal compression : https://www.w3.org/TR/exi-primer/

hokkos · 2025-08-20T20:47:56 1755722876

I also have an elegant proof, but it does't quite fit in a HN comment.

glitchc · 2025-08-21T04:15:47 1755749747

No support for symbols, amirite?

hokkos · 2025-08-19T21:19:22 1755638362

whatever you do with xslt you can do it in a saner way, but whatever we need to use serial/bluetooth/webgpu/midi for there is no other way, and canvas is massively used.

kuschku · 2025-08-20T00:30:40 1755649840

I'd love to see more powerful HTML templating that'd be able to handle arbitrary XML or JSON inputs, but until we get that, we'll have to make do with XSLT.

For now, there's no alternative that allows serving an XML file with the raw data from e.g. an embedded microcontroller in a way that renders a full website in the browser if desired.

Even more so if you want to support people downloading the data and viewing it from a local file.

lmz · 2025-08-20T03:45:55 1755661555

If you're OK with the startup cost of 2-3 more files for the viewer bootstrap, you could just fetch the XML data from the microcontroller using JS. I assume the xsl stylesheet is already a separate file.

kuschku · 2025-08-20T13:24:46 1755696286

I don't think anyone is attached to the technology of xslt itself, but to the UX it provides.

Your microcontroller only serves the actual xml data, the xslt is served from a different server somewhere else (e.g., the manufacturer's website). You can download the .xml, double-click it, and it'll get the xslt treatment just the same.

In your example, either the microcontroller would have to serve the entire UI to parse and present the data, or you'd have to navigate to the manufacturers website, input the URL of your microcontroller, and it'd have to do a cors fetch to process the data.

One option I'd suggest is instead of

    <?xml-stylesheet href="http://example.org/example2.xsl" type="text/xsl" ?>

we'd instead use a service worker script to process the data

    <?xml-stylesheet href="http://example.org/example2.js" type="application/javascript" ?>

Service workers are already predestined to do this kind of resource processing and interception, and it'd provide the same UX.

The service worker would not be associated with any specific origin, but it would still receive the regular lifecycle of events, including a fetch event for every load of an xml document pointing at this specific service worker script.

Using https://developer.mozilla.org/en-US/docs/Web/API/FetchEvent/... it could respond to the XML being loaded with a transformed response, allowing it to process the XML similar to an XSLT.

You could even have a polyfill service worker that loads an XSLT and applies it to the XML.

account42 · 2025-08-20T08:03:35 1755677015

Of course there is a better way than webserial/bluetooth/webgpu/webmidi: Write actual applications instead of eroding the meaning and user expectations of a web browser. The expectation should not be that the browser can access your hardware directly. That is a much more significant risk for browsers than XSLT could ever be.