Hacker News terminal client
About the project:
Lurker is a simple terminal client for reading Y Combinator's Hacker News. It uses the public Hacker News API and is written entirely in Bash so it runs smoothly on the majority of terminal environments.
Lurker embraces the "hacker" in Hacker News by exposing a simple CLI for reading stories, comments, and user information. This makes it easy to read Hacker News while completing other command line activities, especially when combined with tools like tmux.
Now you can read the news at work while others still think you're programming 😉
Bash, Hacker News APIView on GitHub
By utilizing the Hacker News API,
lurker exposes a simple to use CLI for reading HN stories and comments.
What hackers are reading, all from your terminal
Get trending stories just by starting
| | __ _________| | __ ___________
| | | | \_ __ \ |/ // __ \_ __ \
| |___| | /| | \/ <\ ___/| | \/
|_______ \____/ |__| |__|_ \\___ >__|
\/ \/ \/
1. MIT Fellow Says Facebook ‘Lifted’ His Ideas for Libra Cryptocurrency (www.coindesk.com)
82 points by espeed 14 hours ago | 20 comments
2. Malicious code in the purescript NPM installer (harry.garrood.me)
358 points by braythwayt 10 hours ago | 146 comments
3. Levels of code in Forth programming (2002) (www.ultratechnology.com)
62 points by pointfree 5 hours ago | 13 comments
4. What Hokusai’s Great Wave tells us about museums, copyright, online collections (medium.com)
12 points by bryanrasmussen 15 hours ago | 2 comments
5. Scaling Static Analyses at Facebook (m-cacm.acm.org)
46 points by dons 2 days ago | 9 comments
6. Comparisons in C++20 (brevzin.github.io)
96 points by ingve 7 hours ago | 39 comments
7. Americans' plastic recycling is dumped in landfills (www.theguardian.com)
117 points by srameshc 9 hours ago | 70 comments
8. Why Hypercard Had to Die (2011) (www.loper-os.org)
140 points by tobr 9 hours ago | 112 comments
9. Show HN: Memorize Terminal Commands (www.memorize-terminal-commands.com)
82 points by maherdeeb 7 hours ago | 39 comments
10. OpenBitTorrent – An Open Tracker Project (openbittorrent.com)
94 points by antonkozlov Yesterday | 18 comments
Lurk through discussions in real time
read command to read the comments for a post.
> read 5
Scaling Static Analyses at Facebook (m-cacm.acm.org)
46 points by dons 2 days ago | 9 comments
SanchoPanda | 2 hours ago:
> Zoncolan catches more SEVs than either manual security reviews or bug bounty reports. We measured
that 43.3% of the severe security bugs are detected via Zoncolan. At press time, Zoncolan's "action
rate" is above 80% and we observed about 11 "missed bugs."
>. For the server-side, we have over 100-million lines of Hack code, which Zoncolan can process in
less than 30 minutes. Additionally, we have 10s of millions of both mobile (Android and Objective
C) code and backend C++ code
> All codebases see thousands of code modifications each day and our tools run on each code change.
For Zoncolan, this can amount to analyzing one trillion lines of code (LOC) per day.
11 "missed bugs" on the 100 mm server-side lines of code per run, or ever?
muglug | 47 minutes ago:
It's explained in the article:
> We also use the traditional security programs to measure missed bugs (that is, the
vulnerabilities for which there is a Zoncolan category), but the tool failed to report them. To
date, we have had about 11 missed bugs, some of them caused by a bug in the tool or incomplete
A missed bug is presumably one that the tool is designed to spot, but which it didn't during the
period in which it has been running.
m0zg | 2 hours ago:
Also, the main issue with static analysis tools tends to be not false negatives, but false
positives. That is, they churn out tons and tons of alerts that aren't actually bugs. Some such
systems alert so much that they aren't worth using.
Matthias247 | 1 hour ago:
Yes, that's the main culprit with traditional static analysis. No one wants to review the results,
because the amount of signal to noise is far too low. And also since it's an optional thing and not
enforced by the compiler.
I think this is where languages with stronger inbuilt analysis (e.g. Rust) win: The results are
better, and since the analysis is always running as part of a compiler pass there are no huge jumps
in indicated bugs at once (like what would happen if one would run Coverity on a legacy C++
taeric | 1 hour ago:
This is less true of more advanced static analysis tools.
I mean, ultimately we agree. Most people don't trust static analysis tools because they have had
bad experiences with them. I just suspect most people should try them again. The state of the art
is quite good in that space.
muglug | 45 minutes ago:
It sounds (from the article) like they have some sort of heuristic for determining potential
severity, and they're ok with more false-positives in areas where the potential damage from a
false-negative is very high.
m0zg | 34 minutes ago:
I might be biased, but I've never seen these systems work well in practice. Some 15-17 years ago
Microsoft depoloyed a system called PreFix which would find genuine, hard to find bugs, but then
bury them under a mountain of false positives, so few teams ran it, and even fewer looked at the
results. I like what LLVM did in this area. Its SCA is not very comprehensive (so it can't be
relied upon for deep analysis), but when it does find something it's usually a legit issue.
But the balance of deep analysis and low false positives remains elusive. I'd be really stunned if
FB really achieved a breakthrough in this area.
I do want to be wrong about this.
j88439h84 | 28 minutes ago:
In python, Pylint and mypy find real bugs all the time, plenty of false positives but still
sjtindell | 1 hour ago:
Always cool to read about scale.
Read summaries of news articles, so you don't have to leave the terminal
By combining with Smoosh,
lurker can summarize the contents of articles for you.
> smoosh 5
We use static analysis to prevent bugs that would affect our products, and we rely on our engineers' judgment as well as data from production to tell us the bugs that matter the most. While not all bugs are the same, neither are all users; therefore, we use different deployment models depending on the intended audience (that is, the people the analysis tool will be deployed to). Infer, as we will discuss, uses one analysis based on the theory of Separation Logic,16 with a novel theorem prover that implements an inference technique that guesses assumptions.5 Another Infer analysis involves recently published research results on concurrency analysis.2,10 Zoncolan implements a new modular parallel taint analysis algorithm. Back to Top Moving Fast with Infer Infer is a static analysis tool applied to Java, Objective C, and C++ code at Facebook.4 It reports errors related to memory safety, to concurrency, to security (information flow), and many more specialized errors suggested by Facebook developers. In 2017, we looked at bug fixes in several categories and found that for some (null dereferences, data races, and security issues) over 50% of the fixes were for bugs with traces that were interprocedural.a The interprocedural bugs would be missed bugs if we only deployed procedure-local analyses. Facebook has enough important code and problems that it is worthwhile to have embedded teams of analysis experts, and we have seen (for example, in the use of Infer to support multithreaded Android News Feed, and in the evolution of Zoncolan to detect SEV-worthy issues) how this can impact the company. For example, Infer is used at other companies such as Amazon, Mozilla, and Spotify; we have produced new scientific results,2,10 and proposed new scientific problems.11,14 Indeed, our impression as (former) researchers working in an engineering organization is that having science and engineering playing off one another in a tight feedback loop is possible, even advantageous, when practicing static analysis in industry.
Or, read the full article if you'd like
lurker can open links in your web browser, too.
> open 5
# opens URL in the default web browser: https://cacm.acm.org/magazines/2019/8/238344-scaling-static-analyses-at-facebook/fulltext
And lots more functionality...
Here's the full list of available commands.
help - show this help menu
read <ID> - open the comment thread for post ID
open <ID> - open the URL for the post ID in your default browser
smoosh <ID> - (beta) summarize an article for post ID via smoosh (see https://github.com/wcarhart/smoosh)
<ID> - get info for post ID
user <ID> - get info for user ID
more - show the next 10 posts (up to 500)
less - show the previous 10 posts
back - show the previous list of posts again
clear - clear the screen
exit - quit Lurker