HackerTrans
TopNewTrendsCommentsPastAskShowJobs

summarity

no profile record

Submissions

LLMs use "safety" specific neuron layers to identify vulnerabilities in code

arxiv.org
5 points·by summarity·قبل 16 يومًا·3 comments

DeepL lays off 25% of its workforce

heise.de
9 points·by summarity·قبل شهرين·0 comments

Copilot CLI can now ask a second model to critique the first

github.blog
3 points·by summarity·قبل 3 أشهر·0 comments

Herbie: Automatically improve imprecise floating point formulas

herbie.uwplse.org
198 points·by summarity·قبل 3 أشهر·45 comments

Opus 4.6 Fast Mode – 2.5x better token throughput in Copilot

github.blog
1 points·by summarity·قبل 5 أشهر·0 comments

TKO – Knockout.js Revived for 4.0

tko.io
2 points·by summarity·قبل 5 أشهر·1 comments

Adrian Kosmaczewski – Being a Developer After 40 [video]

youtube.com
2 points·by summarity·قبل 6 أشهر·0 comments

Aphros-WASM: Computational fluid dynamics solver in the browser

cselab.github.io
1 points·by summarity·قبل 6 أشهر·0 comments

Show HN: Access low level AMD EPYC and Threadripper metrics in Grafana

github.com
3 points·by summarity·قبل 7 أشهر·0 comments

Gitlantis: Drive a boat through your codebase in 3D

marketplace.visualstudio.com
4 points·by summarity·قبل 7 أشهر·0 comments

Monster Mash – sketch any character, then inflate to 3D and animate it

monstermash.zone
1 points·by summarity·قبل 7 أشهر·0 comments

Strahl: WebGPU Pathtracer for OpenPBR Materials

stuckisimon.github.io
2 points·by summarity·قبل 7 أشهر·0 comments

AI identifies enzyme that can digest polyurethane with 95% yield

arstechnica.com
2 points·by summarity·قبل 8 أشهر·0 comments

Apple will phase out Rosetta 2 in macOS 28

developer.apple.com
318 points·by summarity·قبل 9 أشهر·335 comments

OpenVPN2 Security: Taming 2,500 compiler warnings with CodeQL

blog.trailofbits.com
2 points·by summarity·قبل 10 أشهر·0 comments

Infecting Generative AI with Viruses [video]

youtube.com
2 points·by summarity·قبل 10 أشهر·0 comments

comments

summarity
·قبل 9 أيام·discuss
It has supported custom, local, any BYOM for quite a while.

I work at GitHub but even then I often use OpenRouter models in the CLI and Copilot App
summarity
·قبل 17 يومًا·discuss
Their DNS is also scriptable, it’s not just a name server
summarity
·قبل شهرين·discuss
You can still download VS6 from Microsoft and clone a repo from there, and chances it’ll compile and run are higher than JS project that’s two weeks old
summarity
·قبل 3 أشهر·discuss
If you’re trying this for automating things on GitHub, also take a look at Agentic Workflows: https://github.github.com/gh-aw/

They support much of the same triggers and come with many additional security controls out of the box
summarity
·قبل 3 أشهر·discuss
It’s growing but not a lot, I have some data here: https://pierretempel.com/p/nim-usage-on-github

Most code I write is still Nim though.
summarity
·قبل 3 أشهر·discuss
Not claude code specific, but I've been noticing this on Opus 4.6 models through Copilot and others as well. Whenever the phrase "simplest fix" appears, it's time to pull the emergency break. This has gotten much, much worse over the past few weeks. It will produce completely useless code, knowingly (because up to that phrase the reasoning was correct) breaking things.

Today another thing started happening which are phrases like "I've been burning too many tokens" or "this has taken too many turns". Which ironically takes more tokens of custom instructions to override.

Also claude itself is partially down right now (Arp 6, 6pm CEST): https://status.claude.com/
summarity
·قبل 3 أشهر·discuss
This is somewhat in line with the approach taken by some softfloat libraries, e.g. https://bigfloat.org/architecture.html
summarity
·قبل 3 أشهر·discuss
Related work from our security lab:

Stream of vulnerabilities discovered using security agents (23 so far this year): https://securitylab.github.com/ai-agents/

Taskflow harness to run (on your own terms): https://github.blog/security/how-to-scan-for-vulnerabilities...
summarity
·قبل 3 أشهر·discuss
Already happend: https://arxiv.org/abs/2407.08708
summarity
·قبل 3 أشهر·discuss
I posted this and it picked up steam over night, so I thought I'd add how I'm using it:

I work on 3D/4D math in F#. As part of the testing strategy for algorithms, I've set up a custom agent with an F# script that instruments Roslyn to find FP and FP-in-loop hotspots across the codebase.

The agent then reasons through the implementation and writes core expressions into an FPCore file next to the existing tests, running several passes, refining the pres based on realistic caller input. This logs Herbie's proposed improvements as output FPCore transformations. The agent then reasons through solutions (which is required, Herbie doesn't know algorithm design intent, see e.g. this for a good case study: https://pavpanchekha.com/blog/herbie-rust.html), and once convinced of a gap, creates additional unit tests and property tests (FsCheck/QuickCheck) to prove impact. Then every once in a while I review a batch to see what's next.

Generally there are multiple types of issues that can be flagged:

a) Expression-level imprecision over realistic input ranges: this is Herbie's core strength. Usually this catches "just copied the textbook formula" instance of naive math. Cancellation, Inf/NaN propagation, etc. The fixes are consistently using fma for accumulation, biggest-factor scaling to prevent Inf, hypot use, etc.

b) Ill-conditioned algorithms. Sometimes the text books lie to you, and the algorithms themselves are unfit for purpose, especially in boundary regions. If there are multiple expressions that have a <60% precision and only a 1 to 2% improvement across seeds, it's a good sign the algo is bad - there's no form that adequately performs on target inputs.

c) Round-off, accumulation errors. This is more a consequence of agent reasoning, but often happens after an apparent "100% -> 100%" pass. The agent is able to, via failing tests, identify parts of an algorithm that can benefit from upgrading the context to e.g. double-word arithmetic for additional precision.
summarity
·قبل 4 أشهر·discuss
Well sort of, the industry tried to go way beyond that by capturing the entire light field: https://techcrunch.com/2016/04/11/lytro-cinema-is-giving-fil...
summarity
·قبل 4 أشهر·discuss
Finally, Desert Golf and Flappy Bird merged into one
summarity
·قبل 4 أشهر·discuss
This guys factory is just across the lake from where I live and this is painful to watch. Both Alibaba and the general local industry (metal fabs, train shops, etc) have high degrees of expertise in supply chain verification. You can hire (heck even bribe) experts along the way to reduce fuck ups. The video contained no mention of any audits, any additional paperwork beyond some pictures.

I once had a company that procured very simple electronics (fingerprint readers) from Taiwan and due diligence included travelling there, meeting every single person in the engineering office in person, then touring the contract factory where this would be built, then negotiating shipping and even driver development details.

This took all of one week and the price of a few plane tickets. We didn’t have the cash for professional auditors. In the end we got a product that worked, and even at a lower price (negotiating at a distance is not effective).
summarity
·قبل 5 أشهر·discuss
No engine can be 100% perfect of course, the original comment is broadly accurate though. CodeQL builds a full semantic database including types and dataflow from source code, then runs queries against that. QL is fundamentally a logic programming language that is only concerned with the satisfiably of the given constraint.

If dataflow is not provably connected from source to sink, an alert is impossible. If a sanitization step interrupts the flow of potentially tainted data, the alert is similarly discarded.

The end-to-end precision of the detection depends on the queries executed, the models of the libraries used in the code (to e.g., recognize the correct sanitizers), and other parameters. All of this is customizable by users.

All that can be overwhelming though, so we aim to provide sane defaults. On GitHub, you can choose between a "Default" and "Extended" suite. Those are tuned for different levels of potential FN/FP based on the precision of the query and severity of the alert.

Severities are calculated based on the weaknesses the query covers, and the real CVE these have caused in prior disclosed vulnerabilities.

QL-language-focused resources for CodeQL: https://codeql.github.com/
summarity
·قبل 5 أشهر·discuss
Heyo, I'm the Product Director for detection & remediation engines, including CodeQL.

I would love to hear what kind of local experience you're looking for and where CodeQL isn't working well today.

As a general overview:

The CodeQL CLI is developed as an open-source project and can run CodeQL basically anywhere. The engine is free to use for all open-source projects, and free for all security researchers.

The CLI is available as release downloads, in homebrew, and as part of many deployment frameworks: https://github.com/advanced-security/awesome-codeql?tab=read...

Results are stored in standard formats and can be viewed and processed by any SARIF-compatible tool. We provide tools to run CodeQL against thousands of open-source repos for security research.

The repo linked above points to dozens of other useful projects (both from GitHub and the community around CodeQL).
summarity
·قبل 5 أشهر·discuss
That's why I put it in quotes. In no way am I equating anything. Making the inner workings visible is what I was referring to.
summarity
·قبل 5 أشهر·discuss
Ive been using it (the original 15 tool version) for months now. It’s amazing. Any app's inner workings are suddenly transparent. I can track down bugs. Get a deeper understanding of any tool, and even write plug-ins or preload shims that mod any app. It’s like I finally actually _own_ the software I bought years ago.

For objective C heavy code, I also use Hopper Disassembler (which now has a built in MCP server).

Some related academic work (full recompilation with LLMs and Ghidra): https://dl.acm.org/doi/10.1145/3728958
summarity
·قبل 5 أشهر·discuss
Not just the presence but the material itself: https://www.smithsdetection.com/products/sdx-10060-xdi/

It’s X-ray diffraction
summarity
·قبل 5 أشهر·discuss
They’re multi wavelength CT. Basically whenever you see a 4:3 box with a “smiths” logo over the belt it’s going to be a pretty painless process (take nothing out except analog film)
summarity
·قبل 6 أشهر·discuss
Flash forge is releasing theirs in the next few weeks.