HackerLangs
TopNewTrendsCommentsPastAskShowJobs

PlasmaPower

61 karmajoined vor 5 Monaten

comments

PlasmaPower
·vor 3 Stunden·discuss
I don't think PoW scales, because if the bot authors get serious they'll start using native implementations that are much more efficient than the web ones real users are running. In theory maybe Anubis could start using WebGPU to help close that gap, but then anyone without WebGPU support is out of luck.

Then again, a large portion of the problem seems to be bots making way too many requests and in general not being optimized in the first place, and this does help filter those out.
PlasmaPower
·vor 7 Tagen·discuss
I might be missing something here, but why do you assume this spike in CVEs is from bad guys? I would assume it's at least largely good guys finding and reporting vulns, not based on in-the-wild exploitation by bad guys.
PlasmaPower
·vor 8 Tagen·discuss
I'm not sure if the parent comment was written by AI or not (you're probably right) but consistency is indeed one of the main things I think about with Android Auto. Not just consistency between cars, but also consistency with the rest of my phone. The principle seems worth considering.
PlasmaPower
·vor 28 Tagen·discuss
No, he specifically gave a proprietary OpenAI model as an example (unless you meant OpenAI models instead of open source models)
PlasmaPower
·vor 2 Monaten·discuss
They have a similar command for the Arch Linux forum, where beginners are encouraged to ask questions
PlasmaPower
·vor 2 Monaten·discuss
Maybe you don't drive into flood waters, but your Uber driver might, and that's what Waymo is trying to replace, not your personal driving.

In that context I think comparing it to the average human driver makes a lot of sense, because even if you personally are an even better driver, or even if human drivers are better at some specific things, we have more than enough data to show that Waymo reduces accident rates overall in their current rollout.
PlasmaPower
·vor 2 Monaten·discuss
You're probably right, but that seems like the less important part of this. At that point you've already got an out-of-bounds write. Another comment speculated that you could use PageJack as an alternative exploit path once you have that primitive: https://news.ycombinator.com/item?id=48069623
PlasmaPower
·vor 2 Monaten·discuss
"static analysis" is usually deterministic rules you can e.g. put in CI. AI is also somewhat dynamic in that it can execute commands to try stuff out. The best AI vuln finding harnesses work that way, by essentially putting the AI inside of a fuzzer-like environment and telling it to produce a crash.
PlasmaPower
·vor 2 Monaten·discuss
If static analysis could actually find these issues with a reasonable false positive rate, the companies behind them would be running them on Linux to get the publicity of having found the issues like all the AI companies are doing now. Imo the good static analysis heuristics are already built into compilers or in open source linters.
PlasmaPower
·vor 2 Monaten·discuss
No, you can grant yourself this inside an unprivileged user namespace. `unshare -Ur capsh --print` lists the capabilities inside a user namespace and demonstrates that it has both CAP_SYS_ADMIN and CAP_NET_ADMIN.

Almost all distros allow unprivileged user namespaces, and in my opinion this is the right decision, because they're important for browser sandboxing which I think is more important than LPEs.
PlasmaPower
·vor 3 Monaten·discuss
It's not like Costco told them that. Buying something because a third party misinformed you (or in this case, was only temporarily right) doesn't invalidate the transaction.
PlasmaPower
·vor 3 Monaten·discuss
Yes, but very few people are actually doing that compared to OpenClaw. If everyone else was doing that, they'd be cracking down on it too.
PlasmaPower
·vor 4 Monaten·discuss
Why do you think it doesn't have understanding of semantics? I think that was one of the first things to fall to LLMs, as even early models interpreted the word "crashed" differently in "I crashed my car" and "I crashed my computer", and were able to easily conquer the Winograd schema challenge.
PlasmaPower
·vor 4 Monaten·discuss
Why not? They're definitely not perfect security boundaries, but neither are VMs. I think containers provide a reasonable security/usability tradeoff for a lot of use cases including agents. The primary concern is kernel vulnerabilities, but if you're keeping your kernel up-to-date it's still imo a good security layer. I definitely wouldn't intentionally run malware in it, but it requires an exploit in software with a lot of eyes on it to break out of.