HackerTrans
TopNewTrendsCommentsPastAskShowJobs

babush

no profile record

Submissions

Show HN: Xr – Ripgrep for Binary Xrefs

github.com
4 points·by babush·4 months ago·0 comments

Show HN: Nonna – code slop detector that runs in the browser

babush.me
2 points·by babush·4 months ago·0 comments

Show HN: LLVM-jutsu: Anti-LLM obfuscation pass

github.com
8 points·by babush·7 months ago·0 comments

Show HN: Anki Jam – Anki add-on for looping, pitch-shifting and drilling riffs

github.com
4 points·by babush·7 months ago·0 comments

MCP Job Security Pass

github.com
2 points·by babush·last year·0 comments

comments

babush
·3 months ago·discuss
Mixed feelings about creative work and AI, but if it wasn't for LLMs I would have chosen a different software than Blender for my hobby-level 2D animation. Made a Blender plugin w/ Claude, and it's saving me so much time (:
babush
·8 months ago·discuss
Scanning my messages with my mom is going to give that much extra edge in a war with Russia.

> If you think this time America will save the entire West like in movies

Ugh
babush
·9 months ago·discuss
I never mentioned a computer.
babush
·9 months ago·discuss
"Algorithmic collusion"... If using an algorithm leads to collusion, then choosing to use the algorithm should be considered regular collusion.
babush
·9 months ago·discuss
Can gravity buy out magnetism?
babush
·11 months ago·discuss
Beautiful
babush
·last year·discuss
Thanks for the comment. Couldn't have said it better. Also, good point about Ticketmaster. One seller, incomparable goods.
babush
·last year·discuss
I am unsympathetic to people who insist on reducing everything to its market value.

I've heard the arguments they use to justify why they do and they're all hogwash.
babush
·last year·discuss
I wish there was some SRS-like tool but for learning music.
babush
·last year·discuss
Thank you for sharing
babush
·last year·discuss
It's a bit hard to do comparisons without going into threat models and all that _fun_ stuff :shrug:

For example, JS runs in almost every browser on earth too, yet it took V8 devs 2 years to find out that `Math.expm1()` could return -0.0 (https://chromium.googlesource.com/v8/v8.git/+/56f7dda67fdc97...). This is a cherry-picked example, and JS is clearly more complex than WASM, but still.

Just because stuff runs on a lot of devices doesn't mean it's more or less secure.

Linux runs on quite a few devices too, yet we still find bugs, people still don't ship updates to said bugs, yadda yadda yadda.

My point is just that lots of devs often skip the threat modeling and just think "I'll slap it in a WASM thingie an it'll be fine". Well good luck.
babush
·last year·discuss
I recall Shopify having a seccomp-based jail to run untrusted ruby code. But their use-case was very limited so they can get away with blocking almost every syscall.

Other than that... VMs? The fact that people consider JS/WASM engines good security sandboxes is a bit scary tbf.