HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thombles

no profile record

Submissions

Tangled: Our €3,8M seed round

blog.tangled.org
12 points·by thombles·4 months ago·7 comments

RSS Guard v5.0.0

github.com
1 points·by thombles·4 months ago·0 comments

Experiments with Memory Integrity Enforcement

octet-stream.net
3 points·by thombles·7 months ago·0 comments

Bureau of Meteorology ordered to fix new website after torrent of complaints

abc.net.au
6 points·by thombles·9 months ago·0 comments

Polish top-performing language for complex AI tasks, finds study

notesfrompoland.com
2 points·by thombles·9 months ago·1 comments

Microsoft begins turning off uBlock Origin and other extensions in Edge

neowin.net
787 points·by thombles·last year·514 comments

comments

thombles
·9 days ago·discuss
Be cautious if you're using large databases on iOS. At least until fairly recently, iOS doesn't page dirty mmaped pages back to disk and after enough churn the app will OOM.
thombles
·9 days ago·discuss
One day Quinn will retire and Apple had better have a succession plan.
thombles
·14 days ago·discuss
I’m curious how a workplace ends up with a model policy like this. It seems like you’d spend more time trying to work out how to use a tiny number of Opus tokens than doing it yourself.
thombles
·21 days ago·discuss
Alas. Loved his work on Major Stryker.
thombles
·26 days ago·discuss
A low-risk way to dip your toes in is to email a blogger to say that you enjoyed their post or that you found it helpful. The message doesn’t have to have useful information in it, just be sincere. Per OP, often there won’t be a reply but also often it’s much appreciated - particularly by non-mainstream writers.
thombles
·26 days ago·discuss
There are already on-device models that you can use through this framework as a developer. Claude would just be an additional one.
thombles
·last month·discuss
That's my initial experience, yes. It's hard to compare these things cleanly of course. I went through several new contexts on GPT and it just couldn't get traction -- it became hard to keep it focused on "yes there's clearly a race but what actual persistent state got broken"? It just wanted to change the thread priorities so that the problem didn't occur and kept doubling down on that as the solution. Opus made some missteps too but it responded well to my corrections - 2 or 3 significant ones along the way - and it was prepared to keep digging on my exact goal until it found the real issue.
thombles
·last month·discuss
Today I was a few hours into chasing down a very tricky timing-dependent bug with GPT 5.5 and we were starting to go into circles. I noticed Opus 4.8 had showed up in GitHub Copilot so I switched over and pointed it at my notes so far. Another hour of steady progress and it tracked it down to some missing synchronisation in an upstream library which was occasionally corrupting a linked list. N=1 but worth every one of those rather expensive 15x requests today. 15x... yeah.
thombles
·2 months ago·discuss
As one of those commenters on the previous post - yep, that theory appears to have been comprehensively trounced. Unless anything comes to light that mythos was applied poorly to curl, the evidence suggests that it’s not uniquely effective vs other AI-assisted approaches. I’ll be interested to see what’s reported in the next curl release.
thombles
·2 months ago·discuss
We will see. As for "testing that could have been done before", Mozilla's posts indicate otherwise. Use of Opus 4.6 led to 22 security-sensitive bugs vs Mythos' 271 (https://blog.mozilla.org/en/privacy-security/ai-security-zer...). They already had the methodology in place when the more powerful model came along (https://hacks.mozilla.org/2026/05/behind-the-scenes-hardenin...):

> Once the end-to-end pipeline is in place, it’s trivial to swap in different models when they become available. Building this pipeline early helped us find a number of serious bugs using publicly-available models, and it also helped us hit the ground running when we had the opportunity to evaluate Claude Mythos Preview. In our experience, model upgrades increase the effectiveness of the entire pipeline: the system gets simultaneously better at finding potential bugs, creating proof-of-concept test cases to demonstrate them, and articulating their pathology and impact.
thombles
·2 months ago·discuss
The question is how many security vulnerabilities are actually left in the code after all the recent AI attention. Either Mythos is a nothingburger, or it's substantially more powerful but there's nothing left to do. Even a large amount of C can be correct eventually. Curl has the _potential_ to become a good data point maybe 6-12 months from now - if researchers and new tools find many more vulnerabilities then Mythos is proved to be hype. If they don't, then maybe Mythos is overkill for today's curl and its capabilities are better deployed elsewhere (like Firefox, apparently).
thombles
·2 months ago·discuss
Curl simply isn't a good data point. It's one of the most picked-over codebases in existence with extensive security testing practices. All the researchers using not-quite-Mythos models have had plenty of time to report bugs up to this point. Daniel may be right that Mythos hasn't been a game changer for curl but the preconditions are different for virtually any other codebase. Perhaps the real marketing here is his own modesty about curl's maturity.
thombles
·2 months ago·discuss
The answer is in the next sentence: "Bun owns its event loop and syscalls." They clearly want to manage their use of threads explicitly, which is not _unusual_ for systems programming but probably less common. Note that `rayon` is different from most of these in that it has nothing to do with async Rust - it's a tool for spreading computation over a thread pool, very popular in non-async projects, but it would also go against their goals here.
thombles
·2 months ago·discuss
Is the poster maybe confusing bandwidth (range of frequencies over which a single board can work) with bandwidth (data transfer speeds in bits per second)?
thombles
·2 months ago·discuss
I saw this the other day and was pretty confused - I prefer to write my own commit messages and wondered if I’d accidentally let the AI do it this time. Nope, just MS changing things behind my back. Sigh.
thombles
·2 months ago·discuss
I didn’t read this as a flex. More a rueful admission of his connection/addiction to GitHub.
thombles
·3 months ago·discuss
It's a meaningful difference for SaaS. Most likely an attacker doesn't have access to your running binary let alone source code, and if they probe it like a pentester would it will be noisy and blocked/flagged by your WAF.
thombles
·3 months ago·discuss
Microsoft could tone it down a bit (especially all the full screen harassment after windows updates) but I wonder how many casual users have had their bacon saved precisely because their documents and desktop got pushed to the cloud?
thombles
·3 months ago·discuss
It’s super hostile. I realised I was going to press it by accident eventually so I switched to Fossify Gallery before I did.
thombles
·3 months ago·discuss
It doesn’t? I use the OneDrive app for scanning documents all the time. + button then “Capture”