HackerLangs
TopNewTrendsCommentsPastAskShowJobs

qbane

no profile record

Submissions

Porting Btrfs-Progs to Rust

xfbs.net
10 points·by qbane·el mes pasado·0 comments

Technical Breakdown: How AI Agents Ignore 40 Years of Security Progress [video]

youtube.com
1 points·by qbane·hace 5 meses·0 comments

comments

qbane
·hace 12 días·discuss
I pondered for a while, it IS the company I used to know
qbane
·hace 17 días·discuss
> LLMs are as good as almost any security researcher, and anyone can run them.

I wonder what the metrics are. Also, not "anyone", just the affordable.
qbane
·hace 18 días·discuss
You could, but by targeting a specific Electron app the mindset would be much simpler. Just take a look of how many times does the dev behind VS Code decide to upgrade their Electron/Node.js version, and how many breakages due to them.

It is all about unknown unknowns.
qbane
·hace 19 días·discuss
I doubt the benefit. Practically every Electron app on a desktop uses different versions of Chromium and many are very out of date because of the risk of breaking when upgrading.
qbane
·hace 2 meses·discuss
I wish Google can bring back the OG Pixelbook, where "AI" merely means Google Assistant.
qbane
·hace 2 meses·discuss
I realized that my mentioning UUID without v4 was misleading.
qbane
·hace 2 meses·discuss
Okay, sightly more bits than UUID v4. The whole article is merely reasoning "why at least 128 bits are required", and if you smuggle some non-random data inside these bits the entropy can only drop, making it more vulnerable to collision, i.e. inferior to UUID v4.
qbane
·hace 2 meses·discuss
Note that when neither is supplied, the text mode is the default. This is why I said that it is the C library handling the "b" flag.
qbane
·hace 2 meses·discuss
tl;dr we reinvented UUID and it works well
qbane
·hace 2 meses·discuss
It's C library taking care of the "b" part for you according to the article.
qbane
·hace 3 meses·discuss
There is even a table copy-pasted into a paragraph without noticing.

> What’s needed is something different:

> Requirement ptrace seccomp eBPF Binary rewrite Low overhead per syscall No (~10-20µs) Yes Yes Yes [...]
qbane
·hace 3 meses·discuss
null hypothesis bot
qbane
·hace 3 meses·discuss
Reminding me of the Shoelace [0] project, which was rebranded as Web Awesome. The original (v2) repository was then archived.

[0]: https://shoelace.style/
qbane
·hace 3 meses·discuss
The watch is interactive! Nice detail
qbane
·hace 4 meses·discuss
Productivity is finite. If you pivot entirely to the AI stack, you're going to lose bandwidth for everything else. It's an opportunity cost problem.
qbane
·hace 4 meses·discuss
A better example would be to use LLMs to generate passwords or secret keys. Then even if it looks random to human, the inherent bias would make it a security disaster.
qbane
·hace 4 meses·discuss
You can still obfuscate JS heavily and make a VM that executes also obfuscated code calling arbitrary browser APIs. At least In WASM everything is sandboxed so the attack surface is smaller.
qbane
·hace 5 meses·discuss
cf. Kagi is a good take
qbane
·hace 6 meses·discuss
Remember: It is a company that keep saying how much production code can be written by AI in xx years, but at the same time recruiting new engineers.
qbane
·hace 6 meses·discuss
The "source" link at the footer seems to point to the author's GitHub profile, not source repository. The repo under it contains no code either.