HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dominicq

no profile record

Submissions

[untitled]

1 points·by dominicq·3 bulan yang lalu·0 comments

This post is published by just typing into Obsidian

blog.d11r.eu
1 points·by dominicq·3 bulan yang lalu·0 comments

Small models also found the vulnerabilities that Mythos found

aisle.com
1,284 points·by dominicq·3 bulan yang lalu·341 comments

[untitled]

6 points·by dominicq·3 bulan yang lalu·0 comments

Vibecoders Can't Build for Longevity

blog.d11r.eu
47 points·by dominicq·4 bulan yang lalu·35 comments

Mantras for the Modern Mind

blog.d11r.eu
1 points·by dominicq·4 bulan yang lalu·0 comments

Ask HN: How to manage work as the sole individual contributor?

2 points·by dominicq·10 bulan yang lalu·2 comments

Try the Goddamned Thing Out

sundaystopwatch.eu
2 points·by dominicq·11 bulan yang lalu·0 comments

Why is it so hard to export Markdown from Gemini?

sundaystopwatch.eu
1 points·by dominicq·12 bulan yang lalu·0 comments

Ask HN: How to find non-popular blogs and forums?

27 points·by dominicq·12 bulan yang lalu·21 comments

comments

dominicq
·bulan lalu·discuss
Lmao cringe, 23 years at NVIDIA is supposed to be, what, a credential?
dominicq
·bulan lalu·discuss
Using "cache" for this whole dynamic is annoying; not everything is a computer
dominicq
·bulan lalu·discuss
Good post! Also, in my opinion, domain expertise is actually more interesting than pure coding ability. Coding, for me, has always been a means to an end. I'm equally happy with a spreadsheet if it solves my problem, and in fact I hate most apps.
dominicq
·2 bulan yang lalu·discuss
I have model fatigue
dominicq
·3 bulan yang lalu·discuss
:(

Sounds super 1337 and I hope it's actually possible somehow.
dominicq
·3 bulan yang lalu·discuss
The first thing. Invoked processes inherit the permissions of the user who invoked them (unless they have the setuid bit). It's just in case you land access to a computer which has all the standard Unix tools disabled to stop attackers from lateral movement.
dominicq
·3 bulan yang lalu·discuss
Huh? How does that work exactly? I've heard of /proc fuckery before but didn't know you could disable aslr with it.
dominicq
·3 bulan yang lalu·discuss
You need initial access. This is just a list of tools you can use if you can't spawn a standard interactive shell, for whatever reason.

It doesn't make it easier to "hack" servers, it's just a list of things that you could use once you're already inside.
dominicq
·3 bulan yang lalu·discuss
> Fundamental in the dependency cooldown plan is the hope that other people - those who weren't smart enough to configure a cooldown - serve as unpaid, inadvertent beta testers for newly released packages.

This is wrong to an extent.

This plan works by letting software supply chain companies find security issues in new releases. Many security companies have automated scanners for popular and less popular libraries, with manual triggers for those libraries which are not in the top N.

Their incentive is to be the first to publish a blog post about a cool new attack that they discovered and that their solution can prevent.
dominicq
·3 bulan yang lalu·discuss
This would just speed up the discovery -> patch cycle, at least until such time that all the low hanging fruit (=represented in training data) is patched.

Though another possibility would be that since LLMs generate so much code, the LLM vulnerability discovery would just keep chugging along and we'd simply settle for the same amount of potential vulns, same relative vulnerability-exploit-patch dynamics, though higher in absolute numbers.
dominicq
·3 bulan yang lalu·discuss
I agree with you. It's clear that they're leaving X because "X bad", but they don't want to say it that way. I don't know if X is or isn't bad, but it seems pretty mainstream and a good representation of a lot of society, both US and international, so for an org that apparently cares for the online rights of people, it feels silly to leave a platform where there are - people. (and this is coming from someone who doesn't use X or social media in general)
dominicq
·3 bulan yang lalu·discuss
I can't get it to save emails that I've corresponded with on the Android app. I always have to find specific emails in the email history, and then "Compose message to". If I try to start a new email and start typing the name, or email address, there's no dropdown, no suggestion. Have you ever had this issue on Android?
dominicq
·3 bulan yang lalu·discuss
didn't work but thanks for googling that for me
dominicq
·4 bulan yang lalu·discuss
Whatever happened to Gary Cooper?
dominicq
·5 bulan yang lalu·discuss
Mmmm, funny shapes go brr
dominicq
·5 bulan yang lalu·discuss
Telegram, WhatsApp, Signal? I have friends and I don't use Discord or understand why I would want to use it.
dominicq
·5 bulan yang lalu·discuss
Yeah, I don't get it either. Deploy a VM that runs an LLM so that I can talk to it via Telegram... I could just talk to it through an app or a web interface. I'm not even trying to be snarky, like what the hell even is the use case?
dominicq
·6 bulan yang lalu·discuss
There are sometimes truly bizarre demands for evidence. I once posted a pure opinion piece -- essentially a moral judgment on what is good and what is bad (in the domain of technical writing) -- and got hit with "source?"

Me.

I am the source.
dominicq
·6 bulan yang lalu·discuss
Happy New Year from Zagreb, Croatia!
dominicq
·7 bulan yang lalu·discuss
I find the downvotes to your comment absurd. The downvoters seem to me what Kaczynski called "oversocialized". They accept being taken against your will because the system says that's how it's supposed to work. And then rationalize their conformity with apparent consequences (medical emergency services not providing care elsewhere, you being penalized for a fake call, and so on).

It shows a concerning lack of agency and a concerning amount of conformity.