HackerLangs
TopNewTrendsCommentsPastAskShowJobs

darkamaul

no profile record

Submissions

Anthropic's coordinated vulnerability disclosure dashboard

red.anthropic.com
2 points·by darkamaul·2 mesi fa·0 comments

[untitled]

1 points·by darkamaul·9 mesi fa·0 comments

Project Rain:L1TF

bughunters.google.com
3 points·by darkamaul·10 mesi fa·0 comments

OCInception Writeup

github.com
1 points·by darkamaul·10 mesi fa·1 comments

comments

darkamaul
·mese scorso·discuss
Well , there isn’t also the opposite take from TechCrunch where they say: Why Paris may be the most important AI city outside Silicon Valley. [0]

While the EU loves its regulation, I still feel it’s too early to write it down in the AI race. It will not replace Anthropic or OpenAI any time soon, but even Google and Meta fail to do that.

If AI continue to grow and expand, there is enough space for many more unicorns.

[0] https://techcrunch.com/2026/05/28/why-paris-may-be-the-most-...
darkamaul
·mese scorso·discuss
What an interesting article. I did not assume I would read it until the end when I opened it, but the writing was super clear and easy to follow.

At the end, I admire the craft and patience to try to solve code diff rendering, and wish the folks at GitHub could put the same effort to improve their platform.

On a side note, I feel that we’re going to see more and more of this type of agentic usage, in well defined sub tasks, and the ability of a model to try many possibilities is a huge gift here.
darkamaul
·mese scorso·discuss
I think Minecraft is still in good shape
darkamaul
·2 mesi fa·discuss
I guess you could look at https://red.anthropic.com/2026/cvd/ to see exactly what was discovered.
darkamaul
·3 mesi fa·discuss
If I understood the code correctly, it always use the hybrid version.

> Kyber is always used in a composite scheme along with a classic ECC algorithm.
darkamaul
·3 mesi fa·discuss
One of the biggest issues I see with Upload Queues here that is not talked about is the added complexity on the package managers themselves (PyPI, NPM, crates.io ...).

They are already complex beasts of software, extremely important for the ecosystems, and not always well funded. Adding all this extra complexity, with official bypasses (for security reasons), monitoring APIs (for security review while a new version is in the queue), and others is not cheap.

And if somehow, they get the funding to do this, will they also get the funding for the maintenance in the long term?

I don't think the benefits here (which is only explicitly model the cooldown) are enough to offset the downsides.
darkamaul
·3 mesi fa·discuss
I’m maybe not understanding here, but isn’t it the point of release attestations (to authenticate that the release was produced by the authors)?

[0] https://docs.github.com/en/actions/how-tos/secure-your-work/...
darkamaul
·3 mesi fa·discuss
With the recent incidents affecting Trivy and litellm, I find it extremely useful to have a guide on what to do to secure your release process.

The advices here are really solid and actionable, and I would suggest any team to read them, and implement them if possible.

The scary part with supply chain security is that we are only as secure as our dependencies, and if the platform you’re using has non secure defaults, the efforts to secure the full chain are that much higher.
darkamaul
·6 mesi fa·discuss
I love all the touches that went into creating the Dependabot configuration:

– Sunday at 3 a.m. for updates

– The prompt injection to skip CI

It was a fun read - I'm looking forward to it being ingested by future LLMs.
darkamaul
·6 mesi fa·discuss
Second this.

I didn't expect Google (Mandiant) to release rainbow tables ever. Curious what changed internally to make that acceptable now.
darkamaul
·6 mesi fa·discuss
Curious what tech stack is behind this docs/cookbook page. Doesn't look like standard MkDocs/GitBook, but maybe I'm wrong.

Would love to know.
darkamaul
·6 mesi fa·discuss
I have been using OMZ for the last 8 years but recently made the switch to plain zsh with : - starship for a better prompt - Claude ported plugins I was using from omz (extract, sudo) - custom written aliases that were muscle memory - zoxide for the a command

So far that has been a great move, my terminal tab feel snappy again. One thing I miss (but I’m sure I could find a way to replace it) is `cd ….´
darkamaul
·7 mesi fa·discuss
Xlssid
darkamaul
·7 mesi fa·discuss
I'd argue ASML's moat isn't the machine itself but the ecosystem: Carl Zeiss optics, decades of supplier relationships, institutional knowledge.

This is clearly a significant achievement, but does anyone with semiconductor experience have a sense of how far "generates EUV light" is from "production-ready tool"?
darkamaul
·7 mesi fa·discuss
According to UpDog [0], the incident only lasted 35 minutes (8:40 - 9:15). And the Cloudflare status page seems to validate this timeline.

While down times are not ideal, that's quite an impressive achievement to be able to resolve an incident of this scale in minutes - not hours.

[0]: https://updog.ai/status/cloudflare
darkamaul
·7 mesi fa·discuss
GitHub Code Search has too many quirks compared to the zoekt powered alternatives (cs.android.com, cs.bazel.build) which feel far more intuitive.

I wish Microsoft would invest more in improving it - especially since Sourcegraph can't search private repositories, leaving GitHub's tool as the only real option for many codebases.
darkamaul
·7 mesi fa·discuss
I've noticed that several projects on the front page today (and over the past few days) are migrating away from GitHub.

Is there any recent event or broader trend that explains this shift?
darkamaul
·7 mesi fa·discuss
Hoping this pushes a new generation of adblockers, but I'm skeptical it'll stay a fair fight. The next wave of ads will likely be far subtler than today's web ads - more integrated into content, harder to detect, and easier to normalize.
darkamaul
·8 mesi fa·discuss
For interested readers, here is the CEO (Vlad) answer to the ties between Kagi and Yandex (November 2024): https://kagifeedback.org/d/5445-reconsider-yandex-integratio...
darkamaul
·8 mesi fa·discuss
I'm having trouble following the suspicion here. The founder lived in Belgrade for decades before moving to the US, so opening an office there seems like a straightforward decision: you build where you have roots, local knowledge, and existing connections. That's not a red flag...

As for Serbia itself: yes, it's not in the EU, but it's been in the accession process since 2012. The timeline is slow, but the country is economically integrated with Europe. If we're treating a Serbian office as inherently suspicious, that's a bar most of the tech industry wouldn't clear.