HackerLangs
TopNewTrendsCommentsPastAskShowJobs

dboreham

17,861 karmajoined 11 anni fa
[ my public key: https://keybase.io/dboreham; my proof: https://keybase.io/dboreham/sigs/lC9hM5haXXukH2rF_cFeB6gdtV0kXfHF7jZdZUdlkE4 ]

Verifying my Blockstack ID is secured with the address 1L7ikyCFhG5zyVSosrQYDs2ZG4ikEFqgBQ https://explorer.blockstack.org/address/1L7ikyCFhG5zyVSosrQYDs2ZG4ikEFqgBQ

Submissions

Incident review for TanStack NPM supply chain ransom incident

grafana.com
2 points·by dboreham·15 giorni fa·0 comments

[untitled]

1 points·by dboreham·mese scorso·0 comments

Fast16: Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations

security.com
4 points·by dboreham·2 mesi fa·0 comments

Aether: High-performance, formally-verified storage engine written in Rust

codeberg.org
37 points·by dboreham·2 mesi fa·14 comments

Rapid snow melt-off in American west stuns scientists

theguardian.com
6 points·by dboreham·3 mesi fa·1 comments

CISA Urges Hardening After Cyberattack Against Stryker

cisa.gov
5 points·by dboreham·4 mesi fa·0 comments

Show HN: An application stack Claude coded directly in LLVM IR

github.com
10 points·by dboreham·4 mesi fa·0 comments

Why Is Anything Conscious?

arxiv.org
3 points·by dboreham·4 mesi fa·0 comments

Show HN: An Occam to Go transpiler (LLM-generated)

2 points·by dboreham·5 mesi fa·4 comments

Google played key role in recovering video from Nancy Guthrie's nest camera

cnn.com
1 points·by dboreham·5 mesi fa·1 comments

Midair collision near Washington DC followed years of ignored warnings

theguardian.com
3 points·by dboreham·5 mesi fa·0 comments

Surface optimization governs the local design of physical networks

nature.com
2 points·by dboreham·6 mesi fa·0 comments

How AI Fixed My Procrastination

devblogs.microsoft.com
2 points·by dboreham·7 mesi fa·1 comments

Epstein

justice.gov
5 points·by dboreham·7 mesi fa·1 comments

Aptos: Free software for me, but not for thee

github.com
3 points·by dboreham·7 mesi fa·0 comments

Airbus grounds A320 aircraft amid solar radiation risk

aerospaceglobalnews.com
20 points·by dboreham·7 mesi fa·6 comments

NTSB DC-10-10 Aircraft Accident Report (1979) [pdf]

ntsb.gov
3 points·by dboreham·8 mesi fa·2 comments

[untitled]

1 points·by dboreham·8 mesi fa·0 comments

It Is All about Token: Towards Semantic Information Theory for LLMs

arxiv.org
3 points·by dboreham·8 mesi fa·0 comments

Consequences of Undecidability in Physics on the Theory of Everything

arxiv.org
1 points·by dboreham·8 mesi fa·2 comments

comments

dboreham
·17 minuti fa·discuss
I saw the title and assumed an article by Wolfram. But it's by Tim Roughgarden who I know from algorithmic game theory. Anyway, I'll register my membership in the "it's more fundamental than that" camp.
dboreham
·1 ora fa·discuss
My experience has been that Claude/Opus will ask me questions, although sometimes I have to step in and redirect a bit. Codex/GPT just dives in and cranks code out, which after using Claude for a year I found rather concerning. It wrote working code though. Claude/Fable does something similar (asks far fewer questions than Opus) fwiw.
dboreham
·1 ora fa·discuss
Ok thanks. Executed on that. I had it build a simple project (actually not so simple since it involved domain knowledge about snowpack and ice) and also gave the same prompt to Opus and to Fable. When I get some spare time I'll write an article highlighting the differences between all three.
dboreham
·ieri·discuss
Many projects that were done by humans and took a year can certainly not be trusted.
dboreham
·ieri·discuss
Egads surely Mozilla can produce a blog post that isn't written in AI-speak?
dboreham
·ieri·discuss
Nudged by this thread, I've decided to switch from Claude to Codex for a bit to see what happens. But...I immediately became lost in their marketing vortex of confusion on plans and pricing. Anyone care to tell me which plan I should be using? On the other side I use the $100 Claude Code plan. We actually have a "Business" ChatGPT subscription already, which seems to be $50/mo/seat. OpenAI's web site offers a set of individual subscriptions (for parity with CC presumably) which I suspect weren't available when we signed up for ChatGPT. I think that in turn happened due to some web site feature it didn't allow for free users (uploading PDFs, something like that). Perhaps I should switch from that business account to an individual subscription for Codex?
dboreham
·ieri·discuss
But aren't the politicians also corrupt? (or at least most of them) One therefore assumes that any action by congress must be corrupt. This appears borne out by the evidence over the past few decades.
dboreham
·l’altro ieri·discuss
Because it's used in addition to, not in place of, the better RAM.
dboreham
·l’altro ieri·discuss
C also has sum types.
dboreham
·l’altro ieri·discuss
You need to meet some people who argue that types are positively bad!
dboreham
·3 giorni fa·discuss
More usually expressed as "if he only played golf".
dboreham
·3 giorni fa·discuss
I pay $200/mo and they provide me a tool that writes all the code I want. Seems like a great deal to me.
dboreham
·3 giorni fa·discuss
They have an IPO to launch, so they're not going to do that.
dboreham
·3 giorni fa·discuss
Ok but my understanding from the article was that the bug is "it always allows what shouldn't be allowed", therefore any negative outcome test should have failed (or at least a very very simple one). Again I'm sure I'm misunderstanding something about the context here.
dboreham
·3 giorni fa·discuss
Well, no. That's the bug. The fix is to "not do that", although one does wonder what the original author was smoking!

https://github.com/cloudflare/circl/commit/f7d2180d6a77cfb28...
dboreham
·3 giorni fa·discuss
If the author is here: thanks for that, interesting read, and also nice to note the absence of a marketing name for the bugs. If you have time, couple (edit: three) questions:

1. Could you expand on this? "That human-in-the-loop step still matters a lot, because AI candidate findings are cheap while trustworthy reports are not." Roughly how many candidate reports did the LLMs create vs the eventual 7 true vulnerabilities?

2. As I was reading "CP-ABE access-control break via AND-share bug" I thought "why wasn't this caught with a test?", which was going to be my question but clicking through to the commit (thanks for that too btw) I see there was a regression test added: https://github.com/cloudflare/circl/commit/def2fd35b8535b0b8... but I'm wondering why there isn't a test further up the stack that is simply checking "can't decrypt if the required attribute isn't present"? Seems similar to those situations where nobody thought to test an auth system for "user can't log in when they present the wrong password"!! Perhaps I'm missing some subtlety though.

3. This is probably a dumb question, but I wasn't sure (even after reading the linked article on zkao) exactly what zkao actually is. One description seems to be "a system for continuously running an LLM audit pass on a codebase". But that can't be right because this article talks about running it on the LLM-found vulnerability reports. Is it an LLM? (but better than the frontier LLMs?) Anyway, bit confused and would appreciate some clarity.
dboreham
·4 giorni fa·discuss
I think you could ignore their legal argument in the civilized world but in the USA perhaps not. The very concept of a "formally recognized diagnosis" is American health insurance industry gaslighting (also not a formal diagnosis fwiw). It means nothing in other countries.
dboreham
·4 giorni fa·discuss
Three really, but otherwise yes.
dboreham
·5 giorni fa·discuss
For the similarly confused: it displays times in your local browser time zone, not the time zone of the actual train. I'm pretty sure this is an oversight since there's no universe in which I want train times not in their native time zone.
dboreham
·5 giorni fa·discuss
I suspect there are many things AI can do to help people and make their lives better. But that's not how business works: products get made and marketed because they make their owners more money. Totally different goal.