HackerLangs
TopNewTrendsCommentsPastAskShowJobs

qbane

no profile record

Submissions

Porting Btrfs-Progs to Rust

xfbs.net
10 points·by qbane·mese scorso·0 comments

Technical Breakdown: How AI Agents Ignore 40 Years of Security Progress [video]

youtube.com
1 points·by qbane·5 mesi fa·0 comments

comments

qbane
·12 giorni fa·discuss
I pondered for a while, it IS the company I used to know
qbane
·17 giorni fa·discuss
> LLMs are as good as almost any security researcher, and anyone can run them.

I wonder what the metrics are. Also, not "anyone", just the affordable.
qbane
·18 giorni fa·discuss
You could, but by targeting a specific Electron app the mindset would be much simpler. Just take a look of how many times does the dev behind VS Code decide to upgrade their Electron/Node.js version, and how many breakages due to them.

It is all about unknown unknowns.
qbane
·19 giorni fa·discuss
I doubt the benefit. Practically every Electron app on a desktop uses different versions of Chromium and many are very out of date because of the risk of breaking when upgrading.
qbane
·2 mesi fa·discuss
I wish Google can bring back the OG Pixelbook, where "AI" merely means Google Assistant.
qbane
·2 mesi fa·discuss
I realized that my mentioning UUID without v4 was misleading.
qbane
·2 mesi fa·discuss
Okay, sightly more bits than UUID v4. The whole article is merely reasoning "why at least 128 bits are required", and if you smuggle some non-random data inside these bits the entropy can only drop, making it more vulnerable to collision, i.e. inferior to UUID v4.
qbane
·2 mesi fa·discuss
Note that when neither is supplied, the text mode is the default. This is why I said that it is the C library handling the "b" flag.
qbane
·2 mesi fa·discuss
tl;dr we reinvented UUID and it works well
qbane
·2 mesi fa·discuss
It's C library taking care of the "b" part for you according to the article.
qbane
·3 mesi fa·discuss
There is even a table copy-pasted into a paragraph without noticing.

> What’s needed is something different:

> Requirement ptrace seccomp eBPF Binary rewrite Low overhead per syscall No (~10-20µs) Yes Yes Yes [...]
qbane
·3 mesi fa·discuss
null hypothesis bot
qbane
·3 mesi fa·discuss
Reminding me of the Shoelace [0] project, which was rebranded as Web Awesome. The original (v2) repository was then archived.

[0]: https://shoelace.style/
qbane
·3 mesi fa·discuss
The watch is interactive! Nice detail
qbane
·4 mesi fa·discuss
Productivity is finite. If you pivot entirely to the AI stack, you're going to lose bandwidth for everything else. It's an opportunity cost problem.
qbane
·4 mesi fa·discuss
A better example would be to use LLMs to generate passwords or secret keys. Then even if it looks random to human, the inherent bias would make it a security disaster.
qbane
·4 mesi fa·discuss
You can still obfuscate JS heavily and make a VM that executes also obfuscated code calling arbitrary browser APIs. At least In WASM everything is sandboxed so the attack surface is smaller.
qbane
·5 mesi fa·discuss
cf. Kagi is a good take
qbane
·6 mesi fa·discuss
Remember: It is a company that keep saying how much production code can be written by AI in xx years, but at the same time recruiting new engineers.
qbane
·6 mesi fa·discuss
The "source" link at the footer seems to point to the author's GitHub profile, not source repository. The repo under it contains no code either.