HackerLangs
トップ新着トレンドコメント過去質問紹介求人

qbane

no profile record

投稿

Porting Btrfs-Progs to Rust

xfbs.net
10 ポイント·投稿者 qbane·先月·0 コメント

Technical Breakdown: How AI Agents Ignore 40 Years of Security Progress [video]

youtube.com
1 ポイント·投稿者 qbane·5 か月前·0 コメント

コメント

qbane
·12 日前·議論
I pondered for a while, it IS the company I used to know
qbane
·17 日前·議論
> LLMs are as good as almost any security researcher, and anyone can run them.

I wonder what the metrics are. Also, not "anyone", just the affordable.
qbane
·18 日前·議論
You could, but by targeting a specific Electron app the mindset would be much simpler. Just take a look of how many times does the dev behind VS Code decide to upgrade their Electron/Node.js version, and how many breakages due to them.

It is all about unknown unknowns.
qbane
·19 日前·議論
I doubt the benefit. Practically every Electron app on a desktop uses different versions of Chromium and many are very out of date because of the risk of breaking when upgrading.
qbane
·2 か月前·議論
I wish Google can bring back the OG Pixelbook, where "AI" merely means Google Assistant.
qbane
·2 か月前·議論
I realized that my mentioning UUID without v4 was misleading.
qbane
·2 か月前·議論
Okay, sightly more bits than UUID v4. The whole article is merely reasoning "why at least 128 bits are required", and if you smuggle some non-random data inside these bits the entropy can only drop, making it more vulnerable to collision, i.e. inferior to UUID v4.
qbane
·2 か月前·議論
Note that when neither is supplied, the text mode is the default. This is why I said that it is the C library handling the "b" flag.
qbane
·2 か月前·議論
tl;dr we reinvented UUID and it works well
qbane
·2 か月前·議論
It's C library taking care of the "b" part for you according to the article.
qbane
·3 か月前·議論
There is even a table copy-pasted into a paragraph without noticing.

> What’s needed is something different:

> Requirement ptrace seccomp eBPF Binary rewrite Low overhead per syscall No (~10-20µs) Yes Yes Yes [...]
qbane
·3 か月前·議論
null hypothesis bot
qbane
·3 か月前·議論
Reminding me of the Shoelace [0] project, which was rebranded as Web Awesome. The original (v2) repository was then archived.

[0]: https://shoelace.style/
qbane
·3 か月前·議論
The watch is interactive! Nice detail
qbane
·4 か月前·議論
Productivity is finite. If you pivot entirely to the AI stack, you're going to lose bandwidth for everything else. It's an opportunity cost problem.
qbane
·4 か月前·議論
A better example would be to use LLMs to generate passwords or secret keys. Then even if it looks random to human, the inherent bias would make it a security disaster.
qbane
·4 か月前·議論
You can still obfuscate JS heavily and make a VM that executes also obfuscated code calling arbitrary browser APIs. At least In WASM everything is sandboxed so the attack surface is smaller.
qbane
·5 か月前·議論
cf. Kagi is a good take
qbane
·6 か月前·議論
Remember: It is a company that keep saying how much production code can be written by AI in xx years, but at the same time recruiting new engineers.
qbane
·6 か月前·議論
The "source" link at the footer seems to point to the author's GitHub profile, not source repository. The repo under it contains no code either.