HackerTrans
TopNewTrendsCommentsPastAskShowJobs

void-star

no profile record

comments

void-star
·14일 전·discuss
The context in which that statement was made, and in which I’m repeating it, I think, is just to say that any bug has the potential to be used maliciously. Ignore it, fine, but also don’t overreact to the intended message…
void-star
·14일 전·discuss
Actually, Mudge of the l0pht (and later DARPA) once famously made the claim that all bugs are security issues waiting to be exploited in some way (I’m probably paraphrasing). I kind of agree. Although, the bugs on this dump are indeed mostly pretty lame, which is exactly what I’ve seen you get a lot of when you let an llm go bug hunting with no human vetting and confirmation in the loop.

It’s possible/likely that whomever is running this experiment is keeping the non slop bugs to themselves. It’s probably what I’d do.
void-star
·22일 전·discuss
Ack Yep my bad. Actually my bad for reading the “comment” incorrectly and being out of the loop with the cursor sale til now.
void-star
·22일 전·discuss
This was just ~10% of boston dynamics at that price. HN pro-tip: before commenting, read the articles not just the headlines.
void-star
·지난달·discuss
This!

… Is why I picked my name.
void-star
·지난달·discuss
You are leaping to the assumption that I don’t actually believe in the tech. This is incorrect. I am griping with the way it is being recklessly and stupidly deployed by poeople who really don’t know what they’re doing.
void-star
·지난달·discuss
I actually agree somewhat with jatora. However a large segment of the top ~20% of security folks are being forced to become reverse centaurs, as opposed to centaurs (disempowered vs empowered) due to the factors I mentioned. I genuinely see value in the tech, but it is currently being deployed recklessly and stupidly.
void-star
·지난달·discuss
I was reviewing a HTTP proxy implementation emitted from Claude Code 4.6 or 7. Don’t remember. I saw that it could rapidly create convincingly plausible code with tons of rationalizing that further strengthened all of it not just its human’s but its own wild leaps of judgment and thinking. But the code was completely insecure and didn’t follow or really seem to understand HTTP rfcs at all despite the “author’s” direct prompting to use them as a reference.

I realized “oh, shit”

We are so very fucked.
void-star
·지난달·discuss
As someone with over 30 years experience in computer security, both in corporate as well as boutique security and startup shops, who has been consistently fighting this trend, and recently bearing witness to and engaging in the current AI surge: I can say with absolute confidence that it is only getting and going to get even worse yet.

People like me who know there is a better way are getting pushed harder to lean on AI tooling even though we know that it is making things worse. This isn’t just because our founder/funding overlords are pressing us to do it. The sheer volume of new mission critical code being pumped out enabled by vibe coding is also leaving us little choice but to lean in too just to try and keep up.

We can all see it as clear as day: The tech isn’t ready for any of this. But nobody wants to hear that and everyone is marching off the cliff together anyway. We’re all going to land in the same waste pit together. Raise a glass and whimper.
void-star
·2개월 전·discuss
Me too precisely. But after getting acclimated to a self hosted vaultwarden for the backend and beginning to explore some of the 3rd party Bitwarden frontends that implement its API, I’d recommend hanging in there a bit longer. I think there may be a moat around BW already for self-hosting.

What’s next in the circle is keepass I guess? And it’s just not friendly/robust enough yet for me to switch to it with my family who will probably just go back to using the same passwords on multiple sites if they hit resistance in ease of use.
void-star
·2개월 전·discuss
https://github.com/doy/rbw Is an alternative Bitwarden cli front end. Probably has plenty of scaffolding to build a GUI frontend based on it.

Edit: Just a bit of googling turned up these as well.

https://github.com/AChep/keyguard-app https://github.com/sgolub/bitclient
void-star
·2개월 전·discuss
I have my vaultwarden running on a container on my home-lab server acessible only from Tailscale. The container itself is only accessible as its own node on my Tailscale private network and can’t be reached any other way (there are no inbound port forwards for the container itself, tailscale handles this)

My phone and laptop both use tailscale to access this and a few other containers I have set up similarly. I also have tailscale ACL rules to limit just “me” or whomever I want to allow to use it (family etc) also on my tailnet.

Backups are encrypted and stored locally as well as to AWS glacier.

I love it and it works great.
void-star
·2개월 전·discuss
I was thinking about Brave too while reading this thread. I’m not on a memory constrained system exactly but Brave seems to be tons snappier due to its as blocking. I wonder too if Brave is a case where you can pull it off and still take advantage of chromium based.
void-star
·4개월 전·discuss
It really shines for navigating history. <esc>/ searches history the same way as the editor search function
void-star
·4개월 전·discuss
It’s strange. I have heard this from lots of others too. I think I am an anomaly here. I can’t live without shell vi mode
void-star
·4개월 전·discuss
set -o vi

<esc> puts you into vi mode at the cli prompt with all the semantics of the editor.

These carpal tunnel riddled hands can’t be bothered to reach for ctrl or alt let alone arrow keys.
void-star
·4개월 전·discuss
It’s almost like we need some deterministic set of instructions that can be fed to a machine and followed reliably? Like… I don’t know… a “programming language”?
void-star
·4개월 전·discuss
The advice that everyone seemed to agree on at least just a few months ago was to make sure _you_ write the comprehensive tests/specs and this is what I still would recommend doing to anyone asking. I guess even this may be falling out of fashion though…
void-star
·5개월 전·discuss
Nope. Those are not the only answers I am seeing. I’m still curious though. 2x was nice because nobody really questioned it. Now that we have there doesn’t seem to be one “answer”. This is a fun/interesting question that comes up every now and then here and elsewhere :-) I suspect someone smarter than me about system tuning will have a much smarter and nuanced answer than “just use 2x”
void-star
·5개월 전·discuss
Why was this downvoted? I’m generally curious what current recommendations for swap are too!

Edit: oh and I don’t have an actual personal system with swap configuration on it anymore to give my own answer anymore either.