HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jurschreuder

305 karmajoined 9 jaar geleden

comments

jurschreuder
·4 uur geleden·discuss
Ironically it's also written by AI :)

I like LLM's but this writing style is like eating the same dish 4 times a day.
jurschreuder
·5 dagen geleden·discuss
France and Germany are also kinda big, at least for the size of the country.
jurschreuder
·12 dagen geleden·discuss
Nobody trusts the Chinese that's the problem, not that people don't trust Claude.

Why was this person from Hong Kong going through the details of Claude code for obvious security reasons? There are some other obvious reasons that come to mind.

Maybe it's an eye opener for this person how much the trust in Chinese companies has eroded in the West.

Even if they suddenly stop stealing IP, which this "security research" article would certainly not suggest is happening, it would be a very long time before trust is restored.
jurschreuder
·13 dagen geleden·discuss
I'm too triggered by wording that signals it's written or at least modified by an LLM these days
jurschreuder
·15 dagen geleden·discuss
And it's built in Rust so it's AI generated
jurschreuder
·15 dagen geleden·discuss
[dead]
jurschreuder
·16 dagen geleden·discuss
It's a win-win game because both Anthropic and the Government are on the front page again pulling on important leavers.

In the mass-marketing world it's less about who's right or wrong but who is perceived by the population to be pulling the leavers on the front page again.
jurschreuder
·16 dagen geleden·discuss
If someone walks by and you want to push him in the back to go a bit faster.

Or someone runs by and you want to push him in the back to go faster.

You will have to push with great vigor, unless you first get up to speed yourself (also takes energy).
jurschreuder
·22 dagen geleden·discuss
Codeberg. They ONLY host open source software, it's sponsored by European institutions, Zig moved there too.

In the near future I'm also adding Forgejo to our Kexxu servers. Forgejo is basically Codeberg (but you need to host it). If you want a private repo on Kexxu just ask.
jurschreuder
·26 dagen geleden·discuss
Nobody uses void* in C++ you will get lectured if you do that.
jurschreuder
·26 dagen geleden·discuss
Yes all of them have sources.

Look for example top 500 CVEs of this year (after many fixes in C++, not right when the 70% memory issues in Chrome came out).

Look at top 10 CVE github 2025 (zero memory related does not make it).

Look at that sudo-rs was not allowed in Ubuntu because it's not as safe (way worst track record) than the C version, almost all is input sanitation.

Look at wordpress plugins hacks, all PHP all memory safe language. Compare that to HAProxy and Nginx (C).

Etc.
jurschreuder
·26 dagen geleden·discuss
You can also write inline assembly in C++ and then it's not safe.

But no developers working on projects that have been so ultimately battle tested that only memory safety issues remain do that. Professional C++ developers use RAII and containers. If you use raw pointers or raw arrays in C++ you will get 200 code reviewers lecturing you. You will never be able to for long.
jurschreuder
·26 dagen geleden·discuss
In highly specific programs like browser sandboxes. Not in things like wordpress plugins or nodejs servers.
jurschreuder
·26 dagen geleden·discuss
PHP is garbage collected for reference. So rewriting wordpress plugins in Rust would not make them more secure but rewriting HAProxy or Nginx would? It's delusional.
jurschreuder
·26 dagen geleden·discuss
In Chromium which is the condom of the internet, already millions of developer hours of the most highly paid developers have spent their days trying to make it water tight. This is not your average software project.
jurschreuder
·26 dagen geleden·discuss
Then you're looking at very old data, recent top 500 CVE's 100% of the use-after-free exploits where escalation to Admin on Windows.
jurschreuder
·26 dagen geleden·discuss
Google Chromium but not it's not even in the top 10 of vulnerabilities in Github
jurschreuder
·26 dagen geleden·discuss
What are they going to train with 13.5M really? We're a tiny company in Amsterdam in Holland and we've got "only 64x B300 to train on" so we could never make an LLM I thought, since we've got only 4M in compute.

And they're going to train an LLM with all kinds of extra difficulties compared to OpenAI for just 13.5M?

The very first Llama was 16M for one training.
jurschreuder
·27 dagen geleden·discuss
Just want to remind everyone that only 1% of vulnerabilities are memory related in the average Joe's code.

And only 20% of memory related bugs are use-after-free which the borrow checker fighting is for.

And 100% of the use-after-free exploits were to gain admin rights on an already hacked Windows (all windows) computer.

So for the vast majority of people the borrow checker adds nothing.

The vast majority of memory safety bugs (extreme pro level, super hard to exploit, only worth it in massively adopted evil outer world facing software) can be fixed by using C++26 with array bounds checking and forced initialisation.

These last two things that Rust forces catch 70-80% of the memory problems the borrow checker only 20-30% only use-after-free.

Most problems by far for normal developers are supply chain attacks, exposing api keys, remote code execution, wrong input validation, wrong auth-flow.

You're reading the CVEs of sudo and ssh and think your code will be hacked like that.

PHP is memory safe and still many people hack wordpress plugins.
jurschreuder
·vorige maand·discuss
I would argue that you would not really know what the compiler would be up to with the memory void* points to.

To make sure I would put it in some kind of container.