HackerLangs
TopNewTrendsCommentsPastAskShowJobs

void-star

no profile record

comments

void-star
·13 dagen geleden·discuss
The context in which that statement was made, and in which I’m repeating it, I think, is just to say that any bug has the potential to be used maliciously. Ignore it, fine, but also don’t overreact to the intended message…
void-star
·13 dagen geleden·discuss
Actually, Mudge of the l0pht (and later DARPA) once famously made the claim that all bugs are security issues waiting to be exploited in some way (I’m probably paraphrasing). I kind of agree. Although, the bugs on this dump are indeed mostly pretty lame, which is exactly what I’ve seen you get a lot of when you let an llm go bug hunting with no human vetting and confirmation in the loop.

It’s possible/likely that whomever is running this experiment is keeping the non slop bugs to themselves. It’s probably what I’d do.
void-star
·21 dagen geleden·discuss
Ack Yep my bad. Actually my bad for reading the “comment” incorrectly and being out of the loop with the cursor sale til now.
void-star
·21 dagen geleden·discuss
This was just ~10% of boston dynamics at that price. HN pro-tip: before commenting, read the articles not just the headlines.
void-star
·vorige maand·discuss
This!

… Is why I picked my name.
void-star
·vorige maand·discuss
You are leaping to the assumption that I don’t actually believe in the tech. This is incorrect. I am griping with the way it is being recklessly and stupidly deployed by poeople who really don’t know what they’re doing.
void-star
·vorige maand·discuss
I actually agree somewhat with jatora. However a large segment of the top ~20% of security folks are being forced to become reverse centaurs, as opposed to centaurs (disempowered vs empowered) due to the factors I mentioned. I genuinely see value in the tech, but it is currently being deployed recklessly and stupidly.
void-star
·vorige maand·discuss
I was reviewing a HTTP proxy implementation emitted from Claude Code 4.6 or 7. Don’t remember. I saw that it could rapidly create convincingly plausible code with tons of rationalizing that further strengthened all of it not just its human’s but its own wild leaps of judgment and thinking. But the code was completely insecure and didn’t follow or really seem to understand HTTP rfcs at all despite the “author’s” direct prompting to use them as a reference.

I realized “oh, shit”

We are so very fucked.
void-star
·vorige maand·discuss
As someone with over 30 years experience in computer security, both in corporate as well as boutique security and startup shops, who has been consistently fighting this trend, and recently bearing witness to and engaging in the current AI surge: I can say with absolute confidence that it is only getting and going to get even worse yet.

People like me who know there is a better way are getting pushed harder to lean on AI tooling even though we know that it is making things worse. This isn’t just because our founder/funding overlords are pressing us to do it. The sheer volume of new mission critical code being pumped out enabled by vibe coding is also leaving us little choice but to lean in too just to try and keep up.

We can all see it as clear as day: The tech isn’t ready for any of this. But nobody wants to hear that and everyone is marching off the cliff together anyway. We’re all going to land in the same waste pit together. Raise a glass and whimper.
void-star
·2 maanden geleden·discuss
Me too precisely. But after getting acclimated to a self hosted vaultwarden for the backend and beginning to explore some of the 3rd party Bitwarden frontends that implement its API, I’d recommend hanging in there a bit longer. I think there may be a moat around BW already for self-hosting.

What’s next in the circle is keepass I guess? And it’s just not friendly/robust enough yet for me to switch to it with my family who will probably just go back to using the same passwords on multiple sites if they hit resistance in ease of use.
void-star
·2 maanden geleden·discuss
https://github.com/doy/rbw Is an alternative Bitwarden cli front end. Probably has plenty of scaffolding to build a GUI frontend based on it.

Edit: Just a bit of googling turned up these as well.

https://github.com/AChep/keyguard-app https://github.com/sgolub/bitclient
void-star
·2 maanden geleden·discuss
I have my vaultwarden running on a container on my home-lab server acessible only from Tailscale. The container itself is only accessible as its own node on my Tailscale private network and can’t be reached any other way (there are no inbound port forwards for the container itself, tailscale handles this)

My phone and laptop both use tailscale to access this and a few other containers I have set up similarly. I also have tailscale ACL rules to limit just “me” or whomever I want to allow to use it (family etc) also on my tailnet.

Backups are encrypted and stored locally as well as to AWS glacier.

I love it and it works great.
void-star
·2 maanden geleden·discuss
I was thinking about Brave too while reading this thread. I’m not on a memory constrained system exactly but Brave seems to be tons snappier due to its as blocking. I wonder too if Brave is a case where you can pull it off and still take advantage of chromium based.
void-star
·4 maanden geleden·discuss
It really shines for navigating history. <esc>/ searches history the same way as the editor search function
void-star
·4 maanden geleden·discuss
It’s strange. I have heard this from lots of others too. I think I am an anomaly here. I can’t live without shell vi mode
void-star
·4 maanden geleden·discuss
set -o vi

<esc> puts you into vi mode at the cli prompt with all the semantics of the editor.

These carpal tunnel riddled hands can’t be bothered to reach for ctrl or alt let alone arrow keys.
void-star
·4 maanden geleden·discuss
It’s almost like we need some deterministic set of instructions that can be fed to a machine and followed reliably? Like… I don’t know… a “programming language”?
void-star
·4 maanden geleden·discuss
The advice that everyone seemed to agree on at least just a few months ago was to make sure _you_ write the comprehensive tests/specs and this is what I still would recommend doing to anyone asking. I guess even this may be falling out of fashion though…
void-star
·5 maanden geleden·discuss
Nope. Those are not the only answers I am seeing. I’m still curious though. 2x was nice because nobody really questioned it. Now that we have there doesn’t seem to be one “answer”. This is a fun/interesting question that comes up every now and then here and elsewhere :-) I suspect someone smarter than me about system tuning will have a much smarter and nuanced answer than “just use 2x”
void-star
·5 maanden geleden·discuss
Why was this downvoted? I’m generally curious what current recommendations for swap are too!

Edit: oh and I don’t have an actual personal system with swap configuration on it anymore to give my own answer anymore either.