HackerTrans
TopNewTrendsCommentsPastAskShowJobs

babush

no profile record

Submissions

Show HN: Xr – Ripgrep for Binary Xrefs

github.com
4 points·by babush·4 месяца назад·0 comments

Show HN: Nonna – code slop detector that runs in the browser

babush.me
2 points·by babush·4 месяца назад·0 comments

Show HN: LLVM-jutsu: Anti-LLM obfuscation pass

github.com
8 points·by babush·7 месяцев назад·0 comments

Show HN: Anki Jam – Anki add-on for looping, pitch-shifting and drilling riffs

github.com
4 points·by babush·7 месяцев назад·0 comments

MCP Job Security Pass

github.com
2 points·by babush·в прошлом году·0 comments

comments

babush
·3 месяца назад·discuss
Mixed feelings about creative work and AI, but if it wasn't for LLMs I would have chosen a different software than Blender for my hobby-level 2D animation. Made a Blender plugin w/ Claude, and it's saving me so much time (:
babush
·8 месяцев назад·discuss
Scanning my messages with my mom is going to give that much extra edge in a war with Russia.

> If you think this time America will save the entire West like in movies

Ugh
babush
·9 месяцев назад·discuss
I never mentioned a computer.
babush
·9 месяцев назад·discuss
"Algorithmic collusion"... If using an algorithm leads to collusion, then choosing to use the algorithm should be considered regular collusion.
babush
·9 месяцев назад·discuss
Can gravity buy out magnetism?
babush
·11 месяцев назад·discuss
Beautiful
babush
·в прошлом году·discuss
Thanks for the comment. Couldn't have said it better. Also, good point about Ticketmaster. One seller, incomparable goods.
babush
·в прошлом году·discuss
I am unsympathetic to people who insist on reducing everything to its market value.

I've heard the arguments they use to justify why they do and they're all hogwash.
babush
·в прошлом году·discuss
I wish there was some SRS-like tool but for learning music.
babush
·в прошлом году·discuss
Thank you for sharing
babush
·в прошлом году·discuss
It's a bit hard to do comparisons without going into threat models and all that _fun_ stuff :shrug:

For example, JS runs in almost every browser on earth too, yet it took V8 devs 2 years to find out that `Math.expm1()` could return -0.0 (https://chromium.googlesource.com/v8/v8.git/+/56f7dda67fdc97...). This is a cherry-picked example, and JS is clearly more complex than WASM, but still.

Just because stuff runs on a lot of devices doesn't mean it's more or less secure.

Linux runs on quite a few devices too, yet we still find bugs, people still don't ship updates to said bugs, yadda yadda yadda.

My point is just that lots of devs often skip the threat modeling and just think "I'll slap it in a WASM thingie an it'll be fine". Well good luck.
babush
·в прошлом году·discuss
I recall Shopify having a seccomp-based jail to run untrusted ruby code. But their use-case was very limited so they can get away with blocking almost every syscall.

Other than that... VMs? The fact that people consider JS/WASM engines good security sandboxes is a bit scary tbf.