HackerLangs
TopNewTrendsCommentsPastAskShowJobs

qbane

no profile record

Submissions

Porting Btrfs-Progs to Rust

xfbs.net
10 points·by qbane·в прошлом месяце·0 comments

Technical Breakdown: How AI Agents Ignore 40 Years of Security Progress [video]

youtube.com
1 points·by qbane·5 месяцев назад·0 comments

comments

qbane
·12 дней назад·discuss
I pondered for a while, it IS the company I used to know
qbane
·17 дней назад·discuss
> LLMs are as good as almost any security researcher, and anyone can run them.

I wonder what the metrics are. Also, not "anyone", just the affordable.
qbane
·18 дней назад·discuss
You could, but by targeting a specific Electron app the mindset would be much simpler. Just take a look of how many times does the dev behind VS Code decide to upgrade their Electron/Node.js version, and how many breakages due to them.

It is all about unknown unknowns.
qbane
·19 дней назад·discuss
I doubt the benefit. Practically every Electron app on a desktop uses different versions of Chromium and many are very out of date because of the risk of breaking when upgrading.
qbane
·2 месяца назад·discuss
I wish Google can bring back the OG Pixelbook, where "AI" merely means Google Assistant.
qbane
·2 месяца назад·discuss
I realized that my mentioning UUID without v4 was misleading.
qbane
·2 месяца назад·discuss
Okay, sightly more bits than UUID v4. The whole article is merely reasoning "why at least 128 bits are required", and if you smuggle some non-random data inside these bits the entropy can only drop, making it more vulnerable to collision, i.e. inferior to UUID v4.
qbane
·2 месяца назад·discuss
Note that when neither is supplied, the text mode is the default. This is why I said that it is the C library handling the "b" flag.
qbane
·2 месяца назад·discuss
tl;dr we reinvented UUID and it works well
qbane
·2 месяца назад·discuss
It's C library taking care of the "b" part for you according to the article.
qbane
·3 месяца назад·discuss
There is even a table copy-pasted into a paragraph without noticing.

> What’s needed is something different:

> Requirement ptrace seccomp eBPF Binary rewrite Low overhead per syscall No (~10-20µs) Yes Yes Yes [...]
qbane
·3 месяца назад·discuss
null hypothesis bot
qbane
·3 месяца назад·discuss
Reminding me of the Shoelace [0] project, which was rebranded as Web Awesome. The original (v2) repository was then archived.

[0]: https://shoelace.style/
qbane
·3 месяца назад·discuss
The watch is interactive! Nice detail
qbane
·4 месяца назад·discuss
Productivity is finite. If you pivot entirely to the AI stack, you're going to lose bandwidth for everything else. It's an opportunity cost problem.
qbane
·4 месяца назад·discuss
A better example would be to use LLMs to generate passwords or secret keys. Then even if it looks random to human, the inherent bias would make it a security disaster.
qbane
·4 месяца назад·discuss
You can still obfuscate JS heavily and make a VM that executes also obfuscated code calling arbitrary browser APIs. At least In WASM everything is sandboxed so the attack surface is smaller.
qbane
·5 месяцев назад·discuss
cf. Kagi is a good take
qbane
·6 месяцев назад·discuss
Remember: It is a company that keep saying how much production code can be written by AI in xx years, but at the same time recruiting new engineers.
qbane
·6 месяцев назад·discuss
The "source" link at the footer seems to point to the author's GitHub profile, not source repository. The repo under it contains no code either.