HackerTrans
TopNewTrendsCommentsPastAskShowJobs

babush

no profile record

Submissions

Show HN: Xr – Ripgrep for Binary Xrefs

github.com
4 points·by babush·4 tháng trước·0 comments

Show HN: Nonna – code slop detector that runs in the browser

babush.me
2 points·by babush·4 tháng trước·0 comments

Show HN: LLVM-jutsu: Anti-LLM obfuscation pass

github.com
8 points·by babush·7 tháng trước·0 comments

Show HN: Anki Jam – Anki add-on for looping, pitch-shifting and drilling riffs

github.com
4 points·by babush·7 tháng trước·0 comments

MCP Job Security Pass

github.com
2 points·by babush·năm ngoái·0 comments

comments

babush
·3 tháng trước·discuss
Mixed feelings about creative work and AI, but if it wasn't for LLMs I would have chosen a different software than Blender for my hobby-level 2D animation. Made a Blender plugin w/ Claude, and it's saving me so much time (:
babush
·8 tháng trước·discuss
Scanning my messages with my mom is going to give that much extra edge in a war with Russia.

> If you think this time America will save the entire West like in movies

Ugh
babush
·9 tháng trước·discuss
I never mentioned a computer.
babush
·9 tháng trước·discuss
"Algorithmic collusion"... If using an algorithm leads to collusion, then choosing to use the algorithm should be considered regular collusion.
babush
·9 tháng trước·discuss
Can gravity buy out magnetism?
babush
·11 tháng trước·discuss
Beautiful
babush
·năm ngoái·discuss
Thanks for the comment. Couldn't have said it better. Also, good point about Ticketmaster. One seller, incomparable goods.
babush
·năm ngoái·discuss
I am unsympathetic to people who insist on reducing everything to its market value.

I've heard the arguments they use to justify why they do and they're all hogwash.
babush
·năm ngoái·discuss
I wish there was some SRS-like tool but for learning music.
babush
·năm ngoái·discuss
Thank you for sharing
babush
·năm ngoái·discuss
It's a bit hard to do comparisons without going into threat models and all that _fun_ stuff :shrug:

For example, JS runs in almost every browser on earth too, yet it took V8 devs 2 years to find out that `Math.expm1()` could return -0.0 (https://chromium.googlesource.com/v8/v8.git/+/56f7dda67fdc97...). This is a cherry-picked example, and JS is clearly more complex than WASM, but still.

Just because stuff runs on a lot of devices doesn't mean it's more or less secure.

Linux runs on quite a few devices too, yet we still find bugs, people still don't ship updates to said bugs, yadda yadda yadda.

My point is just that lots of devs often skip the threat modeling and just think "I'll slap it in a WASM thingie an it'll be fine". Well good luck.
babush
·năm ngoái·discuss
I recall Shopify having a seccomp-based jail to run untrusted ruby code. But their use-case was very limited so they can get away with blocking almost every syscall.

Other than that... VMs? The fact that people consider JS/WASM engines good security sandboxes is a bit scary tbf.