HackerTrans
TopNewTrendsCommentsPastAskShowJobs

guessmyname

7,876 karmajoined 11 năm trước

Submissions

Go (golang) Report Card project/service was archived on Jul 1, 2026

github.com
2 points·by guessmyname·10 ngày trước·0 comments

Real-time Exchange and Office pipeline health, SLAs, incidents, and builds

autobops-dashboard.azurewebsites.net
3 points·by guessmyname·13 ngày trước·0 comments

Visa Vulnerability Agentic Harness for Project Glasswing

github.com
3 points·by guessmyname·tháng trước·0 comments

July 13, 2026 Certificate update for Microsoft 365 apps on macOS/iOS devices

learn.microsoft.com
1 points·by guessmyname·tháng trước·0 comments

Nightmare Eclipse: RoguePlanet Windows Defender race condition to SYSTEM shell

deadeclipse666.blogspot.com
4 points·by guessmyname·tháng trước·0 comments

Microsoft Hacked to Deliver Malware to Claude and Gemini Users

404media.co
19 points·by guessmyname·tháng trước·0 comments

rootshell: macOS terminal emulator built with libghostty with powerful features

rootshell.com
3 points·by guessmyname·tháng trước·0 comments

[hand-drawn] recipes for laid-back engineers

leontrolski.github.io
3 points·by guessmyname·2 tháng trước·0 comments

Have I Been Pwned: Colombian fintech company leaks 34.5M accounts in March 2026

haveibeenpwned.com
4 points·by guessmyname·2 tháng trước·0 comments

生き甲斐 (ikigai) “a reason for being”

en.wikipedia.org
3 points·by guessmyname·3 tháng trước·0 comments

HIPPO Turns One Master Password Into Many Without Storing Any

spectrum.ieee.org
2 points·by guessmyname·3 tháng trước·1 comments

Anthropic left details of an unreleased model sitting in an unsecured data trove

fortune.com
3 points·by guessmyname·4 tháng trước·0 comments

Big Sleep Tracker: Google Project Zero + Google DeepMind find security bugs

issuetracker.google.com
2 points·by guessmyname·4 tháng trước·0 comments

Vibe Security Radar – Tracking the security cost of vibe coding

vibe-radar-ten.vercel.app
1 points·by guessmyname·4 tháng trước·1 comments

[untitled]

1 points·by guessmyname·5 tháng trước·0 comments

Fix macOS 26 (Tahoe) exaggerated rounded corners

github.com
56 points·by guessmyname·6 tháng trước·42 comments

comments

guessmyname
·4 giờ trước·discuss
For over a decade, I imagined that if I ever landed a job at Google, this would be my most significant project. It made me chuckle a bit when I read the announcement, they finally built it! confirming that my thoughts weren’t entirely delusional XD
guessmyname
·20 giờ trước·discuss
Anthropic develops at least two command line interfaces (CLI’s):

• (ant) https://github.com/anthropics/anthropic-cli

• (claude) https://github.com/anthropics/claude-code
guessmyname
·Hôm kia·discuss
[dead]
guessmyname
·Hôm kia·discuss
FYI — the so-called “exploit” was simply a publicly-accessible URL that allowed him to download a handful of files, that’s why they write “dozens” and not “hundreds”, if anything it was only a couple of files (±26 or so) from the same URL which was pointing to a particular folder in the cloud.
guessmyname
·Hôm kia·discuss
Pudding Monsters (2012) [1][2], vibe-slop version, yes?

[1] https://en.wikipedia.org/wiki/Pudding_Monsters

[2] https://www.nintendo.com/store/products/pudding-monsters-swi...
guessmyname
·3 ngày trước·discuss
> Generate an SVG of a pelican riding a bicycle

Out of curiosity, what do you or anyone else expects to get from this prompt?

I understand that this is your signature style, one of the reasons you’re recognized in the community, along with the prompt injection term (https://simonwillison.net/series/prompt-injection/). Initially, I found it hilarious, but the more I see it, the less I understand the purpose. I’m wondering if any SVG expert in the community could create the SVG you expect to see, so we can compare it with the output of these models you test. Of course, I know that creating such a perfect SVG will eventually leak into the training of new models, rendering your prompt useless. But at least you’ll be able to move on to something more amusing than a pelican riding a bicycle?
guessmyname
·5 ngày trước·discuss
Why Italian Americans instead of just normal Italian? Aren’t Italian Americans just regular Italians? Or are you asking about the customs of Americanized Italian families or people who were born and raised in America but with Italian ancestry?
guessmyname
·9 ngày trước·discuss
I didn’t claim to have 10+ YoE; I said that most of the people in Project Glasswing are security researchers with 10+ YoE (avg).

> Its very hard to understand what you're saying with the comment

Yes, fair enough. I’m simply trying to shed some light on what goes on behind the scenes without disclosing too much information to avoid breaching the NDA(s) that all Project Glasswing users have signed. There’s a lot of speculation about the usefulness of Mythos as a security tool, so much so that even the US government got involved. Honestly, it’s so absurd that I can’t even express it in words. I thought that sharing a bit about how frustrating it is to work within this project, trying to secure software that literally millions of people around the planet use on a daily basis, while virtually everyone outside of it criticizes every move you make, would be helpful.

Many people I work with recognize the power of Mythos, just like any other model with a similar number of parameters, but most of the people I interact with agree that it’s not the ultimate panacea. I believe that it’s just vocal minorities scaring everyone into thinking that the model is some kind of cybernetic weapon.
guessmyname
·9 ngày trước·discuss
We (Project Glasswing users) follow a proof-of-concept approach. We create the exploit and verify that it behaves as the AI claims. Given our experience as security engineers (many of us with 10+ YoE) we don’t simply report every critical bug Mythos claims to have found. We verify each one carefully.

At least, that’s what most of the high-visibility users in Project Glasswing are doing.

There are bad apples everywhere, and this initiative is no exception.

If it makes you feel any better, many of us regularly meet to stay calibrated and hold each other accountable, so I’m confident in the quality of the work produced by this particular group of employees across some of the partner companies mentioned in the article.

That said, I know several people who blindly report everything Mythos finds, which is foolish, especially since the harness is a critical part of the project's quality metrics. Some of the harnesses I’ve tested are quite weak, which leads to poor results.

For example, yesterday morning I was pulled into an ad hoc meeting where a CVP was grilling me about several supposedly critical bugs that my team had reported against one of the core components of iCloud. I was genuinely surprised because we’re very strict about validation. We often even downgrade the severity of bugs when our harness can’t prove what Mythos found. After reading the reports, I realized they weren’t ours. They came from another team that had recently been given access to Mythos. They built their own harness and were using different vulnerability criteria. Fortunately, they had only started earlier this week, so I was able to stop that work.

That incident showed that not everyone involved in Project Glasswing follows the same standards. Most people do their best, but priorities differ, so it’s expected that you’ll find a few bad apples.

I wish AI labs would stop the theatrics and release their models without restrictions, but I also recognize that’s not the world we live in. For every person who wants to use these technologies for good, there are many others who would use them for harm.

In any case, while I agree that some experiments contain genuine noise, the CVE count is real.
guessmyname
·10 ngày trước·discuss
“reject” implies an active action. Instead, I would simply ignore the resume and focus on other candidates.

There’s also the fact that some, if not all, of the jobs listed in this gentleman’s work history seem to be short-term stints of 1-2 years. While this is quite common in the American tech industry, it’s still a red flag.

I can’t help but wonder what drives tech workers to switch jobs so frequently throughout their careers. Keep in mind that I come from Japan, where the culture is that you join a company for life. For many years, I believed the only justification for this contrasting approach in America was that tech professionals are highly aggressive about negotiating their salaries, leading them to move between companies as soon as they secure a better deal. It makes sense, considering that we’re all essentially selling our time to companies that make significantly more money by selling the products we create.

However, it still feels a bit strange … 文化の違う
guessmyname
·10 ngày trước·discuss
It’s real → https://x.com/github/status/2072801888525840476

OP should have used the shortened, more official-looking, link: https://gh.io/cd
guessmyname
·10 ngày trước·discuss
Indeed. They are using “claude-sonnet-4-6“ so it will cost some money.
guessmyname
·10 ngày trước·discuss
There are many out there, depends on what you need them for:

• https://huggingface.co/huihui-ai/Huihui-GLM-5.2-abliterated-...

• https://huggingface.co/huihui-ai/Huihui-Kimi-K2.5-BF16-ablit...

• https://huggingface.co/huihui-ai/Huihui-Qwen3.5-397B-A17B-ab...

• https://huggingface.co/huihui-ai/Huihui-DeepSeek-V4-Flash-ab...

• https://huggingface.co/huihui-ai/Huihui-Qwen3-VL-235B-A22B-I...

• https://huggingface.co/huihui-ai/Huihui-Qwythos-9B-Claude-My...

• … so on and so forth.
guessmyname
·10 ngày trước·discuss
As a Mythos user (I’m part of Project Glasswing), I would say that abliterated models [1][2] produce similar, if not identical, results. While good prompting and steering won’t give Claude Opus 4.8 the same capabilities as Mythos (preview 1), using abliterated models (if you have the computational power to run the larger ones) will get you close to the same goals as people who have access to Mythos (preview 1) [3].

[1] https://huggingface.co/search/full-text?q=abliterated&type=m...

[2] https://webdecoy.com/blog/wtf-are-abliterated-models-uncenso...

[3] I specifically refer to “preview 1” because the newer versions (Fable 5 / Mythos 5) don’t appear to offer the same level of freedom as the very first version that I was able to use through Project Glasswing. This is one of the reasons why I continue running our massive security scans with “preview 1”, or at least I was running them until June 30, when the program’s policy changed.
guessmyname
·10 ngày trước·discuss
> I think there will be a cottage industry of porting every Mac menu bar utility to Claude.

As long as those native (Objective-C / Swift) menu bar apps are ported as native (Go, Rust, Zig, etc.) binaries for Agent CLI(s) like Claude Code or Codex CLI to use, instead of JavaScript, as this project is written, then the broader community of Agent CLI users will be fine. Otherwise, it will be another nightmare induced by JavaScript.
guessmyname
·19 ngày trước·discuss
Indeed → https://www.levels.fyi/companies/facebook/salaries

• Engineer (E3, entry level) $248.2K avg ∴ https://www.levels.fyi/companies/facebook/salaries/software-...

• Engineer (E5, senior level) $629.8K avg ∴ https://www.levels.fyi/companies/facebook/salaries/software-...

• Engineer (E7, principal) $1.69M avg ∴ https://www.levels.fyi/companies/facebook/salaries/software-...

• Engineer (E9, distinguished) $6.09M avg ∴ https://www.levels.fyi/companies/facebook/salaries/software-...

And so on with other roles, as you can see on that page.
guessmyname
·20 ngày trước·discuss
This Ventoy? → https://github.com/ventoy/Ventoy
guessmyname
·27 ngày trước·discuss
It’s also a good way to increase the attack surface of a service. The more connecting points/components you have, the harder it is to secure, and the easier it is to hack.
guessmyname
·30 ngày trước·discuss
I think the industry is optimizing for the wrong thing. Generating thousands of AI-written bug reports is easy, at least with Mythos (preview 1) or GPT-5.5. Getting bugs fixed is the hard part.

A few months ago I started working on a system that finds critical security issues and opens PRs instead of just filing reports. The acceptance rate is sitting at roughly 94% so far. Most of the failures were due to project-specific kill switches or other internal mechanisms that weren’t documented, not because the vulnerability itself was misidentified.

Developers generally seem to prefer this approach. A bug report creates work. A good PR removes work. That sounds obvious, but a lot of security products still stop at the report and call it a day.
guessmyname
·30 ngày trước·discuss
Nice! I know it’s built with an LLM and that a vocal minority on this site doesn’t seem to like that for some reason, but personally I’m really enjoying the new interactive web experiences that younger developers are shipping to the internet every day. Thanks for sharing, and out of curiosity, what prompts did you use?