HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thombles

no profile record

Submissions

Tangled: Our €3,8M seed round

blog.tangled.org
12 points·by thombles·4 tháng trước·7 comments

RSS Guard v5.0.0

github.com
1 points·by thombles·4 tháng trước·0 comments

Experiments with Memory Integrity Enforcement

octet-stream.net
3 points·by thombles·7 tháng trước·0 comments

Bureau of Meteorology ordered to fix new website after torrent of complaints

abc.net.au
6 points·by thombles·9 tháng trước·0 comments

Polish top-performing language for complex AI tasks, finds study

notesfrompoland.com
2 points·by thombles·9 tháng trước·1 comments

Microsoft begins turning off uBlock Origin and other extensions in Edge

neowin.net
787 points·by thombles·năm ngoái·514 comments

comments

thombles
·9 ngày trước·discuss
Be cautious if you're using large databases on iOS. At least until fairly recently, iOS doesn't page dirty mmaped pages back to disk and after enough churn the app will OOM.
thombles
·9 ngày trước·discuss
One day Quinn will retire and Apple had better have a succession plan.
thombles
·14 ngày trước·discuss
I’m curious how a workplace ends up with a model policy like this. It seems like you’d spend more time trying to work out how to use a tiny number of Opus tokens than doing it yourself.
thombles
·21 ngày trước·discuss
Alas. Loved his work on Major Stryker.
thombles
·26 ngày trước·discuss
A low-risk way to dip your toes in is to email a blogger to say that you enjoyed their post or that you found it helpful. The message doesn’t have to have useful information in it, just be sincere. Per OP, often there won’t be a reply but also often it’s much appreciated - particularly by non-mainstream writers.
thombles
·26 ngày trước·discuss
There are already on-device models that you can use through this framework as a developer. Claude would just be an additional one.
thombles
·tháng trước·discuss
That's my initial experience, yes. It's hard to compare these things cleanly of course. I went through several new contexts on GPT and it just couldn't get traction -- it became hard to keep it focused on "yes there's clearly a race but what actual persistent state got broken"? It just wanted to change the thread priorities so that the problem didn't occur and kept doubling down on that as the solution. Opus made some missteps too but it responded well to my corrections - 2 or 3 significant ones along the way - and it was prepared to keep digging on my exact goal until it found the real issue.
thombles
·tháng trước·discuss
Today I was a few hours into chasing down a very tricky timing-dependent bug with GPT 5.5 and we were starting to go into circles. I noticed Opus 4.8 had showed up in GitHub Copilot so I switched over and pointed it at my notes so far. Another hour of steady progress and it tracked it down to some missing synchronisation in an upstream library which was occasionally corrupting a linked list. N=1 but worth every one of those rather expensive 15x requests today. 15x... yeah.
thombles
·2 tháng trước·discuss
As one of those commenters on the previous post - yep, that theory appears to have been comprehensively trounced. Unless anything comes to light that mythos was applied poorly to curl, the evidence suggests that it’s not uniquely effective vs other AI-assisted approaches. I’ll be interested to see what’s reported in the next curl release.
thombles
·2 tháng trước·discuss
We will see. As for "testing that could have been done before", Mozilla's posts indicate otherwise. Use of Opus 4.6 led to 22 security-sensitive bugs vs Mythos' 271 (https://blog.mozilla.org/en/privacy-security/ai-security-zer...). They already had the methodology in place when the more powerful model came along (https://hacks.mozilla.org/2026/05/behind-the-scenes-hardenin...):

> Once the end-to-end pipeline is in place, it’s trivial to swap in different models when they become available. Building this pipeline early helped us find a number of serious bugs using publicly-available models, and it also helped us hit the ground running when we had the opportunity to evaluate Claude Mythos Preview. In our experience, model upgrades increase the effectiveness of the entire pipeline: the system gets simultaneously better at finding potential bugs, creating proof-of-concept test cases to demonstrate them, and articulating their pathology and impact.
thombles
·2 tháng trước·discuss
The question is how many security vulnerabilities are actually left in the code after all the recent AI attention. Either Mythos is a nothingburger, or it's substantially more powerful but there's nothing left to do. Even a large amount of C can be correct eventually. Curl has the _potential_ to become a good data point maybe 6-12 months from now - if researchers and new tools find many more vulnerabilities then Mythos is proved to be hype. If they don't, then maybe Mythos is overkill for today's curl and its capabilities are better deployed elsewhere (like Firefox, apparently).
thombles
·2 tháng trước·discuss
Curl simply isn't a good data point. It's one of the most picked-over codebases in existence with extensive security testing practices. All the researchers using not-quite-Mythos models have had plenty of time to report bugs up to this point. Daniel may be right that Mythos hasn't been a game changer for curl but the preconditions are different for virtually any other codebase. Perhaps the real marketing here is his own modesty about curl's maturity.
thombles
·2 tháng trước·discuss
The answer is in the next sentence: "Bun owns its event loop and syscalls." They clearly want to manage their use of threads explicitly, which is not _unusual_ for systems programming but probably less common. Note that `rayon` is different from most of these in that it has nothing to do with async Rust - it's a tool for spreading computation over a thread pool, very popular in non-async projects, but it would also go against their goals here.
thombles
·2 tháng trước·discuss
Is the poster maybe confusing bandwidth (range of frequencies over which a single board can work) with bandwidth (data transfer speeds in bits per second)?
thombles
·2 tháng trước·discuss
I saw this the other day and was pretty confused - I prefer to write my own commit messages and wondered if I’d accidentally let the AI do it this time. Nope, just MS changing things behind my back. Sigh.
thombles
·2 tháng trước·discuss
I didn’t read this as a flex. More a rueful admission of his connection/addiction to GitHub.
thombles
·3 tháng trước·discuss
It's a meaningful difference for SaaS. Most likely an attacker doesn't have access to your running binary let alone source code, and if they probe it like a pentester would it will be noisy and blocked/flagged by your WAF.
thombles
·3 tháng trước·discuss
Microsoft could tone it down a bit (especially all the full screen harassment after windows updates) but I wonder how many casual users have had their bacon saved precisely because their documents and desktop got pushed to the cloud?
thombles
·3 tháng trước·discuss
It’s super hostile. I realised I was going to press it by accident eventually so I switched to Fossify Gallery before I did.
thombles
·3 tháng trước·discuss
It doesn’t? I use the OneDrive app for scanning documents all the time. + button then “Capture”