Hacker News: HALtheWise

New comment by HALtheWise in "GPT-2: Too Dangerous To Release (2019)"

HALtheWise — Tue, 09 Jun 2026 20:01:54 +0000

Say hypothetically that they were concerned that GPT models would see widespread abuse, for example by students cheating on homework assignments, in a way that could cause likely-irreversible societal changes some of which are harmful. Can we confidently say they were wrong?

New comment by HALtheWise in "Go: Support for Generic Methods"

HALtheWise — Thu, 28 May 2026 19:18:07 +0000

Sorta, but it's important for the calling convention that the compiler is consistent on what is done at compiletime vs runtime. Because methods are "normal functions" for the calling convention (and can be assigned to function-typed variables), there would be a lot of gymnastics required for the compiler to make runtime-generated variants of methods work.

New comment by HALtheWise in "Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised"

HALtheWise — Wed, 20 May 2026 18:12:27 +0000

I wonder if npm could run a program where package uploads are automatically delayed for ~10min while they get distributed to an ecosystem of third-party code auditing companies for automatic checks. You could have a public leaderboard of which auditors detect problems fastest and most reliably, or even monetary compensation.

New comment by HALtheWise in "PyInfra 3.8.0"

HALtheWise — Tue, 05 May 2026 21:12:02 +0000

This is exactly what the Starlark language was developed to solve, initially for Bazel but also used other places. It's a "full scripting language" but intentionally doesn't (in default configuration) support recursion or unbounded loops, so is deterministic and bounded execution time. I really wish more projects would reach for it as a configuration language.

https://github.com/bazelbuild/starlark

New comment by HALtheWise in "California to begin ticketing driverless cars that violate traffic laws"

HALtheWise — Sun, 03 May 2026 13:49:41 +0000

> Not to mention that trains are far safer than automobiles too.

This claim is situationally true, but not universally so like many people seem to believe. For example, Brightline rail service in Florida has been operating since 2017 and averages (by my math) 29.8 deaths / 100M passenger-miles, while the road system in Florida averages 0.89 deaths / 100M passenger-miles. Those deaths are mostly not suicides, and imo we should treat pedestrian deaths from trains as substantially more morally weighty than passenger deaths, since it's a victim that didn't opt-in to the risk.

For what it's worth, the unusual spike in Spain train crashes this year seems to have pushed them barely over the fatality numbers of Spanish cars (0.91 deaths/100M pax-mi vs 0.73 for cars) but that's pretty clearly an outlier.

If you measure per vehicle-mile rather than per passenger-mile I'm pretty sure trains are always way more dangerous, although that's a less fair comparison.

New comment by HALtheWise in "California to begin ticketing driverless cars that violate traffic laws"

HALtheWise — Sun, 03 May 2026 13:28:04 +0000

In the context of this thread, it's worth pointing out that "trying to deceive regulators" is quite normal behavior for individual human drivers involved in car incidents, and iirc the Cruise collision itself also involved a human driver performing a hit-and-run who didn't afaict ever get prosecuted or come forward to police.

New comment by HALtheWise in "Lunar Flyby"

HALtheWise — Wed, 08 Apr 2026 18:35:34 +0000

Tangentially related, but there's a bunch of extremely high-resolution panorama images from the Apollo landings available at this site, for anyone who enjoys this sort of thing. https://www.lpi.usra.edu/resources/apollopanoramas/

New comment by HALtheWise in "Project Glasswing: Securing critical software for the AI era"

HALtheWise — Wed, 08 Apr 2026 06:56:04 +0000

They successfully built local privilege escalation exploits (from several bugs each), and found other remotely-accessible bugs, but were not able chain their remote bugs to make remotely-accessible exploits.

New comment by HALtheWise in "Using go fix to modernize Go code"

HALtheWise — Wed, 18 Feb 2026 01:33:08 +0000

Not even mentioned in the article, my favorite capability is the new `//go:fix inline` directive, which can be applied to a one-line function to make go fix inline it's contents into the caller.

That ends up being a really powerful primitive for library authors to get users off of deprecated functions, as long as the old semantics are concisely expressible with the new features. It can even be used (and I'm hoping someone makes tooling to encourage this) to auto-migrate users to new semver-incompatible versions of widely used libraries by releasing a 1.x version that's implemented entirely in terms of thin wrappers around 2.x functions and go fix will automatically upgrade users when they run it.

New comment by HALtheWise in "Waymo robotaxi hits a child near an elementary school in Santa Monica"

HALtheWise — Fri, 30 Jan 2026 06:49:57 +0000

Do we even know that the child was injured? All I've seen anyone officially claim is that the Waymo made contact, the kid fell over, then stood up and walked to the side of the road. Assuming the Waymo was still braking hard, 6mph means it was about 1/4s and about 30cm from reaching a full stop, so it could be a very minor incident we're talking about here.

I'm not aware of any statistics for how often children come into contact with human-driven cars.

New comment by HALtheWise in "Threat actors expand abuse of Microsoft Visual Studio Code"

HALtheWise — Fri, 23 Jan 2026 01:50:14 +0000

Your expectation is wrong in this case for almost all languages. The design of Pylance (as is sorta forced by Python itself) chooses to execute Python to discover things like the Python version, and the Python startup process can run arbitrary code through mechanisms like sitecustomize.py or having a Python interpreter checked into the repo itself. To my knowledge, Go is one of the few ecosystems that treats it as a security failure to execute user-supplied code during analysis tasks, many languages have macros or dynamic features that basically require executing some amount of the code being analyzed.

New comment by HALtheWise in "Games using anti-cheats and their compatibility with GNU/Linux or Wine/Proton"

HALtheWise — Tue, 02 Dec 2025 01:48:26 +0000

I did a pretty deep dive into this recently, although haven't yet started any implementation work. As far as I can tell, the best strategy that preserves Linux's open-source and user-empowering ideals as much as possible:

- The game obviously needs to run as root, at least until large amounts of this stuff gets upstreamed into the kernel.

- We're going to be leaving the kernel and boot as untrusted, but injecting a hypervisor underneath the running kernel that is responsible for protecting most pages of game memory. This allows users to still run whatever kernel they want.

- The hypervisor sets up two sets of page tables, one that's only active when the game's thread is running and in userspace, one that hides protected pages and is active when the kernel or other threads are running. Note that game code itself needs to get decrypted into protected ram.

- The TPM of the system gets involved when we jump into the hypervisor to attest that the hypervisor is actually running, and the hypervisor then provides attestations to userspace that certain memory regions are protected from kernel or other thread access.

- Any syscalls will fail if they require the kernel to read or write pages that are protected. The game needs to allocate data that should be shared with the kernel into non-protected pages.

- When the game is closed, we can remove the hypervisor and Linux will be back to bare metal operation. This should be unobservable to the rest of the system.

This architecture preserves the ability of users to run arbitrary kernel modules, but does mean a hypothetical attacker can observe data that passes through the kernel (like draw calls/pixels). It's likely that a more complete implementation would also want some way for the hypervisor to attest to the accuracy of keyboard/mouse input and interface with iommu configuration like Windows KAC does.

New comment by HALtheWise in "Rivian's TM-B electric bike"

HALtheWise — Thu, 23 Oct 2025 15:55:41 +0000

Doing some quick math, if your bike is using 3kw to climb a reasonably steep (15% grade) hill at 8mph, we can calculate the weight it must be carrying, which ends up being about 1,200lbs

To answer your question, the limit on motor power exists as a proxy for limiting the weight, speed, and acceleration of ebikes within safe limits, since having an ebike charging uphill at 20mph with 500lbs of payload would present actual safety risks. Trying to regulate payload/speed/slope combinations directly has practical problems (police officers don't really want to stop delivery drivers to weight their cargo), while regulating motor power is much simpler.

New comment by HALtheWise in "The Spilhaus Projection: A world map according to fish"

HALtheWise — Mon, 20 Oct 2025 08:11:40 +0000

A friend of mine created something similar using a numerical optimization based approach to minimize distortion. He also made the artistic choice to split the water between Australia and Asia to get even lower distortion. See Elastic II here:

https://kunimune.blog/2023/12/29/introducing-the-elastic-pro...

New comment by HALtheWise in "Unbound Academy hasn’t replaced teachers with AI"

HALtheWise — Wed, 01 Oct 2025 21:06:23 +0000

There's a lengthy, and quite good, deep-dive into Alpha School by a current parent here, for anyone interested. Spoiler, "AI" isn't that big a portion of what they're doing, but some of their insights and systems around student motivation are actually interesting and very effective.

https://www.astralcodexten.com/p/your-review-alpha-school

New comment by HALtheWise in "Go has added Valgrind support"

HALtheWise — Wed, 24 Sep 2025 07:01:15 +0000

Feeding random inputs to a crypto function is not guaranteed to exercise all the weird paths that an attacker providing intentionally malicious input could access. For example, a loop comparing against secret data in 32 bit chunks will take constant time 99.99999999% of the time, but is still a security hole because an attacker learns a lot from the one case where it returns faster. Crypto vulnerabilities often take the form of very specifically crafted inputs that exploit some mathematical property that's very unlikely from random data.

New comment by HALtheWise in "The Evolution of Caching Libraries in Go"

HALtheWise — Thu, 03 Jul 2025 17:46:15 +0000

The original groupcache is basically unmaintained, but there's at least two forks that have carried on active development and support additional nice features (like eviction), and should probably be preferred for most projects.

https://github.com/groupcache/groupcache-go

New comment by HALtheWise in "Jjui – A Nice TUI for Jujutsu"

HALtheWise — Tue, 27 May 2025 01:56:16 +0000

I highly recommend revup, it allows managing and uploading stacked (or arbitrary trees of) PRs to Github, including adding a comment that shows approximate revision-to-revision diffs if you want it to. I don't actually think that per-commit reviewing obviates the desire for stacked PRs, for example I often have some PRs in my stack that are not yet ready for review or merging.

https://github.com/Skydio/revup

New comment by HALtheWise in "Raspberry Pi Lidar Scanner"

HALtheWise — Sun, 20 Apr 2025 05:58:53 +0000

I believe it's a 360deg planar lidar mounted on a vertical plane, with a motor to rotate it around and slowly cover a full 4pi sphere. There's also a fisheye camera integrated in. This is a pretty common setup for scanning stationary spaces (usually tripod mounted)

New comment by HALtheWise in "Raspberry Pi Lidar Scanner"

HALtheWise — Sun, 20 Apr 2025 05:56:46 +0000

Do you have other sensors in the same price range that you'd recommend instead for most uses? How much accuracy improvement would you expect?