Hacker News: PlasmaPower

New comment by PlasmaPower in "FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack"

PlasmaPower — Sat, 23 May 2026 04:41:26 +0000

They have a similar command for the Arch Linux forum, where beginners are encouraged to ask questions

New comment by PlasmaPower in "Waymo updates 3,800 robotaxis after they 'drive into standing water'"

PlasmaPower — Fri, 15 May 2026 21:06:21 +0000

Maybe you don't drive into flood waters, but your Uber driver might, and that's what Waymo is trying to replace, not your personal driving.

In that context I think comparing it to the average human driver makes a lot of sense, because even if you personally are an even better driver, or even if human drivers are better at some specific things, we have more than enough data to show that Waymo reduces accident rates overall in their current rollout.

New comment by PlasmaPower in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

PlasmaPower — Sat, 09 May 2026 00:41:06 +0000

You're probably right, but that seems like the less important part of this. At that point you've already got an out-of-bounds write. Another comment speculated that you could use PageJack as an alternative exploit path once you have that primitive: https://news.ycombinator.com/item?id=48069623

New comment by PlasmaPower in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

PlasmaPower — Fri, 08 May 2026 22:38:43 +0000

"static analysis" is usually deterministic rules you can e.g. put in CI. AI is also somewhat dynamic in that it can execute commands to try stuff out. The best AI vuln finding harnesses work that way, by essentially putting the AI inside of a fuzzer-like environment and telling it to produce a crash.

New comment by PlasmaPower in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

PlasmaPower — Fri, 08 May 2026 22:14:27 +0000

If static analysis could actually find these issues with a reasonable false positive rate, the companies behind them would be running them on Linux to get the publicity of having found the issues like all the AI companies are doing now. Imo the good static analysis heuristics are already built into compilers or in open source linters.

New comment by PlasmaPower in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

PlasmaPower — Fri, 08 May 2026 21:48:10 +0000

No, you can grant yourself this inside an unprivileged user namespace. `unshare -Ur capsh --print` lists the capabilities inside a user namespace and demonstrates that it has both CAP_SYS_ADMIN and CAP_NET_ADMIN.

Almost all distros allow unprivileged user namespaces, and in my opinion this is the right decision, because they're important for browser sandboxing which I think is more important than LPEs.

New comment by PlasmaPower in "Costco sued for seeking refunds on tariffs customers paid"

PlasmaPower — Sun, 05 Apr 2026 12:52:03 +0000

It's not like Costco told them that. Buying something because a third party misinformed you (or in this case, was only temporarily right) doesn't invalidate the transaction.

New comment by PlasmaPower in "Tell HN: Anthropic no longer allowing Claude Code subscriptions to use OpenClaw"

PlasmaPower — Sat, 04 Apr 2026 02:37:08 +0000

Yes, but very few people are actually doing that compared to OpenClaw. If everyone else was doing that, they'd be cracking down on it too.

New comment by PlasmaPower in "Please do not A/B test my workflow"

PlasmaPower — Sat, 14 Mar 2026 13:59:05 +0000

Why do you think it doesn't have understanding of semantics? I think that was one of the first things to fall to LLMs, as even early models interpreted the word "crashed" differently in "I crashed my car" and "I crashed my computer", and were able to easily conquer the Winograd schema challenge.

New comment by PlasmaPower in "Agent Safehouse – macOS-native sandboxing for local agents"

PlasmaPower — Sun, 08 Mar 2026 21:21:17 +0000

Why not? They're definitely not perfect security boundaries, but neither are VMs. I think containers provide a reasonable security/usability tradeoff for a lot of use cases including agents. The primary concern is kernel vulnerabilities, but if you're keeping your kernel up-to-date it's still imo a good security layer. I definitely wouldn't intentionally run malware in it, but it requires an exploit in software with a lot of eyes on it to break out of.