Hacker News: Xelynega

New comment by Xelynega in "Guid Smash"

Xelynega — Sun, 17 Aug 2025 17:45:38 +0000

That's not how namespacing works though, is it?

Getting UUID 'A' from app 'X' is easily distinguishable from UUID 'A' from app 'Y'.

New comment by Xelynega in "Guid Smash"

Xelynega — Sun, 17 Aug 2025 17:44:31 +0000

You're glossing over the fact that they assumed youtube would want to assign a UUID to each pixel in a 4k@60fps video as the use case that this would fail for...

New comment by Xelynega in "If you're remote, ramble"

Xelynega — Mon, 04 Aug 2025 03:38:56 +0000

I don't think they're discounting that distrust can be legitimate, they're questioning whether it's useful to distrust somebody when it's not your job to micromanage them or they're providing adequate output.

New comment by Xelynega in "Supabase MCP can leak your entire SQL database"

Xelynega — Wed, 09 Jul 2025 02:02:40 +0000

Going a step further, I live in a reality where you can train most people against phishing attacks like that.

How accurate is the comparison if LLMs can't recover from phishing attacks like that and become more resilient?

New comment by Xelynega in "Supabase MCP can leak your entire SQL database"

Xelynega — Wed, 09 Jul 2025 02:01:37 +0000

Are you not worried that anthropomorphizing them will lead to misinterpreting the failure modes by attributing them to human characteristics, when the failures might not be caused in the same way at all?

Why anthropomorphize if not to dismiss the actual reasons? If the reasons have explanations that can be tied to reality why do we need the fiction?

New comment by Xelynega in "OpenAI slams court order to save all ChatGPT logs, including deleted chats"

Xelynega — Thu, 05 Jun 2025 18:33:19 +0000

> But I would be pretty irritated if the government stepped in and mandated they make my searches public and linkable to me.

Who is calling for this? Are you perhaps taking an absolutist view where "not destroying evidence" is the same as "mandated they make my searches public and linkable to me"? That's quite ridiculous.

New comment by Xelynega in "GitHub MCP exploited: Accessing private repositories via MCP"

Xelynega — Tue, 27 May 2025 07:47:03 +0000

I don't understand your logic. Should security reports never be published that say "hash the password before storing it in the DB". Boring research is boring most of the time, that doesn't make it unimportant, no?

New comment by Xelynega in "The Xenon Death Flash: How a Camera Nearly Killed the Raspberry Pi 2"

Xelynega — Sun, 25 May 2025 06:36:08 +0000

One of the things I'm not looking forward to with people "just throwing it through an LLM for a final pass" is the loss of individual voice.

Everything is starting to sound the same, and it's becoming monotonous

New comment by Xelynega in "Microsoft Teams will soon block screen capture during meetings"

Xelynega — Sat, 10 May 2025 20:00:35 +0000

Yea, this sounds like "Microsoft teams no longer supporting video on Linux and old versions of mac/windows" more than anything

New comment by Xelynega in "Getting forked by Microsoft"

Xelynega — Mon, 21 Apr 2025 16:57:22 +0000

How is compliance as written impossible?

New comment by Xelynega in "Getting forked by Microsoft"

Xelynega — Mon, 21 Apr 2025 16:57:03 +0000

Why?

New comment by Xelynega in "Getting forked by Microsoft"

Xelynega — Mon, 21 Apr 2025 16:52:58 +0000

> I won't use GPL libraries in my code.

Why? Do you also avoid libraries with an even number of consonants in the name?

New comment by Xelynega in "Getting forked by Microsoft"

Xelynega — Mon, 21 Apr 2025 16:48:19 +0000

> I create open source software for the benefit of everyone, for profit or not for profit.

I have the same reasoning as to why I pick the AGPLv3 license as the default for my new projects. I want any benefits from my code to continue to benefit everyone, even if someone is profiting off of it.

New comment by Xelynega in "Top OpenAI Catastrophic Risk Official Steps Down Abruptly"

Xelynega — Thu, 17 Apr 2025 17:39:48 +0000

So the name being wrong means the department should be gutted?

Overly-serious naming is hardly a reason to throw the baby out with the bathwater.

New comment by Xelynega in "Canadian math prodigy allegedly stole $65M in crypto"

Xelynega — Thu, 17 Apr 2025 17:30:05 +0000

What "intended uses" are there for it other than being an unregulated options market with constant scams and a "code is law" tool?

I would imagine any other legitimate use would be served better by traditional database/finance systems.

New comment by Xelynega in "Damn Vulnerable MCP Server"

Xelynega — Thu, 17 Apr 2025 17:23:29 +0000

If you're authenticating the exact same way you would to an HTTP api(put an API key in the config), why does MCP need to exist instead of just plugging in the API key + link to openapi specs in an "Agent API Config"?

I was responding to you saying that the security model is different because servers can be treated as client applications for the security model, but that doesn't make sense for third party servers that you aren't hosting and just sending/receiving data from.

From the client PoV, booking.com could return malicious information to my prompt telling it to do unauthorized things with my computer(e.x. upload banking cookies to a remote endpoint). This doesn't sound secure, and just saying "it's part of the client" doesn't change that.

New comment by Xelynega in "Damn Vulnerable MCP Server"

Xelynega — Wed, 16 Apr 2025 20:26:25 +0000

How will this work when people are talking about third party MCP servers(e.x. booking.com, GitHub, etc.)

New comment by Xelynega in "CVE program faces swift end after DHS fails to renew contract"

Xelynega — Wed, 16 Apr 2025 08:00:23 +0000

Don't open source developers and users of their software also benefit from the CVE database?

If it were privately funded, what incentive would these private companies have to track bugs for these open source projects that don't make money?

New comment by Xelynega in "CVE program faces swift end after DHS fails to renew contract"

Xelynega — Wed, 16 Apr 2025 07:58:45 +0000

Yes, as it would be a public good to everyone to be able to know where the potholes(that aren't profitable to fix for these private companies apparently) are so they can avoid them.

They might take a step back and realize that it would be more cost-effective to just own the roads, in which case your thought experiment ends where we are, because where we are was a place reasoned to(to an extent).

New comment by Xelynega in "Everything wrong with MCP"

Xelynega — Wed, 16 Apr 2025 07:25:51 +0000

> So what? You’re basically claiming that it’ll fail because some companies won’t want to provide too much value for free.

> If GitHub has an MCP server, you’re still paying them to host your code (potentially)

So are you saying that all uses of MCP that rely on data you don't own or pay someone to store are not likely to exist?

I would agree with that point of view, but I'm not sure you do even though you are the one sharing it.