Hacker News: bgwalter

New comment by bgwalter in "“Erdos problem #728 was solved more or less autonomously by AI”"

bgwalter — Sat, 10 Jan 2026 00:21:09 +0000

[flagged]

New comment by bgwalter in "“Erdos problem #728 was solved more or less autonomously by AI”"

bgwalter — Sat, 10 Jan 2026 00:04:16 +0000

Professors elsewhere can verify the proof, but not how it was obtained. My assumption was that the focus here is on how "AI" obtains the proof and not on whether it is correct. There is no way to reproduce this experiment in an unbiased, non-corporate, academic setting.

New comment by bgwalter in "Creators of Tailwind laid off 75% of their engineering team"

bgwalter — Wed, 07 Jan 2026 21:51:21 +0000

The FSF also ignored the SaaS revolution. They put out the AGPL but did not really market it or convert FSF projects to it.

New comment by bgwalter in "Creators of Tailwind laid off 75% of their engineering team"

bgwalter — Wed, 07 Jan 2026 20:35:53 +0000

DDT has been banned, cigarettes are all but banned, leaded fuel has been banned. Nuclear energy has been banned in Germany.

The industry wanted all of that and did not get its way after some time. You can ban "AI", make companies respect copyright. You can do all sorts of things.

Since "AI" can only plagiarize, countries that do the above will have an edge (I'm not talking about military applications that can still be allowed or should be regulated like in treaties for nuclear weapons).

New comment by bgwalter in "Sergey Brin's Unretirement"

bgwalter — Wed, 07 Jan 2026 06:25:15 +0000

It is everywhere now. Musk censors his X responses, Grok defends billionaires, the all-in podcast has only positive comments in suspiciously perfect English since a month or so. Previously they allowed criticism.

(And hardly anyone mentions Greenland on X.)

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Mon, 05 Jan 2026 02:20:24 +0000

Modern cryptography should also not allow users to activate a sketchy linked device feature by scanning a QR code:

"Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance."

This is a complete failure of the cryptosystem, worse than the issue of responding in plaintext. You can at least design an email client that simply refuses to send plaintext messages because PGP is modular.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Mon, 05 Jan 2026 00:43:21 +0000

Accidentally replying in plaintext is a user error, scanning a QR code is a user error.

Yet one system is declared secure (Signal), the other is declared insecure. Despite the fact that the QR code issue happened in a war zone, whereas I have not heard of a similar PGP fail in the real world.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Mon, 05 Jan 2026 00:24:51 +0000

People who do not wish to get killed may care.

New comment by bgwalter in "Web development is fun again"

bgwalter — Sun, 04 Jan 2026 19:17:45 +0000

How can I express in a non cynical way that I think LLMs are theft? Even if courts decide in the future that they think it is not, it is still a protected opinion in the same manner that some people do not recognize the overturning of Roe v. Wade.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sun, 04 Jan 2026 18:56:59 +0000

Yes, it is odd that this criticism is only allowed for gpg while worse Signal issues are not publicized here:

https://cloud.google.com/blog/topics/threat-intelligence/rus...

Some Ukrainians may regret that the followed the Signal marketing. I have never heard of a real world exploit that has actually been used like that against gpg.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sat, 03 Jan 2026 06:55:21 +0000

I no longer respond if you use Simple Sabotage Field Manual tactics.

EDIT: The submission was flagged from the front page seconds after this reference.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sat, 03 Jan 2026 06:43:41 +0000

Of course you omit the QR code issue in your response, just like tptacek tried to deflect in the other subthread after his Cryptocat objection was refuted.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sat, 03 Jan 2026 06:27:46 +0000

The tangent explicitly talks about generic messaging services. Whatsapp and Signal have more money than gpg. Thinking about it more, it is not even a tangent, because TFA says:

"Use Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger."

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sat, 03 Jan 2026 03:22:45 +0000

https://en.wikipedia.org/wiki/Cryptocat#Reception_and_usage

"In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work."

So it was used when Snowden was already on the run, other software failed and the communication did not have to be confidential for the long term.

It would also be an indictment of messaging services as opposed to gpg. gpg has the advantage that there is no money in it, so there are unlikely to be industry or deep state shills.

New comment by bgwalter in "The PGP problem (2019)"

bgwalter — Sat, 03 Jan 2026 02:30:36 +0000

How does this help people who are not following this issue regularly? gpg protected Snowden, and this article promotes tools by one of the cryptographers who promoted non-hybrid encryption:

https://blog.cr.yp.to/20251004-weakened.html#agreement

So what to do? PGP by the way never claimed to prevent traffic analysis, mixmaster was the layer that somehow got dropped, unlike Tor.

How much the richest people made in 2025

bgwalter — Fri, 02 Jan 2026 18:21:53 +0000

Article URL: https://qz.com/wealthiest-richest-trillions-billionaires-2025-musk-ellison

Comments URL: https://news.ycombinator.com/item?id=46467699

Points: 3

# Comments: 0

New comment by bgwalter in "Heap Overflow in FFmpeg EXIF"

bgwalter — Thu, 01 Jan 2026 20:05:33 +0000

Google gives a pittance even for full ossfuzz integration. Which is why many projects just have the bare minimum fuzz tests. My original point was that even with these bare minimum tests ossfuzz has found way more than "AI" has.

New comment by bgwalter in "Heap Overflow in FFmpeg EXIF"

bgwalter — Thu, 01 Jan 2026 19:36:33 +0000

It does not matter what purported categories buffer overflows are in when manual fuzzing finds 100 and "AI" finds 5.

If Google gave open source projects $100,000 per year for a competent QA person, it would cost less than this "AI" money straw fire and produce better results. Maybe the QA person would also find the 5 "AI" detected bugs.

New comment by bgwalter in "Heap Overflow in FFmpeg EXIF"

bgwalter — Thu, 01 Jan 2026 19:16:55 +0000

Maybe they should hire Mario Nawfal for their announcements:

""" BREAKING: AI FOUND VULNERABILITY IN FFMPEG!

After decades of human struggle, humans no longer call the shots.

Pwno decided to take the leap. They did not just find a vulnerability---they found a BOMBSHELL! What took developers weeks to write, AI analyzed in SECONDS! """

New comment by bgwalter in "Heap Overflow in FFmpeg EXIF"

bgwalter — Thu, 01 Jan 2026 18:28:12 +0000

This is another drawback of security research, but one that had already existed before "AI" with ossfuzz.

You basically cannot commit in public to the main branch and audit and test everything 3 months before a release, because any error can be picked up, will be publicized and go into the official statistics.