<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: bkallus</title><link>https://news.ycombinator.com/user?id=bkallus</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Mon, 06 Jul 2026 06:48:06 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=bkallus" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by bkallus in "Professor denounces mass AI fraud on an exam at Brown"]]></title><description><![CDATA[
<p>I have seen it firsthand in the CS department here at Dartmouth. It is bad.<p>We're currently designing a new intro systems curriculum, and we're thinking of it as an adversarial problem. That is, we're designing the course to ensure that a student optimizing for the best grade per unit work still meets our learning objectives. That means, as everyone else is saying, paper exams, but also 1-on-1 interviews to check that students understand each assignment they turn in. These interviews feature both factual questions ("You're using this macro from that library. What does it do?", "Please describe what this function does and how it works.") and conceptual questions ("Why is this code structured this way instead of $whatever?", "How else did you try solving this?", etc.) This doesn't stop students from generating code, but at least they have to understand that code in detail.<p>This is not as good as writing the code yourself, but how much worse is it? For math classes, this gap is gigantic. Obviously, understanding someone else's proof is much easier than writing your own. For programming classes, I think (without evidence) that the gap is somewhat smaller.<p>My experience from the past is that when this kind of evaluation is made clear up front, the students know what to expect and either do fine or drop the class in the first week. If you start with take-home exams and then spring paper exams on them halfway through the course, then half the class is cheating and won't be able to recover, as we read in the article.<p>In general, our students are somewhat motivated by an abstract desire to learn, but are much more motivated by grades. If there exists a straightforward path through your course that leads to a good grade without doing much work, most students will take it. (Our undergrads' course review website is literally called "Layup List." They are actually this shameless.) It's our job as instructors to ensure that all paths leading to a good grade either require learning the material or are more difficult to pull off than just learning the material.<p>It's best not to blame the students. They are good at optimizing metrics; that's how they ended up here in the first place. We just need to better align the evaluation metrics with the outcomes that we're looking for.</p>
]]></description><pubDate>Sun, 28 Jun 2026 23:06:01 +0000</pubDate><link>https://news.ycombinator.com/item?id=48712708</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=48712708</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48712708</guid></item><item><title><![CDATA[Weird Design Choices in HPACK Strings]]></title><description><![CDATA[
<p>Article URL: <a href="https://kallus.org/blog_hpack_string.html">https://kallus.org/blog_hpack_string.html</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48464595">https://news.ycombinator.com/item?id=48464595</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 09 Jun 2026 17:42:33 +0000</pubDate><link>https://kallus.org/blog_hpack_string.html</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=48464595</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48464595</guid></item><item><title><![CDATA[New comment by bkallus in "Everything in C is undefined behavior"]]></title><description><![CDATA[
<p>> the OpenBSD project has not been very receptive in the past for bug reports, my sense of “this is probably fine, in practice”, and that if OpenBSD wants to weed out UB from their code base, then that’s a major project that should be done in a better way than me just being the middle man between the LLM and them for a patch here and there.<p>Part of the reason for all the UB in OpenBSD is that UBSan doesn't run on that platform. When I ported OpenBSD's httpd to Linux, I found that UBSan tripped before the server even came up because the config flag parsing shifts into the MSB of a signed integer.<p>I tried to contribute back a patch (just make the flag bitfield unsigned), but it was ignored. I think if UBSan ran natively on OpenBSD, then there would be a lot more of these patches, and the maintainers would have to take an official stance on whether they think these bugs matter.</p>
]]></description><pubDate>Wed, 20 May 2026 15:45:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48209669</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=48209669</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48209669</guid></item><item><title><![CDATA[How cross-thread double free detection could work in glibc malloc]]></title><description><![CDATA[
<p>Article URL: <a href="https://kallus.org/blog_tcache_key.html">https://kallus.org/blog_tcache_key.html</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47479898">https://news.ycombinator.com/item?id=47479898</a></p>
<p>Points: 3</p>
<p># Comments: 0</p>
]]></description><pubDate>Sun, 22 Mar 2026 17:29:34 +0000</pubDate><link>https://kallus.org/blog_tcache_key.html</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=47479898</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47479898</guid></item><item><title><![CDATA[New comment by bkallus in "Advent of Compiler Optimisations 2025"]]></title><description><![CDATA[
<p>I hope he ends up covering integer division by constants. The chapter on this in Hacker's Delight is really good but a little dense for casual readers.</p>
]]></description><pubDate>Tue, 02 Dec 2025 16:22:28 +0000</pubDate><link>https://news.ycombinator.com/item?id=46122836</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=46122836</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46122836</guid></item><item><title><![CDATA[New comment by bkallus in "Ask HN: What Are You Working On? (Nov 2025)"]]></title><description><![CDATA[
<p>ABISan. Think of it like UBSan, but for assembly.<p>It's a custom assembler built on top of the LLVM assembler (llvm-mc) that emits instrumentation code to catch ABI violations at runtime. Stuff like clobbering nonvolatile registers, misaligning the stack pointer, misusing the redzone, assuming volatile registers don't change across a function call, etc.<p>Hoping to finish up basic x86_64 support within the next few days. I can now reliably assemble and run unoptimized gcc output without hitting false positives, but I still have to iron out some false positives triggered by OpenSSL's handwritten assembly routines.<p>TODO items for the near future include porting the runtime support library into a kernel module so I can instrument Linux, and beginning ports other architectures (ideally something semi-obscure like POWER or RISC-V). I also need to figure out how to support dynamic linking, because the tool currently needs static linking to access its thread-local variables.<p><a href="https://github.com/kenballus/llvm-project/tree/abisan/llvm/tools/abisan" rel="nofollow">https://github.com/kenballus/llvm-project/tree/abisan/llvm/t...</a></p>
]]></description><pubDate>Mon, 10 Nov 2025 04:37:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=45872481</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=45872481</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45872481</guid></item><item><title><![CDATA[Bash Username $PS1 Command Injection]]></title><description><![CDATA[
<p>Article URL: <a href="https://kallus.org/blog_bash_username_ps1_command_injection.html">https://kallus.org/blog_bash_username_ps1_command_injection.html</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=45095134">https://news.ycombinator.com/item?id=45095134</a></p>
<p>Points: 2</p>
<p># Comments: 1</p>
]]></description><pubDate>Mon, 01 Sep 2025 18:10:51 +0000</pubDate><link>https://kallus.org/blog_bash_username_ps1_command_injection.html</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=45095134</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45095134</guid></item><item><title><![CDATA[x86_64 Syscall Numbers Go Where?]]></title><description><![CDATA[
<p>Article URL: <a href="https://kallus.org/blog_x86_64_syscall_numbers.html">https://kallus.org/blog_x86_64_syscall_numbers.html</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=45094562">https://news.ycombinator.com/item?id=45094562</a></p>
<p>Points: 3</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 01 Sep 2025 17:12:09 +0000</pubDate><link>https://kallus.org/blog_x86_64_syscall_numbers.html</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=45094562</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45094562</guid></item><item><title><![CDATA[New comment by bkallus in "One Third of the Web Will Stop Working in 4 Days"]]></title><description><![CDATA[
<p>Cache poisoning is also possible.<p>See <a href="https://youtu.be/aKPAX00ft5s?feature=shared&t=8730" rel="nofollow">https://youtu.be/aKPAX00ft5s?feature=shared&t=8730</a> for a relevant demo.<p>You can also (in principle) steal responses intended for other clients, and control responses that get delivered to other clients.</p>
]]></description><pubDate>Sun, 03 Aug 2025 14:47:18 +0000</pubDate><link>https://news.ycombinator.com/item?id=44776927</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=44776927</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44776927</guid></item><item><title><![CDATA[New comment by bkallus in "One Third of the Web Will Stop Working in 4 Days"]]></title><description><![CDATA[
<p>I have been working on this :)<p><a href="https://github.com/narfindustries/http-garden">https://github.com/narfindustries/http-garden</a></p>
]]></description><pubDate>Sun, 03 Aug 2025 14:37:37 +0000</pubDate><link>https://news.ycombinator.com/item?id=44776864</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=44776864</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44776864</guid></item><item><title><![CDATA[New comment by bkallus in "VSCode’s SSH agent is bananas"]]></title><description><![CDATA[
<p>We encourage students to use their own machines. We even loan out old ThinkPads and MacBooks for students to run Linux on. Very few (3-5 per term) take us up on this offer. Most of our students would rather we do the sysadmin stuff for them.<p>The only requirement is that the code needs to run on our server, which they can easily check before submission.</p>
]]></description><pubDate>Sun, 09 Feb 2025 14:05:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=42990756</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42990756</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42990756</guid></item><item><title><![CDATA[New comment by bkallus in "VSCode’s SSH agent is bananas"]]></title><description><![CDATA[
<p>Learning to use a real SSH client is part of the curriculum. If they graduate without this knowledge, we have failed as teachers.</p>
]]></description><pubDate>Sat, 08 Feb 2025 20:47:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=42986053</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42986053</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42986053</guid></item><item><title><![CDATA[New comment by bkallus in "VSCode’s SSH agent is bananas"]]></title><description><![CDATA[
<p>I too have these fond memories, and I enjoy passing it on to the next generation :)</p>
]]></description><pubDate>Sat, 08 Feb 2025 14:05:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=42983011</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42983011</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42983011</guid></item><item><title><![CDATA[New comment by bkallus in "VSCode’s SSH agent is bananas"]]></title><description><![CDATA[
<p>SSH is a fundamental protocol. If students can get through our program without learning what SSH is and how to use it, that's a problem.</p>
]]></description><pubDate>Sat, 08 Feb 2025 14:04:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=42982999</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42982999</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42982999</guid></item><item><title><![CDATA[New comment by bkallus in "VSCode’s SSH agent is bananas"]]></title><description><![CDATA[
<p>I ran the servers for our networks, binary exploitation, and intro systems programming classes, and this thing is a major annoyance. It is because of this stupid RAT that students do not understand how to use the OpenSSH client.<p>I've tried a few things to fix this:
1., I set a motd on our class servers asking the students not to use the VSCode remote server plugin.
2. I ran `ncdu /home` in front of the class and demonstrated how, without exception, everyone with >100MB of disk usage on the class server was a VSCode user.
3. I set a user process limit of 45, because the VSCode RAT (somehow) uses ~50 Node processes. When students inevitably ignored the motd and the in-class warning, they hit the process cap and had to ask us to kill their processes in order to get back onto the system.
4. I replaced the process limit with a script that kills all the .vscode-server RATs every 10 seconds.</p>
]]></description><pubDate>Sat, 08 Feb 2025 03:57:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=42980243</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42980243</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42980243</guid></item><item><title><![CDATA[New comment by bkallus in "Show HN: Heap Explorer"]]></title><description><![CDATA[
<p>I went with SIGINT because it's more fun to press ctrl-c than to pgrep and kill. If you'd rather use SIGUSR1, just change SIGINT to SIGUSR1 line 654.</p>
]]></description><pubDate>Thu, 06 Feb 2025 22:26:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=42967140</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42967140</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42967140</guid></item><item><title><![CDATA[Show HN: Heap Explorer]]></title><description><![CDATA[
<p>I wrote a little LD_PRELOAD library that makes it easy to inspect and interact with a running program's glibc heap.<p>It's fun to pause processes, free a bunch of their allocations, then resume them. Most of the time, the processes continue as though nothing happened, but sometimes they do interesting things :)</p>
<hr>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42959226">https://news.ycombinator.com/item?id=42959226</a></p>
<p>Points: 73</p>
<p># Comments: 5</p>
]]></description><pubDate>Thu, 06 Feb 2025 04:54:18 +0000</pubDate><link>https://github.com/heap-exploitation/heap-explorer</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=42959226</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42959226</guid></item><item><title><![CDATA[New comment by bkallus in "Increasing Google and Alphabet VRP rewards"]]></title><description><![CDATA[
<p>My experience participating in Google's program has been pretty good. The reward money is a nice supplement to my grad student stipend. I got a free trip to DEFCON out of it, too.</p>
]]></description><pubDate>Sat, 13 Jul 2024 18:56:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=40956046</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=40956046</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40956046</guid></item><item><title><![CDATA[New comment by bkallus in "Ask HN: Where to sell vintage computers?"]]></title><description><![CDATA[
<p>Search for local tech-oriented flea markets. If you're in the Boston area, this is a good one: <a href="https://w1mx.mit.edu/flea-at-mit/" rel="nofollow">https://w1mx.mit.edu/flea-at-mit/</a></p>
]]></description><pubDate>Thu, 04 Jul 2024 14:38:44 +0000</pubDate><link>https://news.ycombinator.com/item?id=40875297</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=40875297</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40875297</guid></item><item><title><![CDATA[New comment by bkallus in "Hello World"]]></title><description><![CDATA[
<p>This almost entirely skips the role of the dynamic linker, which is arguably the true entry point of the program.<p>If you are interested in that argument, see <a href="https://gist.github.com/kenballus/c7eff5db56aa8e4810d39021b23d8a8f" rel="nofollow">https://gist.github.com/kenballus/c7eff5db56aa8e4810d39021b2...</a>.</p>
]]></description><pubDate>Mon, 08 Apr 2024 20:21:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=39973305</link><dc:creator>bkallus</dc:creator><comments>https://news.ycombinator.com/item?id=39973305</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39973305</guid></item></channel></rss>