Hacker News: guessmyname

Nightmare Eclipse: RoguePlanet Windows Defender race condition to SYSTEM shell

guessmyname — Tue, 09 Jun 2026 20:57:18 +0000

Article URL: https://deadeclipse666.blogspot.com/2026/06/its-patch-tuesday.html

Comments URL: https://news.ycombinator.com/item?id=48467648

Points: 3

# Comments: 0

Microsoft Hacked to Deliver Malware to Claude and Gemini Users

guessmyname — Mon, 08 Jun 2026 18:34:04 +0000

Article URL: https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/

Comments URL: https://news.ycombinator.com/item?id=48449424

Points: 19

# Comments: 0

New comment by guessmyname in "I built a vulnerable app and spent $1,500 seeing if LLMs could hack it"

guessmyname — Thu, 04 Jun 2026 01:53:24 +0000

I'd run Mythos against the code in your zip file, but the NDA I signed at Apple prevents me from using it on anything outside the scope of my work. Honestly, I wish more people from Project Glasswing could talk publicly about their experiences with the model. It would probably put an end to a lot of the speculation that keeps circulating through the industry. Unfortunately, that's not the reality we're in. I don't have the time, energy, or financial resources to fight a legal battle with one of these companies over an agreement I knowingly signed, even if the chances of them actually suing are low. Maybe someone else in Project Glasswing is willing to burn their NDA and post the Mythos results?

New comment by guessmyname in "Rootshell: A new E2EE email service hosted in Iceland"

guessmyname — Wed, 03 Jun 2026 21:11:07 +0000

Because it is a shell for the root user [1].

Or at least the app’s logo is the root user symbol: a number sign [2]

Normal users typically get a $ prompt, while the superuser (root) gets a # prompt [3]

[1] https://wiki.debian.org/Root

[2] https://en.wikipedia.org/wiki/Number_sign

[3] https://unix.stackexchange.com/a/291733

rootshell: macOS terminal emulator built with libghostty with powerful features

guessmyname — Wed, 03 Jun 2026 21:05:23 +0000

Article URL: https://www.rootshell.com

Comments URL: https://news.ycombinator.com/item?id=48390029

Points: 3

# Comments: 0

New comment by guessmyname in "Rootshell: A new E2EE email service hosted in Iceland"

guessmyname — Wed, 03 Jun 2026 20:59:20 +0000

> Key bundle missing — please try again

I’m trying to create an account to test this service. I get this error message, what does it mean? Why is the error message so short to the point where I (the user) don’t know what to do next? Why can’t software developers learn how to communicate better with their non-tech users? And this is coming from someone with a 30+ years career in software engineering.

edit: after hitting the button “I’ve saved my recovery phrase - continue” multiple times and getting the same repeated error message, it finally worked but then the API returned “error: Registration failed”. And at this point I give up. This is why many projects, even at Big Tech companies, fail: too much friction for new users, or too many features, or too many options to choose from.

New comment by guessmyname in "1-Click GitHub Token Stealing via a VSCode Bug"

guessmyname — Wed, 03 Jun 2026 04:28:57 +0000

MSRC doesn’t fix bugs.

I don’t know the specifics of this case, but I’ve managed bug bounty programs in the past through Bountysource and HackerOne. One thing that occasionally happens is that a report makes its way to the development team before the security team has fully assessed it, in this case MSRC.

At that point, a developer may decide to quietly fix the issue. Sometimes that’s driven by a concern, rational or not, that being associated with a security bug could reflect poorly on them or affect future promotion opportunities. The result is that by the time the security team attempts to reproduce the report, the vulnerability is already gone.

From MSRC’s perspective, all they see is that the provided reproduction steps no longer work. They have no visibility into the internal history of the bug or whether someone already patched it. As a result, the report gets closed as invalid even though the original finding may have been legitimate.

New comment by guessmyname in "GitHub and the crime against software"

guessmyname — Mon, 01 Jun 2026 19:58:01 +0000

Where do you keep Issues, Pull Requests, Wikis, Discussions, project boards, and everything else? (rhetorical question.)

These days, the problem with cloud-hosted Git platforms is not where to push your code. Replicating repositories across multiple providers is relatively easy, and Git has always been good at that. The harder problem is that successful teams end up accumulating a lot more than source code around their repositories, and much of that information becomes just as important as the code itself.

Bug reports, feature requests, documentation, design discussions, code reviews, project planning, CI/CD configuration, and years of historical context all tend to live inside platforms such as GitHub. While the Git repository itself is portable, all of that surrounding data is often much harder to migrate cleanly, especially if a team has built workflows and integrations around a particular provider.

That, in my view, is one of the main reasons so many companies are heavily dependent on GitHub. Moving the code elsewhere is usually straightforward; moving the entire development process, with all of its history, metadata, and institutional knowledge, is not. When GitHub goes down, the question is often less about where you can push your next commit and more about how easily you can recreate the rest of the environment that your team relies on every day.

New comment by guessmyname in "Accenture to acquire Ookla"

guessmyname — Sun, 31 May 2026 21:01:59 +0000

Not iCloud servers per se, but close:

• ussea4-edge-fx-012.aaplimg.com

• mensura.cdn-apple.com/api/v1/gm/large

New comment by guessmyname in "Naphtha shortages in Japan"

guessmyname — Sat, 30 May 2026 02:56:24 +0000

As someone who grew up eating Calbee snacks, I think they’ll be fine.

People from my generation aren’t buying Calbee because the bag is colorful. They’re buying it because it’s Calbee and they already know what they’re getting. The packaging could be black and white and I’d still recognize it instantly.

The only people I could see being briefly confused are younger consumers. Japanese packaging tends to be very colorful, so we’re all conditioned to identify products partly by color. But people adapt quickly. In fact, a black-and-white Calbee bag might end up standing out more on a crowded supermarket shelf than yet another brightly colored package.

There’s also a chance this ends up being a net positive. If simpler packaging lowers costs and sales stay the same, why go back? Japanese consumers are feeling inflation more than they have in decades, and companies are under pressure too. Cutting costs in a place customers barely notice seems a lot smarter than shrinking the product or raising prices again.

New comment by guessmyname in "The $500K AI Film That "Premiered at Cannes" Was Not in the Official Festival"

guessmyname — Fri, 29 May 2026 11:40:49 +0000

At this point, every AI or LLM “breakthrough” announcement should be assumed to be a lie until the company provides hard proof.

Way too many companies have figured out that exaggerating, misleading, or outright lying gets them headlines, investors, and free marketing long before anyone verifies the claims.

New comment by guessmyname in "Google Hates You"

guessmyname — Thu, 28 May 2026 20:15:25 +0000

I always find titles like “Google Hates You” a bit weird. People usually argue that employees are not personally responsible for bad company decisions, that criticism should be aimed at the corporation itself, not at random engineers or designers working there. But then we turn around and assign human emotions to the corporation anyway.

A company cannot literally “hate” anyone. It has no feelings, intentions, or consciousness. So who exactly is supposed to hate you here? The CEO? The executives? The leadership team? Every single employee at Google? And who is “you,” exactly? Billions of users spread across the planet?

I get the point the title is trying to make, but it feels more accurate to say that Google optimizes for incentives that are often misaligned with users, not that it emotionally despises them.

[hand-drawn] recipes for laid-back engineers

guessmyname — Wed, 27 May 2026 15:33:55 +0000

Article URL: https://leontrolski.github.io/recipes.html

Comments URL: https://news.ycombinator.com/item?id=48295869

Points: 3

# Comments: 0

New comment by guessmyname in "CVE-2026-28952: Apple macOS 26.5 Kernel Vuln found by Claude"

guessmyname — Tue, 26 May 2026 04:22:45 +0000

I am part of Apple's SEAR (Security Engineering and Architecture) organization and can’t attest that we have been using Anthropic models, including, but not limited to, Mythos, as part of our participation in Project Glassing and previous private partnerships with different frontier AI labs for years. We simply don’t talk about it because there’s no benefit to talk about it, and also NDA’s, but mostly because there’s no benefit to talk about it other than to satiate people’s curiosity about what we do or don’t do internally.

New comment by guessmyname in "Project Glasswing: An Initial Update"

guessmyname — Sat, 23 May 2026 06:26:24 +0000

Yes, we did. I am the engineer leading Project Glasswing efforts at Apple.

Have I Been Pwned: Colombian fintech company leaks 34.5M accounts in March 2026

guessmyname — Tue, 19 May 2026 01:58:49 +0000

Article URL: https://haveibeenpwned.com/Breach/ADDI

Comments URL: https://news.ycombinator.com/item?id=48188363

Points: 4

# Comments: 0

New comment by guessmyname in "Understanding Singleflight in Go"

guessmyname — Tue, 19 May 2026 01:42:05 +0000

> So many variants of that code

Indeed… That evolution makes perfect sense. A lot of Go developers independently arrived at similar request coalescing patterns around that time, especially in caching, RPC, and high concurrency systems. I have an older implementation from personal 2013-era Go projects that follows almost the same approach.

What is nice about open source is not necessarily the novelty of every individual idea, but having a well-tested, shared implementation the community can converge on. Your work on singleflight clearly became that reference point for the Go ecosystem, and it is cool to see the lineage from dl.google.com to groupcache, x/net, the standard library, and now all the downstream variants.

New comment by guessmyname in "Security researcher says Microsoft built a Bitlocker backdoor, releases exploit"

guessmyname — Sun, 17 May 2026 17:13:46 +0000

“homeless” is obviously hyperbole. I know the researcher in real life, they are 100% not homeless, if it makes you feel better, that’s just how they “talk”.

New comment by guessmyname in "Futhark by example (2020)"

guessmyname — Sat, 16 May 2026 12:43:57 +0000

Couldn’t have chosen a more difficult (and ambiguous) name to pronounce, could you? It almost sounds like a curse that I often hear people say out in the bad streets of New York City.

New comment by guessmyname in "Running local models on an M4 with 24GB memory"

guessmyname — Mon, 11 May 2026 00:29:06 +0000

A 128GiB MacBook Pro in Canada is what, north of CAD $11k after tax? That’s around USD $7k. At $20/month for a cloud AI subscription, you’re looking at almost 30 years of service for the same money.

How long do people realistically expect a laptop to stay competitive with SOTA local models? Especially in a space where model sizes, context windows, and inference requirements keep moving every year.

And even if the hardware lasts, the local experience usually doesn’t. A heavily quantized local model running at tolerable speeds on consumer hardware is still nowhere near frontier hosted models in reasoning, coding, multimodal capability, tool use, or reliability.

The economics just don’t make sense to me unless you specifically need offline inference, privacy guarantees, or low latency for a niche workflow. Otherwise you’re tying up $10k upfront to run an approximation of what you can already access through a subscription that continuously improves over time.

You could literally put the difference into index funds and probably cover the subscription indefinitely from the returns alone, even accounting for gradual price increases.