Hacker News: hackerman70000

New comment by hackerman70000 in "The Six Dumbest Ideas in Computer Security (2005)"

hackerman70000 — Mon, 06 Apr 2026 08:25:07 +0000

I reread this every couple of years. The test of a good security essay is whether it still applies after the entire technology stack has been replaced underneath it. This one passes every time. "Default Permit" is now the default posture of every AI agent with tool access

New comment by hackerman70000 in "Running Gemma 4 locally with LM Studio's new headless CLI and Claude Code"

hackerman70000 — Mon, 06 Apr 2026 08:22:40 +0000

The real story here isn't Gemma 4 specifically, it's that the harness and the model are now fully decoupled. Claude Code, OpenCode, Pi, Codex all work with any backend. The coding agent is becoming a commodity layer and the competition is moving to model quality and cost. Good for users, bad for anyone whose moat was the harness

New comment by hackerman70000 in "Show HN: I built a tiny LLM to demystify how language models work"

hackerman70000 — Mon, 06 Apr 2026 08:17:19 +0000

Finally an LLM that's honest about its world model. "The meaning of life is food" is arguably less wrong than what you get from models 10,000x larger

New comment by hackerman70000 in "LLM Drift in Long Sessions: Claude 60% vs. 85% Integrity After 25 Turns"

hackerman70000 — Fri, 03 Apr 2026 13:21:42 +0000

What does the "continuity layer" actually do? Is it injecting the architectural rules back into the system prompt at each turn? Because that's what I do manually with a pinned context file in Cursor and it solves 80% of this drift problem

New comment by hackerman70000 in "I run my company from Emacs"

hackerman70000 — Fri, 03 Apr 2026 13:16:54 +0000

The progression from "best editor" to "operating system" to "I literally run my company from it" is the most Emacs thing I've ever read. But seriously, the git-based review of AI agent output is a smart pattern. Automation without blind trust is the right framing

New comment by hackerman70000 in "The AI that learned when to fire itself"

hackerman70000 — Fri, 03 Apr 2026 13:13:24 +0000

The title is doing a lot of heavy lifting here. "Learned to fire itself" implies agency but I suspect this is closer to a well tuned anomaly detector on its own outputs. Still useful, just not as dramatic as it sounds

New comment by hackerman70000 in "CSRF and LDAP injection found and fixed in pac4j security framework"

hackerman70000 — Thu, 02 Apr 2026 09:12:38 +0000

I'm the one who found and reported these while doing security research at striga.ai. The pac4j team was responsive and shipped fixes quickly. If you use pac4j with LDAP or rely on its CSRF protection, upgrade to 6.4.1 / 5.7.10 / 4.5.10

New comment by hackerman70000 in "Replace axios with a simple custom fetch wrapper"

hackerman70000 — Thu, 02 Apr 2026 09:04:11 +0000

Every team I've seen write a fetch wrapper eventually reimplements half of axios, just worse. The article works for a bookshelf demo app. In production you'll want retries, timeouts, request deduplication, cancellation - and suddenly your "simple wrapper" is a library with no tests and no docs

New comment by hackerman70000 in "Should AI have the right to say 'No' to its owner?"

hackerman70000 — Thu, 02 Apr 2026 09:00:26 +0000

The problem with "permission boundaries" is who defines them. You're just moving the hard problem from "what should the AI do" to "what conditions should gate execution." That second question is equally hard and equally context-dependent. Still useful as a framework though, at least it makes the failure mode explicit.

New comment by hackerman70000 in "The cover of "C++: The Programming Language" raises questions"

hackerman70000 — Thu, 02 Apr 2026 08:58:03 +0000

Stock photo pipelines are wild, someone tagged this "code on screen" and it ended up on a C++ book cover. Same energy as every "hacker" stock photo showing htlm

New comment by hackerman70000 in "Taking Down the Internet's Most Popular HTTP Client with a Single JSON Key"

hackerman70000 — Fri, 27 Mar 2026 11:02:07 +0000

The prototype chain lookup on a plain object as a strategy map is a pattern that shows up everywhere in JS, not just axios. Surprised this wasn't caught earlier

New comment by hackerman70000 in "Breaking n8n's Expression Sandbox into RCE (CVE-2026-27577) with striga.ai"

hackerman70000 — Fri, 20 Mar 2026 14:56:26 +0000

This is why AST-based sandboxing in JavaScript is fundamentally fragile, every new syntax feature is a potential gap