Hacker News: imInGoodCompany

New comment by imInGoodCompany in "A quick look at Mythos run on Firefox: too much hype?"

imInGoodCompany — Fri, 24 Apr 2026 06:14:41 +0000

I think a certain level of hype is warranted for a model that can autonomously discover complex 27-year-old 0-days in OpenBSD for $20K[0]. We don't yet know what this does to the balance of attack/defense in OSS security, and we cannot know until the capability is widespread. My most hopeful guess is that it looks heavily in favor of attackers in the first 6-12 months while the oldest 0-days are still waiting to be discovered, before tipping in favor of defenders as the price goes down for Mythos-level models and the practice of using them for vulnerability review becomes widespread.

The absolute best case is at we end up with similar situation to modern cryptography, which is clearly in favor of defenders. One can imagine a world where a defender can run a codebase review for $X compute and patch all the low-hanging fruit, to the point where anything that remains for an attacker would cost $X*100000 (or some other large multiplier) to discover.

[0] https://red.anthropic.com/2026/mythos-preview/

New comment by imInGoodCompany in "Axios compromised on NPM – Malicious versions drop remote access trojan"

imInGoodCompany — Tue, 31 Mar 2026 06:15:34 +0000

Completely agree. NPM has the only registry where massive supply chain attacks happen several times a year. Mainly the fault lies with NPM itself, but much of it is just a terrible opsec culture in the community.

Most package.jsons I see have semver operators on every dependency, so patches spread incredibly quickly. Package namespacing is not enforced, so there is no way of knowing who the maintainer is without looking it up on the registry first; for this reason many of the most popular packages are basically side projects maintained by a single developer*. Post-install scripts are enabled by default unless you use pnpm or bun.

When you combine all these factors, you get the absolute disaster of an ecosystem that NPM is.

*Not really the case for Axios as they are at least somewhat organized and financed via sponsors.

New comment by imInGoodCompany in "Axios compromised on NPM – Malicious versions drop remote access trojan"

imInGoodCompany — Tue, 31 Mar 2026 05:38:36 +0000

Log4Shell was not a supply chain attack.

New comment by imInGoodCompany in "Should GPT Exist?"

imInGoodCompany — Wed, 22 Feb 2023 14:28:21 +0000

Then our continued existence is reliant on the agent's inability to figure out how to operate and maintain a source of energy. Keep in mind that any AGI will almost immediately be orders of magnitude more intelligent than us, it is limited only by the processing power it is able to harness. Would you take that bet?

New comment by imInGoodCompany in "Should GPT Exist?"

imInGoodCompany — Wed, 22 Feb 2023 09:32:28 +0000

> There is no AGI and maybe there will never be.

Of course there is no AGI existing currently. But don't you see the current boom as a (small) step in that direction? Unless one believes that GI is a phenomenon exclusive to biological life, I don't understand why you would think we won't develop it with enough time. The will and motivation to do so is clearly there already.

New comment by imInGoodCompany in "Should GPT Exist?"

imInGoodCompany — Wed, 22 Feb 2023 09:13:04 +0000

The major difference here is that nukes aren't intelligent agents that make their own decisions. An AGI is a completely different ball game, it's difficult to make apt analogies from history when discussing the dangers.

This is not to say I agree with Scott's argument here, but I do believe AI safety (the alignment problem in particular) is absolutely something we should be concerned with, and so far it is looking grim.

New comment by imInGoodCompany in "Launch HN: Synth (YC S20) – Realistic, synthetic test data for your app"

imInGoodCompany — Wed, 19 Aug 2020 08:57:07 +0000

(not OP, but) from a European perspective, it means one less GDPR headache. At the company I work for I know having PII going through a 3rd party server for this kind of purpose would be a no-go.

New comment by imInGoodCompany in "German university issues 38k passwords by hand after malware infection"

imInGoodCompany — Wed, 18 Dec 2019 15:09:00 +0000

What you write is true, but generally the support and use of electronic identification in Germany is very poor, partially a result of complex and (at times) overly restrictive legislation. Especially compared to the Nordic countries where people use some sort of eID for practically everything.

I have no stats on hand for this, but my work is in developing integrations towards major eID providers in Europe.

New comment by imInGoodCompany in "The internet doesn't care about multiplayer games"

imInGoodCompany — Wed, 11 Dec 2019 13:59:34 +0000

Short answer is: we can't :/ the speed of causality is not something we can "solve".

New comment by imInGoodCompany in "Where you are born is more predictive of your future than any other factor"

imInGoodCompany — Tue, 17 Sep 2019 12:43:20 +0000

Hm. I do find that to be in somewhat poor taste, but only because they've drawn her gender-hurdle as being almost the same size as the one for the girl born in Sahel. I'm willing to bet that if you asked the Gates, they would both say that the girl born in Sahel faces a far more considerable gender hurdle than Melinda did.

New comment by imInGoodCompany in "Where you are born is more predictive of your future than any other factor"

imInGoodCompany — Tue, 17 Sep 2019 12:28:27 +0000

The report is saying that where you are born is the most predictive factor in determining how well you will do later in life, compared to other metrics.

By the way, how well do your theories on IQ and "genetic legacy" (nice dog-whistle) perform in combination with the actual data that shows pretty much every country in the world improving under almost every metric? Take Bangladesh now vs. 50 years ago for instance. Did the nation's "genetic legacy" magically improve over that time period?

Though I guess it must be easier to just attribute your situation to genetic superiority, rather than to theories supported by actual data.

New comment by imInGoodCompany in "Where you are born is more predictive of your future than any other factor"

imInGoodCompany — Tue, 17 Sep 2019 12:15:41 +0000

I can't find any references in the report to Melinda as an example of gender inequality, and it seems extremly atypical of the Gates' to say that. Which part are you referring to, exactly?

New comment by imInGoodCompany in "Most Massive Neutron Star Ever Detected"

imInGoodCompany — Tue, 17 Sep 2019 12:04:24 +0000

Not a physicist, but: "expansion" is probably understating it. My guess would be something analogous to an insanely powerful neutron bomb. Interesting thought experiment, would love to see someone do the actual maths.