<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: insanitybit</title><link>https://news.ycombinator.com/user?id=insanitybit</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 16 Jul 2026 23:05:07 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=insanitybit" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by insanitybit in "How Our Rust-to-Zig Rewrite Is Going"]]></title><description><![CDATA[
<p>I think one of the few performance benefits with a GC is that you can defer allocations. You can do that in Rust too though.</p>
]]></description><pubDate>Thu, 16 Jul 2026 16:32:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=48936760</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48936760</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48936760</guid></item><item><title><![CDATA[New comment by insanitybit in "How Our Rust-to-Zig Rewrite Is Going"]]></title><description><![CDATA[
<p>I think this is interesting and warrants explanation. There are cases where a GC can be faster (sort of, Arenas get you most of the gains) but "the most sophisticated scheduling engine in the world" should be easy to at least partially support.</p>
]]></description><pubDate>Thu, 16 Jul 2026 16:31:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=48936758</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48936758</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48936758</guid></item><item><title><![CDATA[New comment by insanitybit in "How Our Rust-to-Zig Rewrite Is Going"]]></title><description><![CDATA[
<p>Rust's compile times will get faster long before Zig gets safer.</p>
]]></description><pubDate>Thu, 16 Jul 2026 16:27:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=48936697</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48936697</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48936697</guid></item><item><title><![CDATA[New comment by insanitybit in "Societal Impacts: Claude's values across models and languages"]]></title><description><![CDATA[
<p>Anthropic thinks Claude is a super genius hyper-serious weapons-grade product so it's no surprise that Claude acts like it.</p>
]]></description><pubDate>Wed, 15 Jul 2026 13:48:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=48920804</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48920804</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48920804</guid></item><item><title><![CDATA[New comment by insanitybit in "Societal Impacts: Claude's values across models and languages"]]></title><description><![CDATA[
<p>My theory is that Anthropic's obsession with treating Claude like a person is causing them to hamfist a personality into the thing, which overly biases the model towards trying to be "engaging" etc. That and the obsession with Claude being a god tier weapon that could end the world if you ask it whether your sandwich is safe to eat after being left out for an hour.<p>Codex doesn't have any of the annoying "personality" quirks, or at least they haven't gotten worse in the last year whereas Opus 4.6 was the last Anthropic model before things started to get actively worse (not any better at coding, strictly more annoying to have a discussion with).</p>
]]></description><pubDate>Wed, 15 Jul 2026 12:51:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=48920082</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48920082</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48920082</guid></item><item><title><![CDATA[New comment by insanitybit in "Dependabot version updates introduce default package cooldown"]]></title><description><![CDATA[
<p>> What would a solution to this look like?<p>Sandboxing and auditing built into the software from the start. Browser Extensions solved this ages ago.</p>
]]></description><pubDate>Wed, 15 Jul 2026 00:32:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=48914769</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48914769</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48914769</guid></item><item><title><![CDATA[New comment by insanitybit in "Dependabot version updates introduce default package cooldown"]]></title><description><![CDATA[
<p>Every major package manager is just as fucked.</p>
]]></description><pubDate>Wed, 15 Jul 2026 00:31:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=48914762</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48914762</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48914762</guid></item><item><title><![CDATA[New comment by insanitybit in "Dependabot version updates introduce default package cooldown"]]></title><description><![CDATA[
<p>So what?</p>
]]></description><pubDate>Wed, 15 Jul 2026 00:31:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=48914757</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48914757</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48914757</guid></item><item><title><![CDATA[New comment by insanitybit in "Dependabot version updates introduce default package cooldown"]]></title><description><![CDATA[
<p>What a state of things where we have to fear installing software, and rely on vendors to scan things ahead of time, because our supply chain is such a mess and our tooling is so incapable of (and uninterested in) protecting us.</p>
]]></description><pubDate>Tue, 14 Jul 2026 22:03:56 +0000</pubDate><link>https://news.ycombinator.com/item?id=48913484</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48913484</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48913484</guid></item><item><title><![CDATA[New comment by insanitybit in "Linux 0.11 rewritten in idiomatic Rust, boots in QEMU"]]></title><description><![CDATA[
<p>> If you are thinking of AI fixing bugs is less expensive<p>Because I don't think this. A rewrite is cheaper to me.</p>
]]></description><pubDate>Tue, 14 Jul 2026 00:01:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=48900602</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48900602</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48900602</guid></item><item><title><![CDATA[New comment by insanitybit in "GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years"]]></title><description><![CDATA[
<p>There are a million ways to load a kernel module from inside of a container into the host kernel (ie: to trigger a load), but seccomp/ linux caps will block the direct ways (as another commenter notes).</p>
]]></description><pubDate>Mon, 13 Jul 2026 23:57:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=48900578</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48900578</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48900578</guid></item><item><title><![CDATA[New comment by insanitybit in "GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years"]]></title><description><![CDATA[
<p>That's right. Docker still runs without user namespaces by default, which means that root is the same user inside and outside of the container. This does open up attack surface and configuration footguns.<p>Confinement still leverages dropping some root caps, seccomp, various other namespaces, etc.</p>
]]></description><pubDate>Mon, 13 Jul 2026 12:28:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=48891686</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48891686</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48891686</guid></item><item><title><![CDATA[New comment by insanitybit in "GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years"]]></title><description><![CDATA[
<p>I don't think this would change anything even if it were true, which it is not. Running as root in a container opens up tons of footguns but it is not a path out of the container on its own.</p>
]]></description><pubDate>Mon, 13 Jul 2026 12:16:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=48891550</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48891550</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48891550</guid></item><item><title><![CDATA[New comment by insanitybit in "GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years"]]></title><description><![CDATA[
<p>They are a security boundary. The fact that you need a vulnerability to escape them is proof of that. They just don't have a particularly high cost of escape because reachable kernel vulnerabilities are so common.</p>
]]></description><pubDate>Mon, 13 Jul 2026 03:53:23 +0000</pubDate><link>https://news.ycombinator.com/item?id=48887697</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48887697</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48887697</guid></item><item><title><![CDATA[New comment by insanitybit in "Rewriting Bun in Rust"]]></title><description><![CDATA[
<p>My claim is that you can grep for memory safety bugs in rust and you can't in zig, therefor trading memory unsafe zig bugs for memory unsafe rust bugs is a good trade. This has been my claim, it continues to be my claim. Linking to the nomicon won't change anything just like linking to the other blog post changed nothing (and you literally misunderstood the other blog post, and I even pointed you to the <i>errata</i> of that post).</p>
]]></description><pubDate>Mon, 13 Jul 2026 03:50:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=48887687</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48887687</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48887687</guid></item><item><title><![CDATA[New comment by insanitybit in "Rewriting Bun in Rust"]]></title><description><![CDATA[
<p>> Not these in particular. You are again ignoring the context.<p>What context? I just said afterwards that aliasing is not one of those cases.<p>> Undefined behavior are bugs by themselves. Let's check if you are holding any of the wrong assumptions:<p>Nope and your post wouldn't justify the statement. Not all UB leads to a reachable bug. The blog post doesn't say otherwise, and in fact it indicates exactly this (that UB can compile "correctly" one day and "incorrectly" the next). Check the errata on the post.<p>> Wrong implicit premise: "all memory safety bugs resides in unsafe functions/blocks".<p>No, I'm right other than l-unsound. Saying "but safe code that references unsafe code" doesn't change that.<p>> It's as hard as rewriting the codebase from ground up without reference<p>Not necessarily. At least multiple cases I've seen in the rewrite would be a matter of just moving `unsafe` from one spot to another and then placing the assertions at the caller.<p>This conversation is increasingly dumb. I've made my point repeatedly - moving to Rust means memory unsafety violations can be grepped for and that's not up for debate. You can say that that's not sufficient as a win for the project, I really am ambivalent.</p>
]]></description><pubDate>Sun, 12 Jul 2026 12:52:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=48880792</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48880792</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48880792</guid></item><item><title><![CDATA[New comment by insanitybit in "Rewriting Bun in Rust"]]></title><description><![CDATA[
<p>> There are no such invariants in Zig.<p>Zig does have invariants. It doesn't have an aliasing invariant like rust though, but it does have its own invariants, naturally. Zig is a memory unsafe language.<p>> Broken invariant literally means you are reaching it. The word you are looking for is "unsoundness".<p>A reachable bug means one that can be triggered. Undefined behavior does not mean a bug can be triggered.<p>> There's a neat class of UBs called "immediate UB"s. They can ruin the code just by being compiled, instead of reached at runtime. And guess what? They have a lot of these.<p>Can be, yes.<p>> Not for unsoundness in safe functions that can be called incorrectly and ruin everything, can't be reasoned about by any existing tools<p>This is only possible if unsafe is used. `unsafe` is grep'able, hence all memory safety bugs are grep'able. That's the whole point of rust.</p>
]]></description><pubDate>Fri, 10 Jul 2026 20:55:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=48865132</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48865132</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48865132</guid></item><item><title><![CDATA[New comment by insanitybit in "Rewriting Bun in Rust"]]></title><description><![CDATA[
<p>You can grep for every memory safety violation in rust.</p>
]]></description><pubDate>Fri, 10 Jul 2026 20:52:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=48865086</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48865086</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48865086</guid></item><item><title><![CDATA[New comment by insanitybit in "GPT-5.6"]]></title><description><![CDATA[
<p>I've had zero issues with Codex. If it flags something it seems to have a slower "review before proceeding" phase but it <i>does</i> proceed.</p>
]]></description><pubDate>Fri, 10 Jul 2026 20:47:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=48865028</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48865028</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48865028</guid></item><item><title><![CDATA[New comment by insanitybit in "Rewriting Bun in Rust"]]></title><description><![CDATA[
<p>This is going in circles. I think my point has been made. You can grep for every memory safety violation in Rust, that is a win. Pointer aliasing is apparently not UB in Zig, that's cool, assuming that's what you are referring to - but I just can't stress enough how little this matters to my point.</p>
]]></description><pubDate>Fri, 10 Jul 2026 10:32:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=48858119</link><dc:creator>insanitybit</dc:creator><comments>https://news.ycombinator.com/item?id=48858119</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48858119</guid></item></channel></rss>