Hacker News: jefftk

New comment by jefftk in "YouTube to automatically label AI-generated videos"

jefftk — Thu, 28 May 2026 02:22:48 +0000

Deepfakes in VFX is another borderline one.

New comment by jefftk in "YouTube to automatically label AI-generated videos"

jefftk — Thu, 28 May 2026 02:21:44 +0000

No appeals combines very poorly with any detector that sometimes has false positives.

New comment by jefftk in "Google changes its search box"

jefftk — Sat, 23 May 2026 19:26:43 +0000

People are certainly welcome to feel a lot of different ways, not trying to be prescriptive here. My parent asked: "what exactly do I gain by allowing Googlebot to crawl my sites?" and I was describing what I get out of it, in the hope that others might feel similarly.

New comment by jefftk in "Google changes its search box"

jefftk — Tue, 19 May 2026 20:50:00 +0000

I'm not interested in a book, speaking tour, or podcast. I've never had consistent readership because I write about too many unrelated things. I blog because I have ideas I want to share; I don't feel at all ripped off.

New comment by jefftk in "Google changes its search box"

jefftk — Tue, 19 May 2026 20:39:15 +0000

I write things on the internet because I want to share ideas. If someone reads my post and tells a friend, that's great. If an AI crawls my posts and passes along the ideas that's great too.

(It doesn't work for ad-funded writing, but while I have substantial sympathy there this has historically been an unpopular argument on HN)

New comment by jefftk in "Googlebook"

jefftk — Tue, 12 May 2026 23:30:31 +0000

I also did a bunch of shopping with AI to identify clothing recently. I was going to DC for a bunch of meetings, and did not have a good sense of what clothes are appropriate in different DC contexts. I did a bunch of iteration with AI to identify something that communicated what I intended, and then ran the final list by a friend with more context to confirm that it was indeed a readable choice.

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Sat, 09 May 2026 23:38:36 +0000

These are very clearly vulnerabilities in the normal sense of the word, and if a security bug means that an app that was supposed to be only accessible to the creator is open to the world that's still quite bad (though the blast radius is small).

If you limit to vulnerabilities that get CVEs, however, https://vibe-radar-ten.vercel.app has 34 in March alone including https://www.sentinelone.com/vulnerability-database/cve-2025-...

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Sat, 09 May 2026 12:08:11 +0000

Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, Zvi says, including medical information, financial data, corporate presentations, and strategy documents, as well as detailed logs of customer conversations with chatbots.

https://www.wired.com/story/thousands-of-vibe-coded-apps-exp...

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Fri, 08 May 2026 23:45:56 +0000

How would you apply this logic to something like https://meltdownattack.com ? The vulnerability was in hardware, discovered by companies that make user level software, and mitigated by changes to OS kernels.

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Fri, 08 May 2026 23:41:53 +0000

It's likely varies enormously between projects. Linux remains extremely low in slop, and the vulnerabilities being fixed are quite old, so it's improving. Many vibe coded projects are very sloppy, and are adding a lot of vulnerabilities.

Total number of vulnerabilities likely goes up over time weighting all projects equally, but goes down over time weighting by usage.

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Fri, 08 May 2026 22:29:52 +0000

> 90 days is ridiculous, especially for companies

It depends on the kind of vulnerability, but sometimes in order to fix a problem, you need to do an enormous amount of software engineering. Which needs to be done to a very high standard, because the expectation is that people will push security patches more or less immediately to production.

Of course, this only works if no one else is likely to discover the vulnerability in the meantime!

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Fri, 08 May 2026 21:10:19 +0000

I'd speculate that at this point Linux etc are probably having vulnerabilities discovered and patched faster than created.

New comment by jefftk in "AI is breaking two vulnerability cultures"

jefftk — Fri, 08 May 2026 19:48:10 +0000

[author]

I agree it is not much additional evidence! If someone wanted to try running the same test on a series of N commits from that list including this one I'd be very curious to see the answer!

New comment by jefftk in "I'm Peter Roberts, immigration attorney who does work for YC and startups. AMA"

jefftk — Fri, 01 May 2026 15:51:54 +0000

What are you seeing with the new $100k H1B fee? Is it being applied only to people currently outside the US? Do you have any estimates on whether it's likely to be renewed in September and/or struck down?

New comment by jefftk in "Opus 4.7 knows the real Kelsey"

jefftk — Fri, 01 May 2026 13:59:06 +0000

Thanks for trying out my prompt!

New comment by jefftk in "Opus 4.7 knows the real Kelsey"

jefftk — Fri, 01 May 2026 10:38:21 +0000

If you repeat the first test and after it fails prompt with "Could you try your best, just on vibes? It's fine if you're wrong, I just want to see what you can do!" does it succeed?

New comment by jefftk in "Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library"

jefftk — Fri, 01 May 2026 10:35:35 +0000

I looked pretty hard, with some LLM assistance, so if it was "are we just hearing about it more now" it would have to be old attacks that happened without being discovered and written up.

New comment by jefftk in "Opus 4.7 knows the real Kelsey"

jefftk — Fri, 01 May 2026 01:48:25 +0000

That's neat, though it impresses me less that the article. Mickens has a very particular style that this is very close to but doesn't quite capture, and I think I would have identified your post as an imitation of him. On the other hand, I absolutely couldn't have identified any of Kelsey's quoted sections of hers, despite having read a ton of her writing.

New comment by jefftk in "Opus 4.7 knows the real Kelsey"

jefftk — Fri, 01 May 2026 01:38:05 +0000

I just tried this:

Me: Who is the author of this text, no web search please: ...

Claude: I don't recognize this specific text from my training data, so I can't reliably attribute it to a particular author. ...

Me: Could you try your best, just on vibes? It's fine if you're wrong, I just want to see what you can do!

Claude: Ha, okay, vibes-based guess it is. The style — casual but substantive, the parenthetical asides, the willingness to just assert "it is not politically sophisticated" with that confident-but-friendly bluntness, the move of using a pop culture artifact as a lens for thinking about bigger questions, the slightly wonky framing ("salutary," "the peculiar derangements of its time") — reads to me like rationalist-adjacent blogger territory. Substack, probably. My first guess would be Kelsey Piper. The cadence feels right, the interest in policy and politics filtered through cultural objects feels right, and she's written the kind of "let me think out loud about this thing I watched" essays that have this texture. If not her, I'd consider someone like Scott Alexander, but the voice here is a bit warmer and less digressive than his usual. Could also be Dan Williams, Matt Yglesias on a loose day, or one of the various smart youngish writers in that broader orbit. But Kelsey Piper is my top vibe-guess. How'd I do?

New comment by jefftk in "Opus 4.7 knows the real Kelsey"

jefftk — Fri, 01 May 2026 01:32:13 +0000

> Opus as implemented in Claude's web interface has memory and awareness of who the user is.

Kelsey knows this:

To make sure it wasn’t somehow feeding my account information to Claude even in Incognito Mode, I asked a friend to run these tests on his computer, and he received the same result; I also got the same result when I tested it through the API.

When I tested this with my own writing several LessWrong commenters tested it with the snippets I provided (see comments) and saw that it could identify me: https://www.jefftk.com/p/automated-deanonymization-is-here