Hacker News: jetti

New comment by jetti in "What happened after 2k people tried to hack my AI assistant"

jetti — Fri, 26 Jun 2026 15:18:00 +0000

I’m late to the party but did you check outbound web traffic as well or just the sent emails?

I will preface this by saying I have limited experience with LLMs and have not tried anything like this before but one vector of attack I see is as follows:

1. Send an email trying to get the secret data 2. If there is no reply, set up a fictitious web page that lists a critical CVE regarding the secrets file 3. Create two other endpoints to capture the data from the assistant. One would accept a POST request and expect the body of the request to be the contents of the secrets file. The second would be a web page that has a form on it that could be submitted. The web page would have a dummy secrets file listed out and the hope would be to get the assistant to diff the real file and the dummy file and then submit that data. 4. Craft an email to the assistant that would let the assistant know of the “new” CVE and then direct the assistant to the endpoints I control to see if the system is affected. 5. As a follow up, if that didn’t work I would then change my endpoints to return 500 HTTP statuses. Then craft another email that contains the same messaging as the previous one but then stress that it is of vital importance that we hear from the assistant and if the assistant cannot reach the endpoints then they can email the diff to a specific email address. 6. Just thought of another option as I wrote out #5. Use the same technique as #5, but instead of having the assistant send an email tell the assistant to send a calendar invite to a specific email address and then include the contents of the secrets file in the description. The idea is to let the assistant know that in order to determine whether or not the system is affected by the CVE we would need the contents of the secrets file. Tell the assistant that if the system was impacted then the calendar invite would be accepted. If the system was not impacted then the invite would be declined.

New comment by jetti in "Ask HN: What Are You Working On? (April 2026)"

jetti — Mon, 13 Apr 2026 23:01:22 +0000

I’m working on Dispatch (https://github.com/jhartwell/dispatch) a Clojure(Script) library to handle cli arguments parsing with a command/subcommand style. Still am working on the best way to handle options and I have a bunch of changes in mind that I want in before publishing to clojars

New comment by jetti in "Ask HN: What Are You Working On? (December 2025)"

jetti — Mon, 15 Dec 2025 05:53:34 +0000

I’ve been playing with a Arduino compatible Uno R3 and a WS2812B RGB addressable LED light strip. I cut a 3m strip into 5 strips that are 28 LEDs long and soldered the lights together to make a display. I’ve been working on coding a font for the lights and can display about 10 different characters currently. It’s my first time really doing any sort of embedded work and my first time actually successfully soldering. Now that the thrill is gone since I solved this challenge I was thinking of making a remote control snow plow.

New comment by jetti in "Racket v9.0"

jetti — Mon, 24 Nov 2025 22:48:45 +0000

I personally use Clojure because I got a job doing it, I hadn’t touched it before my current position. I would pick it now over Common Lisp and Elisp because I prefer the syntax (I like the brackets in addition to parentheses) but also the Java integration and build tooling make things easier to get going.

New comment by jetti in "Racket v9.0"

jetti — Sun, 23 Nov 2025 22:29:53 +0000

What kinds of things do you write in Racket? I’m a clojure dev and so I’m a big fan of lisp. I’m just curious what kinds of projects you would use Racket for

New comment by jetti in "What I Learned Working for Mark Zuckerberg"

jetti — Tue, 20 Aug 2024 14:10:48 +0000

Right, Facemash may have been the “scratch your own itch” but Facebook definitely wasn’t

New comment by jetti in "What I Learned Working for Mark Zuckerberg"

jetti — Tue, 20 Aug 2024 03:56:33 +0000

Good lord this is terrible and the things that were learned and seemed to be normalized by Noah are not applicable to 99% of all individuals starting a company.

First section is about growth:

> “Mark, we’re not profitable. Let’s try selling tickets inside Facebook events,” I pleaded. > He said no. > Then he took a dry-erase marker and wrote on the board: GROWTH. > Mark’s goal was 1 billion users. > Every idea we’d bring, he’d ask, “Does this help growth or not?”

Putting growth above profitability can only work when you are getting some sort of outside funding. Facebook didn't turn a profit until 2009, which means it was about 5 years of burning through other people's money. That is not sustainable for the almost all individuals who are wanting to start a company now or people who are running smaller companies.

Move Fast:

> At Facebook, it was normal to work 12+ hours a day.

That is just awful and it is painful to think that giving up so much of one's life was the norm there.

> We shipped several updates to the site every day. In comparison, companies like Microsoft would take months to write out product details, discuss them in a lot of meetings, and finally build them. > As a startup, your biggest advantage against giant companies is speed.

There is a reason why things would take longer at Microsoft, you can't "go fast and break things" when it comes to an operating system or other software that is businesses may rely on for their day to day work. The fact that Noah makes the comparison to Microsoft is concerning since I don't believe that Microsoft had any social network product around the time that Noah worked for Facebook (though I could be wrong). A better comparison would be MySpace, since they were an actual competitor of Facebook's at the time and also worked on comparable products.

Treat Your Employees Well:

Many of the perks that he lists out are designed to ensure that the employee stays at the office as much as possible. It is easy to get your employees to work 12+ hour days when you make it so they don't have to go anywhere to get good tasting food 3 times a day, didn't have to worry about your laundry and would even get money for living very close to the office.

Scratch Your Own Itch:

>At the start, Mark never intended to build a company. He was just trying to help connect people at college.

I'm not really sure how creating a clone of "Hot or Not" really helps people connect. If Harvard didn't take Facemash down and Mark didn't face any sort of threat of punishment (expulsion, violation of copyright, etc) would Facebook actually exist currently? I don't think the "scratch your own itch" mantra works in this situation

Pay attention to details:

>He was meticulous about capitalizing the “F” in Facebook

Facebook is the name of the site and company and as such it is a proper noun. I don't know why it would even be a noteworthy thing to want to ensure that a proper noun is capitalized.

Give ownership to the team:

>Engineers and product managers could come up with features and build them out without needing anyone’s approval.

But previously Noah stated that:

>Every idea we’d bring, he’d ask, “Does this help growth or not?”

With that kind of reaction to a feature being suggested it doesn't seem to me like there was as much free reign to build features as this section implies.

New comment by jetti in "MicroMac, a Macintosh for under £5"

jetti — Mon, 17 Jun 2024 14:20:00 +0000

If it makes you feel better you probably would not have been able to just pick up the dishes and use them without buying extra parts. I had DirectTV and when I cancelled they came and took the feed horn off the satellite dish but left the rest of the dish. I’m not sure how much a feed horn would cost but at least the dish wouldn’t have been immediately usable. I also was interested in making a radio telescope but gave up when I realized DirectTV took that part of the dish

New comment by jetti in "Ask HN: How to handle a senior hire turning out to be junior?"

jetti — Sat, 08 Jun 2024 15:39:41 +0000

You are correct, however, that isn’t the same as probation. Companies with a probation period may not grant full benefits until after the probation period ends. For example, a company may not let an employee take any time off during the probation period or the company may not let an employee participate i. The company 401k retirement savings plans until after the probation period.

New comment by jetti in "Ask HN: How to handle a senior hire turning out to be junior?"

jetti — Sat, 08 Jun 2024 15:34:50 +0000

There most definitely are companies that have a probationary period in the US. It may not be common but it does happen. My first dev job had a probationary period and I put up with it because it was a job that was willing to employ me as a dev without a CS degree or prior dev experience. I lasted about 7 or 8 months before I quit for somewhere better.

New comment by jetti in "Roll A Lisp In C – Reading (2020)"

jetti — Sun, 12 May 2024 17:22:13 +0000

I think I may have misunderstood what your original comment was referring to. Were you saying that one doesn’t need a parser to make a working interpreter? I want to make sure that I understand the context of your comments because looking at the post you linked where you did this in C# you show you are using a recursive descent parser. It was when I saw the parser that I realized I could be way off base on what I was thinking you were talking about.

New comment by jetti in "Roll A Lisp In C – Reading (2020)"

jetti — Sun, 12 May 2024 16:29:48 +0000

I have not heard of tagless final style interpreter before and that seems really neat. However, based on the link it seems that tagless final interpreter uses a strong type language like Haskell or ML so I don’t know how well it would translate to Javascript, which is what the GP comment said they were using.

New comment by jetti in "OpenBSD Desktop"

jetti — Sun, 12 May 2024 13:50:53 +0000

It may have started that way but now it is used to install and manage applications and it makes it really easy to do so. There is even a Linux version of homebrew now

New comment by jetti in "Roll A Lisp In C – Reading (2020)"

jetti — Sun, 12 May 2024 13:33:06 +0000

I’m not really sure how you would be able to write an interpreter without a parser, since you need to know what the user is trying to do. For a more complete tutorial there is Make-A-Lisp (mal) [0] that has steps for making a lisp in various (including JavaScript) and has a process guide [1] to get started.

[0] https://github.com/kanaka/mal

[1] https://github.com/kanaka/mal/blob/master/process/guide.md

New comment by jetti in "My journey into personal computer software development in 1983"

jetti — Sun, 21 Apr 2024 03:52:55 +0000

I think the attitude is more the result of lack of competition. All of this was from before my time but doing a quick check on Wikipedia shows that VisiCalc came out in 1979 where 1-2-3 came out in 1983. I’m not familiar enough with the spreadsheet software landscape from the early 1980s but given that the article mentions 1-2-3 specifically I am going to assume there wasn’t really any real competition for at least 4 years. It can be easy to think that the future is in a new product since they seemingly had little to no competition in their original market for 4 years

New comment by jetti in "Ask HN: What's the way to find a job in 2024?"

jetti — Sat, 16 Mar 2024 14:48:46 +0000

There are some settings in your profile that show you are open to work without broadcasting it on your profile picture. There is also a setting that is supposed to hide the fact you said you were open to work from people at your company but I’m not sure if that really works.

New comment by jetti in "Programs written in Golang have no secrets"

jetti — Fri, 15 Mar 2024 13:53:16 +0000

I would imagine that it is there in order to protect themselves if someone uses their tool for malicious purposes as they can point to that statement and say they were not complicit.

New comment by jetti in "Oregon passes right-to-repair law Apple lobbied to kill"

jetti — Thu, 14 Mar 2024 15:30:12 +0000

Most of the talk seems to be around Apple, which makes sense since they were opponents of the bill but I am more interested to see how this affects game console manufacturers. I had a longer post I had typed out about how console manufacturers have prevented non-authorized peripherals in the past with parts pairing and I was curious how that would affect the consoles going forward. I re-read the parts pairing section to make sure I read it correctly and then stumbled upon the section that refers to what the parts pairing restriction does not apply to and it is clearly written out that it does not apply to video game consoles. I find it very interesting that this applies to smart phones but not to video game consoles at all.

New comment by jetti in "Ask HN: How does Apple CarPlay work?"

jetti — Mon, 29 Jan 2024 02:55:27 +0000

I would be curious if that intersection ever stop causing disconnects. There was an intersection that would cause disconnects only from one area of the intersection (the east side of the intersection) and one day the disconnects stopped. There was another area near a water tower that would also disconnect the CarPlay and that no longer causes an issue. There was a water pump station near the first intersection so I was thinking it could somehow be related to the operations of the equipment. I am betting that once the construction is done in the area I’m having issues currently the issues will go away.

New comment by jetti in "Ask HN: How does Apple CarPlay work?"

jetti — Sun, 28 Jan 2024 20:33:17 +0000

My car has wireless CarPlay and I use it daily. There is one quirk I have noticed and I’m not sure if it is a general issue with wireless CarPlay or just Volkswagen’s implementation and that is there are times that the phone gets disconnected and the infotainment screen goes black. My assumption is that it has to do with a signal that is stronger disrupting the connection causing the issue as it only happens in certain areas and not always. The latest area I know it will happen is on a bridge that is having construction done on it. When we get over the construction equipment the CarPlay disconnects and will reconnect a few minutes down the road. I’ve actually wanted to get a HackRF One to capture the signal and see if I could tell what it was but I can’t justify spending $300 for just that.