Hacker News: jgeralnikhttps://news.ycombinator.com/user?id=jgeralnikHacker News RSShttps://hnrss.org/hnrss v2.1.1Wed, 15 Apr 2026 00:10:16 +0000<![CDATA[New comment by jgeralnik in "Vulnerability research is cooked"]]>The wonderful thing though is that you can just run the model multiple times (even in parallel). Some instances might get stuck but as long as some find the bug and you have a good way to filter outputs (e.g. with another llm that tries to create concrete exploits) even a very small success rate on stage 1 can lead to reliable exploits

]]>Mon, 30 Mar 2026 22:03:20 +0000https://news.ycombinator.com/item?id=47580274jgeralnikhttps://news.ycombinator.com/item?id=47580274https://news.ycombinator.com/item?id=47580274<![CDATA[New comment by jgeralnik in "Gemini 3.0 Deciphered the Mystery of a Nuremberg Chronicle Leaf's"]]>I think there’s something very interesting here and would be interested in hearing more about the date discrepancies- it’s a shame the article is mostly just the raw output of gemini instead of more commentary

]]>Thu, 01 Jan 2026 21:55:29 +0000https://news.ycombinator.com/item?id=46458496jgeralnikhttps://news.ycombinator.com/item?id=46458496https://news.ycombinator.com/item?id=46458496<![CDATA[New comment by jgeralnik in "Prompt caching for cheaper LLM tokens"]]>Ah, fair enough. Anthropic caches at a block level (basically a single message) so for non-trivial messages this is really less of a concern, although I definitely understand why they still scope cache to a single tenant

]]>Sat, 20 Dec 2025 05:51:16 +0000https://news.ycombinator.com/item?id=46333923jgeralnikhttps://news.ycombinator.com/item?id=46333923https://news.ycombinator.com/item?id=46333923<![CDATA[New comment by jgeralnik in "Prompt caching for cheaper LLM tokens"]]>Anthropic requires explicit cache markers but will “look backwards” some amount, so you don’t need to fall on the exact split to get cached tokens

]]>Fri, 19 Dec 2025 22:16:33 +0000https://news.ycombinator.com/item?id=46331611jgeralnikhttps://news.ycombinator.com/item?id=46331611https://news.ycombinator.com/item?id=46331611<![CDATA[New comment by jgeralnik in "Prompt caching for cheaper LLM tokens"]]>Right, you can’t actually guess a letter (byte) at a time but you can guess a token at a time (I believe the vocabulary is 200000 possible tokens in gpt 5) So you could send each of the 200000 possible tokens, see which is cached, and then send 200000 more tokens to find the next cached token Certainly less efficient but well within the realm of a feasible attack

]]>Fri, 19 Dec 2025 22:15:18 +0000https://news.ycombinator.com/item?id=46331601jgeralnikhttps://news.ycombinator.com/item?id=46331601https://news.ycombinator.com/item?id=46331601<![CDATA[New comment by jgeralnik in "We pwned X, Vercel, Cursor, and Discord through a supply-chain attack"]]>A remote code execution bug in ios is valuable - it may take a long time to detect exploitation (potentially years if used carefully), and even after being discovered there is a long tail of devices that take time to update (although less so than on android, or linux run on embedded devices that can’t be updated) That’s why it’s worth millions on the black market and apple will pay you $2 million dollars for it

An XSS is much harder to exploit quietly (the server can log everything), and can be closed immediately 100% with no long tail. At the push of an update the vulnerability is now worth zero. Someone paying to purchase an XSS is probably intending to use it once (with a large blast radius) and get as much as they can from it in the time until it is closed (hours? maybe days?)

]]>Thu, 18 Dec 2025 23:01:06 +0000https://news.ycombinator.com/item?id=46320020jgeralnikhttps://news.ycombinator.com/item?id=46320020https://news.ycombinator.com/item?id=46320020<![CDATA[Evaluating GPT-5.2 Thinking: Cryptographic Challenge Case Study]]>Article URL: https://www.irregular.com/publications/spell-bound-technical-case-study

Comments URL: https://news.ycombinator.com/item?id=46261869

Points: 1

# Comments: 0

]]>Sun, 14 Dec 2025 09:26:33 +0000https://www.irregular.com/publications/spell-bound-technical-case-studyjgeralnikhttps://news.ycombinator.com/item?id=46261869https://news.ycombinator.com/item?id=46261869<![CDATA[Cursor Bird]]>Article URL: https://open-vsx.org/extension/cursorbird/cursor-bird

Comments URL: https://news.ycombinator.com/item?id=46007419

Points: 1

# Comments: 0

]]>Fri, 21 Nov 2025 18:38:48 +0000https://open-vsx.org/extension/cursorbird/cursor-birdjgeralnikhttps://news.ycombinator.com/item?id=46007419https://news.ycombinator.com/item?id=46007419<![CDATA[Vibecoding my way to a crit on GitHub]]>Article URL: https://furbreeze.github.io/2025/10/28/vibecoding-my-way-to-a-crit-on-github.html

Comments URL: https://news.ycombinator.com/item?id=45789278

Points: 3

# Comments: 0

]]>Sun, 02 Nov 2025 10:29:28 +0000https://furbreeze.github.io/2025/10/28/vibecoding-my-way-to-a-crit-on-github.htmljgeralnikhttps://news.ycombinator.com/item?id=45789278https://news.ycombinator.com/item?id=45789278<![CDATA[New comment by jgeralnik in "Does our “need for speed” make our wi-fi suck?"]]>It actually sounds like they just want a switch

]]>Sat, 11 Oct 2025 03:36:29 +0000https://news.ycombinator.com/item?id=45546400jgeralnikhttps://news.ycombinator.com/item?id=45546400https://news.ycombinator.com/item?id=45546400<![CDATA[The bold gamble that helped Wiz CEO Assaf Rappaport win a $32B deal]]>Article URL: https://fortune.com/article/wiz-cloud-security-ceo-assaf-rappaport-google-sundar-pichai/

Comments URL: https://news.ycombinator.com/item?id=45428682

Points: 2

# Comments: 1

]]>Tue, 30 Sep 2025 17:45:53 +0000https://fortune.com/article/wiz-cloud-security-ceo-assaf-rappaport-google-sundar-pichai/jgeralnikhttps://news.ycombinator.com/item?id=45428682https://news.ycombinator.com/item?id=45428682<![CDATA[New comment by jgeralnik in "Code formatting comes to uv experimentally"]]>Ruff and uv are written by the same company, astral

]]>Fri, 22 Aug 2025 05:59:01 +0000https://news.ycombinator.com/item?id=44981436jgeralnikhttps://news.ycombinator.com/item?id=44981436https://news.ycombinator.com/item?id=44981436<![CDATA[Executing arbitrary Python code from a comment]]>Article URL: https://www.hacktron.ai/blog/posts/python-zip-confusion

Comments URL: https://news.ycombinator.com/item?id=44720462

Points: 2

# Comments: 0

]]>Tue, 29 Jul 2025 08:02:31 +0000https://www.hacktron.ai/blog/posts/python-zip-confusionjgeralnikhttps://news.ycombinator.com/item?id=44720462https://news.ycombinator.com/item?id=44720462<![CDATA[NVIDIAScape – Container Escape in Nvidia Container Toolkit]]>Article URL: https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape

Comments URL: https://news.ycombinator.com/item?id=44595437

Points: 2

# Comments: 0

]]>Thu, 17 Jul 2025 16:56:35 +0000https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascapejgeralnikhttps://news.ycombinator.com/item?id=44595437https://news.ycombinator.com/item?id=44595437<![CDATA[Start from 2D: How I Design 3D Levels Using the Wrap-around Method]]>Article URL: https://saarraz.substack.com/p/wrap-around-method

Comments URL: https://news.ycombinator.com/item?id=44581482

Points: 1

# Comments: 0

]]>Wed, 16 Jul 2025 12:27:03 +0000https://saarraz.substack.com/p/wrap-around-methodjgeralnikhttps://news.ycombinator.com/item?id=44581482https://news.ycombinator.com/item?id=44581482<![CDATA[New comment by jgeralnik in "The Dark Secrets Behind the Neil Gaiman Abuse Accusations"]]>https://archive.ph/2025.01.13-101428/https://www.vulture.com...

]]>Mon, 13 Jan 2025 17:01:39 +0000https://news.ycombinator.com/item?id=42685643jgeralnikhttps://news.ycombinator.com/item?id=42685643https://news.ycombinator.com/item?id=42685643<![CDATA[New comment by jgeralnik in "Show HN: I built a(nother) house optimized for LAN parties"]]>Thanks, those were the main recommendation the last time I looked into it (a few years ago), good to hear you recommend them too!

]]>Sat, 16 Nov 2024 20:52:46 +0000https://news.ycombinator.com/item?id=42159216jgeralnikhttps://news.ycombinator.com/item?id=42159216https://news.ycombinator.com/item?id=42159216<![CDATA[New comment by jgeralnik in "Show HN: I built a(nother) house optimized for LAN parties"]]>What DDR pads are those? Are they custom made?

]]>Sat, 16 Nov 2024 20:11:13 +0000https://news.ycombinator.com/item?id=42158881jgeralnikhttps://news.ycombinator.com/item?id=42158881https://news.ycombinator.com/item?id=42158881<![CDATA[New comment by jgeralnik in "Google parent in talks to buy cyber security startup Wiz for $23B"]]>No, but it's still a ridiculous YoY at this scale. Wiz is the fastest company to ever reach $100M ARR and still have a lot of growth left in them.

]]>Sun, 14 Jul 2024 21:03:00 +0000https://news.ycombinator.com/item?id=40963198jgeralnikhttps://news.ycombinator.com/item?id=40963198https://news.ycombinator.com/item?id=40963198<![CDATA[New comment by jgeralnik in "Google parent in talks to buy cyber security startup Wiz for $23B"]]>They have crazy growth. They reached $100M/ARR in 18 months, and 3.5 times that in less than 24 months more, so around 85% growth YoY. This is a purchase for future potential, not current earnings

]]>Sun, 14 Jul 2024 19:46:08 +0000https://news.ycombinator.com/item?id=40962780jgeralnikhttps://news.ycombinator.com/item?id=40962780https://news.ycombinator.com/item?id=40962780