<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: lifis</title><link>https://news.ycombinator.com/user?id=lifis</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 02 Jul 2026 23:42:54 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=lifis" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by lifis in "1-Click GitHub Token Stealing via a VSCode Bug"]]></title><description><![CDATA[
<p>You can just fork the repository, give it access to the fork and then merge what you want</p>
]]></description><pubDate>Wed, 03 Jun 2026 08:21:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=48381343</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48381343</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48381343</guid></item><item><title><![CDATA[New comment by lifis in "1-Click GitHub Token Stealing via a VSCode Bug"]]></title><description><![CDATA[
<p>I think it's ok to be signed-in when opening your own repositories, but definitely not when opening repositories from other accounts. And also the webview keyboard shortcut thing needs to be fixed to only allow harmless keybinds and NOT propagate to any keydown handler. Also on desktop it should be removed in favor of Electron intercepting directly. And on web it should probably disabled by the default.</p>
]]></description><pubDate>Wed, 03 Jun 2026 08:19:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48381329</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48381329</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48381329</guid></item><item><title><![CDATA[New comment by lifis in "Stop Advertising in Your Commits"]]></title><description><![CDATA[
<p>Huh? It's not advertising, it's disclosure that the code was not fully (or at all) written by you.</p>
]]></description><pubDate>Tue, 26 May 2026 19:12:50 +0000</pubDate><link>https://news.ycombinator.com/item?id=48284491</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48284491</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48284491</guid></item><item><title><![CDATA[New comment by lifis in "Google changes its search box"]]></title><description><![CDATA[
<p>The expected purpose of websites is to spread information, so whether users get it by making a request to your website or to Google is irrelevant. In fact, if they get it from Google it's better because it reduces website load.<p>If instead the purpose of your website is to manipulate users for financial gain (for instance by showing media attempting to manipulate their purchasing decisions, after receiving a bribe from a vendor), and the information is just a way to lure users, then maybe this malicious business model will finally be no longer possible.</p>
]]></description><pubDate>Wed, 20 May 2026 02:51:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=48202543</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48202543</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48202543</guid></item><item><title><![CDATA[New comment by lifis in "Profunctor Equipment in Haskell"]]></title><description><![CDATA[
<p>If they want a dependently typed language, why not use one? Lean is good, and I don't think it has any significant downside wrt Haskell other than more limited library ecosystem (but I guess AI can translate Haskell libraries to Lean very effectively).</p>
]]></description><pubDate>Mon, 18 May 2026 13:37:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=48179749</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48179749</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48179749</guid></item><item><title><![CDATA[New comment by lifis in "Where Are the Vibecoded Photoshops?"]]></title><description><![CDATA[
<p>AI is not yet at the superhuman stage where you can tell it "clone Photoshop" and get a perfect result within a day for almost free</p>
]]></description><pubDate>Mon, 18 May 2026 11:14:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=48178030</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48178030</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48178030</guid></item><item><title><![CDATA[New comment by lifis in "Security researcher says Microsoft built a Bitlocker backdoor, releases exploit"]]></title><description><![CDATA[
<p>Seems bullshit, apparently it only works with TPM-only mode, which is obviously insecure (it relies on neither the OS nor the hardware being exploitable, on a random Windows PC...), and not worth building a backdoor for.<p>The way one would backdoor something like Bitlocker is to encrypt the disk encryption key with a (post-quantum) public key for which only the backdoor owner has the private key for, and then put it on a place on disk that is unused by the filesystem.</p>
]]></description><pubDate>Sun, 17 May 2026 17:34:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=48171070</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48171070</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48171070</guid></item><item><title><![CDATA[New comment by lifis in "What's in a GGUF, besides the weights – and what's still missing?"]]></title><description><![CDATA[
<p>Surely one can just escape the input, no? Seems astonishing if someone isn't doing that</p>
]]></description><pubDate>Thu, 14 May 2026 22:13:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=48141970</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48141970</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48141970</guid></item><item><title><![CDATA[New comment by lifis in "The Dating App Swipe Is Dying. What Comes Next May Be Worse"]]></title><description><![CDATA[
<p>That is only the case if people enter exclusive relationships. But if someone has access to a dating app or system that works really well, there is little reason to do that.</p>
]]></description><pubDate>Thu, 14 May 2026 12:47:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48134633</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48134633</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48134633</guid></item><item><title><![CDATA[New comment by lifis in "Reimagining the mouse pointer for the AI era"]]></title><description><![CDATA[
<p>Not clear what it actually does, but seems equivalent to a global right click menu with "Chat with AI about this"</p>
]]></description><pubDate>Wed, 13 May 2026 10:16:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=48120010</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48120010</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48120010</guid></item><item><title><![CDATA[New comment by lifis in "Show HN: Git for AI Agents"]]></title><description><![CDATA[
<p>This seems easily solved with a tool use hook that calls git add .; git commit a -m "<tool description>", specifying an alternate .git directory if desired</p>
]]></description><pubDate>Fri, 08 May 2026 18:49:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48067158</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48067158</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48067158</guid></item><item><title><![CDATA[New comment by lifis in "California farmers to destroy 420k peach trees following Del Monte bankruptcy"]]></title><description><![CDATA[
<p>Why? From searches and LLMs it seems it costs $50-100 to move a tonne 1000 km via truck, giving 0.05-0.10 $/kg for a supermarket 500km away. Fruit prices at at least $4.5/kg for peaches, 3.75$/kg for apples 1.45$/kg. So transport cost seems negligible and if fruit is given away for free, it seems it would be very profitable for any supermarket in region to show up with a truck. What's missing in this analysis?</p>
]]></description><pubDate>Tue, 05 May 2026 20:20:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=48027959</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=48027959</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48027959</guid></item><item><title><![CDATA[New comment by lifis in "Softmax, can you derive the Jacobian? And should you care?"]]></title><description><![CDATA[
<p>It's equivalent to multiplying all inputs by log b. And multiplying all inputs by a value changes how much the probabilities are extremized. This is easy to see because adding a value to everything doesn't change the output, so the biggest input can be assumed to be 0 and others negative. So multiplying by 0 makes all outputs equal while as the multiplier tends to infinity, all other inputs tend to -infinity and thus the biggest output tends to 1 and others to 0. Multiplying by negative numbers results in the lowest becoming the highest.</p>
]]></description><pubDate>Fri, 01 May 2026 16:25:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=47976617</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47976617</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47976617</guid></item><item><title><![CDATA[New comment by lifis in "For Linux kernel vulnerabilities, there is no heads-up to distributions"]]></title><description><![CDATA[
<p>The Linux kernel is not usable as a security boundary, so anyone who wants to do "shared hosting" and not be hacked needs to use something else, like gVisor or firecracker VMs<p>The only important system that uses it as a security boundary is Android and there is mitigated by the fact that APKs need user approval, plus strict SELinux and seccomp policy plus the GrapheneOS hardening, and in this case the mitigations succeeded (<a href="https://discuss.grapheneos.org/d/35110-grapheneos-is-protected-against-copy-fail-and-similar-vulnerabilities-by-selinux" rel="nofollow">https://discuss.grapheneos.org/d/35110-grapheneos-is-protect...</a>)</p>
]]></description><pubDate>Thu, 30 Apr 2026 18:55:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=47966742</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47966742</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47966742</guid></item><item><title><![CDATA[New comment by lifis in "Apple Has Given Up on the Vision Pro After M5 Refresh Flop"]]></title><description><![CDATA[
<p>Well, that was quite predictable.<p>Absurdly high price for a novel device of unclear utility (a VR headset but incompatible with all existing VR software) resulting in few users.<p>No support for PC VR nor Android/Quest VR apps resulting in little software, no massive investment in getting Vision Pro specific software written, little interest in porting due to the few users.</p>
]]></description><pubDate>Thu, 30 Apr 2026 10:11:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=47960373</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47960373</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47960373</guid></item><item><title><![CDATA[New comment by lifis in "Where the goblins came from"]]></title><description><![CDATA[
<p>And what do you think society/culture is?<p>It's a set of biases installed in people, whose purpose is mostly to replicate themselves.<p>Humans are MORE susceptible that LLMs, because LLMs's biases are easily steered to something else, unlike most humans.</p>
]]></description><pubDate>Thu, 30 Apr 2026 09:47:37 +0000</pubDate><link>https://news.ycombinator.com/item?id=47960215</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47960215</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47960215</guid></item><item><title><![CDATA[New comment by lifis in "Regression: malware reminder on every read still causes subagent refusals"]]></title><description><![CDATA[
<p>I think you can fix this by either patching the binary and replacing the offending prompt with an empty string, or by pointing the harness to an API proxy that filters it out</p>
]]></description><pubDate>Wed, 29 Apr 2026 11:35:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=47946906</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47946906</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47946906</guid></item><item><title><![CDATA[New comment by lifis in "An AI agent deleted our production database. The agent's confession is below"]]></title><description><![CDATA[
<p>You don't seem to realize that humans also work this way.<p>If you ask a human why they did something, the answer is a guess, just like it is for an LLM.<p>That's because obviously there is no relationship between the mechanisms that do something and the ones that produce an explanation (in both humans and LLMs).<p>An example of evidence from Wikipedia, "split brain" article:<p>The same effect occurs for visual pairs and reasoning. For example, a patient with split brain is shown a picture of a chicken foot and a snowy field in separate visual fields and asked to choose from a list of words the best association with the pictures. The patient would choose a chicken to associate with the chicken foot and a shovel to associate with the snow; however, when asked to reason why the patient chose the shovel, the response would relate to the chicken (e.g. "the shovel is for cleaning out the chicken coop").[4]</p>
]]></description><pubDate>Mon, 27 Apr 2026 01:05:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=47916622</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47916622</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47916622</guid></item><item><title><![CDATA[New comment by lifis in "Claude Code to be removed from Anthropic's Pro plan?"]]></title><description><![CDATA[
<p>On LMArena, Claude Opus is ranked as the best at everything except image and video generation, which it does not support. That may be inaccurate, but it's plausible</p>
]]></description><pubDate>Wed, 22 Apr 2026 03:46:13 +0000</pubDate><link>https://news.ycombinator.com/item?id=47858693</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47858693</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47858693</guid></item><item><title><![CDATA[New comment by lifis in "Claude Token Counter, now with model comparisons"]]></title><description><![CDATA[
<p>I'm really surprised that:<p>1. Anthropic has not published anything about why they made the change and how exactly they changed it<p>2. Nobody has reverse engineered it. It seems easy to do so using the free token counting APIs (the Google Vertex AI token count endpoint seems to support 2000 req/min = ~3million req/day, seems enough to reverse engineer it)</p>
]]></description><pubDate>Mon, 20 Apr 2026 08:29:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=47831636</link><dc:creator>lifis</dc:creator><comments>https://news.ycombinator.com/item?id=47831636</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47831636</guid></item></channel></rss>