Hacker News: lxgr

New comment by lxgr in "AI agent bankrupted their operator while trying to scan DN42"

lxgr — Fri, 12 Jun 2026 12:44:51 +0000

Could they enforce them against their legal guardians (under the theory that they have neglected their duty to supervise their children appropriately) though? I think this is a thing in at least some jurisdictions.

New comment by lxgr in "AI agent bankrupted their operator while trying to scan DN42"

lxgr — Fri, 12 Jun 2026 12:43:19 +0000

The chargeback is the way of reaching out to the merchant, and quite often the only realistic one. If the merchant disagrees with the chargeback, they can challenge it (which is in turn usually their only opportunity to directly communicate with the merchant).

New comment by lxgr in "AI agent bankrupted their operator while trying to scan DN42"

lxgr — Fri, 12 Jun 2026 12:41:08 +0000

Nobody has a card without spending limits.

New comment by lxgr in "Developer gets Half-Life running at 30 FPS on a Nokia N95"

lxgr — Thu, 11 Jun 2026 22:24:25 +0000

Doesn’t it use an ARM CPU?

New comment by lxgr in "Developer gets Half-Life running at 30 FPS on a Nokia N95"

lxgr — Thu, 11 Jun 2026 22:21:45 +0000

SIP over Wi-Fi was so amazing on Symbian. Free international phone calls over Eduroam long before mobile Skype was a thing!

New comment by lxgr in "Developer gets Half-Life running at 30 FPS on a Nokia N95"

lxgr — Thu, 11 Jun 2026 22:19:41 +0000

Live a little, allow horribly inefficient delightful retro device clients on a 2.4 GHz channel :)

WEP is where I’d personally draw the line, but the N95 fortunately supports WPA.

New comment by lxgr in "Chrome is looking to permanently drop MV2 extension"

lxgr — Thu, 11 Jun 2026 10:50:17 +0000

Origin and Origin Lite are by the same developer.

New comment by lxgr in "Web Browsers on Video Game Consoles"

lxgr — Thu, 11 Jun 2026 09:36:00 +0000

The browser on the Wii was amazing. I didn't use it all that often, but I was a big Opera fan back in the day, and it was amazing to see how well their engine scaled to all kinds of systems.

As far as I remember, there were even some games that supported the Wiimote natively? I don't remember if this was via Flash or Javascript, but there seems to be a library for the latter: https://github.com/ryanmcgrath/wii-js

I unfortunately never got to use the Nintendo DS version (the DS being WEP-only was a dealbreaker for me).

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 14:01:24 +0000

The surface of an OS is definitely larger than that of many hypervisors, which is e.g. why browsers often provide their own much narrower sandbox.

On the other hand, in other scenarios, people trust the security boundaries of their working as expected all the time, no? This is the basis of e.g. Android app isolation (every app runs under its own Linux UID/GID), and true multi-user Unix systems trusting the OS's security boundaries to hold have decades of history.

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 13:55:02 +0000

If you let your container write setuid binaries to your path, give it admin access to your network, let it access the Docker daemon socket etc., sure, you're going to have a bad time. But how is that different from e.g. giving software running in a VM SSH access to your host or a writable bind mount to the host's root directory?

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 10:18:15 +0000

QEMU has worse performance than Apple's native virtualization framework on macOS, for one thing. That said, Lima supports the latter as well.

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 09:18:00 +0000

This explicitly provides a Linux VM, which seems hard to do without providing a Linux VM.

The use case is actually the opposite of what you seem to want (i.e. running Linux containers on macOS without a Linux VM); this uses a Linux-based container implementation of macOS to provide a long-lived Linux VM that looks more like a VM itself than a container.

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 09:16:00 +0000

> Just last week there was a post where people were shocked how an AI agent used docker to bypass sudo on a system.

This was due to implicitly granting the LLM access to the host docker daemon, which has superuser privileges, not due to a "container breakout". That's arguably a very different scenario, but of course both are worth considering.

> So if you want to use containers for anything but easier development, you need to be much more proficient than the average user already.

I'd disagree. Containers, at least without granting them additional privileges such as CAP_NET_ADMIN and without write-bind-mounting sensitive host directories into the container, offer a reasonable security boundary compared to the counterfactual, despite their bad reputation.

New comment by lxgr in "macOS Container Machines"

lxgr — Wed, 10 Jun 2026 09:12:07 +0000

This applies to both containers and container machines though, right?

New comment by lxgr in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

lxgr — Wed, 10 Jun 2026 09:07:09 +0000

I'd also love TOFU for TLS, at least on .local TLDs, but for publicly hosted websites, I've come around to the idea that maybe encryption without authentication would not help that much these days.

As for who does that authentication: Given all the suggestions in the sibling threads, I really don't think we're in a situation where there's a single entity gatekeeping access by any means.

New comment by lxgr in "Google Chrome is killing all uBlock Origin bypasses, Edge, Opera to follow"

lxgr — Wed, 10 Jun 2026 07:19:09 +0000

Even if you factor in all the ad bloat that uBlock lite can’t block?

New comment by lxgr in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

lxgr — Tue, 09 Jun 2026 21:40:09 +0000

If you don't care about who you're talking to, why use certificates at all?

New comment by lxgr in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

lxgr — Tue, 09 Jun 2026 21:39:23 +0000

> Do we also need to put all our letters into strongboxes before we send them?

If it were as cheap and efficient as TLS these days, yes, absolutely

> Maybe we should have solve the ISP snooping problem by making that illegal instead.

We could do both! ISP snooping is still a problem for metadata (SNI).

New comment by lxgr in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

lxgr — Tue, 09 Jun 2026 21:33:43 +0000

What "backdoor" would Let's Encrypt even implement? That's not how a CA works.

They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.

New comment by lxgr in "Claude Fable 5"

lxgr — Tue, 09 Jun 2026 20:24:35 +0000

Yes, this stuff is really annoying when it misfires. I've had all my subsequent ChatGPT conversations biohazard-contained for several days for the crime of asking it to explain a gene drive to me.