Hacker News: mirashii

New comment by mirashii in "Satellite reveals immense scale of GPS signal tampering"

mirashii — Sat, 20 Jun 2026 13:45:33 +0000

It would take those devices having synchronized atomic clocks, which they do not.

New comment by mirashii in "Google Chrome update will close the door on ad blockers"

mirashii — Tue, 16 Jun 2026 15:10:14 +0000

https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...

New comment by mirashii in "San Francisco Weighs PG&E Takeover Amid Soaring Utility Costs"

mirashii — Mon, 15 Jun 2026 23:14:29 +0000

> CPUC exists. CAISO exists. The consumer experience is still bad. What this means is that there is not enough generation

The existence of CPUC and CAISO says nothing of their efficacy. Jumping all the way past any question of their efficacy is egregious.

New comment by mirashii in "'Sloppenheimer:' Amazon employees mock the company's AI on Slack"

mirashii — Tue, 09 Jun 2026 16:38:03 +0000

Importantly, in that rule:

> Complaints about paywalls are off topic, so please don't post them.

New comment by mirashii in "Dynamic Workflows in Claude Code"

mirashii — Thu, 28 May 2026 18:20:49 +0000

Not with those exact terms, but it is certainly being discussed. Wes McKinney said in a recent talk that with current coding agents there’s no longer an excuse for shipping suboptimal code that takes on tech debt. Writing tests has never been cheaper, writing custom fuzzers, linters, and other harnesses that serve as guardrails has never been cheaper. His take is that “we didn’t have enough engineering time to do it right” is no longer an excuse, and the only excuses left are that you don’t know any better or you have bad taste.

New comment by mirashii in "Reverting the incremental GC in Python 3.14 and 3.15"

mirashii — Thu, 14 May 2026 13:00:34 +0000

What language that is actually used 40 years after release isn't undergoing big, fundamental changes?

Java? Nope, you're getting a fundamental change in Valhalla C++? Nope, new language edition every few years with fundamental changes C? C23 has a number of fairly fundamental changes, expect more in the next language revision

I think your sense of causality is backwards here. These languages are getting fundamental changes because they're being widely used. That is what motivates and drives the change. Languages with no users don't need to change.

New comment by mirashii in "SecurityBaseline.eu"

mirashii — Wed, 13 May 2026 10:46:56 +0000

I'd have hoped in 2026 that anyone publishing this type of report would understand that DNSSEC isn't helping anything, and is generally considered to be actively harmful to enable. I'd suggest doing a bit more research and dropping the DNSSEC stuff, or reversing it entirely.

New comment by mirashii in "Networking changes coming in macOS 27"

mirashii — Mon, 27 Apr 2026 19:42:39 +0000

If you read the article and the linked documentation, you'll see that those things aren't in the list of what this change applies to.

https://support.apple.com/en-us/126655

New comment by mirashii in "Verus is a tool for verifying the correctness of code written in Rust"

mirashii — Thu, 23 Apr 2026 05:38:24 +0000

Do you have any reference to the Rust community “not allowing” something? This seems more like a case of a relatively niche tool doing what it needed to do to work, but not (yet) some broader effort to upstream or integrate this into cargo or rustup. I couldn’t find any RFCs or anything, for instance.

New comment by mirashii in "A Boy That Cried Mythos: Verification Is Collapsing Trust in Anthropic"

mirashii — Thu, 23 Apr 2026 05:31:20 +0000

How about the boy who called nonsense security vulnerabilities. This is the same author who posts with incredulity that the ability to change a config file with a shell command in it gives you the ability to run the shell command you posted and wants it treated as some big CVE. Absolutely inconceivable that you might already have your harness in a sandbox where this is okay, and inconceivable that anyone might have a threat model that says that someone who can edit configuration of a tool can make that tool do arbitrary things allowed by its config.

https://www.flyingpenguin.com/ox-security-report-anthropic-m...

New comment by mirashii in "Darkbloom – Private inference on idle Macs"

mirashii — Thu, 16 Apr 2026 09:08:34 +0000

I can buy the idea that if you can have the MDM infrastructure attest the code signing identity through the designated requirements, that you can probably come pretty close, but I'm still not quite sure you get there with root on macOS (and I suspect that this is part of why DCAppAttest hasn't made it to macOS yet).

Certainly, it still doesn't get you there with their current implementation, as the attempts at blocking the debugger like PT_DENY_ATTACH are runtime syscalls, so you've got a race window where you can attach still. Maybe it gets you there with hardened runtime? I'd have to think a bit harder on that.

New comment by mirashii in "Darkbloom – Private inference on idle Macs"

mirashii — Thu, 16 Apr 2026 08:43:05 +0000

> If you can prove a public key is generated by the SEP of a machine running with all Apple's security systems enabled, then you can trivially extend that to confidential computing because the macOS security architecture allows apps to block external inspection even by the root user.

It only effectively allows this for applications that are in the set of things covered by SIP, but not for any third-party application. There's nothing that will allow you to attest that arbitrary third-party code is running some specific version without being tampered with, you can only attest that the base OS/kernel have not been tampered with. In their specific case, they attempt to patch over that by taking the hash of the binary, but you can simply patch it before it starts.

To do this properly requires a TEE to be available to third-party code for attestation. That's not a thing on macOS today.

New comment by mirashii in "Darkbloom – Private inference on idle Macs"

mirashii — Thu, 16 Apr 2026 08:31:01 +0000

MDMs on macOS are permissioned via AccessRights, and you can verify that their permission set is fairly minimal and does not allow what you've described here (bits 0, 4, 10).

That said, their privacy posture at the cornerstone of their claims is snake oil and has gaping holes in it, so I still wouldn't trust it, but it's worth being accurate about how exactly they're messing up.

New comment by mirashii in "Darkbloom – Private inference on idle Macs"

mirashii — Thu, 16 Apr 2026 07:48:05 +0000

A note, as others have posted on this thread: I mention this as a concrete and trivial flaw in their whole strategy, but the issue is fundamental: there's no hardware enclave for third-party code available to do the type of attestation that would be necessary. Any software approach they develop will ultimately fall to that hole.

New comment by mirashii in "Darkbloom – Private inference on idle Macs"

mirashii — Thu, 16 Apr 2026 07:33:35 +0000

Looking at their paper at [1], there's a gaping hole: there's no actual way to verify the contents of the running binaries. The binary hash they include in their signatures is self-reported, and can be modified. That's simply game over.

[1] https://github.com/Layr-Labs/d-inference/blob/master/papers/...

New comment by mirashii in "Meta removes ads for social media addiction litigation"

mirashii — Thu, 09 Apr 2026 14:14:12 +0000

That idea was not expressed in the article, only the fact that the ads were removed. This is worth covering, especially when coupled with the context for what ads Meta regularly does allow. One does not have to believe that they're obligated to do so while also believing that it's incredibly scummy behavior that consumers should be aware of and question.

https://www.reuters.com/investigations/meta-is-earning-fortu...

New comment by mirashii in "The team behind a pro-Iran, Lego-themed viral-video campaign"

mirashii — Mon, 06 Apr 2026 14:42:46 +0000

https://mastodon.social/@blogdiva/116348872322024778

New comment by mirashii in "Tell HN: Anthropic no longer allowing Claude Code subscriptions to use OpenClaw"

mirashii — Sun, 05 Apr 2026 16:47:48 +0000

Turns out the intent to do so was announced on April 2nd as well.

New comment by mirashii in "Tell HN: Anthropic no longer allowing Claude Code subscriptions to use OpenClaw"

mirashii — Sat, 04 Apr 2026 01:01:38 +0000

They have, but they also just announced this week that for business and enterprise plans, they’re switching from quotas for codex to token use based pricing, and I would expect that to eventually propagate to all their plans for all the same reasons.

New comment by mirashii in "South Korea Mandates Solar Panels for Public Parking Lots"

mirashii — Sun, 29 Mar 2026 08:06:29 +0000

You're not looking at the albedo of the solar panels in isolation though, you're comparing it to asphalt and cars. Typical solar panels have an albedo of ~0.3. Asphalt around ~0.05.