Hacker News: mmsc

New comment by mmsc in "Project Glasswing: An Initial Update"

mmsc — Fri, 22 May 2026 22:39:29 +0000

Aisle has hundreds of CVEs with publicly available models: https://aisle.com/wall-of-fame

CVE-2026-42511 Breakdown: RCE in FreeBSD

mmsc — Thu, 07 May 2026 21:03:54 +0000

Article URL: https://aisle.com/blog/aisle-discovers-cve-2026-42511-a-21-year-old-freebsd-remote-command-execution-vulnerability

Comments URL: https://news.ycombinator.com/item?id=48054981

Points: 28

# Comments: 1

Finding and Fixing 24 CVEs in WeKan

mmsc — Wed, 29 Apr 2026 17:14:53 +0000

Article URL: https://aisle.com/blog/finding-and-fixing-24-cves-in-wekan-with-aisles-analyzer

Comments URL: https://news.ycombinator.com/item?id=47951378

Points: 1

# Comments: 0

New comment by mmsc in "Carrot Disclosure: Forgejo"

mmsc — Wed, 29 Apr 2026 00:06:25 +0000

https://codeberg.org/forgejo/governance/src/commit/5c07b3801...

> Failure to comply with these rules will be criticized publicly, and we reserve the right to no longer coordinate with you or your project in the future.

lol

AISLE Discovers 38 CVEs in OpenEMR Healthcare Software

mmsc — Tue, 28 Apr 2026 16:06:01 +0000

Article URL: https://aisle.com/blog/aisle-discovers-38-critical-security-vulnerabilities-in-healthcare-software-used-by-100000-providers

Comments URL: https://news.ycombinator.com/item?id=47936347

Points: 177

# Comments: 113

New comment by mmsc in "GPT‑5.5 Bio Bug Bounty"

mmsc — Sat, 25 Apr 2026 15:47:22 +0000

How is that a scam? You don't get participation awards for solving half of a puzzle...

New comment by mmsc in "Kernel code removals driven by LLM-created security reports"

mmsc — Wed, 22 Apr 2026 14:10:06 +0000

Unmaintained code is a security issue in of itself, so this is of course a net benefit.

System over Model: Zero-Day Discovery at the Jagged Frontier

mmsc — Tue, 14 Apr 2026 16:09:20 +0000

Article URL: https://aisle.com/blog/system-over-model-zero-day-discovery-at-the-jagged-frontier

Comments URL: https://news.ycombinator.com/item?id=47767511

Points: 3

# Comments: 0

New comment by mmsc in "Installing every* Firefox extension"

mmsc — Sat, 11 Apr 2026 07:45:47 +0000

The website of this blog and their connections listed are a sight to behold. I miss that version of the internet.

New comment by mmsc in "Filing the corners off my MacBooks"

mmsc — Sat, 11 Apr 2026 06:27:01 +0000

As long as it's not hydrofluoric acid...

New comment by mmsc in "Top laptops to use with FreeBSD"

mmsc — Thu, 09 Apr 2026 15:52:13 +0000

> You say "works perfectly". I do not think it means what you think it means.

Copying some files from a different machine is not that burdensome. The point is, it works.

New comment by mmsc in "Top laptops to use with FreeBSD"

mmsc — Thu, 09 Apr 2026 13:25:14 +0000

FreeBSD works perfectly on intel MacBooks if you've got one laying around: https://joshua.hu/FreeBSD-on-MacbookPro-114-A1398

New comment by mmsc in "Email obfuscation: What works in 2026?"

mmsc — Thu, 02 Apr 2026 08:53:34 +0000

> Also, a note to those who make fancy "me+someservice@somedomain.com" addresses:

Just wait until one of these companies demands an email from the registered email address of your account!

New comment by mmsc in "Hong Kong police can now demand phone passwords under new security rules"

mmsc — Fri, 27 Mar 2026 14:22:43 +0000

Ah, finally catching up to ... The UK, Australia, Ireland, France, the Netherlands, and probably a lot more.

New comment by mmsc in "A Japanese glossary of chopsticks faux pas (2022)"

mmsc — Sat, 21 Mar 2026 03:33:03 +0000

  こすり箸 Kosuribashi:
 To rub waribashi (disposable chopsticks) together to remove splinters.

I don't know about Japan, but everybody does this in Taiwan.

Wikipedia: AI or Not Quiz

mmsc — Fri, 20 Mar 2026 02:18:56 +0000

Article URL: https://en.wikipedia.org/wiki/Wikipedia:AI_or_not_quiz

Comments URL: https://news.ycombinator.com/item?id=47449621

Points: 2

# Comments: 0

New comment by mmsc in "Aquasecurity/Trivy GitHub Repository and Homebrew Cask Compromised (again)"

mmsc — Fri, 20 Mar 2026 02:08:31 +0000

The offending commit seems to be: https://github.com/aquasecurity/trivy/commit/1885610c6a34811... which updates the action to `actions/checkout@70379aad1a8b40919ce8b382d3cd7d0315cde1d0 # v6.0.2`. https://github.com/actions/checkout/commit/70379aad1a8b40919... is not actually in `actions/checkout` but a fork, and it pulls malicious code from the typo-squatted "scan.aquasecurtiy.org" (note the _tiy_).

Any system with Trivy 0.69.4 on it (and being run) can be assumed to be compromised.

Aquasecurity/Trivy GitHub Repository and Homebrew Cask Compromised (again)

mmsc — Fri, 20 Mar 2026 02:04:51 +0000

Article URL: https://opensourcemalware.com/repository/https%3A%2F%2Fgithub.com%2Faquasecurity%2Ftrivy%2F

Comments URL: https://news.ycombinator.com/item?id=47449498

Points: 16

# Comments: 4

Always 'Copy Clean Link' When Possible on Firefox, with UserChrome.css

mmsc — Tue, 17 Mar 2026 05:23:15 +0000

Article URL: https://joshua.hu/firefox-always-copy-clean-link-url-userchrome-css

Comments URL: https://news.ycombinator.com/item?id=47408966

Points: 5

# Comments: 0

New comment by mmsc in "Glassworm is back: A new wave of invisible Unicode attacks hits repositories"

mmsc — Sun, 15 Mar 2026 23:52:07 +0000

GitHub advertises itself as warning about those Unicode characters: https://github.blog/changelog/2025-05-01-github-now-provides...

Of course, it doesn't work though. I reported this to their bug bounty, they paid me a bounty, and told me "we won't be fixing it": https://joshua.hu/2025-bug-bounty-stories-fail#githubs-utf-f...

The exact quote is "Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing your report based on factors including the complexity of successfully exploiting the vulnerability, the potential data and information exposure, as well as the systems and users that would be impacted, we have determined that they do not present a significant security risk to be eligible under our rewards structure." The funny thing is, they actually gave me $500 and a lifetime GitHub Pro for the submission.