Hacker News: panzi

New comment by panzi in "Meta's ships facial recognition on smart glasses"

panzi — Thu, 04 Jun 2026 20:41:07 +0000

How many ships does Meta have?

New comment by panzi in "GitHub confirms breach of 3,800 repos via malicious VSCode extension"

panzi — Thu, 21 May 2026 10:58:56 +0000

On one hand yes, sandbox everything. On the other the extensions still can change your code which you then run. Though you might only run it in a container at first.

I heared zed sandboxes extensions. I should have a look at that editor some day.

New comment by panzi in "'No way to prevent this,' says only package manager where this regularly happens"

panzi — Sun, 17 May 2026 16:15:59 +0000

I googled a bit and found this snippet:

            
                exec-maven-plugin
                3.5.1
                org.codehaus.mojo
                
                    
                        Generate-shared-lib
                        package
                        
                            exec
                        
                        
                            bash
                            
                                generate-lib.sh
                            
                            
                                ${env.JAVA_HOME}

At least with certain plug-ins Maven will execute arbitrary commands at build time. And if you need that to build native bindings it feels like a big hole. Granted, most projects don't need JNI, I guess.

New comment by panzi in "HTML Lists"

panzi — Sat, 16 May 2026 22:51:02 +0000

Wasn't it more like this?

    

    This guy blinks.

New comment by panzi in "'No way to prevent this,' says only package manager where this regularly happens"

panzi — Sat, 16 May 2026 16:22:53 +0000

Plus the lock file doesn't just contain the exact versions, it contains hashes. Making sure that you actually got the package in the exact same version.

New comment by panzi in "'No way to prevent this,' says only package manager where this regularly happens"

panzi — Sat, 16 May 2026 16:19:43 +0000

How does Maven handle JNI? Is it also a build system for C/C++, or do packages with native bindings require manual build steps?

New comment by panzi in "'No way to prevent this,' says only package manager where this regularly happens"

panzi — Sat, 16 May 2026 02:03:32 +0000

Last I checked npm had 2FA for publishing, but cargo didn't. I don't think cargo is any better than npm, just not that of an attractive target.

New comment by panzi in "'No Way to Prevent This,' Says Only Package Manager Where This Regularly Happens"

panzi — Sat, 16 May 2026 02:00:14 +0000

A good part of it is already implemented in web crypto, which is supported by browsers and node. There is a chance that npm could implement something there without extra dependencies. Maybe I'm too optimistic?

New comment by panzi in "New Nginx Exploit"

panzi — Thu, 14 May 2026 17:48:30 +0000

Does Debian 12 have this patched? But I guess I'm not affected if I don't use `rewrite` or `set` anywhere?

New comment by panzi in "Linux gaming is faster because Windows APIs are becoming Linux kernel features"

panzi — Wed, 13 May 2026 22:34:13 +0000

Is NTSYNC used for anything else other than wine/proton?

New comment by panzi in "I moved my digital stack to Europe"

panzi — Wed, 13 May 2026 12:59:07 +0000

So are certain states of the USA: https://www.ipvanish.com/blog/ban-vpns-us-privacy/

It's horrible everywhere. If you're in the EU go donate to: https://epicenter.works/ They're a citizen rights NGO working against all that BS in the EU (and in Austria, where they're from).

New comment by panzi in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

panzi — Mon, 11 May 2026 11:58:41 +0000

We should assume that multiple state actors already are using it.

New comment by panzi in "Ratty – A terminal emulator with inline 3D graphics"

panzi — Mon, 11 May 2026 11:57:38 +0000

What use cases do you see?

New comment by panzi in "I’ve banned query strings"

panzi — Sun, 10 May 2026 01:15:53 +0000

watch?v=oHg5SJYRHA0

New comment by panzi in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

panzi — Sat, 09 May 2026 16:27:31 +0000

I forgot who it was, but someone on YouTube said LLMs already work hooked up to gidra. If true it's only a matter of time once they find similar things in e.g. Windows. I'll wait half a year to a year (think of embargo) and if there still isn't such work for Windows I'll conclude that LLMs have a problem disassembling binaries.

New comment by panzi in "How far behind is each major Chromium browser?"

panzi — Sun, 03 May 2026 18:05:41 +0000

Just wanted to write the same comment!

New comment by panzi in "Zed 1.0"

panzi — Sat, 02 May 2026 12:04:16 +0000

What are they doing with proprietary binary blobs? I thought it's open source.

New comment by panzi in "Who owns the code Claude Code wrote?"

panzi — Thu, 30 Apr 2026 01:24:17 +0000

Also fair use is much more limited in the EU. Don't know how it applies here or if there where any rulings. Are you going to stop doing business with the EU (and Japan etc.)?

New comment by panzi in "Who owns the code Claude Code wrote?"

panzi — Thu, 30 Apr 2026 01:20:30 +0000

Other than putting something into the public domain I don't really know any open source licence that doesn't require at least attribution. One can assume that 99.9% of training data had some sort of license requirements, so just blindly using it is a copyright violation. People just don't seem to care.

New comment by panzi in "Anthropic Joins the Blender Development Fund as Corporate Patron"

panzi — Thu, 30 Apr 2026 00:06:43 +0000

They didn't enter in any obligations. It's a donation.