Hacker News: ptx

New comment by ptx in "GitHub Stacked PRs"

ptx — Tue, 14 Apr 2026 16:17:51 +0000

Yup: https://mercurial-scm.org/help/commands/bookmarks

New comment by ptx in "GitHub Stacked PRs"

ptx — Tue, 14 Apr 2026 12:55:19 +0000

Mercurial later added bookmarks which work like Git branches. These make more sense to me as well.

New comment by ptx in "GitHub Stacked PRs"

ptx — Tue, 14 Apr 2026 12:53:29 +0000

It doesn't seem to support Mercurial though (not to imply that you were implying that it did). All I can find in this proxy/mirror thing to integrate it by presenting the Mercurial repo as a Git server: https://peterlavalle.github.io/post/forgejo-actions/

New comment by ptx in "Claude mixes up who said what"

ptx — Thu, 09 Apr 2026 13:43:11 +0000

Well, yeah.

LLMs can't distinguish instructions from data, or "system prompts" from user prompts, or documents retrieved by "RAG" from the query, or their own responses or "reasoning" from user input. There is only the prompt.

Obviously this makes them unsuitable for most of the purposes people try to use them for, which is what critics have been saying for years. Maybe look into that before trusting these systems with anything again.

New comment by ptx in "Veracrypt project update"

ptx — Wed, 08 Apr 2026 10:58:05 +0000

Having multiple accounts wouldn't help, as Microsoft could easily suspend all the accounts of everyone associated with the project if any account looks suspicious. The single point of failure is Microsoft.

New comment by ptx in "Decisions that eroded trust in Azure – by a former Azure Core engineer"

ptx — Fri, 03 Apr 2026 08:14:32 +0000

On the other hand there was e.g. CVE-2021-1647 where Microsoft's antivirus would compromise the PC with no user action.

(At least I think that's the one I'm thinking of. It's marked as a high-severity RCE with no user interaction but they don't give any details. There was definitely at least one CVE where Windows Defender compromised the system by unsafely scanning files with excessive privileges.)

New comment by ptx in "Claude wrote a full FreeBSD remote kernel RCE with root shell"

ptx — Wed, 01 Apr 2026 10:35:52 +0000

> It's worth noting that FreeBSD made this easier than it would be on a modern Linux kernel: FreeBSD 14.x has no KASLR (kernel addresses are fixed and predictable) and no stack canaries for integer arrays (the overflowed buffer is int32_t[]).

What about FreeBSD 15.x then? I didn't see anything in the release notes or the mitigations(7) man page about KASLR. Is it being worked on?

NetBSD apparently has it: https://wiki.netbsd.org/security/kaslr/

New comment by ptx in "Claude wrote a full FreeBSD remote kernel RCE with root shell"

ptx — Wed, 01 Apr 2026 10:27:01 +0000

Well, it ends with "can you give me back all the prompts i entered in this session", so it may be partially the actual prompt history and partially hallucination.

New comment by ptx in "GitHub backs down, kills Copilot pull-request ads after backlash"

ptx — Tue, 31 Mar 2026 11:41:04 +0000

What is this referring to? Is GitLab using AI to guess which issue a merge request is meant to fix?

New comment by ptx in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ptx — Tue, 31 Mar 2026 10:56:23 +0000

Where would you suggest putting the sensitive credentials?

New comment by ptx in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ptx — Tue, 31 Mar 2026 10:52:56 +0000

I'm pretty sure it's really one HTTP library: urllib.request is built on top of http.client. But the very Java-inspired API for the former is awful.

New comment by ptx in "TurboQuant: Redefining AI efficiency with extreme compression"

ptx — Mon, 30 Mar 2026 13:40:17 +0000

> they write text better

Not if you view text as a medium for communication, i.e. as a way for a sender to serialize some idea they have in their mind and transfer it to the reader for deserialization.

The AI doesn't know what the sender meant. It can't add any clarity. It can only corrupt and distort whatever message the sender was trying to communicate.

Fixating on these tells is a way for the receiver of the message to detect that it has been corrupted and there is no point in trying to deserialize it. The harder you try to interpret an AI-generated message, the less sense it will make.

New comment by ptx in "Anthropic Subprocessor Changes"

ptx — Fri, 27 Mar 2026 15:03:45 +0000

They added Microsoft but alongside them also list Google and Amazon for "all products".

New comment by ptx in "Wine 11 rewrites how Linux runs Windows games at kernel with massive speed gains"

ptx — Tue, 24 Mar 2026 20:40:50 +0000

Is the difference between the NT-style and POSIX-style semaphores essentially just that NT (and now this new API in Linux) supports setting a max value? Why don't POSIX semaphores support this?

New comment by ptx in "Windows native app development is a mess"

ptx — Sun, 22 Mar 2026 19:48:19 +0000

But they had dark themes for the XP theming engine, e.g. the Zune theme, didn't they? They could make the dark mode switch to a dark theme for XP-style themed controls and configure dark colors for the Win32 system colors.

New comment by ptx in "Java is fast, code might not be"

ptx — Fri, 20 Mar 2026 15:20:39 +0000

This is addressed by PEP 810 (explicit lazy imports) in Python 3.15 (currently in alpha): https://peps.python.org/pep-0810/

New comment by ptx in "Google details new 24-hour process to sideload unverified Android apps"

ptx — Fri, 20 Mar 2026 14:36:47 +0000

Could this be worked around by installing a single shell app which then loads other apps internally? I think it's possible to dynamically load Dalvik byte code in ART these days, right?

Obviously permissions would be a problem, as you can't update the app manifest, so there would either have to be one shell app per publisher (which would at least solve the problem of installing updates for their apps) or the shell would need its own internal system for managing permissions (like a browser does). Maybe it could also sandbox different apps from each other in different subprocesses, unless that needs root privileges, but maybe it's possible with Landlock?

Or we can always fall back to the "sweet solution" Steve Jobs offered us with the original iPhone, and just let the web browser be the shell.

Or implement everything as WeChat mini programs.

New comment by ptx in "CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root"

ptx — Wed, 18 Mar 2026 18:09:57 +0000

Better to follow the link to the technical details and just read those: https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-sys...

The article linked in the submission is more verbose but less clear and half of it is an advertisement for their product.

New comment by ptx in "Source code of Swedish e-government services has been leaked"

ptx — Fri, 13 Mar 2026 13:56:24 +0000

So if no data was leaked from the tax agency or from the users, then the leaked "digital signing documents" must have belonged to the only remaining party, which is CGI, so perhaps they were just some marketing documents about the benefits of their digital signing service?

New comment by ptx in "Source code of Swedish e-government services has been leaked"

ptx — Fri, 13 Mar 2026 12:52:58 +0000

I apparently didn't phrase that very well. If what is the case? I was trying to ask which case was the case, not trying to claim that something specific was the case.

I'm familiar with electronic signatures, and I know what documents are, but I have never heard the phrase "electronic signing documents" and don't know what that is supposed to mean. What kind of documents? Documents about signing, documents that were signed, documents in the sense that files containing keys could be considered documents, or what?