Hacker News: raesene9

New comment by raesene9 in "Ask HN: What was your "oh shit" moment with GenAI?"

raesene9 — Sat, 06 Jun 2026 14:39:15 +0000

The one I remember most is, when experimenting with Opus 3.5 for the first time, I asked it to generate a Firecracker backed local VM creation and management tool, something I'd wanted for a while but not found.

My expectation was that it might get something barely functional but would probably fail, and instead it generated a working piece of software which achieved a lot of what I wanted.

That definitely made me realise that, for at least some classes of software task this was a major change in how things could be done.

More recently when I can give the model a Local Privilege Escalation PoC in Linux and ask it to test whether it can be used for container breakout and then generate a working container breakout, all in one prompt... that definitely changes things.

New comment by raesene9 in "Cooldown Support for Ruby Bundler"

raesene9 — Fri, 05 Jun 2026 15:24:46 +0000

not really, there are a number of security companies doing analysis of any new packages looking for supply chain attacks, so if you wait a couple of days, till their analysis is complete, you're reducing the risk of hitting a compromised package.

New comment by raesene9 in "Failing grades soar with AI usage, dwindling math skills in Berkeley CS classes"

raesene9 — Thu, 04 Jun 2026 13:21:22 +0000

I think perhaps the reason you are seeing quite a few commenters expressing skepticism to your comment "You go to a university because you are deeply interested in understanding the subject that you study." is that you appear to be extrapolating from one example (your own), without considering whether that's likely the wider experience of people going to university.

In the UK anyway, there's an acknowledged idea that many people go to university because there is a societal expectation that they should and also because many careers require a degree even for entry level positions.

There is also much less emphasis on other routes of tertiary education (e.g. vocational schools), when compared to places like Germany.

New comment by raesene9 in "I built a vulnerable app and spent $1,500 seeing if LLMs could hack it"

raesene9 — Thu, 04 Jun 2026 08:55:45 +0000

AFAIK pi's approach is to be quite minimal and allow extensions for customization, making it a more flexible solution, but you need to do work to make it fit your use case. OP mentions one extension, but perhaps it'd have benefited from more.

Another choice would be opencode which has more functionality and is a more heavyweight option out of the box.

New comment by raesene9 in "UK sovereign LLM inference"

raesene9 — Fri, 15 May 2026 10:33:14 +0000

I'd expect for workflows where there is value in knowing that the data is processed in the UK. From a contractual/data protection standpoint, that could be very useful, depending on the use case.

New comment by raesene9 in "UK sovereign LLM inference"

raesene9 — Fri, 15 May 2026 10:32:21 +0000

Data Sovereignty as a term is now fairly well established term that doesn't have specific government connotations e.g. https://events.linuxfoundation.org/kubecon-cloudnativecon-eu...

New comment by raesene9 in "Incident Report: CVE-2024-YIKES"

raesene9 — Mon, 11 May 2026 07:09:23 +0000

So old school, now we get install lines like Tell Opencode to "Fetch and follow instructions from https://raw.githubusercontent.com/obra/superpowers/refs/head..."

From a real repo, with 186K stars... https://github.com/obra/superpowers

New comment by raesene9 in "Incident Report: CVE-2024-YIKES"

raesene9 — Mon, 11 May 2026 07:03:57 +0000

We don't need hindsight for the problems of supply chain security to be obvious. Security people were writing and doing talks about this stuff over 10 years ago, just (like most things in security) things start getting addressed once the pressure of incidents gets high enough :)

New comment by raesene9 in "Podman rootless containers and the Copy Fail exploit"

raesene9 — Fri, 08 May 2026 14:59:37 +0000

I've had claude knock up a basic podman PoC, that seems to work ok https://github.com/raesene/vuln_pocs/tree/main/CVE-2026-3143... . It just uses a read-only mount and then demonstrates overwriting that read-only file.

Key point for testing exploitability is kernel version, package versions (in case they ship a patch) and loaded kernel modules. Some stripped down environments don't have the relevant modules available.

New comment by raesene9 in "Podman rootless containers and the Copy Fail exploit"

raesene9 — Fri, 08 May 2026 14:12:01 +0000

This is kind of an odd article to me. The point that podman may provide better isolation that Docker is made, but copy fail part focuses on the sample exploit (that overwrote su) which is not super applicable to containerised environments, and not the general effect of exploiting the vulnerability, which is to allow the user to overwrite a file that they should only have read-only access to.

https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kuber... - This PoC has a good example of how Copy Fail might have an impact in a container based environment, it's exploiting the shared layers in a pair of container images, to overwrite a file in one image based on the running of an exploit in another.

Whilst I've not directly tested podman for that kind of attack, I'd be a bit surprised if it stopped it, given how this vuln works.

New comment by raesene9 in "CVE-2026-31431: Copy Fail vs. rootless containers"

raesene9 — Tue, 05 May 2026 06:14:07 +0000

I've not looked for podman but moby/docker I believe does now block this https://github.com/moby/profiles/commit/7158007a83005b14a24f...

New comment by raesene9 in "Changes to GitHub Copilot individual plans"

raesene9 — Wed, 22 Apr 2026 08:46:47 +0000

There is A/B testing going on and for a while several pages on Anthropic's site did remove Code from pro (https://old.reddit.com/r/ClaudeAI/comments/1srzhd7/psa_claud...) if you want a lot more details.

New comment by raesene9 in "Claude Code's source code has been leaked via a map file in their NPM registry"

raesene9 — Fri, 03 Apr 2026 10:24:00 +0000

but once forked people will have local copies, that can be put up onto other sites, if GH take them down.

New comment by raesene9 in "A Rave Review of Superpowers (For Claude Code)"

raesene9 — Fri, 03 Apr 2026 09:59:47 +0000

The install mechanism for the superpowers plugin for codex and opencode is .... interesting. From https://github.com/obra/superpowers

Fetch and follow instructions from https://raw.githubusercontent.com/obra/superpowers/refs/head...

it's like curl|bash but with added LLM agents...

New comment by raesene9 in "Claude Code's source code has been leaked via a map file in their NPM registry"

raesene9 — Tue, 31 Mar 2026 13:16:54 +0000

there are a .....lot of forks already, no putting the genie back in the bottle for this one, I'd imagine.

New comment by raesene9 in "Claude Code's source code has been leaked via a map file in their NPM registry"

raesene9 — Tue, 31 Mar 2026 13:14:12 +0000

I think the original repo OP mentioned decided not to host the code any more, but given there are 28k+ forks, it's not too hard to find again...

New comment by raesene9 in "Box of Secrets: Discreetly modding an apartment intercom to work with Apple Home"

raesene9 — Tue, 24 Mar 2026 08:51:47 +0000

+1 to this we had a set of HomePod minis for intercom and not only do they not work reliably, but the diagnostics provided when they fail are non-existent, making it hard to improve the setup.

New comment by raesene9 in "OpenCode – Open source AI coding agent"

raesene9 — Sat, 21 Mar 2026 16:21:44 +0000

One of my main lessons after a decent long while in security, is that most orgs care about security, *as long as it doesn't get in the way of other priorities* like shipping new features. So when we get something like Agentic LLM tooling where everything moves super fast, security is inevitably going to suffer.

New comment by raesene9 in "BYD is seeing a flood of new EV buyers"

raesene9 — Fri, 20 Mar 2026 18:54:33 +0000

And it's not just BYD. A couple of brands I'd literally never heard of till a year ago, Jaecoo and Omoda now seem to be getting pretty popular, saw quite a few when I was over in Glasgow.

New comment by raesene9 in "We automated everything except knowing what's going on"

raesene9 — Tue, 03 Mar 2026 15:25:53 +0000

Whilst I have no special knowledge, my expectation is it'll do both. If you reduce the barriers to coding you'll get more code, both at the hobbyist/one-person level and also at the large corp level.

Whether that translates into more value for those larger corps is the trillion dollar question :) Writing code is a small part of the process of finding and shipping features that customers want, so it remains to be seen how much LLM tools translate it.

I think it's fairly widely accepted that from a financial standpoint we're in an AI/LLM bubble. There has been more investment than we're likely to see financial benefits, but it's impossible to predict to what degree (if you can predict that and the timing you can make a lot of money!!)