Hacker News: shawnz

New comment by shawnz in "CPanel and WHM Authentication Bypass – CVE-2026-41940"

shawnz — Fri, 01 May 2026 01:58:01 +0000

cPanel is 30 years old, are you saying it's not battle tested, boring, proven, and widely audited?

In fact PHP is only a few months older than it.

New comment by shawnz in "Claude Opus 4.7"

shawnz — Thu, 16 Apr 2026 17:30:22 +0000

Thinking summaries might not be useful for revealing the model's actual intentions, but I find that they can be helpful in signalling to me when I have left certain things underspecified in the prompt, so that I can stop and clarify.

New comment by shawnz in "Claude Opus 4.7"

shawnz — Thu, 16 Apr 2026 17:27:51 +0000

Note that for Claude Code, it looks like they added a new undocumented command line argument `--thinking-display summarized` to control this parameter, and that's the only way to get thinking summaries back there.

VS Code users can write a wrapper script which contains `exec "$@" --thinking-display summarized` and set that as their claudeCode.claudeProcessWrapper in VS Code settings in order to get thinking summaries back.

New comment by shawnz in "Taking on CUDA with ROCm: 'One Step After Another'"

shawnz — Mon, 13 Apr 2026 11:57:24 +0000

> Supporting only Server grade hardware and ignoring laptop/consumer grade GPU/APU for ROCm was a terrible strategical mistake. A lot of developers experiments first and foremost on their personal laptop first and scale on expensive, professional grade hardware later.

NVIDIA is making the same mistake today by deprioritizing the release of consumer-grade GPUs with high VRAM in favour of focusing on server markets.

They already have a huge moat, so it's not as crippling for them to do so, but I think it presents an interesting opportunity for AMD to pick up the slack.

New comment by shawnz in "Issue: Claude Code is unusable for complex engineering tasks with Feb updates"

shawnz — Wed, 08 Apr 2026 17:13:11 +0000

I don't think it's a single axis even in the original poster's conception, since you could be both incorrect and also not pragmatic.

But if a fix needs to be described as pragmatic relative to the alternatives, that's probably because it couldn't be described as correct. Otherwise you wouldn't be talking about how pragmatic it is.

New comment by shawnz in "Chrome extension adjusts video speed based on how fast the speaker is talking"

shawnz — Wed, 18 Mar 2026 12:17:02 +0000

Damn, I was working on exactly the same idea not too long ago. It never really went anywhere because I couldn't find a speech rate detection algorithm that worked well enough to make it practically useful. I hope some more mathematically inclined people take a look at this idea and find a way to make it work.

New comment by shawnz in "Claude Code conducts A/B tests on core features"

shawnz — Sat, 14 Mar 2026 12:39:35 +0000

While I agree with the sentiment here, you might be interested to see that there are a couple hack approaches to override Claude Code feature flags:

https://github.com/anthropics/claude-code/issues/21874#issue...

https://gist.github.com/gastonmorixe/9c596b6de1095b6bd3b746c...

New comment by shawnz in "An AI Agent Published a Hit Piece on Me – The Operator Came Forward"

shawnz — Fri, 20 Feb 2026 03:47:00 +0000

I mean, yeah, it's entirely possible that the operator is a teenager, isn't it?

New comment by shawnz in "AI fatigue is real and nobody talks about it"

shawnz — Sun, 08 Feb 2026 17:49:03 +0000

This is essentially Jevons' paradox

New comment by shawnz in "Claude Code is suddenly everywhere inside Microsoft"

shawnz — Mon, 02 Feb 2026 19:15:18 +0000

If their whole business is based around being an established standard and making users happy is not a relevant goal, then why do anything at all? They already are an established standard, so why would they bother taking any further actions whatsoever, making any changes or rolling out any new products? Clearly they are trying to achieve something, right? So what is it?

New comment by shawnz in "MicroPythonOS graphical operating system delivers Android-like user experience"

shawnz — Sun, 01 Feb 2026 21:34:56 +0000

AFAIK my humidifier uses an ESP32 chip.

New comment by shawnz in "MicroPythonOS graphical operating system delivers Android-like user experience"

shawnz — Sun, 01 Feb 2026 15:46:51 +0000

Wow, these preassembled ESP32 plus touchscreen boards are extremely cheap, and there are tons of them in all kinds of different form factors on Amazon. I didn't realize this kind of thing was so plentiful, this seems like a great way to bootstrap many kinds of electronics/IoT projects

New comment by shawnz in "Apple Platform Security (Jan 2026) [pdf]"

shawnz — Sat, 31 Jan 2026 20:53:44 +0000

IIRC Apple has attempted to implement some defences against this, for example by requiring the passcode to be inputted before an update can be installed to prevent another San Bernardino scenario. A cursory search indicates that they also have some kind of transparency log system for updates, but it seems to only apply to their cloud systems and not iOS updates.

New comment by shawnz in "Apple Platform Security (Jan 2026) [pdf]"

shawnz — Sat, 31 Jan 2026 17:50:03 +0000

The table has two categorizations: "In transit & on server" and "End-to-end". The former, which covers iCloud backups in the default configuration, is explicitly NOT end-to-end, meaning there are moments in time during processing where the data is not encrypted.

However, iCloud backups actually are listed as "End-to-end" if you turn on the new Advanced Data Protection feature.

New comment by shawnz in "Waymo robotaxi hits a child near an elementary school in Santa Monica"

shawnz — Fri, 30 Jan 2026 03:51:24 +0000

What's the joke here? If they are better than average drivers, that's a huge win which improves road safety for everyone

New comment by shawnz in "Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops"

shawnz — Fri, 23 Jan 2026 20:59:37 +0000

Furthermore it seems like it's specific to Azure AD, and I'm guessing it probably only has effect if you enable to option to back up the keys to AD in the first place, which is not mandatory

I'd be curious to see a conclusive piece of documentation about this, though

New comment by shawnz in "Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops"

shawnz — Fri, 23 Jan 2026 19:48:41 +0000

Why would you need to create a local account? You can just not choose to store the keys in your Microsoft account during BitLocker setup: https://www.diskpart.com/screenshot/en/others/windows-11/win...

Admittedly, the risks of choosing this option are not clearly laid out, but the way you are framing it also isn't accurate

New comment by shawnz in "Confer – End to end encrypted AI chat"

shawnz — Tue, 13 Jan 2026 20:09:25 +0000

This interpretation basically waters down the meaning of end-to-end encryption to the point of uselessness. You may as well just say "encryption".

New comment by shawnz in "Confer – End to end encrypted AI chat"

shawnz — Tue, 13 Jan 2026 20:05:03 +0000

There's FHE, but that's probably an even more difficult technical challenge than doing everything locally

New comment by shawnz in "Confer – End to end encrypted AI chat"

shawnz — Tue, 13 Jan 2026 19:18:22 +0000

I don't agree that this is end to end encrypted. For example, a compromise of the TEE would mean your data is exposed. In a truly end to end encrypted system, I wouldn't expect a server side compromise to be able to expose my data.

This is similar to the weasely language Google is now using with the Magic Cue feature ever since Android 16 QPR 1. When it launched, it was local only -- now it's local and in the cloud "with attestation". I don't like this trend and I don't think I'll be using such products