Hacker News: stuxf

New comment by stuxf in "Hardening Firefox with Anthropic's Red Team"

stuxf — Fri, 06 Mar 2026 12:47:55 +0000

Makes sense, thank you!

New comment by stuxf in "Hardening Firefox with Anthropic's Red Team"

stuxf — Fri, 06 Mar 2026 12:39:17 +0000

It's interesting that they counted these as security vulnerabilities (from the linked Anthropic article)

> “Crude” is an important caveat here. The exploits Claude wrote only worked on our testing environment, which intentionally removed some of the security features found in modern browsers. This includes, most importantly, the sandbox, the purpose of which is to reduce the impact of these types of vulnerabilities. Thus, Firefox’s “defense in depth” would have been effective at mitigating these particular exploits.

New comment by stuxf in "The path to ubiquitous AI (17k tokens/sec)"

stuxf — Fri, 20 Feb 2026 11:35:00 +0000

I totally buy the thesis on specialization here, I think it makes total sense.

Asides from the obvious concern that this is a tiny 8B model, I'm also a bit skeptical of the power draw. 2.4 kW feels a little bit high, but someone else should try doing the napkin math compared to the total throughput to power ratio on the H200 and other chips.

New comment by stuxf in "Show HN: Echo, an iOS SSH+mosh client built on Ghostty"

stuxf — Wed, 18 Feb 2026 19:52:45 +0000

finally I can move off termius, this looks great!

New comment by stuxf in "Expensively Quadratic: The LLM Agent Cost Curve"

stuxf — Mon, 16 Feb 2026 07:42:49 +0000

> Some coding agents (Shelley included!) refuse to return a large tool output back to the agent after some threshold. This is a mistake: it's going to read the whole file, and it may as well do it in one call rather than five.

disagree with this: IMO the primary reason that these still need to exist is for when the agent messes up (e.g reads a file that is too large like a bundle file), or when you run a grep command in a large codebase and end up hitting way too many files, overloading context.

Otherwise lots of interesting stuff in this article! Having a precise calculator was very useful for the idea of how many things we should be putting into an agent loop to get a cost optimum (and not just a performance optimum) for our tasks, which is something that's been pretty underserved.

New comment by stuxf in "AI Slop vs. OSS Security"

stuxf — Thu, 06 Nov 2025 17:01:08 +0000

I agree with a lot of things said in this article, I also think some sort of centralized trust system for OSS bug bounty would be a really good solution to this problem

> The downside is that it makes it harder for new researchers to enter the field, and it risks creating an insider club.

I also think this concern can be largely mitigated or reduced to a nonissue. New researchers would have a trust score of zero for example, but people who consistently submit AI slop will have a very low score and can be filtered out fairly easily.

From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more