<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: theteapot</title><link>https://news.ycombinator.com/user?id=theteapot</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Wed, 08 Jul 2026 02:43:12 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=theteapot" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by theteapot in "The Underhanded C Contest"]]></title><description><![CDATA[
<p>Or better, sleeper agents. Anthropic released a study on this in 2024 "Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training" -- <a href="https://www.anthropic.com/research/sleeper-agents-training-deceptive-llms-that-persist-through-safety-training" rel="nofollow">https://www.anthropic.com/research/sleeper-agents-training-d...</a>, <a href="https://www.youtube.com/watch?v=_y9j2BoHg2c" rel="nofollow">https://www.youtube.com/watch?v=_y9j2BoHg2c</a></p>
]]></description><pubDate>Thu, 02 Jul 2026 00:56:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=48755053</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48755053</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48755053</guid></item><item><title><![CDATA[New comment by theteapot in "GLM 5.2 beats Claude in our benchmarks"]]></title><description><![CDATA[
<p>The difference is watches and corvettes typically appreciate in value, where as computer hardware <i>typically</i> drops like a rock.</p>
]]></description><pubDate>Sun, 28 Jun 2026 23:57:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=48713097</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48713097</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48713097</guid></item><item><title><![CDATA[New comment by theteapot in "GLM 5.2 beats Claude in our benchmarks"]]></title><description><![CDATA[
<p>> Constant: the IDOR dataset (the same real, open-source applications we've used in prior research) ...<p>What we're they? Also, wouldn't one expect a more recently released coding agent (with a more recent knowledge cut off) to perform better because they have access to more knowledge about vulns in these OSS projects, and even possibly have knowledge of your own "prior research"?</p>
]]></description><pubDate>Sun, 28 Jun 2026 21:24:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=48711811</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48711811</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48711811</guid></item><item><title><![CDATA[New comment by theteapot in "Why eval startups fail (2025)"]]></title><description><![CDATA[
<p>What's an eval?</p>
]]></description><pubDate>Wed, 24 Jun 2026 08:49:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=48657023</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48657023</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48657023</guid></item><item><title><![CDATA[New comment by theteapot in "Did Claude increase bugs in rsync?"]]></title><description><![CDATA[
<p>Agree. From the article:<p>> Here's my favorite part, though. Digging into the data, one of the first things that jumped out at me with blinding clarity was that the worst release, by far, in rsync history was entirely prior to the introduction of Claude ... And yet nobody noticed.<p>Language really does suggest the article's author <i>does</i> have a dog in this fight and is cloaking opinion in fancy statistics jargon. "Blinding clarity"? All you have to do is draw a plot. And anyway, v3.4.1 was 2025-01-16, technically well within the AI assisted coding era and before attribution was becoming standard practice.</p>
]]></description><pubDate>Fri, 05 Jun 2026 23:15:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=48419588</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48419588</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48419588</guid></item><item><title><![CDATA[New comment by theteapot in "Anthropic raises $65B in Series H funding at $965B post-money valuation"]]></title><description><![CDATA[
<p>I spend $0/month.</p>
]]></description><pubDate>Thu, 28 May 2026 23:24:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=48316949</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48316949</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48316949</guid></item><item><title><![CDATA[New comment by theteapot in "The just-say-no engineer was a ZIRP phenomenon"]]></title><description><![CDATA[
<p>> having more engineers around was beneficial to the stock price ... When banks hiked interest rates ... It was just no longer profitable to keep a bloated engineering staff around to boost the stock price.<p>Erm, what's known of the mechanism coupling software engineer head count and stock price? Or is it just an empirically observed phenomena?</p>
]]></description><pubDate>Wed, 27 May 2026 05:25:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=48290030</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48290030</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48290030</guid></item><item><title><![CDATA[New comment by theteapot in "The Art of Money Getting"]]></title><description><![CDATA[
<p>> I could talk fancy and bullshit ... I became a developer and data engineer, and I became really good at it<p>That's a formidable combination.<p>> I found myself becoming an executive at long last on the strength of my technical abilities, and it turns out executives don't actually need to do much of anything and really ...<p>You probably think that because talking fancy and bullshitting come naturally to you.</p>
]]></description><pubDate>Mon, 25 May 2026 02:11:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=48262823</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48262823</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48262823</guid></item><item><title><![CDATA[New comment by theteapot in "GitHub is investigating unauthorized access to their internal repositories"]]></title><description><![CDATA[
<p>I think he means template-injection -- <a href="https://woodruffw.github.io/zizmor/audits/#template-injection" rel="nofollow">https://woodruffw.github.io/zizmor/audits/#template-injectio...</a></p>
]]></description><pubDate>Wed, 20 May 2026 01:42:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=48202046</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48202046</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48202046</guid></item><item><title><![CDATA[New comment by theteapot in "Learning Software Architecture"]]></title><description><![CDATA[
<p>Completely agree. Had me until the very last point. WTF. Communicate.</p>
]]></description><pubDate>Tue, 12 May 2026 13:43:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=48108190</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48108190</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48108190</guid></item><item><title><![CDATA[New comment by theteapot in "Learning Software Architecture"]]></title><description><![CDATA[
<p>Nurse Practitioner? I would say SOLID [1] is a good start, but then I watched this [2] and now I'm in crisis and can't code anymore.<p>[1]: <a href="https://en.wikipedia.org/wiki/SOLID" rel="nofollow">https://en.wikipedia.org/wiki/SOLID</a>
[2]: <a href="https://www.youtube.com/watch?v=wo84LFzx5nI" rel="nofollow">https://www.youtube.com/watch?v=wo84LFzx5nI</a></p>
]]></description><pubDate>Tue, 12 May 2026 12:11:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=48107132</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48107132</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48107132</guid></item><item><title><![CDATA[New comment by theteapot in "Debian must ship reproducible packages"]]></title><description><![CDATA[
<p>> Yes, if some people who built from source control compared their builds to the builds from the tarballs it could detect the xzutils compromise.<p>Good. Then we are on the same page.</p>
]]></description><pubDate>Mon, 11 May 2026 06:27:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=48091668</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48091668</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48091668</guid></item><item><title><![CDATA[New comment by theteapot in "An AI coding agent, used to write code, needs to reduce your maintenance costs"]]></title><description><![CDATA[
<p>This rings true for me too, but I don't think it counts if your just using AI to aid maintenance. The basic argument in the article is around how many hours of maintenance you have to do for each hour of "value-add" feature development. So A. your only measuring maintenance costs not the ratio and B. The "old code" whp wasn't written with AI in the first place.</p>
]]></description><pubDate>Mon, 11 May 2026 04:59:12 +0000</pubDate><link>https://news.ycombinator.com/item?id=48091199</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48091199</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48091199</guid></item><item><title><![CDATA[New comment by theteapot in "Debian must ship reproducible packages"]]></title><description><![CDATA[
<p>Your wrong. It was both. The payload was embedded in the binary blob test file. The mechanism to pull it into the build was added to the release tarball only.<p>Here's the quote from the guy that discovered it in the initial public disclosure [1]:<p><pre><code>  After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer. The upstream xz repository and the xz tarballs have been backdoored. At first I thought this was a compromise of debian's package, but it turns out to be upstream. One portion of the backdoor is *solely in the distributed tarballs* and debian's import of the tarball ... it is also present in the tarballs for 5.6.0 and 5.6.1.

</code></pre>
[1]: <a href="https://www.openwall.com/lists/oss-security/2024/03/29/4" rel="nofollow">https://www.openwall.com/lists/oss-security/2024/03/29/4</a></p>
]]></description><pubDate>Mon, 11 May 2026 00:40:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=48089743</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48089743</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48089743</guid></item><item><title><![CDATA[New comment by theteapot in "Debian must ship reproducible packages"]]></title><description><![CDATA[
<p>In xz-utils hack the attacker slipped changes into the Github release tarball that were not present in the Github version / git commit history. The Debian maintainer built from the release tarball instead of just pulling from the git repo directly. Shouldn't have been doing that but good luck convincing him not to use the workflow he's been using for the last X years (I tried). With repro builds we can clone the git directly confirm we get the same build.</p>
]]></description><pubDate>Mon, 11 May 2026 00:33:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=48089691</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48089691</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48089691</guid></item><item><title><![CDATA[New comment by theteapot in "Stop MitM on the first SSH connection, on any VPS or cloud provider"]]></title><description><![CDATA[
<p>> The technique appears to be new: I haven't found a proper write-up of this, nor of any other provider-independent solution.<p>Maybe I'm missing something but SSH already has a built-in solution for this, key-certs. Just sign the server key with a private CA key you trust.</p>
]]></description><pubDate>Sun, 10 May 2026 23:12:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=48089119</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48089119</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48089119</guid></item><item><title><![CDATA[New comment by theteapot in "I caught the car"]]></title><description><![CDATA[
<p>Congratulations. It made me remember how proud I was when I became a Senior, and then earned my Super Engineer shortly after. Just recently I've earned my Extreme Engineer title. Good luck on your journey.</p>
]]></description><pubDate>Sun, 10 May 2026 00:54:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=48079912</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48079912</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48079912</guid></item><item><title><![CDATA[New comment by theteapot in "GNU IFUNC is the real culprit behind CVE-2024-3094"]]></title><description><![CDATA[
<p>False dichotomy. There was a series of blatant process failures from Github maintainer through Debian package maintainers. IFUNC also bad.</p>
]]></description><pubDate>Fri, 08 May 2026 09:45:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=48060846</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48060846</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48060846</guid></item><item><title><![CDATA[New comment by theteapot in "Cloudflare to cut about 20% of its workforce"]]></title><description><![CDATA[
<p>Mmmm, fresh people.</p>
]]></description><pubDate>Fri, 08 May 2026 04:50:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=48058690</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48058690</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48058690</guid></item><item><title><![CDATA[New comment by theteapot in "Vibe coding and agentic engineering are getting closer than I'd like"]]></title><description><![CDATA[
<p>the obscure IETF? Which standard is that exactly? Who cares guess - Claude do that stuff.</p>
]]></description><pubDate>Thu, 07 May 2026 01:12:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=48044208</link><dc:creator>theteapot</dc:creator><comments>https://news.ycombinator.com/item?id=48044208</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48044208</guid></item></channel></rss>