Hacker News: whyever

New comment by whyever in "Someone bought 30 WordPress plugins and planted a backdoor in all of them"

whyever — Tue, 14 Apr 2026 22:31:58 +0000

LLMs are vulnerable to prompt injection attacks, so I'm not sure they are in advantage.

New comment by whyever in "Rust in Android: move fast and fix things"

whyever — Thu, 13 Nov 2025 23:11:30 +0000

Note that N=1 for the memory safety vulnerabilities they had with Rust, so the error of the estimated average number of vulnerabilities per LOC is quite large.

New comment by whyever in "Notes by djb on using Fil-C"

whyever — Sun, 02 Nov 2025 11:34:20 +0000

It's missing which point?

New comment by whyever in "A brief history of random numbers (2018)"

whyever — Wed, 29 Oct 2025 19:55:07 +0000

I agree, but https://www.pcg-random.org/ still advertizes PCG as "challenging" to predict, and critizises other RNGs as predictable and insecure.

New comment by whyever in "Statistical Physics with R: Ising Model with Monte Carlo"

whyever — Fri, 19 Sep 2025 15:52:17 +0000

Yes, but this relation does but apply to statistical mechanics and statistical physics, they mean the same: https://en.wikipedia.org/wiki/Statistical_mechanics

What is included in "statistical physics" that is not included in "statistical mechanics"?

New comment by whyever in "Statistical Physics with R: Ising Model with Monte Carlo"

whyever — Fri, 19 Sep 2025 14:11:11 +0000

They are synonyms.

New comment by whyever in "Signal Secure Backups"

whyever — Tue, 09 Sep 2025 14:44:39 +0000

Signal asks you to repeat the key immediately before even enabling backups. It cannot fail much later unless you modify the digit after the check.

New comment by whyever in "Polars Cloud and Distributed Polars now available"

whyever — Thu, 04 Sep 2025 10:35:09 +0000

That's a good question! Especially after Frank McSherry's COST paper [1], it's hard to imagine where the sweet spot for Spark is. I guess for Databricks it makes sense to push Spark, since they are the ones who created it. In a way, it's their competitive advantage.

[1]: https://www.usenix.org/system/files/conference/hotos15/hotos...

New comment by whyever in "Everything is correlated (2014–23)"

whyever — Fri, 22 Aug 2025 07:38:08 +0000

It's a quantitative problem. How big is the error introduced by the simplification?

New comment by whyever in "Code review can be better"

whyever — Thu, 21 Aug 2025 07:48:52 +0000

I know some people who do trunk-based development with pair programming: You write the code together, and once you are satisfied, you merge it to the main branch, from where it is deployed to production if the tests pass. It works well for them.

New comment by whyever in "Guid Smash"

whyever — Mon, 18 Aug 2025 08:39:03 +0000

It would require a lot more memory, because you have to remember every generated UUID. And how would you do the partial match? You are not going to observe any collisions.

New comment by whyever in "Guid Smash"

whyever — Mon, 18 Aug 2025 08:33:43 +0000

Doesn't the clustering make collisions strictly more likely?

New comment by whyever in "Guid Smash"

whyever — Mon, 18 Aug 2025 08:31:21 +0000

You can also look at the expected number of collisions instead, which is approximately the number of random numbers squared, divided by the size of the space of random numbers.

Then you can choose how many collisions to accept on average. (If the answer is zero, then it makes more sense to look at the probability of one or more collisions.)

New comment by whyever in "GDPR meant nothing: chat control ends privacy for the EU [video]"

whyever — Sun, 17 Aug 2025 07:20:41 +0000

> With that access you can also "do" things, like sending messages or delete stuff.

If you break E2E encryption, you can likely also impersonate and "do" things.

New comment by whyever in "Rules by which a great empire may be reduced to a small one (1773)"

whyever — Fri, 08 Aug 2025 10:13:17 +0000

I know some conservative newspapers (Frankfurter Allgemeine Zeitung) kept using the old orthography for a while, but even they started using the new one in 2007, ten years after the reforms.

New comment by whyever in "Emailing a one-time code is worse than passwords"

whyever — Thu, 07 Aug 2025 11:52:31 +0000

Yes, in this case it would be easier to brute-force the key instead of the password, so the additional characters don't really help.

New comment by whyever in "Emailing a one-time code is worse than passwords"

whyever — Thu, 07 Aug 2025 07:09:28 +0000

Such long passwords are silly, they will be effectively truncated by the key length of the underlying cryptography.

New comment by whyever in "Air Force unit suspends use of Sig Sauer pistol after shooting death of airman"

whyever — Fri, 25 Jul 2025 12:30:28 +0000

That's not how errors add up, it's nonlinear. You have to take the sum of squares. So in your case, it wouldn't be 10 * 0.01 = 0.1, but sqrt(10 * 0.01^2) = 0.032, which is less than one third of a tenth.

New comment by whyever in "Meta says it won’t sign Europe AI agreement, calling it an overreach"

whyever — Sat, 19 Jul 2025 17:16:21 +0000

I think the argument was about automated killing, not automated weapons.

There are already drones from Germany capable of automatic target acquisition, but they still require a human in the loop to pull the trigger. Not because they technically couldn't, but because they are required to.

New comment by whyever in "Deno 2.4"

whyever — Mon, 07 Jul 2025 10:33:15 +0000

All the attacks you described also apply to downloading and executing a file. I don't think `curl | sh` is worse in this regard.