<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: zzril</title><link>https://news.ycombinator.com/user?id=zzril</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 09 Jul 2026 21:56:22 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=zzril" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by zzril in "GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos"]]></title><description><![CDATA[
<p>Guardrails are essentially part of the input. Saying "but we have guardrails" is like saying "but we do trust part of the input".<p>Either way, even if you trust 100% of the input, there is actually no way to guarantee that you can trust the output of the LLM. (Which, I guess, is also true for every dependency you pull in. But for those, you at least have ways to audit them.)</p>
]]></description><pubDate>Wed, 08 Jul 2026 08:37:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=48829241</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48829241</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48829241</guid></item><item><title><![CDATA[New comment by zzril in "GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos"]]></title><description><![CDATA[
<p>> In most agentic prompt injection attacks, the agent treats the wrong content as a trusted source of instructions and allows itself to be misdirected or misused. This happens when the system fails to maintain a strict trust boundary between system-level directives and untrusted user data.<p>How on earth is a probabilistic token predictor supposed to turn untrusted user input into trusted system-level directives? The strict trust boundary must be maintained on this side of the agent, not within it.</p>
]]></description><pubDate>Wed, 08 Jul 2026 07:48:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=48828863</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48828863</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48828863</guid></item><item><title><![CDATA[New comment by zzril in "EU Council forces Chat Control via fast-track"]]></title><description><![CDATA[
<p>I have conditioned my left first finger and pinky to just hammer F5 and Esc until the page loading stops at the right moment...</p>
]]></description><pubDate>Sun, 05 Jul 2026 23:16:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=48798912</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48798912</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48798912</guid></item><item><title><![CDATA[New comment by zzril in "Web-based cryptography is always snake oil"]]></title><description><![CDATA[
<p>in fact, this could be generalized more and doesn't neccessarily have to be about hiding <i>messages</i>. We've all heard the discussions about using VPNs "for privacy" (i. e. for hiding your IP metadata), when it's really just shifting trust away from your ISP and towards the VPN supplier.<p>It always comes down to who the alternative party to trust would be. In the fictional dialogue, the alternative appears to be to not send the message. Which may or may not be the better option than to give Eve eavesdropping capabilities.</p>
]]></description><pubDate>Sun, 05 Jul 2026 22:34:05 +0000</pubDate><link>https://news.ycombinator.com/item?id=48798577</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48798577</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48798577</guid></item><item><title><![CDATA[New comment by zzril in "Web-based cryptography is always snake oil"]]></title><description><![CDATA[
<p>I guess you could make a point for using messengers based on open protocols (like Matrix) that have plenty of different client implementations. It doesn't protect you from targeted attacks (it might if you can somehow hide from the outside world which client you're using, or if you write and maintain the client yourself) - but it makes it less likely to be affected if your favourite agency managed to backdoor <i>some</i> random client implementation.</p>
]]></description><pubDate>Sun, 05 Jul 2026 22:22:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=48798478</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48798478</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48798478</guid></item><item><title><![CDATA[New comment by zzril in "Phosh 0.56.0"]]></title><description><![CDATA[
<p>SXMO is pretty minimal in that regard, but it doesn't force you to use the touchscreen. Can also navigate through menus via the volume buttons...</p>
]]></description><pubDate>Sun, 05 Jul 2026 14:53:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=48794734</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48794734</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48794734</guid></item><item><title><![CDATA[New comment by zzril in "If you're a button, you have one job"]]></title><description><![CDATA[
<p>As a user, I much prefer a blocking UI thread to one that lets me spam clicks on the "rotate left" and "flip along vertical axis" buttons and then makes me wonder why the resulting image is not the flipped verstion of what I saw the moment when I clicked "flip".
However, I do like being able to abort my operations, and a blocking thread does not let me do that.<p>It might be quite a hard problem to determine which buttons should be disabled during which operations. One tricky candidate is the "safe" button. Should I be able to click it when the visual feedback I'm getting does not yet match the internal state of the application (which is what will be saved)? Should I be able to start further tasks when the save is still in progress? (If so, what if the save fails? Will I be able to roll back to the state before the attempted save and try again?)</p>
]]></description><pubDate>Sun, 05 Jul 2026 11:25:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=48793269</link><dc:creator>zzril</dc:creator><comments>https://news.ycombinator.com/item?id=48793269</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48793269</guid></item></channel></rss>