frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

I made my VM think it has a CPU fan

https://wbenny.github.io/2025/06/29/i-made-my-vm-think-it-has-a-cpu-fan.html
39•todsacerdoti•31m ago•3 comments

Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok

https://github.com/octelium/octelium
75•geoctl•3h ago•29 comments

Using the Internet without IPv4 connectivity

https://jamesmcm.github.io/blog/no-ipv4/
167•jmillikin•6h ago•59 comments

Bloom Filters by Example

https://llimllib.github.io/bloomfilter-tutorial/
32•ibobev•2h ago•4 comments

The Unsustainability of Moore's Law

https://bzolang.blog/p/the-unsustainability-of-moores-law
81•shadyboi•7h ago•47 comments

Performance Debugging with LLVM-mca: Simulating the CPU

https://johnnysswlab.com/performance-debugging-with-llvm-mca-simulating-the-cpu/
4•signa11•45m ago•1 comments

More on Apple's Trust-Eroding 'F1 the Movie' Wallet Ad

https://daringfireball.net/2025/06/more_on_apples_trust-eroding_f1_the_movie_wallet_ad
396•dotcoma•6h ago•225 comments

MCP: An (Accidentally) Universal Plugin System

https://worksonmymachine.substack.com/p/mcp-an-accidentally-universal-plugin
658•Stwerner•1d ago•295 comments

Sequence and first differences together list all positive numbers exactly once

https://oeis.org/A005228
43•andersource•4d ago•14 comments

What UI first distinguished radio buttons from checkboxes with circles/squares?

https://retrocomputing.stackexchange.com/questions/31806/what-ui-first-distinguished-radio-buttons-from-checkboxes-with-circles-and-squar
40•azeemba•3d ago•27 comments

Solving `Passport Application` with Haskell

https://jameshaydon.github.io/passport/
222•jameshh•15h ago•86 comments

How to Leave the House

https://buttondown.com/monteiro/archive/how-to-leave-the-house/
36•zdw•2d ago•34 comments

Show HN: A different kind of AI Video generation

23•fcpguru•3d ago•7 comments

Implementing fast TCP fingerprinting with eBPF

https://halb.it/posts/ebpf-fingerprinting-1/
12•halb•3h ago•1 comments

The Death of the Middle-Class Musician

https://thewalrus.ca/the-death-of-the-middle-class-musician/
186•pseudolus•16h ago•392 comments

Show HN: SmartStepper – Multi-Step Form Library with Config-Based Flow

https://github.com/Miladxsar23/smartstepper
4•milad_shirian•31m ago•1 comments

Engineered Addictions

https://masonyarbrough.substack.com/p/engineered-addictions
587•echollama•23h ago•356 comments

Improving River Simulation

https://undiscoveredworlds.blogspot.com/2025/04/improving-river-simulation.html
38•Hooke•3d ago•0 comments

We ran a Unix-like OS on our home-built CPU with a home-built C compiler (2020)

https://fuel.edby.coffee/posts/how-we-ported-xv6-os-to-a-home-built-cpu-with-a-home-built-c-compiler/
278•AlexeyBrin•1d ago•27 comments

Schizophrenia is the price we pay for minds poised near the edge of a cliff

https://www.psychiatrymargins.com/p/schizophrenia-is-the-price-we-pay
126•Anon84•17h ago•176 comments

BusyBeaver(6) Is Quite Large

https://scottaaronson.blog/?p=8972
240•bdr•21h ago•166 comments

JavaScript Trademark Update

https://deno.com/blog/deno-v-oracle4
801•thebeardisred•19h ago•281 comments

What LLMs Know About Their Users

https://www.schneier.com/
7•voxleone•3d ago•2 comments

Magnetic Tape Storage Technology: usage, history, and future outlook

https://dl.acm.org/doi/10.1145/3708997
23•matt_d•7h ago•3 comments

Life of an inference request (vLLM V1): How LLMs are served efficiently at scale

https://www.ubicloud.com/blog/life-of-an-inference-request-vllm-v1
154•samaysharma•19h ago•17 comments

2025 ARRL Field Day

https://www.arrl.org/field-day
114•rookderby•19h ago•34 comments

Community Is Motivation on Tap

https://alanwu.xyz/posts/community/
87•lunw•4d ago•33 comments

An Indoor Beehive in My Bedroom Wall

https://www.keepingbackyardbees.com/an-indoor-beehive-zbwz1810zsau/
133•gscott•21h ago•62 comments

Abusing copyright strings to trick SW into thinking it's running competitor's PC

https://devblogs.microsoft.com/oldnewthing/20250624-00/?p=111299
53•mastazi•3d ago•10 comments

Is being bilingual good for your brain?

https://www.economist.com/science-and-technology/2025/06/27/is-being-bilingual-good-for-your-brain
111•Anon84•21h ago•133 comments
Open in hackernews

AI slop security reports submitted to curl

https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd
70•nobody9999•6h ago

Comments

Rygian•4h ago
Taking for example the one listed as https://hackerone.com/reports/2871792.

With the advantage of hindsight, the issue should have been entirely dismissed, and the account reported as invalid, right at the third message (November 30, 2024, 8:58pm UTC); the fact that curl maintainers allowed the "dialog" to continue for six more messages shows to be a mistake and a waste of effort.

I would even encourage curl maintainers to upfront reject any report that fails to mention a line number in the source code, or a specific piece input that triggers an issue.

It's unfortunate that AI is being used to worsen the signal/noise ratio [1] of such sensitive topics such as security.

[1] http://www.meatballwiki.org/wiki/SignalToNoiseRatio

zeta0134•4h ago
It's pretty clear that in like half of these the "researcher" is just copy pasting the followup questions back into whatever LLM they used originally. What a colossal waste of everyone's time.

I think the only saving grace right this second is that the hallucinations are obvious and text generation is just awkward enough in overly-eager phrasing to recognize. But if you're seeing it for the first time, it can be surprisingly convincing.

raverbashing•4h ago
Honestly? Might be wiser block submissions from certain parts of the world that are known for spamming things like that

Or have an infosec captcha, but that's harder to come by

bluGill•11m ago
As time goes on they are getting faster at closing such reports. However they started off with an assumption of honesty and only after peing burned repeatedly given up.

this is bad for the honest person who can't describe a real issue well though.

heybrendan•4h ago
I worked my way through about half the examples. What appalling behavior by several of the "submitters".

This comment [1] by icing (curl staff) sums up the risk:

> "This report and your other one seem like an attack on our resources to handle security issues."

Maintainers of widely deployed, popular software, including those whom have openly made a commitment to engineering excellence [2] and responsiveness [like the curl project AFAICT], can not afford to /not/ treat each submission with some level of preliminary attention and seriousness.

Submitting low quality, bogus reports generated by a hallucinating LLM, and then doubling down by being deliberately opaque and obtuse during the investigation and discussion, is disgraceful.

[1] https://hackerone.com/reports/3125832#activity-34389935

[2] https://curl.se/docs/bugs.html (Heading: "Who fixes the problems")

bgwalter•1h ago
49 points, 4 hours, but only on page three.

This is a highly relevant log of the destructive nature of "AI", which consumes human time and has no clue what is going on in the code base. "AI" is like a five year old who has picked up some words and wants to sound smart.

I suppose the era of bug bounties is over.

bfrog•1h ago
AI slop is coming in all forms. I see people using AI for code reviews on github now and they are net negative leading people to do the wrong things.
anal_reactor•48m ago
The consequence of having an issue report system is that people submit random shit just to report something. The fact that they use AI to autogenerate reports allows them to do that at an unprecedented scale. The obvious solution to this problem is to use AI to filter out reports that aren't valuable. Have AI talk to AI.

This might sound silly but it's not. It's just an advanced version of automatic vulnerability scans.

AlSweigart•2m ago
The primary use case of LLMs is producing undetectable spam.