Previously: <https://news.ycombinator.com/item?id=48131847>

Yes, sorry - there's luck of the draw involved in which submission of a URL gets noticed. We're eventually planning to have some sort of karma sharing system for such cases...

(Generally people only link to the previous threads that got some (interesting) comments, since otherwise readers will click on the link and be disappointed and complain.)

Hmm I wonder why one gets attention and the other did not. HN need the "duplicate" feature SO had.

It killed SO though.

Besides, the commit history[0] also looks very special:

- 1a0a9b3e9831d9bdbc9d8eba601aa2fa5e9d2708: 4

- 277d6c85c8fd27581c245940e91a40ad2a9114da: may26-3

- 2d2e56ab6228b4814b4a0bc06864e46a68bb40ea: may26-2

...

- d5c117af131c6140f08325882f6b368d91ab6ae8: May 20 2026 - 1

- 715d5250e4bb65cecc7a5c4aa082fc95b717c449 (root): ironwall compiler

[0]: https://github.com/3WyUFvDOdCbBw7gOZHwcfgKF/ironwall/commits...

> the maintainer didn't catch that

They actually did notice something in <https://github.com/jqwik-team/jqwik/issues/708#issuecomment-...>:

> One short request before I go into details. Could you disclose on whose behalf you're discussing this? Just personal interest is fine, I just want to make sure that I'm not spending my time with some AI-driven company, let alone an LLM-controlled agent.

Yeah I read it. To which the other side moved from "we" to first person and said they are a solo developer, in a very long reply.

I first read this from the author's posting to oss-security. Turns out that the author did agree to revise the blog post for the "admin cap for root shell" part [^0]. [^1] would probably tell more.

The title looks like clickbait to me.

[^0]: https://www.openwall.com/lists/oss-security/2026/05/08/10

[^1]: https://www.openwall.com/lists/oss-security/2026/05/08/14

The PR author didn't even bother to properly capitalize their subject and add a description. What a double standard for code quality Macroslop is applying to internal vs. external contributions.

The industry's goal is to ship fast and profitably. A learner's goal isn't.

Oh that’s such a high horse position lol - I try and learn as much as possible every day by shipping fast and profitably. Learning to be successful in industry is a completely valid (and common) goal.

This resembles some serverless pastebins. Data is serialized into the fragment part, and client-side JS deserializes them. The only practical difference is that this app sets them as HTML while those set them as text.

IIRC Mozilla usually categorize internally-found bugs into a few large CVE IDs, grouped by severity, with around ten or so bugs in each. Every advisory gets several CVEs of this kind, for example, <https://www.mozilla.org/en-US/security/advisories/mfsa2026-2...>, <https://www.mozilla.org/en-US/security/advisories/mfsa2026-1...>, <https://www.mozilla.org/en-US/security/advisories/mfsa2026-0...>, etc.

> So, cyber security of tomorrow will not be like proof of work in the sense of "more GPU wins"; instead, better models, and faster access to such models, will win.

It's not proof of work, but proof of financial capacity.

The big companies are turning the access to high-quality token generators (through their service) into means of production. We're all going direct to Utopia, we're all going direct the other way.

There's no "proof" involved. That's the problem with the analogy. It's not about how much "financial capacity" you have. It's about how many bugs you find or fix. The bugs are there where the models help attackers/defenders or not.

`jj new` works like `git checkout` most by creating an empty revision on the top. `jj edit` on the other hand resembles `git checkout; [edits...]; git add -A; git commit --amend --no-edit`.