Hacker Newsnew | past | comments | ask | show | jobs | submit | est's commentslogin

I am using a different approach.

`user.email` is always my email.

`user.name` is either my account name, or model name like `gpt-5.5-high`.

I can easily filter & blame which line was written by me or some specific AI

reply


Nice! I've been doing similar, but prefer using Co-authored-by, especially as it allows for cases where there may be multiple models in play

reply


That doesn’t quite work for cases where you’re either the primary author of a commit (asking the model for some touch ups) or when you heavily edit model output. Easier to just say “this is who’s driving the AI” and keep it to your username.

reply


> doesn’t quite work for cases

In that case, the "Co-authored-by: Copilot" method doesn't quite work either. You have to split the commit somehow.

> this is who’s driving the AI

As indicated by the consistent user.email value.

reply


Hm, why? Just attribute it to yourself and be done with it. Is there a use case for classifying commits as AI assisted? Besides corporate bureaucracy.

reply


Today junior assembly language programmer are all gone, too.

reply


Yes and that’s why I can charge premium rates for debugging. Most people cannot read a stack trace anymore.

reply


And that’s going to cause serious issues when people like Linus die and nobody knows how to make operating systems anymore.

We’ve been coasting along on a single generation who have ruled with iron fists.

reply


I added these

    AmbientCapabilities=CAP_NET_BIND_SERVICE
    CapabilityBoundingSet=CAP_NET_BIND_SERVICE
    NoNewPrivileges=yes
to my .service. Is it good enough?

reply


Good enough for what?

I could be wrong, but I’m not sure those settings are enough to mitigate Copy Fail.

If your distro offers a patched kernel, it’s best to upgrade to that one and reboot.

You can also disable the vulnerable module (how to do it depends on what distro you’re using). But if you stay on an old unpatched kernel you might be exposed to other vulnerabilites.

reply


You are misinterpreting my goal here. I have patched my kernel against copy fail but I am thinking of ways to harden my setup against future CVEs in the kernel.

So the question is, before I learned about copy fail, what could I have done that would have limited the possible damage this vulnerability could do to me? CapabilityBoundingSet is one answer and rootless podman as mentioned in this article is another. They don’t prevent all but at least `su` is useless.

reply


If so, I would look into applying a decent seccomp profile.

Other hardening solutions could be to run the workloads inside of a VM such as Firecracker, or gVisor. But that might be more work to implement compared to seccomp.

reply


the go-to method is using frames.

reply


Then there's uwsgi protocol. It's also an RPC for basically everything.

reply


I maintain an internal wiki, the contents were generated by each CI/CD and always reflects from latest running code.

reply


China had many >1M KM electric taxies. Usually they degrade after 200,000 km, and they are like 2 generations behind the latest ones.


Now someone please revive Microsoft Encarta ...


https://news.ycombinator.com/from?site=openclaw.ai

hot damn


Wow. I’m curious as to why so much spam.


installed since last HN post. So Bonsai (1-bit) and Ternary-Bonsai are different?

Can it be run on browsers with WASM/WebGPU?


yep! :) https://huggingface.co/spaces/webml-community/bonsai-ternary...


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: