flexagoon (u/flexagoon)

flexagoon commented on Malicious versions of Nx and some supporting plugins were published github.com/nrwl/nx/securi... · Posted by u/longcat

skydhash · 2 days ago

I actually loathe those progress trackers. They break emacs shell (looking at you expo and eas).

Why not print a simple counter like: ..10%..20%..30%

Or just: Uploading…

Terminal codes should be for TUI or interactive-only usage.

flexagoon · a day ago

I feel like not properly supporting widely used escape codes is an issue with the shell, not with the program that uses them

flexagoon commented on AI tooling must be disclosed for contributions github.com/ghostty-org/gh... · Posted by u/freetonik

estimator7292 · 8 days ago

Do I also have to disclose using tab completion? My IDE uses machine learning for completion suggestions.

Do I need to disclose that I wrote a script to generate some annoying boilerplate? Or that my IDE automatically templates for loops?

flexagoon · 8 days ago

No, it explicitly says that you don't need to disclose tab completion.

flexagoon commented on How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos research.kudelskisecurity... · Posted by u/spiridow

KingOfCoders · 9 days ago

The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR.

flexagoon · 9 days ago

Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it.

flexagoon commented on Zig's Lovely Syntax matklad.github.io/2025/08... · Posted by u/Bogdanp

conaclos · 18 days ago

I like the idea of repeating the delimiter on every line. However `//` looks like a comment to me. I could simply choose double quote:

    const still_raw =
        "const raw =
        "    "Roses are red
        "    "  Violets are blue,
        "    "Sugar is sweet
        "    "  And so are you.
        "    "
        ";
        "
    ;

This cannot be confused with a string literal because a string literal cannot contain newline feeds.

flexagoon · 18 days ago

What if you have something like

    const raw =
        "He said "Hello"
        "to me
    ;

Wouldn't that be a mess to parse? How would you know that "He said " is not a string literal and that you have to continue parsing it as a multiline string? How would you distinguish an unclosed string literal from a multiline string?

flexagoon commented on Historical Tech Tree historicaltechtree.com/... · Posted by u/louisfd94

mikewarot · 22 days ago

My particular interest is in screw cutting lathes, and it appears that the Wikipedia entry[1] (on which this seems to be based) was off by about 25 years (1775 instead of 1800), and thus copied to this work. I've let the folks at Wikipedia know.

[1] https://en.wikipedia.org/wiki/Screw-cutting_lathe

flexagoon · 21 days ago

> I've let the folks at Wikipedia know.

What "folks at Wikipedia"? Can't you just edit the date yourself?

flexagoon commented on GPT-5 openai.com/gpt-5/... · Posted by u/rd

mustaphah · 21 days ago

Is there any value in using XML elements to guide the model instead of simple text (e.g., "Recommendation criteria:")?

flexagoon · 21 days ago

XML tags generally help models understand prompts better. That's how most official system prompts are written and what the Anthropic prompting guide says.

flexagoon commented on Complete silence is always hallucinated as "ترجمة نانسي قنقر" in Arabic github.com/openai/whisper... · Posted by u/edent

codedokode · a month ago

I tried googling this and found questions from Telegram users why voice messages recognition sometimes produces this phrase and who is this person. Also I found this thread [1] claiming that the subtitles by DimaTorzok are coming from some Russian youtube videos on gaming like [2].

[1] https://github.com/openai/whisper/discussions/2372

[2] https://www.youtube.com/watch?v=FAqyUuahMlc&t=401s

flexagoon · a month ago

Yeah, I know about this from Telegram, because they use Whisper for voice message recognition. There are a bunch of other artifacts it often produces.

flexagoon commented on Complete silence is always hallucinated as "ترجمة نانسي قنقر" in Arabic github.com/openai/whisper... · Posted by u/edent

flexagoon · a month ago

In Russian it often hallucinates "Субтитры сделал DimaTorzok" ("Subtitles by DimaTorzok") at the end of things. Interestingly, I wasn't able to find any YouTube videos with that name in the subtitles, so it's not like it's in a lot of training data.

flexagoon commented on Linux and Secure Boot certificate expiration lwn.net/SubscriberLink/10... · Posted by u/pabs3

ACCount36 · a month ago

Take an iPhone or a Switch. Then disable Secure Boot on it. Good fucking luck.

The reason why Apple or Nintendo go out of their way to make this impossible isn't user security. It's the "security" of their 30% App Store cut.

Out in the wild, Secure Boot exists to "secure" vendor revenue streams - and PCs are the only devices where it's even possible for the user to disable it. Most of the time.

What's happening in smartphone space is enough of a reason to treat Secure Boot on PC like an ongoing attack. The only reason why there are still legitimate ways to disable or adjust it is that most PC manufacturers don't have their own app store.

flexagoon · a month ago

> It's the "security" of their 30% App Store cut.

> most PC manufacturers don't have their own app store.

I feel like you misunderstand what Secure Boot does. It has absolutely nothing to do with userspace apps or app sideloading. It's true that you can't easily sideload apps on Apple devices - but that has absolutely nothing to do with Secure Boot, neither do userspace apps have anything to do with it on any other device.

flexagoon commented on Linux and Secure Boot certificate expiration lwn.net/SubscriberLink/10... · Posted by u/pabs3

porridgeraisin · a month ago

Secure boot, disk encryption, etc are more trouble than they are worth IME. I have them all off.

Qualifier: for personal computers that you don't take regular backups of, test backups, etc

flexagoon · a month ago

Secure Boot's benefits are definitely not as strong (I don't think flashing custom backdoored firmware is a common attack vector for personal computers), but FDE is still useful in case your laptop gets stolen, because thieves looking for sensitive data on a hard drive is a thing that does actually happen.

I also wouldn't really say it's much trouble. If you have a TPM and use systemd, you can set it up to unlock FDE automatically on boot, otherwise, you just have to input an extra password when turning on your machine.