Lukas's Avatar

Lukas

@lxgr.net.bsky.social

46 Followers  |  60 Following  |  199 Posts  |  Joined: 27.11.2023  |  2.0688

Latest posts by lxgr.net on Bluesky

Matches my experience completely. It's pretty good at coming up with small/one-off scripts or single-page web apps, OK at working in large existing code bases, but an absolute beast at finding bugs given a detailed description of symptoms and a few pointers.

01.11.2025 18:08 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Not all OSes allow trusting self-signed certs only for a particular set of hostnames, and if they don't, the associated private key becomes incredibly risky (since anyone getting it would be able to pose as google.com etc. to you as well).

Some OSes don't even have a system-wide trust store at all!

29.10.2025 14:35 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

A real shame there’s no mechanism browsers can indicate language preferences to websites, like a request header or something.

Fortunately IP addresses map to user language preferences perfectly.

07.09.2025 07:26 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Logged in to my Spotify account on the web once when traveling to update my card, and now the web interface, while logged in with my account they know the country/language for perfectly well, is persistently in a language I don’t speak, even after returning.

07.09.2025 07:25 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Amazing new age verification procedure requires no government ID, no credit card numbers, no photography

import { setTimeout } from 'node:timers/promises'

const verifyAge = async () => {
await setTimeout(568_036_800_000)
return true
}

03.09.2025 21:26 β€” πŸ‘ 284    πŸ” 56    πŸ’¬ 7    πŸ“Œ 3

So the model powering β€œGPT-5” in the UI (modulo β€œrouting to the thinking model”) is called β€œgpt-5-chat” in the API, while the one powering β€œGPT-5 Thinking” is called β€œgpt-5”?

This has got to be intentional at this point.

12.08.2025 21:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Men don't care what models are on ChatGPT. They only care what other models are on ChatGPT.

09.08.2025 08:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

USDL is pegged to USD and is domiciled in Abu Dhabi, as far as I know. No idea if that’s available to residents there, though.

21.07.2025 11:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

NatΓΌrlich, Selbstanzeige. WΓ€re fΓΌr das kriminell schlechte LLM dieses Zusammenfassungs-Bots auch ΓΌberlegenswert.

20.07.2025 18:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Ah, and the other one requires an app to have verified some companion domain and then allows only that as RPID, IIRC?

Thanks for doing all of this, by the way, I hope having a great use case finally convinces Bitwarden to also support PRF :)

16.07.2025 02:05 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Speaking of that, did your explorations of using the FIDO "backend API" on macOS in CLI tools lead anywhere, or does that still require some browser-only code signing entitlement?

16.07.2025 01:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It's slightly different from a smart card in that the key inevitably is revealed to the host computer with the PRF extension, but for applications that only use the smartcard for key (un)wrapping it's effectively equivalent.

16.07.2025 01:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

On the other hand, having somebody/something really intelligent working for you certainly helps a lot.

15.07.2025 01:19 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I don’t think being a majority holder of voting shares allows you to make decisions that disadvantage minority shareholders. (Otherwise, people would vote for things like β€œdon’t pay any more dividends to these 49% of shareholders” all the time.)

14.07.2025 22:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

You might be delighted/horrified to learn that the machine-readable zone of ICAO passports encodes all dates as YYMMDD – including the date of birth.

14.07.2025 19:44 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

> new Date("πŸ“…")
Invalid Date

*monocle drop*

11.07.2025 20:39 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Excuse me but deluding myself into thinking I saved everyone some time by monologuing at an intern who didn’t ask any question whatsoever isn’t novelty, that’s a core part of my professional identity

11.07.2025 01:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Please contain me

08.07.2025 20:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
GitHub - lxgr/vibeserver: A little webserver making things up just in time A little webserver making things up just in time. Contribute to lxgr/vibeserver development by creating an account on GitHub.

Woah, this is literally on my to do list for vibeserver

github.com/lxgr/vibeser...

04.07.2025 18:02 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I am become Parrot, the repeater of words

01.07.2025 17:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Identity documents supporting interactive cryptographic authentication have been around for decades now (e.g. ICAO 9303 "biometric passports"), and I wouldn't be surprised if some government had a stockpile of a few hundred million ICs that can only do ECDSA and/or RSA as a result 😬

30.06.2025 15:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
WhatsApp news of the week: feature to translate messages and channel updates is available for Android | WABetaInfo Discover WhatsApp beta news of the week for Android, iOS, and Desktop: message translations, advanced chat privacy, and channel media!

Yeah, sending stuff back to their servers would be really unfortunate, especially when newer phones are basically fast enough to just summarize locally.

It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...

24.06.2025 03:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
WhatsApp beta for Android 2.25.19.8: what's new? | WABetaInfo The WhatsApp beta for Android 2.25.19.8 update previews a new Writing Help feature powered by AI Meta Private Processing to enhance messages.

Oh, interesting, seems like this is it: wabetainfo.com/whatsapp-bet...

Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).

24.06.2025 02:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Huh, I don’t think I’ve seen summarization then.

24.06.2025 02:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It’s not really summarization. You can tag β€œMeta AI” into any chat, which is just a regular server-side LLM and as such obviously not end-to-end encrypted. This is somewhat explained in a pop up at first use, but obviously people don’t read that.

24.06.2025 02:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

That’s an odd pelican πŸ€”

07.06.2025 21:08 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

I've (very non-scientifically) measured something like a 30% speedup on an M1, but Ollama has the significant upside of being able to keep the model in memory between script executions, so I usually only end up using `llm-mlx` models over `llm-ollama` ones when I expect processes to be long-running.

04.06.2025 01:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Time for a strategic CHF reserve! (Or maybe outright of ISO spec PDFs? I feel like they were β€œonly” CHF 179 a while ago)

03.06.2025 16:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

How would you vet multiple anonymous sources of the same hash?

Might as well all be sockpuppets of somebody that hopes you’ll implement a backdoor/vuln for them for the low sum of CHF 199…

03.06.2025 16:49 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is actually a legitimately scary attack vector. I bet the number of systems implemented against a bootleg copy of some security-relevant ISO standard is larger than zero…

03.06.2025 16:47 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@lxgr.net is following 19 prominent accounts