I've been doing some reverse engineering recently and have found Gemini 3 Pro to be the best model for that, surprisingly much better than Opus 4.5. Maybe it's time to give Codex a try

Curious what your workflow is for reverse engineering with LLMs? Do you run the LLM in an IDE?

Out of interest, how much does ZDI pay for a bug like this?

They probably don't accept something like this. Not that many Posthog self-hosted instances out there...

That's what I thought too, but the article says it was submitted to ZDI and they handled the communication with Posthog

All of these vulnerabilities accepted by ZDI.Feel free to search the following codes. ZDI-CAN-25351. ZDI-CAN-25352. ZDI-CAN-25350. ZDI-CAN-25358.

They do scan but they miss a lot. The frequency decreased after Github started scanning all repositories but I still report leaked secrets to bug bounty programs pretty often. Unfortunately Home Depot don't have a bug bounty program so I don't scan them.

No because it allows you to set the bozo bit on them and completely disregard anything they say in the future

You can find a dozen projects on Github that do this, it's not sensitive information that needs protecting

I think you have a very skewed view of what people interested in cryptocurrency are like.

> I think you have a very skewed view of what people interested in cryptocurrency are like.

Given that it's a heavenily gift for criminals (including those wishing to evade taxation on otherwise legit commercial activity) while leeching a good share of world's energy resources, I think he's excused.

I think it's a pretty accurate view of the average non-developer-crypto-enthusiast. I'm not sure how well it translates to the developer side.

Absolutely! It's a spectrum and people lie somewhere on it. I can't have a picture of the entirety of it (though I'd love to), but I can only go off my own experiences. I try and get as full a picture as I can, but it's unfortunately going to be skewed. yours is too. I'd love to hear which way your POV skews towards

They're great if you need raw processing power but they have a very backwards, German view of the internet where even a port scan is considered abuse. It's very easy to get your machine nullrouted or account closed.

I use them a lot for backend data processing but anything public facing I host at AWS or Digital Ocean who have a more reasonable approach to the internet.

I looked into swapping to Apple Music before but couldn't find a way to play lossless music on Linux making swapping pointless. Apparently[0] decryption for lossless isn't supported for 3rd party clients.

Anyone know of a way around this?

[0]: https://github.com/ciderapp/Cider/discussions/889

Bevy has a lot of features enabled by default that add to the size. You can get bevy-snake down to 12 MB (3.2 MB gzipped, 1.9 MB brotli'd) if you only enable rendering and sprites, and strip the function names section.

It's still a little bigger than I would like, but it's not terrible.

It's a really barebones snake game that should take less than 12 kb. Anyway I get that it's more of a proof of concept for Bevy.

That's absolutely not the case, HN is mostly people who think they're geniuses because they can program computers. Read the comments on any post about a topic you know a lot about and you'll see it's full of people talking very confidently about things they know very little about. There are of course some very smart people mixed in, but it's hard to pick those people out from the noise.