A human security researcher found the core issue and an agent searched for where to apply it. I don’t think “an agent found it in one hour” is a fair summary of what happened.
"The starting insight — that splice() hands page-cache pages into the crypto subsystem and that scatterlist page provenance might be an under-explored bug class — came from human research by Taeyang Lee at Xint.
From there, Xint Code scaled the audit across the entire crypto/ subsystem in roughly an hour. Copy Fail was the highest-severity finding in the run."
So, if anything, this might argue against the presence of huge quantities of high-severity bugs in this part of the Linux kernel (that could be found by "Xint Code"-class scanning systems).
I was a bit rough, agreed, but the overall point is still correct, I kinda want to emphasize that I've also ran hundred of loops recently (combination of opus-4.6/gpt-5.4/gemini-3.1-pro-preview) toward a Rust codebase that we manage and that we deemed secure after many audits and found 2 serious issues as well in it, this was also audited externally by a third party that we've paid, which makes me genuinely scared of releasing anything without deep AI verification nowadays.
What I was describing is a way to quickly onboard a friend who I want to friend, because chances are zero of my friends will have this app yet.
If the connect with friend interface also had a QR code for app download and could trigger a connection between our accounts upon download, that would remove enough friction that I could start recommending this to my friends on the fly.
Accelerometer, by putting the two phones together and shaking (some app used to do this, but I can't find it with a quick search). Edit: I might have been thinking of Bump, mentioned downthread, though it's a different physical mechanism: https://en.wikipedia.org/wiki/Bump_(application)
Camera, and point it at their changing screen (or both at the same scene at the same moment). Not too intrusive.
GPS, but that would require location permission. Intrusive.
Audio, but that would require allowing microphone. Intrusive.
slightly OT but the technology behind Bump was genuinely mindblowing at the time. Phones didn't have NFC or anything like that, and they didn't use much accuracy in the way of location data, so they basically just had a general "city block" location, timestamp, and accelerometer readings and would invert the accelerometer reading and look for identical accel + timestamp.
We tested it one time with like 10 phones and everyone bumping each other / the wall as a control, in the same room and it nailed every actual pairing and ignored the others. The wiki has more, but lacks the subjective experience of how magic it was.
Watching this, I can only describe it as holy. An incredible reminder of what humanity can do, and the beauty of our curiosity and the universe around us. I grew up learning that my great uncle was in Mission Control for Apollo; missions like this are what inspired me to pursue engineering in the first place.
Yep, while we are measurably destroying the Earth's biodiversity orders of magnitudes faster than the mass extinction that killed the dinosaurs. And this is without global warming, which is another great thing we are doing.
Arguably, the biggest thing humanity is doing is killing the Earth. Great that we have some comfort in doing fun things on the side.
My encouragement would be to take this and point to it to make those problems seem tractable, which they are with political will. “We went to the moon! Surely we can …”
I would like to see a system like New York's campaign finance vouchers, where individual citizens get to decide where the public funds are directed. That way you have to have an audience and you have to appeal to people's sense of what's truly valuable, rather than just trying to farm views.
I think social pressure is the best weapon we have against these. The people who use them want to seem cool, so make it seem like these are weird, dorky, and creepy and they won’t take off.
Which, importantly, drives more renewables and storage development because it makes the renewables fantastically profitable to run: near zero cost for you, but paid the price set by gas.
You're not sure if human to human interaction is intrinsically more valuable than a human talking to a facsimile? That feels like a very dangerous position to hold for one's ethical calculations and general sanity. I'm clinging tightly to the value of the bond with other people, even the passing connection, but certainly with my family members as this article is about.
i much prefer using the ATM, self-checkouts and an e-commerce website, over having to talk to somebody at a branch to get money, buy my groceries, or booking a holiday.
Human to human may be more valuable, but that may not have much to do with the truth in their statements. For example if your relatives are hooked up to a constant misinformation feed it gets to become problematic to communicate and deal with them.
"Is this a deepfake video call" is a major plot point in a pretty big movie currently in theaters, so I think this is getting into the broader zeitgeist.
reply