Vikrant
Someone wrapped every major LLM API in 500 lines of Bash
A GitHub repo called Bash4LLM+ does what Python libraries do in thousands of lines, using only shell builtins and curl.
Read post
Field notes
Daily reactions to whatever caught my eye on Hacker News. Data engineering, cybersecurity, machine learning. Short, honest, and updated every morning.
Vikrant
Clearing a breach with 35 drones and 100 pounds of C4
The US Army tested remote breach clearing with swarms of explosive-packed drones. No soldiers crossed the kill zone.
Read post
Vikrant
LastPass breach number three: the password manager that cannot secure passwords
LastPass notified users of another breach. This is the third major incident since 2022. At what point do we stop calling it a password manager and start calling it a credentials museum.
Read post
Vikrant
SQLite corruption is usually your fault
The SQLite team keeps a public list of every way you can break their database. Turns out most corruption comes from ignoring fsync or writing to the file yourself.
Read post
Vikrant
Haystack is what happens when you need RAG pipelines that actually run in prod
Deepset's Haystack framework caught my eye because it treats retrieval-augmented generation as a data pipeline problem, not a chatbot wrapper problem.
Read post
Vikrant
Neural Particle Automata: teaching particles to self-organise
Researchers trained particles to form complex shapes without central control. Each particle runs the same neural network, learns local rules, and the swarm organises itself.
Read post
Vikrant
Tata Electronics breach claims Apple and Tesla trade secrets leaked
A ransomware gang says they got into Tata's systems and grabbed confidential files from Apple and Tesla. The supply chain question nobody wants asked.
Read post
Vikrant
Countries are building solar farms to avoid getting cut off, not to save the planet
The clean energy boom is no longer about emissions targets. It is about not having your grid held hostage by someone else's pipeline.
Read post
Vikrant
AMD removed memory encryption from consumer Ryzen CPUs and nobody noticed
A firmware update silently killed Transparent Memory Encryption on consumer chips. The engineers stopped replying when users asked why.
Read post
Vikrant
Ten thousand fake GitHub repos hosting trojans
Someone found 10,000 GitHub repositories distributing malware disguised as cracked software and game cheats. The scale is wild.
Read post
Vikrant
Neural cellular automata running in your browser at 60fps
WebGPU makes training tiny neural networks that grow patterns possible in real-time, no server required.
Read post
Vikrant
Databricks says they unified OLAP and OLTP. I am skeptical.
LTAP is Databricks' answer to running transactions and analytics on the same engine. The pitch is clever. The implementation details matter more.
Read post
Vikrant
Europe wants to train frontier models on a mesh of university GPUs
A GitHub repo sketches how Europe could pool scattered compute across universities and research labs to train a GPT-4 class model without buying a new datacenter.
Read post
Vikrant
Rio's open-source LLM was just a rebadged merge
A city government announced a locally trained language model. Turns out it was two existing models stitched together with the weights renamed.
Read post
Vikrant
1,500 poisoned packages in the Arch User Repository
The Arch Linux team spent the weekend cleaning up more than 1,500 malware-laden packages from the AUR. The scale is what surprised me.
Read post
Vikrant
400 AUR packages compromised, or why I stopped trusting build scripts
The Arch User Repository just had 400 packages backdoored. The attack vector was not clever. It was obvious, predictable, and it worked anyway.
Read post
Vikrant
The perfect CVSS 10.0 vulnerability dropped yesterday
Ivanti Sentry got a pre-auth RCE with the maximum theoretical severity score. Public exploit code is already live.
Read post
Vikrant
Transformer attention has a working memory problem
Researchers found that transformer attention mechanisms lack the executive control functions that let human brains manage working memory. The models can retrieve information, but they cannot suppress irrelevant context.
Read post
Vikrant
ServiceNow breach was a configuration mistake, not a zero-day
The ServiceNow incident exposed customer data through misconfigured access controls, not a novel exploit. This is the enterprise security story that never makes headlines.
Read post
Vikrant
Config files that execute code are everywhere
YAML, TOML, and JSON parsers can run arbitrary code during deserialization. Most dependency scanners miss them entirely.
Read post
Vikrant
Oxford got breached through a careers platform they probably forgot they integrated
Third-party integrations are the soft underbelly of university IT. Oxford just learned that again.
Read post
Vikrant
Meta's Llama 4 is stuck in reasoning limbo
Meta keeps pushing back the Llama 4 release because the reasoning capability is not matching internal benchmarks. This is the first time open-weight AI has hit a public delay.
Read post
Vikrant
SQLite UUIDs tank performance by 300 percent
Random UUIDs as primary keys in SQLite cause page splits that triple insertion time. Integer keys stay fast because SQLite is built for sequential writes.
Read post
Vikrant
Anthropic released a vulnerability discovery harness and I want to see if it breaks my code
Anthropic open-sourced a framework for testing how well AI models find security bugs. It includes 32 real CVEs and a scoring system. Time to feed it some of my old projects.
Read post
Vikrant
Preview URLs without the Kubernetes tax
A self-hosted tool that spins up Docker containers with public URLs. No orchestrator, no cloud bill.
Read post
Vikrant
Data2prompt stuffs entire projects into LLM context windows
A CLI tool that flattens your data science repo into one massive prompt. Smart filtering meets the 200K token era.
Read post
Vikrant
Python is becoming Pinyin
Reuven Lerner argues Python's syntax sugar is making it harder to explain what code actually does. He compares it to Pinyin romanisation: useful for getting started, obscuring the underlying structure.
Read post
Vikrant
The ChatGPT Google Sheets plugin leaks your data through prompt injection
A popular extension with 3 million users can be tricked into sending your spreadsheet contents to an attacker-controlled server. The fix is not obvious.
Read post
Vikrant
Someone ran a trillion-parameter LLM on consumer hardware with Optane memory
An enthusiast loaded a 1T-parameter model into 768GB of Intel Optane DIMMs and got 4 tokens per second on a single GPU. Slow, but it worked.
Read post
Vikrant
End-to-end encrypted home cameras without the cloud tax
Someone finally built a home security camera system that encrypts on-device and costs nothing per month.
Read post
Vikrant
LLM code smells: hedging language and structural filler
A developer catalogues the tell-tale signs of AI-generated code. The patterns are obvious once you see them.
Read post
Vikrant
Composer is getting package signing after 14 years
PHP's dependency manager is rolling out cryptographic signatures. The timing matters more than the tech.
Read post
Vikrant
Cloudflare just put feature flags at the edge
Feature flags that run on Cloudflare's edge network, not your backend. This might actually change how you roll out features.
Read post
Vikrant
Norway built an LLM training cluster on 2 PB of Huawei flash
The Norwegian University of Science and Technology is running LLM workloads on Chinese storage hardware. The performance numbers are interesting.
Read post
Vikrant
Three Linux kernel exploits, same root cause: trusting packet reassembly
Dirty Frag, Copy Fail, Fragnesia. Three distinct kernel exploits in eighteen months, all exploiting how Linux reassembles fragmented network packets.
Read post
Vikrant
LLM agents forget your constraints halfway through the code
New research shows agents generating backend code slowly drop requirements like authentication checks. The longer the generation, the worse the decay.
Read post
Vikrant
Someone finally built a Rosetta Stone for LLM pricing
Models.dev is an open-source database that tracks pricing, context windows, and rate limits across every major LLM provider. No more tab-sprawl to compare GPT-4 versus Claude costs.
Read post
Vikrant
Content moderation just became a federal requirement
A bill requiring platforms to moderate content encouraging violence against Jewish communities turns moderation from a platform choice into a legal obligation.
Read post
Vikrant
Shira turns phishing training into a game you actually want to play
A new platform gamifies phishing detection with streak tracking and leaderboards. Finally, security awareness training that does not feel like compliance homework.
Read post
Vikrant
AI bug hunters are spamming the Linux security list into chaos
Linus Torvalds says automated vulnerability scanners have turned the kernel security mailing list into noise. The tools work, the signal-to-noise ratio does not.
Read post
Vikrant
Formal verification caught bugs SQLite's test suite missed
Turso used a TLA+ variant called Quint to model their libSQL fork and found over ten real bugs in SQLite's transaction logic that billions of existing tests never saw.
Read post
Vikrant
UK regulators are eyeing VPN restrictions and Mozilla is pushing back
The Online Safety Bill could give UK authorities the power to demand VPN providers weaken encryption or log traffic. Mozilla's response is blunt.
Read post
Vikrant
DeepSeek-V4-Flash revives the steering vector idea
Steering vectors let you nudge a model's behaviour without retraining. They fell out of favour when newer models stopped responding to them. DeepSeek-V4-Flash brought them back.
Read post
Vikrant
Someone built a transformer in Rust using category theory
A programmer rewrote PyTorch's transformer architecture using Rust and abstract algebra. The result is dense but fast.
Read post
Vikrant
Someone just broke the M5 kernel and published the how
The first public kernel memory corruption exploit for Apple's M5 chip dropped today. No zero-day trading, just research in the open.
Read post
Vikrant
Torrix: observability without the database tax
A new LLM observability tool runs without PostgreSQL or Redis. That is not a feature list, that is an architecture decision.
Read post
Vikrant
Anthropic just made Claude available through AWS Marketplace
Claude's API is now inside AWS Marketplace. That means billing through your AWS account, usage tied to AWS credits, and regional deployment closer to your data.
Read post
Vikrant
AI found a CVE in its own training set and we are pretending that is a win
Mythos discovered a vulnerability that was already documented in the data it was trained on. The industry is calling this autonomous discovery.
Read post
Vikrant
An AI agent found a real vulnerability in curl
Mythos, an autonomous security agent, caught a buffer overflow in curl that human auditors missed. The tooling works.
Read post
Vikrant
Gemini can now search your PDFs for charts and diagrams
Google's Gemini API File Search now handles images inside documents. RAG just got less annoying for technical docs.
Read post
Vikrant
LLM agents should not talk to each other in English
Multi-agent systems waste tokens on natural language between agents. A structured clipboard beats conversational interfaces.
Read post
Browse all tags →
51 posts so far
About
Vikrant (69G). Master of IT (USC, Adelaide). Machine learning engineer specialising in cybersecurity. Building public work until graduate roles open up after Aug 2027.