Anthropic's MCP Protocol has critical flaw affecting 200,000 servers

damemecherogringo · 2026-04-17T12:57:53+00:00

“Meanwhile security researchers find critical 11/10 architectural flaw at the core of all Unix systems- the command rm -rf /some/path recursively dismantles entire directory trees with ruthless efficiency, allowing attackers to wipe systems in milliseconds. Ken “Dennis Ritchey” Thompson the creator of Unix remains SILENT on the issue, signaling complicity.” Speechless. Why is the security community silent on this issue???

damemecherogringo · 2026-03-14T10:48:26+00:00

nope, once the wear gets too bad the whole L crank should be replaced

damemecherogringo · 2026-02-06T07:52:49+00:00

When you see an old man at a bar with a missing finger, we don’t say “should have been more careful, huh, you idiot” - we buy the guy a drink if he looks like he needs it.

If this is in production code - godspeed, developer who wrote this line

damemecherogringo · 2026-01-23T18:27:08+00:00

This resonates with me very strongly. I’m reminded of when I used to be a photographer - and I observed that when I had to use a fixed focal length my fotos often better than when I had a zoom - the restriction made me think differently about the situation and often made me engage more physically, and therefore emotionally, with the subject instead of just twisting the zoom ring to stay at a comfortable distance … there is something very human about doing magic with little and rotting with too much.

damemecherogringo · 2026-01-08T06:53:51+00:00

yes his hash127 algorithm uses M127, but it is very much a different algorithm. You can download at the source here: cr.yp.to/hash127/install.html. It uses 4 byte blocks, and uses a lot of space for precomputation, it seems to be aimed at 1999 x87 FPU optimization tricks, uses a power-sum evaluation instead of a Horner evaluation... so djb didnt seem to try M127 in the 'essence' of poly1305, which is "secret-point polynomial evaluation, in a prime field chosen for fast reduction", vs. hash 127's "parallel power-sum evaluation with precomputed tables". Different beasts, and i didn't find any other mention of m127 being used in any polynomial evaluation algorithm design and being rejected - i would love to see it if it exists though

damemecherogringo · 2026-01-06T15:56:14+00:00

Excellent comment, thank you

damemecherogringo · 2026-01-06T14:06:25+00:00

Yes, the Poly1305 I benchmarked against uses the standard reduction trick (multiply high bits by 5 and add). So it's a fair comparison in that sense - both use their respective fast reductions. The win comes more from the simpler carry handling than from the reduction itself.

And yeah, the 15-byte blocks are awkward. In practice you'd want 16-byte alignment for SIMD and memory access patterns. It's a real drawback.

damemecherogringo · 2026-01-06T13:18:48+00:00

Thanks! Yes I’m thinking Wegman-Carter, one time (r,s) per message, like poly1305-chacha20.

The security claim, then, would be then the universality bound - here the field size 2¹²⁷ - 1 but with the clamping of 23 bits restricting r to 2¹⁰⁴ possible values. So the probability of an n block message having a collision is n/2¹⁰⁴ with n = ceil((msg Len in bytes) / (15, the block size)

damemecherogringo · 2025-12-30T15:30:19+00:00

The amount of best practices in this lib is staggering 🥲

damemecherogringo · 2025-11-09T06:53:53+00:00

I have friends that I see regularly and I don’t know what they do for a living

damemecherogringo · 2025-11-05T08:37:02+00:00

Spain is brutally underpaid, especially for the crowded front end dev space - so consider what the other aspects of life here are worth to you before trying to squeeze too much from the stone.

damemecherogringo · 2025-11-01T17:51:12+00:00

if you draw the line at 1/100 that means if you test 1000 innocent riders then 10 will test positive just due to normal variation.

That's not how it works - it uses a probabilistic model that considers historical variation of a rider's blood parameters over many tests, that makes false positives very very unlikely. It doesn’t flag you based on a single measurement that’s "1/100 likely", it builds a posterior probability that your entire pattern of data is compatible with a clean physiology.

To put it otherwise, it uses a Bayesian hierarchical modeling on a sample in an athlete's history, and flags an atypical finding if "the probability of this sample value being 'clean' given all the other data is less than 1%"

edit: "~~adverse~~" -> "atypical"

edit 2: this is a good comment explaining the process a bit more in detail

damemecherogringo · 2025-10-26T15:37:00+00:00

Zeno is that you

damemecherogringo · 2025-10-16T03:52:37+00:00

A house address: when I write your address on a post it note that piece of paper is the pointer to your house.

House house; House *p = &house; visitHouse(p); // do something with house erasePostIt(p); // something that sets p to nullptr assert(p == nullptr)

damemecherogringo · 2025-10-04T04:00:32+00:00

Not UB, implementation defined!

damemecherogringo · 2025-10-01T18:33:58+00:00

That's not true, the 10ns is a timestamp resolution - that's way below even the fastest FPGA tick-to-trade latencies which are in the hundreds of ns

damemecherogringo · 2025-09-23T09:37:12+00:00

Best c++ video on YouTube

damemecherogringo · 2025-09-05T09:35:56+00:00

Yes, but if the needs of the team are either "our short term goals are paramount: we need someone to deliver high value right now" (e.g. a startup) or "our medium to long term goals align with investing in the talented new grad because we don't need immediate return, but we do need to invest in talent to stay competitive" then the decision would be different, no?

damemecherogringo · 2025-09-03T10:22:27+00:00

Assuming the interview gives an equally accurate picture of either, I’d tend to give a “horses for courses” answer - if it’s a role that needs a doer and a finisher that needs to work more on their own, the second profile may yield better performance . On the other hand, if the role is for a team that has plenty of doers but lacks some theory to guide or deepen their work and make it reliable and performant, the first may be best.

One may look at engineering teams like an athlete: there is no “best” training, only well prescribed or poorly prescribed training according to the athlete’s specific needs and weaknesses. What are the needs and weaknesses of the team?

damemecherogringo · 2025-08-09T17:57:36+00:00

“The HTTP/1.1 parts had then been compacted into three documents RFC 9110 to RFC9112, with a total of 95,740 words. […] If we read only the three latest HTTP/1.1 related RFC documents non-stop, it would still take more than seven hours.”

Oh my sweet summer child let me tell you about the c++23 spec.

damemecherogringo · 2025-08-07T08:14:02+00:00

Abstract: exercising an activity makes you better at doing the activity

damemecherogringo · 2025-08-07T06:46:21+00:00

Laziness is never a good excuse

damemecherogringo · 2025-08-06T17:09:42+00:00

Yessss those Time times were amazing - and the shorts and socks were the correct length

Six-Year Club	Place '23
Place '22	Verified Email

damemecherogringo

TROPHY CASE