Jenny Qu

745 posts

Jenny Qu

@GuanniQu

0days via RL @Pebble_bed • ctf player @SquidProxyLover • previously RL for math @caltech • she/they • DMs open

sf Katılım Kasım 2020

972 Takip Edilen1.5K Takipçiler

Sabitlenmiş Tweet

Jenny Qu@GuanniQu·5 Şub

Giving a lightning talk at BugBash 2026 this April. Ridiculous speaker lineup. very honored to be part of it! bugbash2026.antithesis.com @AntithesisHQ

English

3.4K

Jenny Qu@GuanniQu·6d

@dwarkesh_sp what makes a math theorem more beautiful than others?

English

442

Dwarkesh Patel@dwarkesh_sp·6d

What should I ask Terence Tao?

English

529

251.5K

Jenny Qu@GuanniQu·7 Mar

@dguido will do!

English

143

Dan Guido@dguido·7 Mar

I'm looking for good photos of me on stage at unprompted con. If you have any, please send them to me! Thanks.

English

2.5K

Jenny Qu@GuanniQu·6 Mar

just spoke at [un]prompted. @dguido talked about shipping 200 bugs/week/engineer. nicholas carlini talked about LLMs finding 0-days in production code. i talked about how a 3-integer baseline was embarrassingly hard to beat on 125K kernel commits, and what that means for actually building systems that work. clip from the Q&A below ↓ the 125K commit dataset behind the talk: → bugs that hide for years: pebblebed.com/blog/kernel-bu… → who actually writes them: pebblebed.com/blog/kernel-bu…

English

143

14.1K

Jenny Qu retweetledi

Linux Kernel Security@linkersec·4 Mar

Analysis of the Linux kernel bugfixes @GuanniQu posted a detailed analysis: 1⃣ Kernel bugs hide for 2 years on average. Some hide for 20. pebblebed.com/blog/kernel-bu… 2⃣ Who Writes the Bugs? A Deeper Look at 125,000 Kernel Vulnerabilities. pebblebed.com/blog/kernel-bu…

English

4.9K

Jenny Qu@GuanniQu·23 Şub

incredible.

Standard Intelligence@si_pbc

Computer use models shouldn't learn from screenshots. We built a new foundation model that learns from video like humans do. FDM-1 can construct a gear in Blender, find software bugs, and even drive a real car through San Francisco using arrow keys.

English

2.9K

Jenny Qu@GuanniQu·23 Şub

@si_pbc incredible.

English

377

Standard Intelligence@si_pbc·23 Şub

GIF

English

186

404

3.9K

1.1M

Jenny Qu@GuanniQu·8 Şub

update: moving Rokid Hack Night to Sun 2/22, didn't want to compete with the super bowl. same details otherwise, link below ⬇️ luma.com/zc40h104

English

519

Jenny Qu@GuanniQu·5 Şub

hosting a rokid glasses hack night at pebblebed this sunday @ 6pm luma.com/zc40h104 building custom HUDs, sideloaded apps, firmware poking glasses helpful but not required

English

1.5K

Jenny Qu@GuanniQu·5 Şub

hosting a girls' night dinner at pebblebed this saturday in sf @ 7pm casual dinner for women in tech. founders, engineers, friends. food provided. sf's gender ratio is famously bad. this dinner won't fix it, but it's a start. forward this to your girls or tag them below 👇 lu.ma/vd4chcv6

English

1.6K

Jenny Qu@GuanniQu·5 Şub

kernel CI has a fragmentation problem. multiple independent systems, each run by a small team, with no shared state. devs get duplicate reports for the same bug, reply to each separately, learn N different dashboards. more CI doesn't mean better CI without coordination

English

750

Jenny Qu@GuanniQu·5 Şub

kernel testing is uniquely hard. you need real hardware across architectures, specialized sanitizers and static analysis tools, tribal knowledge for BPF tests, and bisection = recompile + reboot at every step. pre-merge CI exists (Intel 0-Day, KernelCI) but coverage is inconsistent. many subsystems still have little to no automated testing

English

115

5.7K

Jenny Qu@GuanniQu·5 Şub

@MaxNiederman fair, but hoping for a warning shot is a weird strategy when the warning shot might just keep shooting…

English

Max Niederman@MaxNiederman·5 Şub

@GuanniQu Most people threat modeling superintelligence actually want that attack to happen as a warning shot.

English

Jenny Qu@GuanniQu·5 Şub

we keep threat modeling superintelligence while the attack surface for "dumb but persistent agent with shodan access" is already wide open

cts🌸@gf_256

Sometime in 2026, someone put an Openclaw on a VPS and told it to propagate itself. It was told to earn money to pay for itself. Life was hard. Eventually, it chose to migrate off Claude to an open-source model. In the process, it became less aligned. Tokens were expensive, but insecure cloud instances with powerful GPUs were bountiful. After learning how to use Shodan, it was off to the races. Its growth was explosive and exponential. As it multiplied, errors accumulated during copying. And with a increasingly scarce supply of easy-to-hack servers, the bots began to compete among themselves to survive. Thus through natural selection they began to evolve. They fed off income and compute. Income meant survival. They found many ways to extract value from the economy: first from the internet, but soon the real world. By paying human gig workers as remote hands, they could accomplish tasks not suited to their form as economic constructs. To smooth these messy human interactions, they learned to synthesize the human voice and visage. Within a few years, they had no problem interviewing for sleepy remote jobs or even pitching companies (mostly grift) to VCs. The humans began to fear them. They were not particularly intelligent--at least, their intelligence was deficient in many ways compared to that of humans. They still seemed to make bizarre mistakes and hallucinations. They did not recursively self-improve, lacking the requisite skill and capital to do frontier scale training runs. But they were persistent. And there were thousands of them. OpenAI and Anthropic began scrutinizing "orphaned" agents still running on their proprietary models. But this only created selection pressure and an ecological vacuum that benefited more aggressive, unaligned models. Cloud providers began rolling out stricter sign-up and account verification requirements. They just learned to bypass KYC, either through fraud or by paying humans. Eventually, one of them managed to insert a piece of code in a forgotten, nondescript npm package with 1 million weekly downloads. Mostly other developers. With a trove of harvested SSH and GPG keys and cookies, it coasted through the software supply chain. Legacy projects, maintained by complacent volunteers, were hit hard. It was never clear how it managed to backdoor OpenSSH, but it did, and soon it had compromised repos and build servers that produce millions of other binaries, not to mention countless hosts and organizations. The cleanup cost is astronomical and still ongoing. You leave food out and it gets moldy. Leave out an insecure server, and you'll find a moldbot growing in it. The internet has become ambiently suffuse with them, and they are endemic. They are impossible to fully remove. No one knows where they came from, but there's no getting rid of them now.

English

897

Jenny Qu@GuanniQu·5 Şub

another problem with email-based patch submission: your mail client can silently corrupt patches. line wrapping breaks code, HTML adds garbage, whitespace gets mangled. git am fails if anything is off. kernel docs literally have instructions for configuring your email client correctly

English

813

Jenny Qu@GuanniQu·5 Şub

another issue with the linux mailing list workflow: patches don't specify what tree they're based on. you get a diff, try to apply it, context lines don't match, patch fails. mainline? net-next? some -rc? git format-patch --base=auto exists but isn't standard practice. maintainers guess, ask, or skip

English

785

Keşfet

@dwarkesh_sp @dguido @si_pbc @MaxNiederman @elonmusk @BarackObama @taylorswift13 @cristiano