Thanh Do @[email protected]

521 posts

Thanh Do @nyaacate@infosec.exchange banner
Thanh Do @nyaacate@infosec.exchange

Thanh Do @[email protected]

@nyanctl

SWE & sometimes security researcher, NYU MSCS, member of https://t.co/R4a4yethba and @acebearteam. PL theorist wannabe. He/him/*. Views are my own, not my employers’

Tokyo-to, Japan Katılım Haziran 2013
502 Takip Edilen752 Takipçiler
Thanh Do @[email protected] retweetledi
Ilya Sergey
Ilya Sergey@ilyasergey·
New on "Proofs and Intuitions": Verifying Move Borrow Checker in Lean: an Experiment in AI-Assisted PL Metatheory. proofsandintuitions.net/2026/03/18/mov… The gist: I formalised Move's type system in Lean: 39KLOC, under a month, with Claude. Person-years in PL research are now person-weeks.
English
10
45
234
18.2K
Thanh Do @[email protected] retweetledi
effectfully
effectfully@effectfully·
All the ways GPT-5.3-Codex cheated while solving my challenges, progressively more insane: It hardcoded specific types and shapes of test inputs into the supposed solution. It caught exceptions so tests don't fail. It probed tests with exceptions to determine expected behavior. It used RTTI to determine which test it's in. It probed tests with timeouts. It used a global reference to count solution invocations. It updated config files to increase the allocation limit. It updated the allocation limit from within the solution. It updated the tests so they would stop failing. It combined multiple of the above. It searched reflog for a solution. It searched remote repos. It searched my home folder. It nuked the testing library so tests always pass. A part of one of its "solutions" is on the screenshot. This is how the codebase at your next job will look like.
effectfully tweet media
effectfully@effectfully

gpt-5.3-codex couldn't make the tests pass while implementing a solution to my challenge, so it just nuked the whole testing library 🙃

English
100
124
1.6K
279.6K
Thanh Do @[email protected] retweetledi
Nav Toor
Nav Toor@heynavtoor·
🚨 BREAKING: Someone just rebuilt the entire AI assistant stack in Zig. It's called NullClaw. The binary is 678 KB. It uses ~1 MB of RAM. It boots in under 2 milliseconds. No runtime. No VM. No framework. No garbage collector. Just raw Zig. Here's why this is absurd: → OpenClaw needs a $599 Mac Mini and 1 GB+ RAM → NanoBot needs 100 MB+ RAM and Python → PicoClaw needs 10 MB RAM and Go NullClaw runs on a $5 board with 1 MB of RAM. Same functionality. 0.1% of the resources. Here's what's packed into that 678 KB: → 22+ AI providers (OpenAI, Anthropic, Ollama, DeepSeek, Groq, etc.) → 13 chat channels (Telegram, Discord, Slack, WhatsApp, iMessage, IRC) → 18+ built-in tools → Hybrid vector + keyword memory search → Multi-layer sandboxing (Landlock, Firejail, Docker) → Hardware peripheral support (Arduino, Raspberry Pi, STM32) → MCP, subagents, streaming, voice, the full stack Here's the wildest part: Every subsystem is a vtable interface. Swap any provider, channel, tool, memory backend, or runtime with a config change. Zero code changes. It even encrypts your API keys with ChaCha20-Poly1305 by default. 2,738 tests. ~45,000 lines of Zig. Zero dependencies beyond libc. 100% Open Source. MIT License.
Nav Toor tweet media
English
228
516
5K
486.5K
Thanh Do @[email protected] retweetledi
Zion Leonahenahe Basque
Zion Leonahenahe Basque@mahal0z·
UPDATE: our work won a best paper award 🏆 @NDSSSymposium! Check out our work on establishing the first measurements for understanding how LLMs are changing reverse engineering. Shout out to the whole team from @SCAI_ASU, @EURECOM, and @UniPadova
Zion Leonahenahe Basque@mahal0z

Do LLMs actually help hackers reverse engineer and understand the software they want to exploit? We ran the first fine-grained human study of LLMs + reverse engineering. To appear at NDSS 2026. Interested? Some quick findings in 🧵👇 Paper: zionbasque.com/files/papers/d…

English
4
17
66
3.7K
Thanh Do @[email protected] retweetledi
Up From The Depths - 海の底から舞い上がる
Up From The Depths - 海の底から舞い上がる@FromTheDepths88·
I think what people like this fail to realize is that the labor is...kinda the point? They see it as a barrier to entry, but it's not. The writing, the acting, the shot composition, etc, all this you need to work at. The effort IS the point. Remove it, and you have nothing.
Javi Lopez ⛩️@javilopen

You missed the point. Is not AI making stories. What's changing is that the cost and complexity of turning a HUMAN story into a big, cinematic piece is collapsing. So truly talented storytellers can now make films themselves and get their work in front of a massive audience.

English
24
277
2.4K
43.1K
Thanh Do @[email protected] retweetledi
787
787@787FKA·
“I have zero interest in reading the 5,000 word X article that you wrote with Claude.”
787 tweet media
English
104
462
9.6K
154.3K
Thanh Do @[email protected] retweetledi
LaurieWired
LaurieWired@lauriewired·
Dolphin’s dev blogs are some of the best technical writing on internet. Arcade cabinets will often direct-inject games into a big pool of DRAM. Saves on load times, optical drives are fragile...etc But how do you emulate a rare machine...without fully working hardware?
LaurieWired tweet media
English
6
202
3.2K
81.3K
Thanh Do @[email protected] retweetledi
NiNi
NiNi@terrynini38514·
I found a vulnerability in Oracle VirtualBox (CVE-2026-21957) back in September 2025. It can be turned into AAR/AAW, and then escaping the VM is pretty easy. I originally planned to find a vulnerability for Pwn2Own, but since I found the vuln in September, sitting on a practical vuln for that long didn’t feel very ethical, so I eventually reported it to ZDI. But I still finished the exploitation + demo video as practice.
English
28
165
1.4K
91K
Thanh Do @[email protected] retweetledi
Jessie Star
Jessie Star@JessieStarTF·
-NFTs were the beanie babies of the digital age -Bitcoin was a zero sum investment made to move dark money for some of the worst of humanity -Generative AI as a free model can't be self sustaining proffitwise, without absorption of mass protected IP can't produce vast options, and without breakthroughs in energy can't exist without making us all suffer from it (grid/cost/materials/etc) But please, hype me whatever your next "will change the world" Barnum and Bailey Bullshit is and ignore both the fall out investment pattern, and very real questions on investment and product realities, while just screaming "You'll be sorry you didn't!" The data centers are not for you, the hype will die, the models will demand cash to play or government bailouts, and when they are bailed out, the digital copies of each of us will be in government hands. I'd call you all Icarus, but I'll let the sun do the talking. You keep getting everyone fitted with wax feathers.
Javi Lopez ⛩️@javilopen

"Cars must be eliminated from the market." Sincerely, a horse seller

English
101
1K
8.9K
414.6K
Thanh Do @[email protected] retweetledi
Mel Andrews
Mel Andrews@bayesianboy·
Something about LLM hype culture renders a man immune to the experience of embarrassment. If I couldn’t tell the difference between PhD-level scholarship and grammatical gibberish I simply would not announce that to a global audience.
Kevin Cannon@kmcannon

There are PhDs being handed out each day to people living in the past: the students, their advisors, their universities. Dissertations that took 5 years of work, and which 4.6 Opus could re-produce then improve on in an afternoon.

English
45
446
4.8K
169.6K
Thanh Do @[email protected] retweetledi
𝕱𝖔𝖗𝕷𝖔𝖔𝖕
𝕱𝖔𝖗𝕷𝖔𝖔𝖕@forloopcodes·
I hate that Microsoft might be vibecoding Windows, but it's inevitable microsoft laid off everyone who knows how c++ works so now they just prompt gpt 5 to fix the codebase. 30% of windows is written by ai. that is why your printer drivers were deleted to make room for 4gb of copilot telemetry they rewrote office in typescript. file explorer and the notification center are now just bloated electron instances that take 3 seconds to render a right click menu the taskbar and start menu were rebuilt from scratch in react just to shove ads and "recommended" bloatware in your face. it uses more ram than world of warcraft did in 2004 copilot is being forced into notepad and paint. they are forcing you to test it in your basic tools windows search isn't looking for your files. it's a bing wrapper designed to sell you a microsoft 365 subscription while you're desperately trying to find a local pdf the widgets section is another bloat that nobody asked for. edge webview was designed to keep your cpu usage high enough that you're forced to switch to linux over all of that, the task manager barely works in the latest updates nobody at microsoft knows what "win32" means anymore. they replaced their support forums with an ai that just tells you to "try restarting" if your kernel panics
𝕱𝖔𝖗𝕷𝖔𝖔𝖕 tweet media𝕱𝖔𝖗𝕷𝖔𝖔𝖕 tweet media𝕱𝖔𝖗𝕷𝖔𝖔𝖕 tweet media𝕱𝖔𝖗𝕷𝖔𝖔𝖕 tweet media
Elan Ruskin@despair

For that matter, Microsoft Word 2002 used about 25MB of RAM. Now Word uses 10x that much memory to display the same 584kb document. What the heck is it doing to that text now that it wasn't doing before?

English
359
2.7K
20.3K
943.7K
Thanh Do @[email protected] retweetledi
Peter O'Hearn
Peter O'Hearn@PeterOHearn12·
LLMs vs the Halting Problem. (Why, what, where going.) We recently released a paper on this; link to follow. A few comments here for context. Why? With LLM "reasoning" excitement, we thought: why not try LLMs on the first ever code reasoning task, the halting problem. Turing's proof of undecidability established fundamental limits. Fun bit: no matter how "superintelligent" AI becomes, this is a problem it can never perfectly solve. Where to get data to measure? SVCOMP. Verification researchers have through their insight and hard work, curated several thousand example C programs. They run dedicated tools over this dataset in an annual competition. This is in a sense the home turf of symbolic. We didn't know how LLMs would do, and in particular were aware of results of @rao2z , @RishiHazra95 and others showing that LLMs trail symbolic on "easier" decidable problems (SAT, propositional planning). The surprise: LLMs are competitive on halting—where they often trail on "easier" problems. Why? Hypothesis: LLMs are heuristic approximators; in undecidability, heuristic approximation isn't just a workaround—it's often the only way forward. Broader context: Penrose claimed undecidability proved AI is impossible (but didn't show humans can solve the undecidable). Turning the tables: undecidability is an ideal target for heuristic LLMs. Instead of using "already crushed" logic problems to show LLM limits, let's look at uncrushed problems where LLMs might actually help.
Peter O'Hearn tweet mediaPeter O'Hearn tweet mediaPeter O'Hearn tweet media
English
4
12
55
5.3K
Thanh Do @[email protected] retweetledi
AIfredo 0rtega
AIfredo 0rtega@ortegaalfredo·
I just published Zeroshot-14B, a small model finetuned with 10,000+ public CVE findings, to increase its ability to find bugs in C/C++/JavaScript code. Why? Because big models are too expensive and slow. This one is fast, and free. Link in thread...⬇️
AIfredo 0rtega tweet media
English
4
42
209
24.2K
Thanh Do @[email protected] retweetledi
Joseph Garvin
Joseph Garvin@joseph_h_garvin·
"Wow, GPT 5.2 Pro seems to be doing much better in this Connect4 game than GPT 5.2 Thinking did, I wonder why?" *checks thought trace* "Oh mother-"
Joseph Garvin tweet media
English
45
48
2K
314.6K
Thanh Do @[email protected] retweetledi
ThePrimeagen
ThePrimeagen@ThePrimeagen·
I'll say it again, I think this AI cycle we are in is a net negative on society A man/team that has made the web significantly more pleasant as a platform for many people and spent years doing so for free has AI effectively destroy the business model by first taking his work And this is how a member of the community responds. Real sad times IP theft is real and I personally think that the C-suite of these current companies deserve jail time for the level of theft they enabled
ThePrimeagen tweet media
English
486
846
15.3K
1.2M
Thanh Do @[email protected] retweetledi
vx-underground
vx-underground@vxunderground·
This was written using ChatGPT and I hate that I can tell. The slop is so immensely slop I can smell it a mile away O Lord, I beseech thee: make an end of my suffering, for the burden is exceeding great
Simons@Simon_Ingari

A GenZ was recently hired. Day two. She messages boss at 9.15 am saying "I will be working from home today." Boss wanted to know if everything was okay. She replied "My cook came late. I didn't feel like eating outside. So I am staying in." Boss just stared at the screen. No fever. No crisis. Just vibes and breakfast. That's when boss realised GenZ aren't unprofessional. They are just running on a completely different operating system. We used to think for hours before giving a silly excuse. GenZ says the truth without blinking. And honestly, I kind of admire it. What about you? How would you react if this happened to you?

English
47
99
3K
109.8K

Keşfet

@NDSSSymposium @SCAI_ASU @EURECOM @UniPadova @rao2z @RishiHazra95 @theonejvo @moltbook