More

lloeki · 2026-04-01T07:21:17 1775028077

> The first one seems to indeed be a real RCE in vim.

Barely, since there is little restriction as to what options modelines can set they should be largely considered equivalent to eval (if unintentionally). And generally they are which is why distros typically disable them by default.

IMHO in this day and age securemodelines should just be the default.

https://www.vim.org/scripts/script.php?script_id=1876

i_cannot_hack · 2026-04-01T08:15:05 1775031305

I don't know much about vim, but from the report it sounds like part of the issue was that disabling modelines would not prevent it:

> tabpanel is missing P_MLE Unlike statusline and tabline, tabpanel is not marked with the P_MLE flag. This allows a modeline to inject %{...} expressions even when modelineexpr is disabled.

Edit: Upon re-reading the above I guess disabling modelineexpr is not the same as disabling modelines, and disabling modelines altogether might indeed prevent the issue.

lloeki · 2026-04-01T07:09:04 1775027344

> I've never seen a modeline in the wild that did anything other than

Hence the securemodelines plugin

https://www.vim.org/scripts/script.php?script_id=1876

> if this is a class of bug that can be disabled via vim settings.

    set nomodeline

That is, as parent mentioned, if it's not done already by your distro or OS.

lloeki · 2026-04-01T07:02:36 1775026956

> We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned.

Yeah reading the above opening paragraph I was immediately going "oh Claude found out about modelines"

modelines are largely considered a (roundabout) equivalent to flat out eval, There's a reason plugins such as securemodelines exist:

https://www.vim.org/scripts/script.php?script_id=1876

johnisgood · 2026-04-01T07:51:23 1775029883

Right. I am surprised to see this considered to be an RCE. Or a "mad bug" worthy of being here on HN. sighs.

Pretty sure a lot of people have spent lots of tokens into finding RCEs in vim and emacs, he is not the first person to do this.

lloeki · 2026-03-27T06:14:39 1774592079

This, although it's not merely "easier/cheaper", it's "impossible" (unless you sacrifice a ton of performance)

Same reason as a) GDDR on dGPUs (I think I read somewhere that GDDR is very much like regular DDR, just with much tighter paths and thus soldered in) and b) Framework Desktop (performance would reportedly halve if RAM were not soldered)

SSD reasons I seem to recall are architectural for security: some parts (controller?) that usually sit on a NVMe SSD are embedded in the SoC next to (or inside?) the secure enclave processor or whatever the equivalent of the T2 thing is in Mx chips, so what you'd swap would be a bank of raw storage chips which don't match the controller.

razakel · 2026-03-27T07:54:29 1774598069

Apparently upgrading the SSD can be done, but it's a weird form factor and you need another Mac to restore it.

lloeki · 2026-03-21T17:05:25 1774112725

> You like your red wine cold as I do?

Fun fact: "chambrer le vin" i.e getting (usually red) wine from storage temperature to "room temperature" comes from a time where said room temperature was well below 20 degC (more like 13-15 degC), not the comfortable 20+ degC that people like to enjoy these days.

BrandoElFollito · 2026-03-21T17:10:44 1774113044

Thanks for the reminder about our traditions. Now, I like to drink it straight from the fridge, i.e. about 6°C :)

lloeki · 2026-03-24T11:10:13 1774350613

Heh, whatever works.

A sommelier friend of mine says that the best way to taste wine is the one you enjoy; if you want to have a glass of chilled powerful Haut-Médoc with some delicate fish, have at it.

lloeki · 2026-03-16T08:44:46 1773650686

> tile windows to equal areas instead of BSP by default

hy3?

https://github.com/outfoxxed/hy3

(I'm an ex i3/now sway user and hy3 is the only way I can bear using hyprland)

lloeki · 2026-03-15T08:47:03 1773564423

Somehow closest concept I imagine is shmup pods.

https://shmup.fandom.com/wiki/Pod

lloeki · 2026-03-12T07:51:09 1773301869

> all the sets today are all custom blocks that just constrain you and often aren't significantly reusable

Given the crazy assembly that is happening in the adjacent room, my kid would vehemently disagree.

dudul · 2026-03-12T12:00:23 1773316823

Having the same experience. My kids enjoy getting new sets, but most of them are quickly customized or just destroyed to build something completely new. Terrible take in the parent.

lloeki · 2026-03-09T08:27:02 1773044822

> they were named after a video game character

(spoiler alert if you ever intend to play ME)

https://masseffect.fandom.com/wiki/Shadow_Broker

lloeki · 2026-03-03T10:21:27 1772533287

Quick reality check that

- 7" used to be tablet category, e.g the Nexus 7

- anything above 6" would be considered phablet

Phones are really just like cars now, size inflation included.

volemo · 2026-03-03T12:56:03 1772542563

While I agree with the spirit of the thread and dearly love my mini, I think this reasoning doesn’t account for a substantial reduction in bezels: my iPhone 5S had more than a centimetre of black bars above and below its 4" display (altogether it was 5.4" in diagonal), I bet those phablets you mentioned had even bigger bezels and were closer to modern 8.5" phones.