Remix.run Logo
tptacek 3 hours ago

The vulnerability is real or it isn't, it matters or it doesn't, it's clearly explained or it isn't.

echoangle 3 hours ago | parent [-]

And the article is nice to read or it isn’t. Most people here probably aren’t affected and only read reports like that because they find it interesting and entertaining.

tptacek 3 hours ago | parent [-]

"This vulnerability is not meaningful to most HN readers" is a good argument for not upvoting it. "The one detailed description of a new, valid, meaningful vulnerability is AI slop by its discoverers" is not. I don't care about n8n either and didn't upvote this story. But new vulnerability discoveries are not like "Show HN"; their newsworthiness or interestingness extends beyond the writeup or the effort taken to find it.

echoangle 3 hours ago | parent [-]

I disagree. Surely the newsworthiness of vulnerability writeup is a mix of the relevance and article quality.

You could submit a vulnerability report about an internal tool no HN user could ever be affected by and people could find it really interesting, and you could submit an article about a vulnerability that’s really bad and only people that really care about the affected project would be interested.

Edit: removed some irrelevant stuff because I misread the comment

tptacek 3 hours ago | parent [-]

It's possible to make a not-especially-material vulnerability HN-worthy by writing it up exceptionally well. A lot of cryptographic vulnerabilities are exactly like that! But a meaningful vulnerability is probably interesting no matter how well it's written up.

I don't care about this specific vulnerability, I just care about the knee-jerk instinct to dismiss vulnerabilities because they have AI writeups. I don't like AI writeups either, but vulnerabilities are not exactly like other stories.