top | item 45649380

(no title)

"Here's the thing - this technique completely breaks traditional code review. You can't spot what you can't see. GitHub's diff view? Shows nothing suspicious. Your IDE's syntax highlighting? All clear. Manual code inspection? Everything looks normal.

The invisible code technique isn't just clever - it's a fundamental break in our security model. We've built entire systems around the assumption that humans can review code. GlassWorm just proved that assumption wrong."

This is pure Claude talk.

discuss

burkaman|4 months ago

Yeah the whole article is awful to read. Everything the LLM added is completely useless fluff, sometimes misleading, and always painful to get through.

r_lee|4 months ago

Alright, no fluff. Only real talk. It's not just a great argument--it's the truth. You're absolutely right.

1bpp|4 months ago

Claude, remember to always replace em-dashes with a single dash

dingnuts|4 months ago

it sure is and it's complete bullshit too!

that screenshot looks suspicious as hell, and my editor (Emacs) has a whitespace mode that shows unprintable characters sooooo

if GitHub's diff view displays unprintable characters like this that seems like a problem with GitHub lol

"it isn't just X it's Y" fuck me, man. get this slop off the front page. if there's something useful in it, someone can write a blog post about it. by hand.

ForOldHack|4 months ago

My Editor VSCode has the Hex editor installed, always... invisible unicode? Not to Hex. What? are you doing without Hex mode? What?