[ajju]

My favorite part of the paper is that the “attack” isn’t just exploiting a bug — it’s exploiting how different components interpret the same input. Modifying an executable as it’s loaded into memory is one example, but the deeper pattern is the mismatch.

What’s interesting about the malware in this post is that it goes one step further: instead of exploiting mismatches, it corrupts the computation itself — so every infected system agrees on the same wrong answer!

More broadly: any interpretive mismatch between components creates a failure surface. Sometimes it shows up as a bug, sometimes as an exploit primitive, sometimes as a testing blind spot. You see it everywhere — this paper, IDS vs OS, proxies vs backends, test vs prod, and now LLMs vs “guardrails.”

Fun HN moment for me: as I was about to post this, I noticed a reply from @tptacek himself. His 1998 paper with Newsham (IDS vs OS mismatches) was my first exposure to this idea — and in hindsight it nudged me toward infosec, the Atlanta scene, spam filtering (PG's bayesian stuff) and eventually YC.

https://users.ece.cmu.edu/~adrian/731-sp04/readings/Ptacek-N...

The paper starts with this Einstein quote "Not everything that is counted counts and not everything that counts can be counted", which seems quite apt for the malware analyzed here :)

[Tepix]

Just curious, are you purposely mocking the LLM writing style?

[DANmode]

That’s how everybody in academia, tech, and published authors in general used to write.

Where do you think the LLM is getting it from? ^_^

[red-iron-pine]

the full on em dash requires a different character than - or --

it was generated that way, or else this person happens to know the correct combination of buttons to make that happen.

in 2026, at least 20-40% of social media traffic is bots (and probably higher with better LLMs), so it is usually safer to just assume.

[SAI_Peregrinus]

On Linux, with a compose key, it's <compose><-><-><.> (at least with the settings I have, I don't think I overrode that one). "⸻" is even more fun. You can even make your own sequences, e.g. I've got <compose><O><h><m> for "Ω", and <compose><m><u> for "μ", very handy for electrical stuff like "160μA at 1.8V needs a resistance of 1.25kΩ, dissipating 288μW".

[picture]

In pedantic tradition, I would like to gently remind you that there should be a space between a number and its unit, according to SI standard/NIST.

[macintux]

On a Mac, at least, the "correct combination of buttons" is trivial and easy to remember, even for someone like me who rarely uses em-dash. (But, I want to start using it more because I'm sick to death of people treating it as a scarlet letter.)

[ajju]

Option-shift-hyphen

Thanks for sticking up for my humanity ;)

[IAmBroom]

Microsoft Word changes "--" to an em-dash, by default.

[DANmode]

> or else this person happens to know the correct combination of buttons to make that happen.

Yes, some people care about maximum impact of their words.

> at least 20-40% of social media traffic is bots (and probably higher with better LLMs), so it is usually safer to just assume.

Look around you. If you see 40% bots in HN comments, find a therapist.