This is amazing and terrifying (I am a security engineer and parsing complex doc...

wayvey · 2025-01-09T22:48:22 1736462902

The amount of attack surface in various format parsers is pretty stunning and terrifying indeed

enews01 · 2025-01-10T16:43:07 1736527387

Theres a malaysian movie where the main premise is a hacker who uses pdf executions to steal one cent from every persons bank account. Its pretty interesting.

brettermeier · 2025-01-10T22:24:23 1736547863

Do you know the name of the movie?

wastholm · 2025-01-11T05:58:24 1736575104

Not OP, but I found a series, not a movie, titled _One Cent Thief_ that fits the description. Sounds interesting.

https://archive.org/details/OneCentThiefSeries

mizzao · 2025-01-10T02:01:53 1736474513

The "code execution" in PDF parsing is what enabled this legendary zero-click, zero-day exploit of iOS devices: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...

kccqzy · 2025-01-10T02:19:00 1736475540

That exploit is indeed legendary but the code execution involved is not JavaScript. In fact the iOS PDF renderer does not have JavaScript enabled.

saagarjha · 2025-01-10T07:55:26 1736495726

Obviously a skill issue; a true hacker would re-enable it.

tashian · 2025-01-09T21:28:27 1736458107

AI agents run in isolated VMs, but PDFs have been out here running in the open for 30 years!

miohtama · 2025-01-09T21:49:10 1736459350

But can your PDF run an AI agent?

Swizec · 2025-01-10T01:27:20 1736472440

> But can your PDF run an AI agent?

Oh it's so much worse than that. Your font can run an AI agent.

Llama.ttf: A font which is also an LLM -- https://news.ycombinator.com/item?id=40766791

belowm · 2025-01-10T06:52:06 1736491926

Crazy. Looking forward shipping apps as .ttf instead of docker images.

erk__ · 2025-01-10T14:40:22 1736520022

You can also play Tetris in a font: https://www.youtube.com/watch?v=Ms1Drb9Vw9M&t=1370s

(disclaimer: own work)

bawolff · 2025-01-10T03:30:43 1736479843

Well a font using a custom experimental shaping library. Your font can't do it normally.

hnlmorg · 2025-01-09T23:06:38 1736463998

In my opinion the question isn’t so much “if” but rather “when”.

When will AI research and hardware capabilities reach a point that it’s practical to embed something like that into a regular document?

We’ve already seen proof of concept LLMs embedded into OpenType fonts.

I guess the other question is then “what capabilities would these AI agents have?” You’d hope just permission to present within that document. But that depends entirely on what unpatched vulnerabilities are lurking (such as the Microsoft ANSI RCE also featured on the HN front page)

btown · 2025-01-09T23:21:17 1736464877

For Chrome's PDF renderer, the runtime is V8, so we're literally one (hilarious) line of code away from this glorious future existing today:

https://pdfium.googlesource.com/pdfium/+/refs/heads/main/fpd...

> // Use interpreted JS only to avoid RWX pages in our address space. Also, --jitless implies --no-expose-wasm, which reduce exposure since no PDF should contain web assembly.

> return "--jitless";

Thorrez · 2025-01-10T03:59:55 1736481595

You could write an LLM in plain JS, right?

btown · 2025-01-11T20:44:56 1736628296

Yep, but one without the ability to even JIT down to vectorized CPU commands (to say nothing of GPU connectivity) would be incredibly slow indeed!

freedomben · 2025-01-09T23:00:07 1736463607

Looking forward to a day when you may not have a powerful enough GPU to open a PDF

siva7 · 2025-01-10T01:00:34 1736470834

The first widespread AI Malware will be a historic moment in this century. It will adapt like a real biological virus to its host and we have no cure for this.

saagarjha · 2025-01-10T07:54:03 1736495643

We could unplug all the GPUs.

neuroelectron · 2025-01-09T22:22:33 1736461353

This isn't even the beginning of what's possible in PDFs.