HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thefreeman

no profile record

Submissions

TeamPCP Campaign Spreads to NPM via a Hijacked Bitwarden CLI

research.jfrog.com
3 points·by thefreeman·قبل 3 أشهر·0 comments

comments

thefreeman
·قبل 23 يومًا·discuss
Can you share more information on the post-LLM processing and the prompt you use? I would like to try this out but don't see any post-LLM options in Handy.

edit: nevermind, found info on the docs about how to enable post processing. Would still be interested in your prompt though if you don't mind sharing!
thefreeman
·الشهر الماضي·discuss
How can you make this comment before even having a chance to try the new major model revision?
thefreeman
·الشهر الماضي·discuss
Redis is not a database. It’s a key / value store.
thefreeman
·قبل شهرين·discuss
I think that was his point
thefreeman
·قبل شهرين·discuss
My money is on unauthed mongodb or public s3 bucket
thefreeman
·قبل شهرين·discuss
Well trump mobile almost definitely doesn't have a network, systems, or infrastructure to begin with. So I guess they are technically correct.
thefreeman
·قبل شهرين·discuss
You can also define required dependencies in a doc block at the top of the file and then just “uv run main” and it will automatically install and cache any dependencies and run. https://docs.astral.sh/uv/guides/scripts/
thefreeman
·قبل 4 أشهر·discuss
yes, there were a large number of AWS products and features that were only available with a subscription
thefreeman
·قبل 4 أشهر·discuss
You can just start claude with the —chrome flag too and it will connect to the chrome extension.
thefreeman
·قبل 4 أشهر·discuss
don't you get a tax penalty if you aren't insured for 100% of the year?
thefreeman
·قبل 5 أشهر·discuss
the emdash is right there for all to see
thefreeman
·قبل 6 أشهر·discuss
I think this is what the Ralph Wiggum plugin is for. It just repeatedly reprompts the llm with the same prompt until it is fully complete or something along those lines.
thefreeman
·قبل 8 أشهر·discuss
You put a CDN in front of it and heavily cache when serving to external customers
thefreeman
·قبل 10 أشهر·discuss
No, it says it is restricted. You need to set a private attribute on the webview to enable it. And if you interact with private APIs your app will be rejected in review.
thefreeman
·قبل 10 أشهر·discuss
It also barely meets the definition of "a vulnerability report". He basically just nmap scanned the server and googled the apache version. The "critical" vulnerability he linked requires controlling a backend server being reverse proxied through apache... so completely irrelevant. I didn't read every CVE for the apache version but I am doubtful there is anything that actually allows taking over the server there.