HackerTrans
TopNewTrendsCommentsPastAskShowJobs

xinbenlv

25 karmajoined قبل 14 سنة
[ my public key: https://keybase.io/xinbenlv; my proof: https://keybase.io/xinbenlv/sigs/g60PZyDaNSrkRlBRpF8ZSbpEZfmY1VWqDydq3SxAb-4 ]

Submissions

[untitled]

1 points·by xinbenlv·قبل 7 ساعات·0 comments

[untitled]

1 points·by xinbenlv·قبل 3 أشهر·0 comments

[untitled]

1 points·by xinbenlv·قبل 3 أشهر·0 comments

Ask HN: Does OpenClaw need a re-architecture to be usable?

4 points·by xinbenlv·قبل 5 أشهر·4 comments

Ask HN: Too many skills, how do you pick?

1 points·by xinbenlv·قبل 5 أشهر·2 comments

Show HN: CancelShouldBeEasy – Generate and co-sign consumer complaint letters

cancelshouldbeeasy.com
1 points·by xinbenlv·قبل 5 أشهر·0 comments

Ask HN: Do you "micro-manage" your agents?

7 points·by xinbenlv·قبل 6 أشهر·8 comments

Tell HN: Cursor agent force-pushed despite explicit "ask for permission" rules

7 points·by xinbenlv·قبل 6 أشهر·9 comments

Ask HN: Best practice securing secrets on local machines working with agents?

10 points·by xinbenlv·قبل 6 أشهر·12 comments

Show HN: Dotenv Mask Editor: No more embarrassing screen leaks of your .env

marketplace.visualstudio.com
28 points·by xinbenlv·قبل 6 أشهر·27 comments

Show HN: Just built the best domain search engine

search.labs.namefi.io
1 points·by xinbenlv·قبل 7 أشهر·1 comments

Show HN: Namefi built WebGPU-powered in-browser LLM pure client-side infer UX

search.labs.namefi.io
1 points·by xinbenlv·قبل 7 أشهر·0 comments

Show HN: launched Namefi new domain search experience for collectors

search.labs.namefi.io
2 points·by xinbenlv·قبل 7 أشهر·0 comments

Ask HN: Why no one supports multi-signer auth?

twitter.com
1 points·by xinbenlv·قبل 8 أشهر·1 comments

Show HN: Namefi tokenize domain for trading, DeFi and future internet

namefi.io
1 points·by xinbenlv·قبل 9 أشهر·1 comments

comments

xinbenlv
·قبل 6 أشهر·discuss
Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.
xinbenlv
·قبل 6 أشهر·discuss
That's a good idea too, thanks for the suggestion
xinbenlv
·قبل 6 أشهر·discuss
Good points
xinbenlv
·قبل 6 أشهر·discuss
I am interested, that said, there are many memory and context services. What makes this one different?
xinbenlv
·قبل 6 أشهر·discuss
It happened multiple times to me on Claude Code too, next time I caught it I will try to record its history and show it here
xinbenlv
·قبل 6 أشهر·discuss
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
xinbenlv
·قبل 6 أشهر·discuss
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised
xinbenlv
·قبل 6 أشهر·discuss
is the permission device+client based or role based?
xinbenlv
·قبل 6 أشهر·discuss
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
xinbenlv
·قبل 6 أشهر·discuss
Xoogler here too, yes, we used Gmail and Google Workspace at Google.

You can search for an exact string if you use quotes. I think you can also filter out logos
xinbenlv
·قبل 6 أشهر·discuss
We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?
xinbenlv
·قبل 6 أشهر·discuss
Haha thanks my friend, well said.
xinbenlv
·قبل 6 أشهر·discuss
Exactly, exactly
xinbenlv
·قبل 6 أشهر·discuss
Thanks, glad you liked it!
xinbenlv
·قبل 6 أشهر·discuss
[dead]
xinbenlv
·قبل 8 أشهر·discuss
Wise @X friends: why have major authentication providers like @auth0 and @ClerkDev and @Google / @LinkedIn SSO have not supported "Multi-Signer Authentication": instead of a single signer, simply ask for more signers to authenticate an action (login, or approval).

For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.

This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails

This will massively reduce the chance of social engineering.
xinbenlv
·قبل 9 أشهر·discuss
Let us know if you hate the idea too