I do something similar but this only protects secrets at rest. If you app has an exploit an attack could just export all your secrets to a file.
I prototyped a solution where I use an external debugger to monitor my app, when the app needs a secret it generates a breakpoint and the debugger catches it and then inspects the call stack of the function requesting the secret and then copies it into the process memory (intended to be erased immediately after use). Not 100% security but a big improvement and a bit more flexible and auditable compared to a proxy
Would it even crash a computer? They would fill up their hard drive but that would just yield warnings to the user in most operating systems. Chances are they would kill it manually because it would take a long time
> It was able to one-shot deploying a digital ocean droplet and configure wireguard?
Yes, that part was pretty easy - but the whole thing wasn't one shot. The parts I struggled with were:
- getting automated SSH installed on the $130 router, once you have that the LLM can drive things
- during security hardening, I got fully locked out and had to recreate a new VM. But it was able to automatically recreate everything in a few minutes.
Harsh, but a good point on egress cost that I overlooked, I'm adding a section on this - if you use Oracle cloud it looks like you get 10TB included at no additional cost where DO would be around $84 at the same bandwidth levels
I've experimented with using LLM to setup and/or maintain some servers for me for various different use cases (this being one). What I like is an agentic LLM can either document it's initial build process or "explore" your server to better understand how it works, what configuration files are used, software versions installed, etc. When you have that documentation/context provided to a frontier LLM it can take care of most maintenance work you'd like do by hand for "simple" servers. A good prompt to get an llm to explore an existing server to make sure it fully understands it is to ask it to make a working backup.
That's a very good point. I included a "Cost Comparison by Bandwidth Usage" section that shows the cost for Digital Ocean compared to a commercial bonded solution. At 10TB the monthly DO cost goes up to $84/month which is significant, but if you compare that with a commercial solution that gives you a bonded connection (Speedify) they would charge $120/m for 10TB.
If you used Oracle cloud, I think 10TB is still in their free tier so you'd be looking at ~$15/month.
> or how many services like streaming, banking, gaming will restrict, block, or otherwise treat the connection differently because the traffic now exits via a datacenter or VPN IP/ASN.
I did run into this and claude implemented a work-around (see step 8) to route some traffic through the normal exit IP for those special use cases. So far I've only run into this problem with 3 services (Ring, Blink, and Paychex). Surprisingly none of the streaming services seem to care (Netflix, Amazon, Apple TV).
Maybe I didn't make it clear from the post, the llm (cursor+claude 4.5 sonet) was actually driving the whole process from provisioning a server, installing wireguard, setting up certificates, configuring network, installing packages, and updating security - with some testing at each step. I never ran any commands manually, I just told it what to do.
Bonding two ISPs was previously too complex for most home use until agentic AI. Claude can automate the entire WireGuard/OpenWRT/VPN setup, testing, and security hardening via SSH as an afternoon project. Total cost: $305 over 3 years vs $1,241 for commercial solutions. Downgrade your current ISP and add a second cheap one to get faster more reliable internet at home.
> the purpose of blogging is to organize your own thoughts
I don't get this comment. People can create content for any number of reasons and those reason will vary widely by the author. I like to use it to share something interesting to me that is too long for a Linkedin post.
It's a good point and I should make a distinction on what models are appropriate. I think of chatGPT 4 like a college student and chatGPT 5.1 5 Pro (deep thinking model) more like a seasoned professional. I wouldn't trust non-frontier, non-thinking models with a result for this kind of question. But the determinism of the result does not scare me, the out output may vary but not directionally. The same thing would happen if you asked the foremost security expert in the world, you'd get slightly different answers on different days. One time as a I test I ran a very complex legal analysis through chat GPT pro 10 times to see how the results would vary and it was pretty consistent with ~10% variation in numbers it suggested.
For me, it is about learning about what AI can and can’t do, how to progressively prompt, how to avoid problem, etc. once you understand that you can build more things quickly. I gained a pretty good understanding of what it can/cant do, how many prompt it will take to get there, and which model(s) are capable.
true, I can’t rule those out entirely. I access via iPhone to limit attack surface area, the info was never printed, present in emails, or disclosed to 3rd parties
My first thought was someone they tied a blockchain transaction to my name and then traced it backwards. But they also knew my ETH and BTC balances, and date the account was opened. You might be able to figure out the open date by looking at the blockchain but I could never determine how they would know balances for two unrelated cryptos without some kind of coinbase compromise.
I prototyped a solution where I use an external debugger to monitor my app, when the app needs a secret it generates a breakpoint and the debugger catches it and then inspects the call stack of the function requesting the secret and then copies it into the process memory (intended to be erased immediately after use). Not 100% security but a big improvement and a bit more flexible and auditable compared to a proxy