HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ramimac

no profile record

Submissions

Who Has the Hardest Fist in China's AI Valuation Race?

crossingriver.substack.com
3 points·by ramimac·le mois dernier·0 comments

A Guide to Keyboard Customization

aresluna.org
4 points·by ramimac·il y a 2 mois·0 comments

If [static analysis] could have, why didn't it?

alexgaynor.net
2 points·by ramimac·il y a 3 mois·1 comments

Brocards for Vulnerability Triage

blog.yossarian.net
2 points·by ramimac·il y a 3 mois·0 comments

Telnyx package compromised on PyPI

telnyx.com
133 points·by ramimac·il y a 4 mois·135 comments

It's Their Mona Lisa

ironicsans.ghost.io
75 points·by ramimac·il y a 4 mois·17 comments

Child's Play: Tech's new generation and the end of thinking

harpers.org
451 points·by ramimac·il y a 5 mois·265 comments

Building Multi-Agent Systems (Part 3)

blog.sshh.io
1 points·by ramimac·il y a 6 mois·0 comments

Okta's NextJS-0auth troubles

joshua.hu
372 points·by ramimac·il y a 8 mois·152 comments

Visibility at scale: How Figma detects sensitive data exposure

figma.com
2 points·by ramimac·il y a 9 mois·0 comments

If Managers Were Angels

bonnycode.com
1 points·by ramimac·il y a 9 mois·0 comments

Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces

wiz.io
1 points·by ramimac·il y a 9 mois·0 comments

comments

ramimac
·il y a 3 mois·discuss
Carlini's unprompted talk is one source: https://www.youtube.com/watch?t=204&v=1sd26pWhfmg
ramimac
·il y a 4 mois·discuss
We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports
ramimac
·il y a 4 mois·discuss
It's a spam flood by the attacker to complicate information sharing[1]. They did the same thing in the Trivy discussion, with many of the same accounts.[2]

[1] https://ramimac.me/teampcp/#spam-flood-litellm [2] https://ramimac.me/teampcp/#discussion-flooded
ramimac
·il y a 4 mois·discuss
Blood, sweat, and tears.

The investment compounds! I have enough context to quickly vet incoming information, then it's trivial to update a static site with a new blurb
ramimac
·il y a 4 mois·discuss
This is tied to the TeamPCP activity over the last few weeks. I've been responding, and keeping an up to date timeline. I hope it might help folks catch up and contextualize this incident:

https://ramimac.me/trivy-teampcp/#phase-09
ramimac
·il y a 4 mois·discuss
> Upon issue creation another workflow spins up three independent coding agents to analyze the finding.

I'm curious

1) what the current statistics are for consensus

2) how the agents may/may not perform independently

3) what the agent profiles are and how they differ (model, harness, prompt/persona, all three?)
ramimac
·il y a 7 mois·discuss
Reach out if you'd like me to check - I did the same for the trigger.dev team in fact[1].

(personal site linked in bio, who links you onward to my linkedin)

[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20
ramimac
·il y a 8 mois·discuss
Probably, but you can check out a more robust list here: https://blog.cloudflare.com/tag/acquisitions/

* BastionZero

* Kivera

* Baselime

* PartyKit

* Area 1

* Vectrix

* Zaraz

* Linc

* S2 Systems Corporation

* Neumob

* Eager

* CryptoSeal

* StopTheHacker
ramimac
·il y a 9 mois·discuss
Always a funny title, see previously: Announcing the New AWS Secret Region (2017) [1]

[1] https://news.ycombinator.com/item?id=15741108
ramimac
·il y a 10 mois·discuss
It's not a coincidence - this attack is directly downstream of s1ngularity
ramimac
·il y a 11 mois·discuss
I have evidence of at least 250 successes for the prompt. Claude definitely appears to have a higher rejection rate. Q also rejects fairly consistently (based on Claude, so that makes sense).

Context: I've been responding to this all day, and wrote https://www.wiz.io/blog/s1ngularity-supply-chain-attack