HackerTrans
TopNewTrendsCommentsPastAskShowJobs

yanosh_kunsh

no profile record

Submissions

Is my essay making a clear argument? [video]

youtube.com
1 points·by yanosh_kunsh·il y a 5 mois·1 comments

comments

yanosh_kunsh
·le mois dernier·discuss
I'm not sure why they even call them tents. Those are called fabric buildings. Fabric buildings have a lifespan of over 20 years[1] and this is limited by the PVC membranes, the actual steel structure can last a lot longer.

[1] https://www.rubbusa.com/approach/quality/
yanosh_kunsh
·il y a 3 mois·discuss
[dead]
yanosh_kunsh
·il y a 5 mois·discuss
You are absolutely correct, but I don't need it to be 100% bulletproof.

I'm using opencode as a coding agent and I've added a custom plugin that implements an .aiexclude check (gist (https://gist.github.com/yanosh-k/09965770f37b3102c22bdf5c59a...)) before tool calls. No matter how good the checks are, on the 5th or 6th attempt a determined prompt can make the agent read a secret — but that only happens if reading secrets is the explicit goal. When I'm not specifically prompting it to extract secrets, the plugin reliably prevents the agent from reading them during normal coding work.

My threat model isn't a motivated attacker — it's accidental ingestion.

That's also why I think this should be a built-in feature of coding agents — though I understand the hesitation: if it can't guarantee 100% coverage, shipping it as a native safeguard risks giving users a false sense of security, which may be harder to manage than not having it at all.
yanosh_kunsh
·il y a 5 mois·discuss
I think it would be best if AI agents would honor either .gitignore or .aiexclude (https://developers.google.com/gemini-code-assist/docs/create...).
yanosh_kunsh
·il y a 5 mois·discuss
So does that mean that LLM inference could go down significantly in price and/or context length would dramatically increase?
yanosh_kunsh
·il y a 5 mois·discuss
Hilarious campaign against ads in AI chats
yanosh_kunsh
·il y a 6 mois·discuss
This is really cool. I've gone down the rabbit hole of Certificate Transparency to find out how crt.sh gets its information - first time I've even heard that it exists. Also, much better UI than crt.sh. I've tried to go over the information there, but it looks really cumbersome.
yanosh_kunsh
·il y a 7 mois·discuss
It is very strange that this didn't make it to the front page of HN. I've just received an email from DigitalOcean that my VPS/droplet had been used in a DDoS attack, and a few hours latter another email, again from DigitalOcean, saying that I'm running software that has a vulnerability with CVE score of 10. I guess not a lot of CVEs get a score of 10, and not for a framework as widespread as React and Next.