HackerTrans
TopNewTrendsCommentsPastAskShowJobs

erans

no profile record

Submissions

Show HN: I ran every Claude agent turn through the Batch API

eran.sandler.co.il
3 points·by erans·3 माह पहले·0 comments

Show HN: LunaRoute – a high-performance local proxy for AI coding assistants

github.com
8 points·by erans·9 माह पहले·1 comments

Show HN: Selfhostllm.org – Plan GPU capacity for self-hosting LLMs

selfhostllm.org
7 points·by erans·11 माह पहले·3 comments

comments

erans
·3 माह पहले·discuss
For agents, if you are concerned about that, block access to "su" as it is interactive anyway. Not loading it into the memory will block the attack. If you are using AgentSH (https://www.agentsh.org) you can add a rule to block "su" and soon be able to block AF_ALG sockets if you want to further protect things.
erans
·3 माह पहले·discuss
Execution layer security must be deterministic. That's why we are working on AgentSH (https://www.agentsh.org) which is model, framework and harness agnostic.
erans
·3 माह पहले·discuss
The part that seems most important here is that npm install was enough.

Once the compromise point is preinstall, the usual "inspect after install" mindset breaks down. By then the payload has already had a chance to run.

That gets more interesting with agents / CI / ephemeral sandboxes, because short exposure windows are still enough when installs happen automatically and repeatedly.

Another thing I think is worth paying attention to: this payload did not just target secrets, it also targeted AI tooling config, and there is a real possibility that shell-profile tampering becomes a way to poison what the next coding assistant reads into context.

I work on AgentSH (https://www.agentsh.org), and we wrote up a longer take on that angle here:

https://www.canyonroad.ai/blog/the-install-was-the-attack/
erans
·3 माह पहले·discuss
It's great to see more such platform popping up. It's good for the ecosystem. We need more hosting options that are clear, secure and have the ability to help people run as many models as possible.
erans
·9 माह पहले·discuss
that's great. PagerDuty always felt so expensive and heavy!
erans
·9 माह पहले·discuss
That's awesome. It's always annoying using those 3rd party ones!
erans
·9 माह पहले·discuss
Summary data is in a sqlite database so its easily queryable by you or your friendly AI agent.

You can have a single proxy and have multiple team members use the same one so that you can easily track sessions, token usage, spend etc.
erans
·9 माह पहले·discuss
true that there is a some kind of a ceiling of what can or can't be done. But that ceiling is way up there. Also, there are enough examples and articles and code that allows enough combination to be made so that its good enough - and that is a very important bar.

There are A LOT of businesses (even big ones managing money and what not) that rely on spreadsheets to do so much. Could this have been an app/service/SaaS/whatever ? probably.

What if these orgs can (mostly) internally solidify some of these processes? what if they don't need an insanely expensive salesforce implementor that can add "custom logic" ?

A lot of times companies will replace "complex software" with half complex process!

What if they don't need Salesforce at all because they need a reasonable simple CRM and don't want to (or shouldn't) pay $10k/seat/year ?

There are still going to be very differentiating apps and services here and there, but as time move on these "technological" advantages will erode and with AI they erode way faster.
erans
·11 माह पहले·discuss
I also added a Mac version: https://selfhostllm.org/mac/ so you can know which models you can run on your Mac and get an estimated tokens/sec.
erans
·पिछला वर्ष·discuss
I would argue that due to the way MCP servers/tools are added to calls, there will be a pre-step that will figure out which MCPs are even relevant for a request prior to executing it.