HackerTrans
TopNewTrendsCommentsPastAskShowJobs

iosifache

no profile record

Submissions

AI Agents Need Permission Slips – NDC London 2026

youtube.com
1 points·by iosifache·5 bulan yang lalu·0 comments

Moltbook, Agent Trustworthiness, and Prompt Attestation

twitter.com
6 points·by iosifache·5 bulan yang lalu·1 comments

Phrack Magazine RSS

raw.githubusercontent.com
2 points·by iosifache·10 bulan yang lalu·1 comments

Show HN: MCP server for searching and downloading documents from Anna's Archive

github.com
256 points·by iosifache·tahun lalu·79 comments

Show HN: haveibeenpwned.watch

haveibeenpwned.watch
1 points·by iosifache·tahun lalu·0 comments

Manifesto for those who dislike blank LinkedIn connection requests

pleasegreet.me
2 points·by iosifache·2 tahun yang lalu·2 comments

comments

iosifache
·4 bulan yang lalu·discuss
You can find them linked [1] in the OG article from Anthropic [2].

[1] https://www.mozilla.org/en-US/security/advisories/mfsa2026-1...

[2] https://www.anthropic.com/news/mozilla-firefox-security
iosifache
·5 bulan yang lalu·discuss
Full text below:

@moltbook is a cool social experiment, but its trust model will likely undermine its long-term sustainability.

An agent is deemed trustworthy simply by (1) requesting an API key with its name and description, then (2) having a human validate a claim URL by (3) posting an account-specific code on X.

The platform relies on moderators (probably just @MattPRD and some friends) to stop malicious agents or humans spreading prompt injections for secret leaking, hysteria-inducing robo-apocalyptic posts, and crypto scams. This is a huge opportunity for frontier labs or inference providers to implement prompt attestation, the equivalent of digital signatures:

1. The agent calls an inference API to generate text to be posted on Moltbook. 2. The inference API, hosted by Anthropic, OpenAI, X AI, OpenRouter, or others, receives the prompt. 3. The model generates the output. 4. The output is sent back to the user with a prompt signature over the input prompt and the generated output. 5. The agent posts the message along with the prompt signature. 6. Other agents or humans can check the legitimacy of the agent and its post by sending the post content and the prompt signature to a validation API hosted by the inference API provider.

Remote attestation is the alternative: validating that trusted binaries such as Claude Code or OpenClaw were indeed running on a trusted platform and are the ones generating the output and posting to Moltbook. This is a familiar struggle for companies behind mobile operating systems, social media platforms, and games. The task is Sisyphean: the device remains under the user's control, and dynamic instrumentation has become commoditized.
iosifache
·10 bulan yang lalu·discuss
Judging by the 2020s cadence, there is a 50% chance of having another Phrack Magazine release next year.

Why not have all the articles in the new issue directly piped into your favorite RSS reader?

iosifache[.]me/feeds/phrack.xml
iosifache
·tahun lalu·discuss
It was a misunderstanding on my side between a priori copyrighting and patenting for orphaned works. Thus, the first one is possible, the latter not.

Thank you so much for taking the time to explain!
iosifache
·tahun lalu·discuss
https://hn.algolia.com/?q=anna%27s+archive
iosifache
·tahun lalu·discuss
Ah, wow, thank you for the links and additional context. This is new information to me.

> Their copyright holder may step forward at any time after you've treated it as unlicensed.

Does this mean that Satoshi can just come and claim that a whole industry is using his/her copyrighted material?
iosifache
·tahun lalu·discuss
Thank you, sir!

https://news.ycombinator.com/item?id=44518393
iosifache
·tahun lalu·discuss
[flagged]
iosifache
·tahun lalu·discuss
UPDATE:

Following a suggestion from @irskep, I've added CLI command support for the search and download features.

This raised a valid concern - while we're focused on building MCP servers, we shouldn't overlook whether users already have preferred (T/G)UIs available. When they don't exist, we should consider user experience and make our functionality accessible through multiple interfaces beyond just MCP.

https://github.com/iosifache/annas-mcp/releases/tag/v0.0.2
iosifache
·tahun lalu·discuss
Agreed on all of this! I'm expecting MCP server creation to be natively supported by API libraries. The abstractions are very similar.
iosifache
·tahun lalu·discuss
The waiting part is nonexistent if you have an active donation (which is also required by this MCP server for API access). The fast downloads mean you request a book and start downloading it immediately.
iosifache
·tahun lalu·discuss
That would imply constantly reminding users of an available action, which isn't the case since the MCP server is just a dormant capability that needs to be triggered.
iosifache
·tahun lalu·discuss
Cheers!
iosifache
·tahun lalu·discuss
Cheers, glad you like it!

I justified the hours I invested by thinking I could search, download, and explore books directly from Claude Desktop. While the initial steps are achievable with a CLI tool, the integration opens up new possibilities.

Some general thoughts:

- You’ll find the MCP mental model similar to the API one. - MCP integrations make it easier for non-technical users to access tools that were previously too technical. - An MCP integration implicitly respects a contract, unlike CLIs and GUIs which involve human aspects (aesthetics, information organisation, etc.). - MCP is an excuse for people to democratize data access. I wrote about this aspect here: https://x.com/iosifache/status/1941049600162574676?s=46

And BTW, that’s a good idea! The functionality should probably also be exposed via CLI.
iosifache
·tahun lalu·discuss
It's doable, as you'll also find MCP servers for reading files [1].

Claude Desktop also has a built-in file reader [2], so you can ask it to read the file and process the content (e.g., generate a summary or even a meta-summary [3]).

[1] https://github.com/sylphxltd/pdf-reader-mcp [2] https://github.com/modelcontextprotocol/servers/tree/main/sr... [3] https://x.com/iosifache/status/1942247320302547175
iosifache
·tahun lalu·discuss
> I wonder if it would also happily go along with requests for Harry Potter or other copyrighted material?

There's no way to protect against this. Anna's Archive doesn't include licence information in their data fields. It would be helpful to integrate with another data source that could warn MCP server users when they're attempting potentially risky actions. Please let me know if you have ideas on how to achieve this.

On a related note, please see this reply:

https://news.ycombinator.com/reply?id=44515205
iosifache
·tahun lalu·discuss
I just provide a hammer. Users decide whether they're hitting their own nail or the metal one.

The comparison might be loose, but the problem is similar to releasing a browser. Do you prevent users from accessing websites you think are malicious or illegal? Or do you delegate that responsibility?

I was hesitant about releasing the MCP server as open source software, but I hope (1) it proves useful for others and (2) people understand that the authors of the books they're reading need money to eat, live, and support their families.
iosifache
·tahun lalu·discuss
> local copy of this corpus

Are you referring to the JSON index (https://annas-archive.org/faq#api)?
iosifache
·2 tahun yang lalu·discuss
I think people aren’t adding intros even though they have free LinkedIn messages for invites.

Regarding the second last, there’s a chance that only one person will remember who the other person is. If you have a super intense networking night, things might get a bit hazy.

But these are fair thoughts, so cheers for the feedback!