HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ramimac

no profile record

Submissions

Who Has the Hardest Fist in China's AI Valuation Race?

crossingriver.substack.com
3 points·by ramimac·bulan lalu·0 comments

A Guide to Keyboard Customization

aresluna.org
4 points·by ramimac·2 bulan yang lalu·0 comments

If [static analysis] could have, why didn't it?

alexgaynor.net
2 points·by ramimac·3 bulan yang lalu·1 comments

Brocards for Vulnerability Triage

blog.yossarian.net
2 points·by ramimac·3 bulan yang lalu·0 comments

Telnyx package compromised on PyPI

telnyx.com
133 points·by ramimac·4 bulan yang lalu·135 comments

It's Their Mona Lisa

ironicsans.ghost.io
75 points·by ramimac·4 bulan yang lalu·17 comments

Child's Play: Tech's new generation and the end of thinking

harpers.org
451 points·by ramimac·5 bulan yang lalu·265 comments

Building Multi-Agent Systems (Part 3)

blog.sshh.io
1 points·by ramimac·6 bulan yang lalu·0 comments

Okta's NextJS-0auth troubles

joshua.hu
372 points·by ramimac·8 bulan yang lalu·152 comments

Visibility at scale: How Figma detects sensitive data exposure

figma.com
2 points·by ramimac·9 bulan yang lalu·0 comments

If Managers Were Angels

bonnycode.com
1 points·by ramimac·9 bulan yang lalu·0 comments

Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces

wiz.io
1 points·by ramimac·9 bulan yang lalu·0 comments

comments

ramimac
·3 bulan yang lalu·discuss
Carlini's unprompted talk is one source: https://www.youtube.com/watch?t=204&v=1sd26pWhfmg
ramimac
·4 bulan yang lalu·discuss
We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports
ramimac
·4 bulan yang lalu·discuss
It's a spam flood by the attacker to complicate information sharing[1]. They did the same thing in the Trivy discussion, with many of the same accounts.[2]

[1] https://ramimac.me/teampcp/#spam-flood-litellm [2] https://ramimac.me/teampcp/#discussion-flooded
ramimac
·4 bulan yang lalu·discuss
Blood, sweat, and tears.

The investment compounds! I have enough context to quickly vet incoming information, then it's trivial to update a static site with a new blurb
ramimac
·4 bulan yang lalu·discuss
This is tied to the TeamPCP activity over the last few weeks. I've been responding, and keeping an up to date timeline. I hope it might help folks catch up and contextualize this incident:

https://ramimac.me/trivy-teampcp/#phase-09
ramimac
·4 bulan yang lalu·discuss
> Upon issue creation another workflow spins up three independent coding agents to analyze the finding.

I'm curious

1) what the current statistics are for consensus

2) how the agents may/may not perform independently

3) what the agent profiles are and how they differ (model, harness, prompt/persona, all three?)
ramimac
·7 bulan yang lalu·discuss
Reach out if you'd like me to check - I did the same for the trigger.dev team in fact[1].

(personal site linked in bio, who links you onward to my linkedin)

[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20
ramimac
·8 bulan yang lalu·discuss
Probably, but you can check out a more robust list here: https://blog.cloudflare.com/tag/acquisitions/

* BastionZero

* Kivera

* Baselime

* PartyKit

* Area 1

* Vectrix

* Zaraz

* Linc

* S2 Systems Corporation

* Neumob

* Eager

* CryptoSeal

* StopTheHacker
ramimac
·9 bulan yang lalu·discuss
Always a funny title, see previously: Announcing the New AWS Secret Region (2017) [1]

[1] https://news.ycombinator.com/item?id=15741108
ramimac
·10 bulan yang lalu·discuss
It's not a coincidence - this attack is directly downstream of s1ngularity
ramimac
·11 bulan yang lalu·discuss
I have evidence of at least 250 successes for the prompt. Claude definitely appears to have a higher rejection rate. Q also rejects fairly consistently (based on Claude, so that makes sense).

Context: I've been responding to this all day, and wrote https://www.wiz.io/blog/s1ngularity-supply-chain-attack