HackerTrans
TopNewTrendsCommentsPastAskShowJobs

brumbelow

no profile record

Submissions

Show HN: Viewport – A clean local agent monitor

github.com
3 points·by brumbelow·mese scorso·0 comments

Show HN: Clipd – A better clipboard manager for Windows 11, written in Rust

github.com
2 points·by brumbelow·2 mesi fa·0 comments

Show HN: Pyinc – a pull-based incremental query kernel for Python

github.com
1 points·by brumbelow·2 mesi fa·0 comments

Show HN: Pyinc – From-scratch consistency in native Python

github.com
1 points·by brumbelow·3 mesi fa·1 comments

Show HN: Uninum – All elementary functions from a single operator, in Python

github.com
6 points·by brumbelow·3 mesi fa·2 comments

Show HN: Layerleak – Like Trufflehog, but for Docker Hub

github.com
10 points·by brumbelow·4 mesi fa·8 comments

comments

brumbelow
·12 giorni fa·discuss
I am not sure what you set out to prove or think you have proven... but the article doesn't give me an indication on either one of those things.

If anything, you have certainly proven that there are still people confident enough to write a blog about something they don't understand. Thanks for that
brumbelow
·18 giorni fa·discuss
Yeah I would say that the 'some point' is frontier quantum research. Which makes it even more confusing as to how something like this is not caught.
brumbelow
·3 mesi fa·discuss
pyinc is, to my knowledge, the first pure-Python, stdlib-only implementation of a Salsa/Skyframe-style incremental query kernel with a documented from-scratch consistency contract. Prior Python incremental-computation work either targets narrow domains (TA indicators, ML experiment tracking) or depends on a platform (think Palantir Foundry); pyinc is a general-purpose kernel you can vendor into any project. v1.0.1 is now available on pypi!
brumbelow
·3 mesi fa·discuss
I read the research paper from a link on HN and loved it so much I had to use it. Hopefully folks find as interesting as I do!
brumbelow
·3 mesi fa·discuss
Exactly. I appreciate the considerations they have already taken, this is definitely a problem that needs to be addressed as agentic AI continues its warpath.

However, this feels to me like widening the attack surface rather than tightening security. I'm going to dig in to this over the next few weeks. Hopefully I prove myself wrong
brumbelow
·3 mesi fa·discuss
[flagged]
brumbelow
·4 mesi fa·discuss
I am definitely not an AI. I would probably be flattered if I wasn't so offended
brumbelow
·4 mesi fa·discuss
His paste literally says...

" # to scan from the local docker daemon"

That aside, I just tested against trufflehog myself. It did take about 10-15%longer for a scan to complete but this is expected. Layerleak is scanning any additional or deleted tags found for the digest while trufflehog only scans the one. I am proud of the project, so I am showing it off. If you dont like, dont use :)

Thanks for checking it out.
brumbelow
·4 mesi fa·discuss
That's true, but as you can see from your paste, Trufflehog requires the docker daemon and is generally pretty resource intensive while scanning.

layerleak has neither of those issues or requirements.

Try it and let me know what you think.
brumbelow
·4 mesi fa·discuss
Thanks for the advice! Did not even consider that. I just updated it
brumbelow
·4 mesi fa·discuss
I couldn't find anything comparable to Trufflehog for Docker images, even though I have constantly read articles about "secrets discovered in public images." So I built my own (hopefully) comparable tool.
brumbelow
·4 mesi fa·discuss
wtf? you're slop lol
brumbelow
·4 mesi fa·discuss
[flagged]
brumbelow
·4 mesi fa·discuss
[flagged]
brumbelow
·4 mesi fa·discuss
[flagged]