HackerTrans
TopNewTrendsCommentsPastAskShowJobs

xinbenlv

no profile record

Submissions

[untitled]

1 points·by xinbenlv·3 mesi fa·0 comments

[untitled]

1 points·by xinbenlv·3 mesi fa·0 comments

Ask HN: Does OpenClaw need a re-architecture to be usable?

4 points·by xinbenlv·5 mesi fa·4 comments

Ask HN: Too many skills, how do you pick?

1 points·by xinbenlv·5 mesi fa·2 comments

Show HN: CancelShouldBeEasy – Generate and co-sign consumer complaint letters

cancelshouldbeeasy.com
1 points·by xinbenlv·5 mesi fa·0 comments

Ask HN: Do you "micro-manage" your agents?

7 points·by xinbenlv·6 mesi fa·8 comments

Tell HN: Cursor agent force-pushed despite explicit "ask for permission" rules

7 points·by xinbenlv·6 mesi fa·9 comments

Ask HN: Best practice securing secrets on local machines working with agents?

10 points·by xinbenlv·6 mesi fa·12 comments

Show HN: Dotenv Mask Editor: No more embarrassing screen leaks of your .env

marketplace.visualstudio.com
28 points·by xinbenlv·6 mesi fa·27 comments

Show HN: Just built the best domain search engine

search.labs.namefi.io
1 points·by xinbenlv·7 mesi fa·1 comments

Show HN: Namefi built WebGPU-powered in-browser LLM pure client-side infer UX

search.labs.namefi.io
1 points·by xinbenlv·7 mesi fa·0 comments

Show HN: launched Namefi new domain search experience for collectors

search.labs.namefi.io
2 points·by xinbenlv·7 mesi fa·0 comments

Ask HN: Why no one supports multi-signer auth?

twitter.com
1 points·by xinbenlv·8 mesi fa·1 comments

Show HN: Namefi tokenize domain for trading, DeFi and future internet

namefi.io
1 points·by xinbenlv·9 mesi fa·1 comments

comments

xinbenlv
·6 mesi fa·discuss
Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.
xinbenlv
·6 mesi fa·discuss
That's a good idea too, thanks for the suggestion
xinbenlv
·6 mesi fa·discuss
Good points
xinbenlv
·6 mesi fa·discuss
I am interested, that said, there are many memory and context services. What makes this one different?
xinbenlv
·6 mesi fa·discuss
It happened multiple times to me on Claude Code too, next time I caught it I will try to record its history and show it here
xinbenlv
·6 mesi fa·discuss
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
xinbenlv
·6 mesi fa·discuss
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised
xinbenlv
·6 mesi fa·discuss
is the permission device+client based or role based?
xinbenlv
·6 mesi fa·discuss
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
xinbenlv
·6 mesi fa·discuss
Xoogler here too, yes, we used Gmail and Google Workspace at Google.

You can search for an exact string if you use quotes. I think you can also filter out logos
xinbenlv
·6 mesi fa·discuss
We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?
xinbenlv
·6 mesi fa·discuss
Haha thanks my friend, well said.
xinbenlv
·6 mesi fa·discuss
Exactly, exactly
xinbenlv
·6 mesi fa·discuss
Thanks, glad you liked it!
xinbenlv
·6 mesi fa·discuss
[dead]
xinbenlv
·8 mesi fa·discuss
Wise @X friends: why have major authentication providers like @auth0 and @ClerkDev and @Google / @LinkedIn SSO have not supported "Multi-Signer Authentication": instead of a single signer, simply ask for more signers to authenticate an action (login, or approval).

For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.

This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails

This will massively reduce the chance of social engineering.
xinbenlv
·9 mesi fa·discuss
Let us know if you hate the idea too