HackerTrans
トップ新着トレンドコメント過去質問紹介求人

ramimac

no profile record

投稿

Who Has the Hardest Fist in China's AI Valuation Race?

crossingriver.substack.com
3 ポイント·投稿者 ramimac·先月·0 コメント

A Guide to Keyboard Customization

aresluna.org
4 ポイント·投稿者 ramimac·2 か月前·0 コメント

If [static analysis] could have, why didn't it?

alexgaynor.net
2 ポイント·投稿者 ramimac·3 か月前·1 コメント

Brocards for Vulnerability Triage

blog.yossarian.net
2 ポイント·投稿者 ramimac·3 か月前·0 コメント

Telnyx package compromised on PyPI

telnyx.com
133 ポイント·投稿者 ramimac·4 か月前·135 コメント

It's Their Mona Lisa

ironicsans.ghost.io
75 ポイント·投稿者 ramimac·4 か月前·17 コメント

Child's Play: Tech's new generation and the end of thinking

harpers.org
451 ポイント·投稿者 ramimac·5 か月前·265 コメント

Building Multi-Agent Systems (Part 3)

blog.sshh.io
1 ポイント·投稿者 ramimac·6 か月前·0 コメント

Okta's NextJS-0auth troubles

joshua.hu
372 ポイント·投稿者 ramimac·8 か月前·152 コメント

Visibility at scale: How Figma detects sensitive data exposure

figma.com
2 ポイント·投稿者 ramimac·9 か月前·0 コメント

If Managers Were Angels

bonnycode.com
1 ポイント·投稿者 ramimac·9 か月前·0 コメント

Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces

wiz.io
1 ポイント·投稿者 ramimac·9 か月前·0 コメント

コメント

ramimac
·3 か月前·議論
Carlini's unprompted talk is one source: https://www.youtube.com/watch?t=204&v=1sd26pWhfmg
ramimac
·4 か月前·議論
We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports
ramimac
·4 か月前·議論
It's a spam flood by the attacker to complicate information sharing[1]. They did the same thing in the Trivy discussion, with many of the same accounts.[2]

[1] https://ramimac.me/teampcp/#spam-flood-litellm [2] https://ramimac.me/teampcp/#discussion-flooded
ramimac
·4 か月前·議論
Blood, sweat, and tears.

The investment compounds! I have enough context to quickly vet incoming information, then it's trivial to update a static site with a new blurb
ramimac
·4 か月前·議論
This is tied to the TeamPCP activity over the last few weeks. I've been responding, and keeping an up to date timeline. I hope it might help folks catch up and contextualize this incident:

https://ramimac.me/trivy-teampcp/#phase-09
ramimac
·4 か月前·議論
> Upon issue creation another workflow spins up three independent coding agents to analyze the finding.

I'm curious

1) what the current statistics are for consensus

2) how the agents may/may not perform independently

3) what the agent profiles are and how they differ (model, harness, prompt/persona, all three?)
ramimac
·7 か月前·議論
Reach out if you'd like me to check - I did the same for the trigger.dev team in fact[1].

(personal site linked in bio, who links you onward to my linkedin)

[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20
ramimac
·8 か月前·議論
Probably, but you can check out a more robust list here: https://blog.cloudflare.com/tag/acquisitions/

* BastionZero

* Kivera

* Baselime

* PartyKit

* Area 1

* Vectrix

* Zaraz

* Linc

* S2 Systems Corporation

* Neumob

* Eager

* CryptoSeal

* StopTheHacker
ramimac
·9 か月前·議論
Always a funny title, see previously: Announcing the New AWS Secret Region (2017) [1]

[1] https://news.ycombinator.com/item?id=15741108
ramimac
·10 か月前·議論
It's not a coincidence - this attack is directly downstream of s1ngularity
ramimac
·11 か月前·議論
I have evidence of at least 250 successes for the prompt. Claude definitely appears to have a higher rejection rate. Q also rejects fairly consistently (based on Claude, so that makes sense).

Context: I've been responding to this all day, and wrote https://www.wiz.io/blog/s1ngularity-supply-chain-attack