HackerTrans
トップ新着トレンドコメント過去質問紹介求人

stuxf

79 カルマ登録 2 年前
friend me on discord! @stuxf :)

co-founder @ veria labs (verialabs.com)

投稿

$100k to keep CTFs competitive in the age of AI

osec.io
2 ポイント·投稿者 stuxf·一昨日·0 コメント

From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more

verialabs.com
148 ポイント·投稿者 stuxf·10 か月前·40 コメント

コメント

stuxf
·5 日前·議論
Been looking to write more, this looks great! I love the general premise of just converting picture => 1000 words.
stuxf
·4 か月前·議論
Makes sense, thank you!
stuxf
·4 か月前·議論
It's interesting that they counted these as security vulnerabilities (from the linked Anthropic article)

> “Crude” is an important caveat here. The exploits Claude wrote only worked on our testing environment, which intentionally removed some of the security features found in modern browsers. This includes, most importantly, the sandbox, the purpose of which is to reduce the impact of these types of vulnerabilities. Thus, Firefox’s “defense in depth” would have been effective at mitigating these particular exploits.
stuxf
·5 か月前·議論
I totally buy the thesis on specialization here, I think it makes total sense.

Asides from the obvious concern that this is a tiny 8B model, I'm also a bit skeptical of the power draw. 2.4 kW feels a little bit high, but someone else should try doing the napkin math compared to the total throughput to power ratio on the H200 and other chips.
stuxf
·5 か月前·議論
finally I can move off termius, this looks great!
stuxf
·5 か月前·議論
> Some coding agents (Shelley included!) refuse to return a large tool output back to the agent after some threshold. This is a mistake: it's going to read the whole file, and it may as well do it in one call rather than five.

disagree with this: IMO the primary reason that these still need to exist is for when the agent messes up (e.g reads a file that is too large like a bundle file), or when you run a grep command in a large codebase and end up hitting way too many files, overloading context.

Otherwise lots of interesting stuff in this article! Having a precise calculator was very useful for the idea of how many things we should be putting into an agent loop to get a cost optimum (and not just a performance optimum) for our tasks, which is something that's been pretty underserved.
stuxf
·8 か月前·議論
I agree with a lot of things said in this article, I also think some sort of centralized trust system for OSS bug bounty would be a really good solution to this problem

> The downside is that it makes it harder for new researchers to enter the field, and it risks creating an insider club.

I also think this concern can be largely mitigated or reduced to a nonissue. New researchers would have a trust score of zero for example, but people who consistently submit AI slop will have a very low score and can be filtered out fairly easily.