HackerTrans
トップ新着トレンドコメント過去質問紹介求人

tkp-415

no profile record

投稿

Show HN: ShopLurker - An ecommerce aggregator

shoplurker.com
1 ポイント·投稿者 tkp-415·5 か月前·0 コメント

Instagram's URL Blackhole

medium.com
311 ポイント·投稿者 tkp-415·5 か月前·48 コメント

Show HN: Finding similarities in magazine covers (updated)

shoplurker.com
1 ポイント·投稿者 tkp-415·5 か月前·0 コメント

Show HN: Finding similarities in New Yorker covers

shoplurker.com
18 ポイント·投稿者 tkp-415·6 か月前·8 コメント

コメント

tkp-415
·4 か月前·議論
Process substitution is a new concept to me. Definitely adding that method to the toolbox.

It'd be nice to see exactly what the bugbot shell script contained. Perhaps it is what modified the dangerously_disable_sandbox flag, then again, "by default" makes me think it's set when launched.
tkp-415
·5 か月前·議論
My first use case of an LLM for security research was feeding Gemini Semgrep scan results of an open source repo. It definitely was a great way to get the LLM to start looking at something, and provide a usable sink + source flow for manual review.

I assumed I was still dealing with lots of false positives from Gemini due to using the free version and not being able to have it memorize the full code base. Either way combining those two tools makes the review process a lot more enjoyable.
tkp-415
·5 か月前·議論
Can anyone point me in the direction of getting a model to run locally and efficiently inside something like a Docker container on a system with not so strong computing power (aka a Macbook M1 with 8gb of memory)?

Is my only option to invest in a system with more computing power? These local models look great, especially something like https://huggingface.co/AlicanKiraz0/Cybersecurity-BaronLLM_O... for assisting in penetration testing.

I've experimented with a variety of configurations on my local system, but in the end it turns into a make shift heater.
tkp-415
·5 か月前·議論
This is neat. What VPS service do you use? I am trying to replace my tendency to spin up small EC2 instances just to deploy a simple web app.
tkp-415
·5 か月前·議論
Ahh, that seems much simpler. Dump the request / response directly. Now I'm wondering if I can use Gemini to patch Gemini.
tkp-415
·5 か月前·議論
Curious to see how you can get Gemini fully intercepted.

I've been intercepting its HTTP requests by running it inside a docker container with:

-e HTTP_PROXY=http://127.0.0.1:8080 -e HTTPS_PROXY=http://host.docker.internal:8080 -e NO_PROXY=localhost,127.0.0.1

It was working with mitmproxy for a very brief period, then the TLS handshake started failing and it kept requesting for re-authentication when proxied.

You can get the whole auth flow and initial conversation starters using Burp Suite and its certificate, but the Gemini chat responses fail in the CLI, which I understand is due to how Burp handles HTTP2 (you can see the valid responses inside Burp Suite).
tkp-415
·6 か月前·議論
Hashes generated using https://pypi.org/project/ImageHash/, then a hamming distance is calculated with SQL.

Unfortunately I don't currently have a repo that can be forked.
tkp-415
·6 か月前·議論
The confusion is understandable as the comparison is basic and uses image hashes (https://pypi.org/project/ImageHash/), which are pretty surface level and don't always provide reliable "this image is obviously very similar to that one" results.

You are correct that when you click something in the brackets, the results returned are covers similar to what you clicked.

Still have a lot of room for improvement as I go further down this image matching rabbit hole, but the comparison's current state does provide some useful results every so often.