HackerTrans
トップ新着トレンドコメント過去質問紹介求人

xinbenlv

25 カルマ登録 14 年前
[ my public key: https://keybase.io/xinbenlv; my proof: https://keybase.io/xinbenlv/sigs/g60PZyDaNSrkRlBRpF8ZSbpEZfmY1VWqDydq3SxAb-4 ]

投稿

[untitled]

1 ポイント·投稿者 xinbenlv·5 時間前·0 コメント

[untitled]

1 ポイント·投稿者 xinbenlv·3 か月前·0 コメント

[untitled]

1 ポイント·投稿者 xinbenlv·3 か月前·0 コメント

Ask HN: Does OpenClaw need a re-architecture to be usable?

4 ポイント·投稿者 xinbenlv·5 か月前·4 コメント

Ask HN: Too many skills, how do you pick?

1 ポイント·投稿者 xinbenlv·5 か月前·2 コメント

Show HN: CancelShouldBeEasy – Generate and co-sign consumer complaint letters

cancelshouldbeeasy.com
1 ポイント·投稿者 xinbenlv·5 か月前·0 コメント

Ask HN: Do you "micro-manage" your agents?

7 ポイント·投稿者 xinbenlv·6 か月前·8 コメント

Tell HN: Cursor agent force-pushed despite explicit "ask for permission" rules

7 ポイント·投稿者 xinbenlv·6 か月前·9 コメント

Ask HN: Best practice securing secrets on local machines working with agents?

10 ポイント·投稿者 xinbenlv·6 か月前·12 コメント

Show HN: Dotenv Mask Editor: No more embarrassing screen leaks of your .env

marketplace.visualstudio.com
28 ポイント·投稿者 xinbenlv·6 か月前·27 コメント

Show HN: Just built the best domain search engine

search.labs.namefi.io
1 ポイント·投稿者 xinbenlv·7 か月前·1 コメント

Show HN: Namefi built WebGPU-powered in-browser LLM pure client-side infer UX

search.labs.namefi.io
1 ポイント·投稿者 xinbenlv·7 か月前·0 コメント

Show HN: launched Namefi new domain search experience for collectors

search.labs.namefi.io
2 ポイント·投稿者 xinbenlv·7 か月前·0 コメント

Ask HN: Why no one supports multi-signer auth?

twitter.com
1 ポイント·投稿者 xinbenlv·8 か月前·1 コメント

Show HN: Namefi tokenize domain for trading, DeFi and future internet

namefi.io
1 ポイント·投稿者 xinbenlv·9 か月前·1 コメント

コメント

xinbenlv
·6 か月前·議論
Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.
xinbenlv
·6 か月前·議論
That's a good idea too, thanks for the suggestion
xinbenlv
·6 か月前·議論
Good points
xinbenlv
·6 か月前·議論
I am interested, that said, there are many memory and context services. What makes this one different?
xinbenlv
·6 か月前·議論
It happened multiple times to me on Claude Code too, next time I caught it I will try to record its history and show it here
xinbenlv
·6 か月前·議論
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
xinbenlv
·6 か月前·議論
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised
xinbenlv
·6 か月前·議論
is the permission device+client based or role based?
xinbenlv
·6 か月前·議論
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
xinbenlv
·6 か月前·議論
Xoogler here too, yes, we used Gmail and Google Workspace at Google.

You can search for an exact string if you use quotes. I think you can also filter out logos
xinbenlv
·6 か月前·議論
We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?
xinbenlv
·6 か月前·議論
Haha thanks my friend, well said.
xinbenlv
·6 か月前·議論
Exactly, exactly
xinbenlv
·6 か月前·議論
Thanks, glad you liked it!
xinbenlv
·6 か月前·議論
[dead]
xinbenlv
·8 か月前·議論
Wise @X friends: why have major authentication providers like @auth0 and @ClerkDev and @Google / @LinkedIn SSO have not supported "Multi-Signer Authentication": instead of a single signer, simply ask for more signers to authenticate an action (login, or approval).

For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.

This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails

This will massively reduce the chance of social engineering.
xinbenlv
·9 か月前·議論
Let us know if you hate the idea too