HackerTrans
TopNewTrendsCommentsPastAskShowJobs

xinbenlv

no profile record

Submissions

[untitled]

1 points·by xinbenlv·3개월 전·0 comments

[untitled]

1 points·by xinbenlv·3개월 전·0 comments

Ask HN: Does OpenClaw need a re-architecture to be usable?

4 points·by xinbenlv·5개월 전·4 comments

Ask HN: Too many skills, how do you pick?

1 points·by xinbenlv·5개월 전·2 comments

Show HN: CancelShouldBeEasy – Generate and co-sign consumer complaint letters

cancelshouldbeeasy.com
1 points·by xinbenlv·5개월 전·0 comments

Ask HN: Do you "micro-manage" your agents?

7 points·by xinbenlv·6개월 전·8 comments

Tell HN: Cursor agent force-pushed despite explicit "ask for permission" rules

7 points·by xinbenlv·6개월 전·9 comments

Ask HN: Best practice securing secrets on local machines working with agents?

10 points·by xinbenlv·6개월 전·12 comments

Show HN: Dotenv Mask Editor: No more embarrassing screen leaks of your .env

marketplace.visualstudio.com
28 points·by xinbenlv·6개월 전·27 comments

Show HN: Just built the best domain search engine

search.labs.namefi.io
1 points·by xinbenlv·7개월 전·1 comments

Show HN: Namefi built WebGPU-powered in-browser LLM pure client-side infer UX

search.labs.namefi.io
1 points·by xinbenlv·7개월 전·0 comments

Show HN: launched Namefi new domain search experience for collectors

search.labs.namefi.io
2 points·by xinbenlv·7개월 전·0 comments

Ask HN: Why no one supports multi-signer auth?

twitter.com
1 points·by xinbenlv·8개월 전·1 comments

Show HN: Namefi tokenize domain for trading, DeFi and future internet

namefi.io
1 points·by xinbenlv·9개월 전·1 comments

comments

xinbenlv
·6개월 전·discuss
Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.
xinbenlv
·6개월 전·discuss
That's a good idea too, thanks for the suggestion
xinbenlv
·6개월 전·discuss
Good points
xinbenlv
·6개월 전·discuss
I am interested, that said, there are many memory and context services. What makes this one different?
xinbenlv
·6개월 전·discuss
It happened multiple times to me on Claude Code too, next time I caught it I will try to record its history and show it here
xinbenlv
·6개월 전·discuss
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
xinbenlv
·6개월 전·discuss
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised
xinbenlv
·6개월 전·discuss
is the permission device+client based or role based?
xinbenlv
·6개월 전·discuss
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
xinbenlv
·6개월 전·discuss
Xoogler here too, yes, we used Gmail and Google Workspace at Google.

You can search for an exact string if you use quotes. I think you can also filter out logos
xinbenlv
·6개월 전·discuss
We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?
xinbenlv
·6개월 전·discuss
Haha thanks my friend, well said.
xinbenlv
·6개월 전·discuss
Exactly, exactly
xinbenlv
·6개월 전·discuss
Thanks, glad you liked it!
xinbenlv
·6개월 전·discuss
[dead]
xinbenlv
·8개월 전·discuss
Wise @X friends: why have major authentication providers like @auth0 and @ClerkDev and @Google / @LinkedIn SSO have not supported "Multi-Signer Authentication": instead of a single signer, simply ask for more signers to authenticate an action (login, or approval).

For example, when traditionally a low risk action would be validated with a single email confirmation, a high risk action (change password, add passkey) will require two different email confirmation with two different email domains, and plus, a user can add N email addresses (trusted contacts) and a min M of these email addresses can help approve a change of email.

This is not very much different from what @safe achieves already using smart contract, but is massively backward compatible with emails

This will massively reduce the chance of social engineering.
xinbenlv
·9개월 전·discuss
Let us know if you hate the idea too