HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thefreeman

no profile record

Submissions

TeamPCP Campaign Spreads to NPM via a Hijacked Bitwarden CLI

research.jfrog.com
3 points·by thefreeman·3 maanden geleden·0 comments

comments

thefreeman
·23 dagen geleden·discuss
Can you share more information on the post-LLM processing and the prompt you use? I would like to try this out but don't see any post-LLM options in Handy.

edit: nevermind, found info on the docs about how to enable post processing. Would still be interested in your prompt though if you don't mind sharing!
thefreeman
·vorige maand·discuss
How can you make this comment before even having a chance to try the new major model revision?
thefreeman
·vorige maand·discuss
Redis is not a database. It’s a key / value store.
thefreeman
·2 maanden geleden·discuss
I think that was his point
thefreeman
·2 maanden geleden·discuss
My money is on unauthed mongodb or public s3 bucket
thefreeman
·2 maanden geleden·discuss
Well trump mobile almost definitely doesn't have a network, systems, or infrastructure to begin with. So I guess they are technically correct.
thefreeman
·2 maanden geleden·discuss
You can also define required dependencies in a doc block at the top of the file and then just “uv run main” and it will automatically install and cache any dependencies and run. https://docs.astral.sh/uv/guides/scripts/
thefreeman
·4 maanden geleden·discuss
yes, there were a large number of AWS products and features that were only available with a subscription
thefreeman
·4 maanden geleden·discuss
You can just start claude with the —chrome flag too and it will connect to the chrome extension.
thefreeman
·4 maanden geleden·discuss
don't you get a tax penalty if you aren't insured for 100% of the year?
thefreeman
·5 maanden geleden·discuss
the emdash is right there for all to see
thefreeman
·6 maanden geleden·discuss
I think this is what the Ralph Wiggum plugin is for. It just repeatedly reprompts the llm with the same prompt until it is fully complete or something along those lines.
thefreeman
·8 maanden geleden·discuss
You put a CDN in front of it and heavily cache when serving to external customers
thefreeman
·10 maanden geleden·discuss
No, it says it is restricted. You need to set a private attribute on the webview to enable it. And if you interact with private APIs your app will be rejected in review.
thefreeman
·10 maanden geleden·discuss
It also barely meets the definition of "a vulnerability report". He basically just nmap scanned the server and googled the apache version. The "critical" vulnerability he linked requires controlling a backend server being reverse proxied through apache... so completely irrelevant. I didn't read every CVE for the apache version but I am doubtful there is anything that actually allows taking over the server there.