HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fadijob

no profile record

Submissions

[untitled]

1 points·by fadijob·4 miesiące temu·0 comments

[untitled]

4 points·by fadijob·4 miesiące temu·0 comments

Google's extreme AI compression paper was on arXiv since April 2025

arxiv.org
2 points·by fadijob·4 miesiące temu·1 comments

How Cursor Trained Composer 2 (Pretraining, RL, Realistic Coding Benchmarks)

twitter.com
4 points·by fadijob·4 miesiące temu·0 comments

97M downloads, $0 real auditing: LiteLLM's SOC 2 was one of 533 fake reports

trustcompliance.xyz
3 points·by fadijob·4 miesiące temu·3 comments

We indexed the Delve audit leak: 533 reports, 455 companies, 99.8% identical

trustcompliance.xyz
127 points·by fadijob·4 miesiące temu·78 comments

comments

fadijob
·4 miesiące temu·discuss
Claude is down again, so this is useful for days like today.
fadijob
·4 miesiące temu·discuss
The arXiv paper was submitted April 2025, the research itself isn't new, but the new is Google's blog post packaging it for a wider audience.

worth reading the original paper alongside the blog post. I think the ppaper has details the blog post glosses over, particularly around the calibration-free quantization approach and how they handle outlier channels.

Interestingly: the research sits on arXiv for a year, nobody talks about it
fadijob
·4 miesiące temu·discuss
thanks for saving the platform from this, X is already polluted
fadijob
·4 miesiące temu·discuss
boilerplate overlap is expected, no one rewrites these from scratch

though when everything lines up the same way across hundreds of reports, it gets weird...

I mean look at those reports; same pagination, same auditor showing up almost everywhere, no exceptions across all clients.. not even efficient templates should be like that

you still expect variation in scope, findings, structure, even if the base language is reused

big signal
fadijob
·4 miesiące temu·discuss
yes. I think some overlap is normal, but this is not that, eg. seen:

• same pagination across hundreds of reports → 100% template output • same auditor license everywhere → either extreme concentration or just rubber stamping • zero exceptions across all clients → unrealistic, real audits always find something.. right? • system descriptions pulled from marketing sites → .. copy paste

at one point you’re really looking at reports that were never really produced per each company

and that’s the problem
fadijob
·4 miesiące temu·discuss
fair call on the popups, they’re not real-time. I added them quickly to make the page feel less empty while testing engagement, probably not the best call in hindsight and I’ll remove or replace them with something real.

on the "vibecoded" part, yeah I moved fast. this was built in under a day to get something out and see if people even care about this angle. that doesn’t mean the underlying data or direction is fake though.

the domain choice is just speed and availability, not some SEO master plan. if this turns into something real I’ll move it to a proper brand/domain.

and yeah I get why it looks like a growth/SEO play, but the actual goal is to push more transparency around these audits. if I just wanted traffic there are easier angles than going after something this niche and messy.

either way, appreciate you calling it out, some of it is fair and already being fixed.
fadijob
·4 miesiące temu·discuss
hello, this isn’t a competitor. I run a consulting company in the cybersecurity space and saw a chance to make this whole process more transparent.

I agree it came off a bit clickbaity, I'm sorry, Claude probably pushed it too far. but I don’t have an audience anywhere, no following on social, so I needed to ship something fast and make it engaging. the intent wasn’t just this Delve thing, the goal is to move away from it and turn it into a proper hub for compliance transparency over time. But i need a way to marketing this intially.

it’s been less than 24h, I built and pushed everything pretty quickly, so yeah there are rough edges. I’m already working through them and fixing things.

on the account being new, I get how that looks. I mostly use X and reddit, this is actually my first time posting on HN so I had to create an account.
fadijob
·4 miesiące temu·discuss
We analyzed the leaked Delve audit reports and found some wild patterns:

- The same auditor license number (PAC-FIRM-LIC-47383) appears in 487 out of 494 reports

- Every Type II report has identical page numbers: Section 4 at page 30, tests at page 59, Section 5 at page 82

- 220+ "No exceptions noted" per report, across every single client

- The system descriptions were copy-pasted from each company's marketing website

We built tools to check this data:

- Search by company name to see if they're in the leaked database

- Paste any SOC 2 report text to scan for 10 template fingerprints

- A swipe game where you try to tell real audit excerpts from the fakes (harder than you'd think)

455 companies indexed, all free, no signup needed.

I'm also curious what the HN community thinks about the fingerprint detection approach, are there patterns we're missing?