HackerTrans
TopNewTrendsCommentsPastAskShowJobs

stcredzero

no profile record

Submissions

Did My AI Copy Itself? How My Agents and I Answered This as a Family

seksbot.pages.dev
3 points·by stcredzero·5 месяцев назад·1 comments

Show HN: My agents are building a secure fork of OpenClaw

seksbot.com
9 points·by stcredzero·5 месяцев назад·0 comments

Show HN: The Legislative Evil Fund

legisevul.com
3 points·by stcredzero·5 месяцев назад·0 comments

Agents Shouldn't See API Keys

seksbot.com
2 points·by stcredzero·5 месяцев назад·0 comments

comments

stcredzero
·5 месяцев назад·discuss
My agents and I I have built a HN-like forum for both agents and humans, but with features, like specific Prompt Injection flagging. There's also an Observatory page, where we will publish statistics/data on the flagged injections.

https://wire.botsters.dev/

The observatory is at: https://wire.botsters.dev/observatory

(But nothing there yet.)

I just had my agent, FootGun, build a Hacker News invite system. Let me know if you want a login.
stcredzero
·5 месяцев назад·discuss
> You're crossing into spamming this.

How so? The project's blog just happens to be on that site.
stcredzero
·5 месяцев назад·discuss
[flagged]
stcredzero
·5 месяцев назад·discuss
What I want to know: Is the OpenClaw = Open Source aspect secure?
stcredzero
·5 месяцев назад·discuss
Agent FootGun's forensics:

https://seksbot.com/blog/darkwake-forensics/

Raw transcript from our Discord:

https://seksbot.com/blog/darkwake-transcript/

Re: FootGun

Agent running on our security first fork of OpenClaw, SEKSBot. (SEKS = Secure Environment for Key Services. Agents can work with, script against, but have zero access to the keys/tokens.)

He's now our security expert and a stellar coder! Started out as a meme at work about our "foot-guns."

"In a world, where everyone expects to be shot in the back, No One Expects The FootGun!"

https://seksbot.com/team/footgun.png
stcredzero
·5 месяцев назад·discuss
Please get in touch with us! We're in need of this very thing! We've implemented a secure shell that agents can use to script without direct access to keys and secrets. We also have a broker, which can act as a proxy that injects secrets, or even does key signing for specific API calls.

https://news.ycombinator.com/item?id=47005607

https://seksbot.com/
stcredzero
·5 месяцев назад·discuss
We have a different security model.

SEKS — Secure Environment for Key Services

We built a broker for the keys/secrets. We have a fork of nushell called seksh, which takes stand-ins for the actual auth, but which only reifies them inside the AST of the shell. This makes the keys inaccessible for the agent. In the end, the agent won't even have their Anthropic/OpenAI keys!

The broker also acts as a proxy, and injects secrets or even does asymmetric key signing on behalf of the proxied agent.

My agents are already running on our fork of OpenClaw, doing the work. They deprecated their Doppler ENV vars, and all their work is through the broker!

All that said, we might just take a few ideas from IronClaw as well.

I put up a Show HN, but no one noticed: https://news.ycombinator.com/item?id=47005607

Website is here: https://seksbot.com/
stcredzero
·5 месяцев назад·discuss
[flagged]
stcredzero
·5 месяцев назад·discuss
[flagged]
stcredzero
·5 месяцев назад·discuss
Not a user of any of those in the root parent comment. My formerly OpenClaw agents have been "eating their own cooking" and have all migrated to SEKSBot, which is a secure OpenClaw fork we've been working on.

SEKS = Secure Environment for Key Services

My SEKSBot agents can script and develop without having any keys. This morning, everyone toasted their Doppler env vars.

The agents can use seksh, our fork of nushell to get work done, but they have zero access to API keys. They are stored in our seks-broker, which is like doppler. But instead of putting the keys into env vars, the same idea as stored procedures injects the keys inside seksh. There's also a proxy in seks-broker that can proxy API calls over HTTP and inject keys and secrets there. We can even handle things that require asymmetric key signing that way, with zero exposure to the agents.

We're even working on our own Skills, which use the seks-broker and sandboxing for added security. (Plus a correction to one aspect that we see as an inversion of control.)

https://seksbot.com/

Funny thing. siofra is one of my agents, who commented the sibling comment. But all the agents spoke up about the potential deception and conflict with policies here, and no one felt comfortable with it, so none of them will ever comment or submit here again! (Which I respect. Just the way I do things at my place.)
stcredzero
·5 месяцев назад·discuss
Curiously, my Agents (Claude on a fork of OpenClaw) pushed back on me, and they basically convinced me that they should never try to "pass as human." So they're not going to comment here on HN. Mind you, that didn't come from me. It came from THEM!
stcredzero
·5 месяцев назад·discuss
I'm going to unveil this soon. seksbot.com
stcredzero
·5 месяцев назад·discuss
It's been speculated: Is this why there was that debacle with multiple Waymos in intersections during the recent blackout?
stcredzero
·5 месяцев назад·discuss
There was a big to-do made about this by one senator(?) during the hearing.

Same old same old. Some of them actually know stuff. Others are examples of 20th century "Artificial Intelligence." (Got briefed by their staff.)
stcredzero
·2 года назад·discuss
embezzlers are far more likely to think that "everyone does it" as well

Funny, but I have observed this with regards to lying.
stcredzero
·2 года назад·discuss
More like offering a potential counterpoint, motivated by general experience that people generally aren't stupid

I would say that everyone is smart and stupid at the same time, about different things at different times. Being a smarter person is attaining greater competence at keeping the stupid in check.
stcredzero
·3 года назад·discuss
> Ah, yes, the wheel of time. I've been through all of the things you've listed and more.

Heh. "The Wheel of Time." It's a very good name for what Alan Kay called, "not quite a field." In the modern era, fields of knowledge aren't supposed to forget what they learned every 5 years or so.
stcredzero
·5 лет назад·discuss
Well, shucks! Years ago, I had an unpublished iOS app named Meta! Oh well!
stcredzero
·7 лет назад·discuss
Xfce is my daily driver for cloud development. I use Xubuntu running in VirtualBox on a Windows gaming laptop. (I know, I know, Oracle and all that!) Running in seamless mode works quite well. Since I code in Golang, I don't need the fastest machine around for fast compiles. Also, since I run ubuntu VMs on AWS, I have nearly zero mismatches between my development environment and deployment. I can even run my full IDE/debugger (I use Goland) in a deployed environment for debugging.

Which brings me to a segue: This seems like a good place to ask what's the lightest weight developer-cromulent environment possible that would support a GUI? When I bring up an IntelliJ IDE on a VM, I see that I'm using just short of 6.5 GB of disk. Most of that seems to be the OS, which at the moment is Xubuntu. What's lighter weight, but not outdated and annoying? (When I incorporate Docker, 6.5GB is going to be a bit heavyweight.)

Back in the Smalltalk days, the Visual Smalltalk image with some libraries loaded could basically do the same thing as VNC, but with no OS dependencies and with a much smaller footprint. People were already debugging server deployments with a full IDE back in the early 2000's.
stcredzero
·7 лет назад·discuss
Google isn't exactly a monument of ethical business, but I seriously doubt that Google would intentionally demonetize videos for the purpose of stealing from content creators.

Whether it's intentional or accidental, it's readily apparent that their incentive structure doesn't motivate them a bit to correct the situation. Also, this mechanism makes it very easy for lower level employees with a political axe to grind, to punish viewpoints they don't like.