HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kjok

no profile record

Submissions

Container Speed. VM-Level Security

edera.dev
8 points·by kjok·เดือนที่แล้ว·2 comments

One Agent Sandbox Is Not Enough

multikernel.io
3 points·by kjok·2 เดือนที่ผ่านมา·0 comments

Ask HN: Founders/investors, what AI bet you made in 2022 and how it is going?

6 points·by kjok·3 เดือนที่ผ่านมา·1 comments

At a major AI conference, Perplexity got voted most likely to flop

businessinsider.com
4 points·by kjok·8 เดือนที่ผ่านมา·1 comments

A collection of links that existed about Anguilla as of 2003

web.ai
56 points·by kjok·8 เดือนที่ผ่านมา·24 comments

Ask HN: Is ChatGPT/Claude suggesting to use malicious NPM packages?

2 points·by kjok·10 เดือนที่ผ่านมา·0 comments

comments

kjok
·เดือนที่แล้ว·discuss
I should have been clearer and specific: state management is done on the backend, but collecting behavioral biometrics and device fingerprint is done using JavaScript, which can be manipulated.
kjok
·เดือนที่แล้ว·discuss
Adversaries do not have to wait for LLM models to evolve to mimic human process, they can simply evade the detection JavaScript that evaluates similarity. JavaScript is visible, can easily be reverse-engineered.
kjok
·2 เดือนที่ผ่านมา·discuss
Please also collect responses from people, you'd find a pattern: a new attack is launched, people make noise, and later go back to installing packages the same way. Enterprises already use private registries to combat such attacks, vulnerable folks include individual devs and small teams.
kjok
·2 เดือนที่ผ่านมา·discuss
> Compare this to Android where you can run malware and it cannot do anything except for annoying you with notifications.

Are you sure it cannot do anything? Looking through various past malware/exploits, this doesn't seem to be the case.
kjok
·2 เดือนที่ผ่านมา·discuss
Why should they be open source?
kjok
·3 เดือนที่ผ่านมา·discuss
Cooldown sounds like a good idea ONLY IF these so called security companies can catch these malicious dependencies during the cooldown period. Are they doing this bit or individual researchers find a malware and these companies make headlines?
kjok
·3 เดือนที่ผ่านมา·discuss
How difficult is it to build a second startup on the side?
kjok
·3 เดือนที่ผ่านมา·discuss
Are you a bot?
kjok
·3 เดือนที่ผ่านมา·discuss
Building automated analysis tool that help identify the use of GPL-licensed SDKs in mobile apps, promoting license compliance and supporting sustainable open-source development.
kjok
·3 เดือนที่ผ่านมา·discuss
How do you know that they were LLM scrapers? The reason I ask is because user agents could easily be spoofed?
kjok
·3 เดือนที่ผ่านมา·discuss
For those who have deployed Cloudflare in front, what are pros and cons? How's the user experience? Do they offer free bot protection?
kjok
·3 เดือนที่ผ่านมา·discuss
How are you measuring this? Does your solution rely on user agent or device fingerprinting? Curious to know what tools are available today and how accurate they are.
kjok
·3 เดือนที่ผ่านมา·discuss
Thanks for sharing your approach!

> It is nothing special. We keep X number of machines in a warm pool.

I'd love to better understand the unit economics here. Specifically, whether cost is a meaningful factor.

The reason I ask is that many startups we've seen focus heavily on optimizing their technology to reduce cold/boot startup times. As you pointed out, perceived latency can also be improved by maintaining a warm pool of VMs.

Given that, I'm trying to determine whether it's more effective to invest in deeper technical optimizations, or to address the cold start problem by keeping a warm pool.
kjok
·3 เดือนที่ผ่านมา·discuss
> The problem is that those underlying frameworks can very easily be misconfigured.

Agreed. I'm sure a number of these sandboxing solutions are vibe-coded, which makes your concerns regarding misconfigurations even more relevant.
kjok
·3 เดือนที่ผ่านมา·discuss
> There are dozens of projects like this emerging right now. They all share the same challenge: establishing credibility.

Care to elaborate on the kind of "credibility" to be established here? All these bazillion sandboxing tools use the same underlying frameworks for isolation (e.g., ebpf, landlock, VMs, cgroups, namespaces) that are already credible.
kjok
·3 เดือนที่ผ่านมา·discuss
And this is exactly why we see noise on HN/Reddit when a supply-chain cyberattack breaks out, but no breach is ever reported. Enterprises are protected by internal mirroring.
kjok
·3 เดือนที่ผ่านมา·discuss
I mean that agents can scan the code to find anything "suspicious". After all, security vendors that claim to "detect" malware in packages are relying on LLMs for detection.
kjok
·3 เดือนที่ผ่านมา·discuss
Curious to know why are coding agents not detecting such risks before importing dependencies?
kjok
·4 เดือนที่ผ่านมา·discuss
> I actually just published a paper...

This gives me an impression that the paper has already been published and is available publicly for us to read.
kjok
·5 เดือนที่ผ่านมา·discuss
Maybe humans can focus on cybersecurity and fraud? That’s not going away with AI