HackerTrans
TopNewTrendsCommentsPastAskShowJobs

MadsRC

no profile record

comments

MadsRC
·17 gün önce·discuss
Amazing news!

The one thing I wish they’d support is multiple zones and an RBAC system to grant certain users access to specific zones. If they’d offer that they’d be a serious contender to replace Cloudflare and AWS/GCP DNS
MadsRC
·18 gün önce·discuss
Not really, and neither does the doc it links to. It explains the difference between a personal agent (that acts as you) and a multiplayer agent (that has its own identity).

But they walk all this back by saying that for PRs in GitHub it uses the upstream Claude for GitHub app - that is one installation of a GH app, which means one identity, one list of repos it can access. In the audit logs it will be impossible to see if it was Claude Tag from Channel Y or Claude Tag from channel X.

Arguably that’s a limitation of the abysmal state of machine identities in GH.

Agent identity and attribution continues to be important, but current systems makes it oh so difficult.
MadsRC
·18 gün önce·discuss
I’d be curious how they’ve solved the attribution/provenance/identity problem here. Are instances of Claude Tag, across channels, sharing the same identity? Can I grant one instance access to a range of AWS roles and another instance access to other roles?

During an incident, how do I know which Claude Tag called AWS?
MadsRC
·23 gün önce·discuss
I would love to see a forge that consists of composable components, self-host able with federated identities and maybe a few centralized indexers
MadsRC
·30 gün önce·discuss
The approval part is really interesting - No problems with timeouts or operators not being around to approve?
MadsRC
·3 ay önce·discuss
Ah yes, the API will accept requests that doesn’t include the client attestation (or the fingerprint from src/utils/fingerprint.ts. At least it did a couple of weeks back.

They are most likely using these as post-fact indicators and have automation they kicks in after a threshold is reached.

Now that the indicators have leaked, they will most likely be rotated.
MadsRC
·3 ay önce·discuss
What signing?

Are you referencing the use of Claude subscription authentication (oauth) from non-Claude Code clients?

That’s already possible, nothing prevents you from doing it.

They are detecting it on their backend by profiling your API calls, not by guarding with some secret crypto stuff.

At least that’s how things worked last week xD
MadsRC
·4 ay önce·discuss
We were not. I reached out to the team at BerriAI to offer my assistance as a security professional, given that they requested help from security experts.
MadsRC
·4 ay önce·discuss
Dropped you a mail from [email protected]
MadsRC
·4 ay önce·discuss
Very interesting!

I’ve got an internal tool that we use. It doesn’t do the deterministic classifier, but purely offloads to an LLM. Certain models achieve a 100% coverage with adversarial input which is very cool.

I’m gonna have a look at that deterministic engine of yours, that could potentially speed things up!
MadsRC
·6 ay önce·discuss
Well, the head of reliability did leave a month or two ago zD
MadsRC
·6 ay önce·discuss
Last I heard of it this was proposed as a directive as opposed to regulation, meaning every single member state would have to interpret it and create their own national implementation. Just like with GDPR.

So 27 individual implementations of this, as opposed to the current 27 different implementations of how to incorporate and assign equity?

Seems… silly?

I’m all for making it more attractive to create startups in the EU… But I don’t think a directive is the right way
MadsRC
·7 ay önce·discuss
This is cool - Whenever I have a new idea for a thing I spend too much time writing boilerplate IAM and backend stuff, taking away time that could be spend on actual business logic. Thought about packaging the boilerplate stuff up before, never gotten around to it. Glad you did!

A thing to consider would be to make it easier (or perhaps bake it in) to separate out parts of the app into a separate origin. Something that would be good for pretty much any SaaS app would be to separate the IAM out (could still embed it with an iframe) - this allows you to keep a fairly tight security policy for the IAM stuff and a more lax one for the rest of the app. Kinda how Google separates out accounts.google.com.
MadsRC
·7 ay önce·discuss
This looks cool, but I’m sad you’ve chosen a name that already associated with another security tool :(
MadsRC
·7 ay önce·discuss
Now? Chainalysis has always worked for governments…

It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…