3
points
caust1c
Joined 3,076 karma
Programmer. Hacker. Building RunReveal, the Security Data Platform
https://runreveal.com
https://twitter.com/Caust1c
https://www.abraithwaite.net- Video of the visualization https://x.com/_lyraaaa_/status/1993858890421727738
- Definitely not malware: https://www.star-history.com/#openagents-org/openagents&type...
- 1 point
- 2 points
- If you find the OP interesting, you might find Project Kamp more interesting:
https://projectkamp.com/mission.html
The OP seems like the academic approach to what project kamp is learning by doing: They're attempting to build a community that's eventually completely self sufficient on a fairly limited land space, and documenting the whole process.
- This is exactly it. AI is sniffing out the good datamodels from the bad. Easy to understand? AI can understand it too! Complex business mess with endless technical debt? Not too much.
But this is precisely why we're seeing startups build insane things fast while well established companies are still questioning if it's even worth it or not.
- When you're talking the size of investment that AI-centric companies have received, on the order of hundreds of billions of dollars, there's no way it's not exposed to the wider market.
But I agree with you, the article is too light on details for how inflammatory it is.
- Super curious how they enforce the security story here. Doesn't seem easy to hoover up the context needed for individual users to keep private chats private. Maybe they search dynamically based on the prompt like Claude Code does?
Seems hard without creating an embedding on slack topics and synonyms.
- Wait, what? A database in 2025 doesn't support any kind of auth? A financial database? WTF?
C'mon folks, the least you can do is put a guide for adding an auth proxy or auth layer on your site.
Particularly since you don't use HTTP (cant easily tell from the docs, I'm assuming), then folks are going to be left wondering: "well how the hell do I add an auth proxy without HTTP" and just put it on the open internet...
- Good research. I'm glad people are hopping on this. Lots of surface area to cover and not enough time!
- ~That's a good way to launder money.~
Err, tumble money. Err, that's a good internet gag.
- 1 point
- 4 points
- 100% agree. It should be an optional argument for your logging library and handled one time there to be used everywhere.
- 1 point
- Django + REST framework is what I cut my teeth on doing web programming in my first job. It's a wonderfully written codebase, I'm very thankful I had some great code to learn from, and it wasn't even 10 years old then, I didn't even realize.
Congrats team! Glad to see it's still thriving and a great option to pick up for beginners.
- Yes, unfortunately it's pretty trivial. Any time arbitrary file write is possible, RCE is usually possible too.
- It's incredible for investigating audit logs. Our customers use it daily.
https://blog.runreveal.com/introducing-runreveal-remote-mcp-...
~Does this really happen for people? I haven't ever seen this class of bug, and shudder to think of how it happens in code. Sure support tickets are nicer with the prefix, but how would a bug manifest in the code itself?~
Edit: of course it can happen with `new.id = old.id` where new and old are different types, now that I think about it after coffee. However, I'd be hesitant to claim that this prevents those bugs, instead I'd argue that it simply makes them easier to identify.
Also, KSUID has been around since before UUIDv7 and seems to meet all of the author's same requirements and has many client libraries already. Guess people doing research on it still aren't able to find it, or just want to do their own anyway which is cool too.