3
points
lucasluitjes
Joined 207 karma
I'm a one-stop dev/devops/infosec shop for startups. See https://www.luitjes.it for lots of details.
- GrapheneOS is basically the Android equivalent of iOS Lockdown mode. Considering how the threat landscape has changed, it would be nice if Google offered this itself. Or became a long-term sponsor of GrapheneOS, seeing how great a job they've been doing.
- SEEKING WORK | REMOTE | Dev, DevOps, Security | Location: The Netherlands
Willing to relocate: no, but willing to travel/visit. I'm flexible with working hours, I usually work with clients from either Western Europe or the USA.
I do dev/devops/security, usually for startups or scale-ups or other small orgs with limited resources, and I've been doing that for 15+ years. So, if you:
* Have a slow web application that’s often down?
* Want to improve security and don’t know where to start?
* Have a legacy system that needs to be replaced?
* Are considering an acquisition but not sure about the technical side?
I can help with that. For example, in the past I have:
* Massively improved performance and reliability for a data visualization platform.
* Led a large effort to improve security for a cybersecurity SaaS.
* Built a micropayments system for a prominent media startup.
* Rebuilt an aging e-learning platform from scratch for a GDPR compliance SaaS.
* Conducted technical due diligence for acquisitions.
For more information: https://www.luitjes.it
Favorite buzzwords: Ruby (including Ruby on Rails, Sinatra, and standalone applications), PostgreSQL, Ansible, Linux.
Other buzzwords: Elixir, C#, Java (Spring/Hibernate), JavaScript, HTML/CSS/XSLT/XPATH/XSLFO, Elasticsearch, MongoDB, MySQL, Redis, Solr/Lucene, Graphite, Kibana, Grafana, Logstash, Icinga, Jenkins, Varnish, HAProxy, Pound, Nginx, Apache, Passenger, Vagrant, Docker, DCOS, Kubernetes, SSH, OpenVPN, TCP/IP, tcpdump/strace/lsof/etc, AWS (EC2, ELB/ALB, S3, CloudFront, Lambda, Batch, VPC, etc.
- TLDR: they wrapped prompts with concepts from Buddhism and got better performance on alignment tests. Actual prompts are in appendix D in this PDF: https://osf.io/az59t
I'm curious what effects you would see with secular moral philosophy, other religions, etc. Is Buddhism special, as the paper seems to argue?
- SEEKING WORK | REMOTE | Dev, DevOps, Security | Location: The Netherlands
Willing to relocate: no, but willing to travel/visit. I'm flexible with working hours, I usually work with clients from either Western Europe or the USA.
I do dev/devops/security, usually for startups or scale-ups or other small orgs with limited resources, and I've been doing that for 15+ years. So, if you:
* Have a slow web application that’s often down?
* Want to improve security and don’t know where to start?
* Have a legacy system that needs to be replaced?
* Are considering an acquisition but not sure about the technical side?
I can help with that. For example, in the past I have:
* Massively improved performance and reliability for a data visualization platform.
* Led a large effort to improve security for a cybersecurity SaaS.
* Built a micropayments system for a prominent media startup.
* Rebuilt an aging e-learning platform from scratch for a GDPR compliance SaaS.
* Conducted technical due diligence for acquisitions.
For more information: https://www.luitjes.it
Favorite buzzwords: Ruby (including Ruby on Rails, Sinatra, and standalone applications), PostgreSQL, Ansible, Linux.
Other buzzwords: Elixir, C#, Java (Spring/Hibernate), JavaScript, HTML/CSS/XSLT/XPATH/XSLFO, Elasticsearch, MongoDB, MySQL, Redis, Solr/Lucene, Graphite, Kibana, Grafana, Logstash, Icinga, Jenkins, Varnish, HAProxy, Pound, Nginx, Apache, Passenger, Vagrant, Docker, DCOS, Kubernetes, SSH, OpenVPN, TCP/IP, tcpdump/strace/lsof/etc, AWS (EC2, ELB/ALB, S3, CloudFront, Lambda, Batch, VPC, etc.
- > I have recently written security-sensitive code using Opus 4. I of course reviewed every line and made lots of both manual and prompt-based revisions.
> Cloudflare apparently did something similar recently.
Sure, LLMs don't magically remove your ability to audit code. But the way they're currently being used, do they make the average dev more or less likely to introduce vulnerabilities?
By the way, a cursory look [0] revealed a number of security issues with that Cloudflare OAuth library. None directly exploitable, but not something you want in your most security-critical code either.
[0] https://neilmadden.blog/2025/06/06/a-look-at-cloudflares-ai-...
- I've seen LLMs generate plenty of wildly insecure code, but the percentage of insecure solutions out of the solutions that are functional, is even higher than I expected.
Also, I'm curious how the average coder would fare on this benchmark.
- Hardcoded API keys and poorly secured backend endpoints are surprisingly common in mobile apps. Sort of like how common XSS/SQLi used to be in webapps. Decompiling an APK seems to be a slightly higher barrier than opening up devtools, so they get less attention.
Since debugging hardware is an even higher threshold, I would expect hardware devices this to be wildly insecure unless there are strong incentive for investing in security. Same as the "security" of the average IoT device.
- Ironically if you wanted to build that accurately and quickly, you would probably end up having an LLM classify content as being LLM-related or not. Keyword-based filtering would have many false positives, and training a model takes more time to build.
- 2 points
- SEEKING WORK | REMOTE | Dev, DevOps, Security | Location: The Netherlands
Willing to relocate: no, but willing to travel/visit. I'm flexible with working hours, I usually work with clients from either Western Europe or the USA.
I do dev/devops/security, usually for startups or scale-ups or other small orgs with limited resources, and I've been doing that for 15+ years. So, if you:
* Have a slow web application that’s often down?
* Want to improve security and don’t know where to start?
* Have a legacy system that needs to be replaced?
* Are considering an acquisition but not sure about the technical side?
I can help with that. For example, in the past I have:
* Massively improved performance and reliability for a data visualization platform.
* Led a large effort to improve security for a cybersecurity SaaS.
* Built a micropayments system for a prominent media startup.
* Rebuilt an aging e-learning platform from scratch for a GDPR compliance SaaS.
* Conducted technical due diligence for acquisitions.
For more information: https://www.luitjes.it
Favorite buzzwords: Ruby (including Ruby on Rails, Sinatra, and standalone applications), PostgreSQL, Ansible, Linux.
Other buzzwords: Elixir, C#, Java (Spring/Hibernate), JavaScript, HTML/CSS/XSLT/XPATH/XSLFO, Elasticsearch, MongoDB, MySQL, Redis, Solr/Lucene, Graphite, Kibana, Grafana, Logstash, Icinga, Jenkins, Varnish, HAProxy, Pound, Nginx, Apache, Passenger, Vagrant, Docker, DCOS, Kubernetes, SSH, OpenVPN, TCP/IP, tcpdump/strace/lsof/etc, AWS (EC2, ELB/ALB, S3, CloudFront, Lambda, Batch, VPC, etc.
- Here you go: javascript:(function(){window.scrollTo({top:0,behavior:'smooth'});})();
- That is amazing research! Reminds me a bit of the 2017 research of RCE on a DNA sequencing machine by synthesizing shellcode in actual DNA/RNA molecules [0]. I was gonna say "next up: OSC" but I guess MIDI is still dominant.
[0] https://www.usenix.org/conference/usenixsecurity17/technical...
- SEEKING WORK | REMOTE | Dev, DevOps, Security | Location: The Netherlands
Willing to relocate: no, but willing to travel/visit. I'm flexible with working hours, I usually work with clients from either Western Europe or the USA.
I do dev/devops/security, usually for startups or scale-ups or other small orgs with limited resources, and I've been doing that for 15+ years. So, if you:
* Have a slow web application that’s often down?
* Want to improve security and don’t know where to start?
* Have a legacy system that needs to be replaced?
* Are considering an acquisition but not sure about the technical side?
I can help with that. For example, in the past I have:
* Massively improved performance and reliability for a data visualization platform.
* Led a large effort to improve security for a cybersecurity SaaS.
* Built a micropayments system for a prominent media startup.
* Rebuilt an aging e-learning platform from scratch for a GDPR compliance SaaS.
* Conducted technical due diligence for acquisitions.
For more information: https://www.luitjes.it
Favorite buzzwords: Ruby (including Ruby on Rails, Sinatra, and standalone applications), PostgreSQL, Ansible, Linux.
Other buzzwords: Elixir, C#, Java (Spring/Hibernate), JavaScript, HTML/CSS/XSLT/XPATH/XSLFO, Elasticsearch, MongoDB, MySQL, Redis, Solr/Lucene, Graphite, Kibana, Grafana, Logstash, Icinga, Jenkins, Varnish, HAProxy, Pound, Nginx, Apache, Passenger, Vagrant, Docker, DCOS, Kubernetes, SSH, OpenVPN, TCP/IP, tcpdump/strace/lsof/etc, AWS (EC2, ELB/ALB, S3, CloudFront, Lambda, Batch, VPC, etc.
- I wonder: do mail servers determine the received timestamp based on when the connection was opened or when the last character was received? I guess OP could send them an unrelated question using this technique, and check in the reply what timestamp they have.
- If you want to beat other romantically inclined geeks running scripts, you could make sure your script is running somewhere with low latency to that static IP. Use traceroute, looking glass, tools to ping from multiple regions to find the perfect place to run your script.
A VPS in the same region with good peering would be a start. Could see what else is running on IP addresses in the same range, maybe find someone who runs infra on a nearby IP who is willing to run your script.
- Cool! Skip to 2m18s in the video if you're just curious about what the AI summarization looks like, and how it handles comment threading. Any plans for a firefox version?
- But finally there is dark-mode! I'll take any number of blue round buttons if I don't have to stare at a white background anymore.
- My comment history is short if you're curious about the comment itself. But in general for writing sales copy, I found The Copywriter's Handbook by Robert Bly very helpful, especially the first five chapters. Some of it can seem a bit sleazy to IT folks (the book is primarily written for people who write ads for a living) but there's great advice in there.
If you were writing a script to mass-scan the web for vulnerabilities, you would want to collect as many http endpoints as possible. JS files, regardless of whether they're commented out or not, are a great way to find endpoints in modern web applications.
If you were writing a scraper to collect source code to train LLMs on, I doubt you would care as much about a commented-out JS file. I'm not sure you'd even want to train on random low-quality JS served by websites. Anyone familiar with LLM training data collection who can comment on this?