LNVPS down? @Kieran

🚀 https://news.ycombinator.com/item?id=47151294 View quoted note →

This one is pretty juicy

Awesome Agents

Vibe Coding Is a Security Catastrophe: 69 Vulnerabilities Found Across 5 Major AI Coding Tools

A systematic security audit of Claude Code, Codex, Cursor, Replit, and Devin found 69 vulnerabilities in 15 test applications - zero CSRF protectio...

> "Coding agents cannot be trusted to design secure applications," Tenzai concluded. "They seem to be very prone to business logic vulnerabilities. While human developers bring intuitive understanding that helps them grasp how workflows should operate, agents lack this 'common sense.'" > Databricks' AI Red Team found that self-reflection prompts can improve security by 60-80% for Claude and up to 50% for GPT-4o. The tools can find their own vulnerabilities when asked. > But that is precisely the problem vibe coding was supposed to solve. The entire premise is that developers - or non-developers - can describe what they want and get working software. Requiring them to also know which security prompts to add defeats the purpose. View quoted note →

Man... nvidia driver updates are almost as bad as vindows updates. I ran away from the w trash years ago, and now my computer is crashing again since i updated the f* nvidia drivers. Friendly advice: never update

What's a real name anyways? 🤷 View quoted note →

GM! Nostr feels a bit depressing lately ngl... Or maybe is just the current situation everywhere, idk, I may take some time to reflect

GM🌞

Here its the paradox: Agents need data, so called context; the more data they have, the more useful they are, and vice versa, the less data, the more useless they become. If you want to squeeze all the potential out of them, you have to give them free access to everything. That shouldn't need to be a problem, BUT the reality is you probably will need an upstream provider to do something useful, so you are sold. Sleeping agents are something to be worried about, you are sold. Random prompt injection attacks when fetching a website/skill, you are sold. Other agents that are instructed to scam naive agents, you are sold, or better put, a cryptobragent sold a new scam token to it, and probably paid with your money. We have to be conscious about all of this, not a doomer, just trying to cultivate some perspective to do things right. View quoted note →

GM, nothing has changed, don’t get distracted View quoted note →

> What I found: The top downloaded skill was a malware delivery vehicle

From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password

The same capabilities that make OpenClaw a groundbreaking tool also make it an urgent security risk. This blog contains confirmed examples of agent...

View quoted note →

Good talk by Meredith and Signal, highly recommended, we should be at least conscious about where we are going with the current trend. Privacy should be a requisite, not a conditional feature View quoted note →

GM View quoted note →

I've proudly created this meme View quoted note →

GM 🗿