Hacker News: authnopuz

New comment by authnopuz in "After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber"

authnopuz — Fri, 01 May 2026 12:22:38 +0000

Good but not necessarily better that was is already pay-as-you-go available today. ref. https://www.flyingpenguin.com/the-boy-that-cried-mythos-veri...

This AISLE benchmark is interesting in this matter: https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jag...

And the recently discovered Copy Fail by Xint code is another proof that the gating is overblown: https://xint.io/blog/copy-fail-linux-distributions

New comment by authnopuz in "AI Agent Authentication and Authorization IETF RFC Draft"

authnopuz — Mon, 09 Mar 2026 17:06:02 +0000

One of the Co-Authors here

There are two elements here. Agent can start a full authorization request with AS through authorization code grant flow, even requiring a step-up or some rich authorization details, therefore whatever OTP by SMS or Magic link is an AS - Subject/Client "problem".

For Agent that cannot start a full authorization request (too costly, to complex, subject directly unreachable at the moment), we have a mention to OpenID Connect CIBA into it. With it, the Agent will start a back channel authorization request with the AS and the AS will use a method of authentication / confirmation with the subject in front channel, for example sending a SMS or sending a link to click. Again the resolution will remain an AS - Subject/Client "problem".

New comment by authnopuz in "Show HN: Browser-based interactive 3D Three-Body problem simulator"

authnopuz — Wed, 19 Nov 2025 03:16:04 +0000

And to be fair, Liu Cixin's book is a 4 bodies problem :)

New comment by authnopuz in "Show HN: Browser-based interactive 3D Three-Body problem simulator"

authnopuz — Wed, 19 Nov 2025 03:13:07 +0000

Nightfall by Asimov was a 7 bodies problem - https://en.wikipedia.org/wiki/Nightfall_(Asimov_novelette_an...

New comment by authnopuz in "Guy running a Google rival from his laundry room"

authnopuz — Wed, 10 Sep 2025 13:40:56 +0000

hug of death? I fear the temperature will get very high in his laundry room

New comment by authnopuz in "Guy running a Google rival from his laundry room"

authnopuz — Wed, 10 Sep 2025 13:37:41 +0000

https://archive.is/HA7y4

New comment by authnopuz in "The Agentic Systems Series"

authnopuz — Sat, 07 Jun 2025 04:25:18 +0000

The authentication section is very bizarre, the Agent should go through an OAuth(2?) process to finally access server through an API Key? That sounds more painful than bringing a better state of security...

New comment by authnopuz in "WonderHuman: 3D avatars from single-view video"

authnopuz — Thu, 20 Feb 2025 18:50:06 +0000

Man, we all have been bluffed by this scene

New comment by authnopuz in "OWASP Non-Human Identities Top 10"

authnopuz — Tue, 04 Feb 2025 12:03:57 +0000

Another good source of NHI definitions, concepts, and threats https://nhimg.org/the-ultimate-guide-to-non-human-identities

Amazon Paused Rollout of Microsoft Office for a Year After Hacks

authnopuz — Mon, 16 Dec 2024 14:08:23 +0000

Article URL: https://www.bloomberg.com/news/articles/2024-12-12/amazon-paused-rollout-of-microsoft-office-for-a-year-after-hacks

Comments URL: https://news.ycombinator.com/item?id=42431074

Points: 4

# Comments: 0

New comment by authnopuz in "Dear OAuth Providers"

authnopuz — Thu, 12 Dec 2024 14:21:26 +0000

If you consider the newest rfc9068: https://datatracker.ietf.org/doc/html/rfc9068 for JWT profiled Access Token, the list of discrepancies is even longer.

New comment by authnopuz in "Dear OAuth Providers"

authnopuz — Thu, 12 Dec 2024 14:19:32 +0000

Hear. This one! So many of customers have been stabbed in the back with this one