Hacker News: brene

New comment by brene in "ElectricSQL database takeover vulnerability found by AI"

brene — Tue, 14 Apr 2026 15:16:23 +0000

Rene from Casco here. While our agents were performing a security test, they discovered a database takeover vulnerability. It's a good example of how SQL injection is still a test path that needs to be explicitly be validated. Really want to give props to the ElectricSQL team from issue reported to issue fixed and deployed, it took ~2 hours.

ElectricSQL database takeover vulnerability found by AI

brene — Tue, 14 Apr 2026 15:16:23 +0000

Article URL: https://casco.com/blog/electricsql-order-by-sql-injection

Comments URL: https://news.ycombinator.com/item?id=47766757

Points: 5

# Comments: 2

New comment by brene in "The Blueprint of a North Korean Attack on Open-Source"

brene — Tue, 07 Apr 2026 22:00:45 +0000

Just debugging the issue :-)

New comment by brene in "The Blueprint of a North Korean Attack on Open-Source"

brene — Tue, 07 Apr 2026 20:40:13 +0000

are you using Safari's Lockdown Mode?

New comment by brene in "The Blueprint of a North Korean Attack on Open-Source"

brene — Tue, 07 Apr 2026 16:37:50 +0000

Author here. We were analyzing a compromised contributor account targeting better-auth when we noticed something interesting about the attack vector. Most coverage of supply chain attacks focuses on the "what happened" but I wanted to document the "how it actually works" with the deobfuscated code.

Wwo things stood out: 1. hiding the payload in next.config.mjs is clever because GitHub's UI truncates long lines so the malicious string is literally invisible when scrolling through the file. second, storing the c2 payload on binance smart chain means theres no server to take down. The axios attack was mitigated by removing the GitHub-hosted payload. This one can't be.

2. found 30+ repos with the same signature string. Pretty sure there's way more we didn't catch with basic string matching.

happy to answer questions about the deobfuscation process or the c2 protocol analysis.

The Blueprint of a North Korean Attack on Open-Source

brene — Tue, 07 Apr 2026 16:37:50 +0000

Article URL: https://casco.com/blog/the-blueprint-of-a-north-korean-attack-on-open-source

Comments URL: https://news.ycombinator.com/item?id=47677952

Points: 32

# Comments: 12

New comment by brene in "So, you want to chunk really fast?"

brene — Mon, 05 Jan 2026 17:54:05 +0000

Do you see this project merge with the Chonkie at some point? Or do you intend to keep it separate?

New comment by brene in "Show HN: Sim – Apache-2.0 n8n alternative"

brene — Thu, 11 Dec 2025 19:37:23 +0000

How does it deal with loops? I’ve often see workflow builders struggle at that?

New comment by brene in "Show HN: Tracking AI Code with Git AI"

brene — Mon, 10 Nov 2025 17:46:27 +0000

I actually wonder is there a way to feed back some consistently reedited code into the context window of your coding agent tools, so that future edits require less tokens?

New comment by brene in "Show HN: Prism – Let browser agents access any app"

brene — Thu, 25 Sep 2025 19:42:04 +0000

Hi Rene from Casco here. I think the post just referenced us as a customer because we use it for pentesting. For us, Prism solves the "browser agents can reliably auth into any website" problem.

New comment by brene in "Show HN: Prism – Let browser agents access any app"

brene — Thu, 25 Sep 2025 19:40:20 +0000

Hi - Rene from Casco here. Thought to share a bit about our journey of dealing with auth for browser agents before Prism. We have a diverse set of customers whose login experience differ dramatically. Sometimes it's directly accessible on request, other times, you have to click through into a "login menu", other times we'd be dealing with Google sign-in and OTP.

We initially tried manually uploading session cookies to our browser agent after we authenticate locally. But soon realized how unscalable that is. We needed a general purpose API that allows our agents to auth into any application reliably. We needed something like Prism because making an agent reliable for our vertical is hard enough and I don't want us to maintain infrastructure just for the purposes of managing test user credentials and session management. If you're using browser agents and they've "hit the auth wall", then you know what I'm talking about.

Thanks for building Prism for us and letting us be a pilot customer. The API is straightforward and a pleasure to use. Can't wait for user sign-up and GitHub auth support to come soon.

New comment by brene in "AWS launches Kiro, its Cursor clone"

brene — Mon, 14 Jul 2025 15:37:40 +0000

wait, it's completely free during the preview period? That's a better deal than Cursor, Windsurf, or Claude Code. Gotta check it out

New comment by brene in "Show HN: HelixDB – Open-source vector-graph database for AI applications (Rust)"

brene — Wed, 14 May 2025 18:20:49 +0000

How does this scale horizontally across multiple regions. Is this something on your roadmap?

New comment by brene in "Show HN: Airweave – Let agents search any app"

brene — Mon, 12 May 2025 17:18:37 +0000

Pretty cool stuff. How does it deal with self-hosted data sources? can it run inside a VPC and talk to my RDS instances directly?

New comment by brene in "Show HN: Sim Studio – Open-Source Agent Workflow GUI"

brene — Mon, 28 Apr 2025 21:24:16 +0000

I checked it out and it’s quite polished for a workflow builder. But I struggled for it to handle lists of content well. But I saw that’s already an ongoing feature request.

New comment by brene in "Launch HN: Cua (YC X25) – Open-Source Docker Container for Computer-Use Agents"

brene — Wed, 23 Apr 2025 16:58:30 +0000

will this also be available as a hosted service? Or do you have instructions on how to manage a fleet of these manually while you're building the orchestration workflows?

New comment by brene in "Interviews on Skype"

brene — Fri, 25 Aug 2017 19:58:10 +0000

Feedback noted! Will evaluate this with the team. Thanks for the feedback

New comment by brene in "Interviews on Skype"

brene — Fri, 25 Aug 2017 17:11:37 +0000

Test candidates using a real-time code editor over Skype. Give instructions, interview candidates and provide feedback via the in-browser Skype call. The in-browser code editor allows candidates to run their code and check their results. Help candidates avoid syntactic mistakes with real-time syntax highlighting for 7 popular programming languages.

Interviews on Skype

brene — Fri, 25 Aug 2017 17:10:42 +0000

Article URL: https://skype.com/interviews

Comments URL: https://news.ycombinator.com/item?id=15100235

Points: 24

# Comments: 6

New comment by brene in "Learn Apollo: Build GraphQL Apps with React, React Native or Exponent"

brene — Fri, 16 Dec 2016 15:31:14 +0000

I tried using Scaphold but the main issue is that their entire service is just so buggy. They try to do everything and then nothing works "really" well. It's actually because I got so disappointed, I was looking for other solutions and Graph.cool was the best that I could find. The best is their support. They are so highly responsive on their Slack channel, I rarely see that.