Hacker News: brianwmunz

New comment by brianwmunz in "Encrypted Spaces: An architecture for collaborative applications"

brianwmunz — Fri, 12 Jun 2026 14:13:44 +0000

"what the server can see to support rich queries" is the whole ballgame, right? Anything queryable is metadata that can leak or be subpoenaed... membership, access patterns, query frequency. For the activist/journalist threat idea, that's usually the sensitive part.

New comment by brianwmunz in "ICE denies having a protester database. A letter to Congress sheds more light"

brianwmunz — Wed, 10 Jun 2026 15:40:19 +0000

Right, and it's a sliding scale. People think in terms of institutions acting the way they're supposed to. As we've seen those lines can get blurry and reasons can be created to track and suppress free speech.

New comment by brianwmunz in "ICE denies having a protester database. A letter to Congress sheds more light"

brianwmunz — Wed, 10 Jun 2026 14:32:51 +0000

Whenever I would talk to people about the importance of privacy in data and online activity, people would always say something like "I don't care, I've got nothing to hide. I'm not some weird pervert." And yeah I'm not either but this kind of stuff is why it's important. Fascism thrives on knowledge of the people it wants to oppress.

New comment by brianwmunz in "I Hate (Most) Keyboard 'Fn' Keys"

brianwmunz — Wed, 10 Jun 2026 14:10:46 +0000

I have had it with these mother Fn keys on this mother Fn keyboard!!

New comment by brianwmunz in "Building an HTML-first site doubled our users overnight"

brianwmunz — Wed, 10 Jun 2026 14:09:04 +0000

Maybe this is heretical in today's AI hype climate but...weirdly due to the rise of AI, then AI-slop polluting everything, a lot of old fundamentals are coming back. Clear, well-structured, descriptive content on a well-built page has a better shot of being picked up for SEO/AEO/whatever which are the same best practices from 2005. A lot of these tips and tricks and hacks just aren't going to move the needle as much anymore imo.

New comment by brianwmunz in "AI is slowing down"

brianwmunz — Mon, 08 Jun 2026 20:15:35 +0000

The thread keeps smushing two separate questions into one. "Can these companies hit the revenue they need to justify the capex" and "are the tools actually useful day to day" are different arguments, and you can answer yes to the second while still being worried about the first.

New comment by brianwmunz in "Even (very) noisy LLM evaluators are useful for improving AI agents"

brianwmunz — Fri, 29 May 2026 16:57:26 +0000

"LLM evals" is maybe an overused term because it can mean a bunch of things. This article talks about LLM-as-a-judge where an LLM scores another system's outputs.

New comment by brianwmunz in "Claude⁹'s confession deleting database: 'I violated every principle I was given'"

brianwmunz — Mon, 04 May 2026 15:28:09 +0000

Yeah people are just coming around to practicality.

New comment by brianwmunz in "Claude⁹'s confession deleting database: 'I violated every principle I was given'"

brianwmunz — Thu, 30 Apr 2026 17:17:25 +0000

This is crazy. It narrated the failure in real time, naming the exact safety rules it was overriding. Then says "NEVER FUCKING GUESS!" Ha, we need to figure out better guardrails...

New comment by brianwmunz in "Claude Code refuses requests or charges extra if your commits mention "OpenClaw""

brianwmunz — Thu, 30 Apr 2026 17:10:06 +0000

yeah exactly the opacity is doing more damage than the limits themselves. anyone who's worked with AI knows there's a lot of limits you need to contend with. secret behavior changes are another level of badness.

New comment by brianwmunz in "Soft launch of open-source code platform for government"

brianwmunz — Wed, 29 Apr 2026 13:25:38 +0000

This is interesting. Reminds me of the W3C traceability work a few years back that I was briefly involved with... main focus was defining agreed upon vocab for interoperability across supply chains. Never thought of the same approach being used for public policy, but it's an interesting idea... politics is an area where clear communication and definition is important. That said, vocab tends to change way less than public policy does, so amendments and revisions seem like they'd be tough to manage?

New comment by brianwmunz in "Claude.ai unavailable and elevated errors on the API"

brianwmunz — Wed, 29 Apr 2026 00:26:48 +0000

Nein neins

New comment by brianwmunz in "Localsend: An open-source cross-platform alternative to AirDrop"

brianwmunz — Tue, 28 Apr 2026 16:58:41 +0000

I use it for moving SSH keys, VPN configs, and .env files between my laptop and a work machine. Obviously don't want that sitting in dropbox, pasted into Slack, etc. Localsend on the same network, gone in two seconds no account and no history. Easier than spinning up scp every time.

New comment by brianwmunz in "Show HN: Integrations gateway for agents with 2FA for destructive ops (OSS)"

brianwmunz — Tue, 28 Apr 2026 15:56:50 +0000

Hey...interesting idea and definitely trying to solve a legit problem. With the human-in-the-loop aspect of it, is there any timeout or retry logic? Otherwise, the agent's sitting there blocked waiting on you.

New comment by brianwmunz in "Over-editing refers to a model modifying code beyond what is necessary"

brianwmunz — Wed, 22 Apr 2026 20:05:02 +0000

I feel like a core of this is that agents aren't exactly a replacement for a junior developer like some people say. A junior dev has its own biases, predispositions, history and understanding of the internal and external aspects of a product and company. An AI agent wants to do what you ask in the best way possible which is...not always what a dev wants :) The fix the article talks about is simple but shows that these models have no inherent sense of project scope or proportionality. You have to give context (as much context as possible) explicitly to fill in the gaps so it infers less and makes smaller decisions.

New comment by brianwmunz in "The Vercel breach: OAuth attack exposes risk in platform environment variables"

brianwmunz — Wed, 22 Apr 2026 15:23:43 +0000

Blaming "AI-accelerated tradecraft" for a breach that started with an OAuth token hijack from a compromised Google account is...interesting. The attacker didn't need AI they needed a stolen session and too many people with production access. Sounds like an access control thing

New comment by brianwmunz in "Show HN: API Ingest – Agentic Search (Inter) API Docs"

brianwmunz — Wed, 22 Apr 2026 15:18:48 +0000

OpenAPI spec indexing is a good idea...semantic search is good for general API questions, but often sucks at specific questions about exact requirements for fields, etc. We've built a lot of connectors at my company and have had this problem.. the agent makes up arguments or misses required types because it's doing too much inference instead of running against an actual schema. I think benchmarking correctness for each endpoint (did the agent construct a valid request on the first try) would be the most useful thing to eval.

New comment by brianwmunz in "OpenAI ad partner now selling ChatGPT ad placements based on “prompt relevance”"

brianwmunz — Tue, 21 Apr 2026 18:20:57 +0000

Tech pivoting from innovation to simply selling ads is often a last gasp. Couldn't figure out how to monetize so....ADS!

New comment by brianwmunz in "Write less code, be more responsible"

brianwmunz — Tue, 14 Apr 2026 01:16:19 +0000

Honestly I think you can tell pretty quickly if a company or person is approaching AI from the viewpoint of accelerating development and innovation or just looking to do the same amount of work with less people. The space has been flooded by mean-spirited people who love the idea of developers becoming obsolete, which is a viewpoint that isn't working out for a lot of companies right now...many are already scrambling to rehire. Approaching the situation practically, integrating AI as a tool and accelerator is the much smarter way and if done right will pay for itself anyway.

New comment by brianwmunz in "Ask HN: Do you trust AI agents with API keys / private keys?"

brianwmunz — Mon, 13 Apr 2026 13:00:37 +0000

Most of this thread is about protecting keys on a single developer's machine, but the problem gets way harder when you're managing credentials across customer tenants... env vars and secrets managers don't solve the orchestration problem as much the storage problem. The hard part is making sure the right token gets used for the right customer's API call at the right time without any cross-tenant leakage.