<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: colek42</title><link>https://news.ycombinator.com/user?id=colek42</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 16 Jul 2026 02:38:48 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=colek42" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[Show HN: CI/Lock – signed evidence of what your CI ran]]></title><description><![CDATA[
<p>I helped create Witness, donated it to the CNCF/in-toto ecosystem, and worked on the NIST 800-204D "pipeline observer" guidance. CI/Lock is the next version of that work, and it's under the Apache 2.0 license.<p>Here's the gap it closes. In March, two supply-chain attacks hit within a week of each other. Someone force-pushed 75 of 76 version tags in aquasecurity/trivy-action, so every pipeline that had pinned to a tag (the thing we all tell people to do) pulled credential-stealing code on its next run. It read secrets from/proc/<pid>/environ and sent them to a typosquat. A few days later, two litellm releases on PyPI carried a stealer in a .pth file, which Python runs on startup. You didn't have to import it. If the package touched the machine, the code already ran.<p>Both attacks had the same shape: CI ran code it had no reason to trust, with credentials it had no reason to hold, and afterward nobody could prove what actually executed. You could read the workflow file. You couldn't prove what ran.<p>CI/Lock wraps a command and records what really happened: the command, the files it reads, the environment, and the artifacts it produces. Then it signs that as an in-toto/DSSE attestation. It's a notary standing next to each build step.<p><pre><code>    cilock run -- go build -o app ./...
    cilock verify ./app -p release.policy.signed -k policy.pub
</code></pre>
The policy is signed by a person, with their key, and it says what's allowed to ship. One line matters most to me: the agent writing your code this week (Claude Code, Codex, Cursor) can run the build, gather the evidence, and draft the release, but it can't sign the policy, so it can't decide what ships. "The agent did it" is not provenance.<p>What's changed since I left Witness:<p>Keyless by default. In GitHub Actions it signs off the runner's OIDC token. No login, no stored secret, no long-lived key to leak. You don't stand up Fulcio or a timestamp authority yourself; one flag derives the hosted endpoints. You can also bring your own key and storage, or run fully offline.<p>It records what ran, not what you declared. ptrace by default (portable, no root), plus an eBPF backend that traces at the kernel boundary; it logs which one fired. Every file each process opens lands in the attestation, so a Rego policy can fail the build on the credential-sweep pattern, like a read of /proc/self/environ. Tracing added about 36% to an npm install in our tests.<p>Per-file digests get committed to an RFC 6962 Merkle root, so you get a real inclusion proof per artifact and a 29,000-file npm install doesn't turn into a 10 MB envelope.<p>It speaks Witness in both directions. Anything Witness produced verifies under cilock, and cilock's shared attestors verify back under Witness, so it drops in next to what you already run. There are 50-plus attestors, each its own Go module, so you can build a binary with only the ones you use.<p>What it is not: cilock is forensic, not a runtime IPS. Detection happens after a step runs, so if that step exfiltrates secrets while it executes, the exfiltration already happened. Cilock blocks the release and leaves a tamper-evident record of it. It watches network egress (connect and sendto syscalls, destination, DNS, TLS SNI) but doesn't block traffic inline the way Harden-Runner does. The trace mode is Linux-only and opt-in.<p>Install:<p><pre><code>    go install github.com/aflock-ai/rookery/cilock/cmd/cilock@latest
</code></pre>
Your first signed build takes about a minute. Code is at github.com/aflock-ai/rookery.<p>I'll be in the thread today. Ask me anything about the attestation format, the keyless trust model, or how it relates to Witness.dev</p>
<hr>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48728596">https://news.ycombinator.com/item?id=48728596</a></p>
<p>Points: 1</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 30 Jun 2026 04:50:19 +0000</pubDate><link>https://cilock.dev/</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=48728596</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48728596</guid></item><item><title><![CDATA[Show HN: CI/lock – supply-chain attestation CLI, from the Witness creators]]></title><description><![CDATA[
<p>Article URL: <a href="https://cilock.dev/blog/signed-record-we-didnt-have-in-march/">https://cilock.dev/blog/signed-record-we-didnt-have-in-march/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=48463873">https://news.ycombinator.com/item?id=48463873</a></p>
<p>Points: 1</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 09 Jun 2026 17:02:35 +0000</pubDate><link>https://cilock.dev/blog/signed-record-we-didnt-have-in-march/</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=48463873</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48463873</guid></item><item><title><![CDATA[New comment by colek42 in "Show HN: FFmpeg WebCLI – Full FFmpeg in Browser, Offline PWA, No Uploads(WASM)"]]></title><description><![CDATA[
<p>In 2016 I was working for an organization that wanted a video streaming web app, but could not tolerate any latency.  In the past, we solved this with an NAPI extension in Firefox.  They removed this for good security reasons, but it left our users without an option.  They would have to move to an electron app.  Distributing this app and updating it across 1000s of terminals worldwide was not something we were set up to do.  I hacked together something like this and could not believe how well it worked.  The initial POC is here:  <a href="https://github.com/colek42/streamingDemo" rel="nofollow">https://github.com/colek42/streamingDemo</a>.</p>
]]></description><pubDate>Fri, 05 Jun 2026 00:17:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=48406449</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=48406449</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48406449</guid></item><item><title><![CDATA[New comment by colek42 in "Ask HN: How to be SOC2 Type 2 compliant as a solo-entreprenuer?"]]></title><description><![CDATA[
<p>There are ways to do it.  Send me a message, and I can make an intro to the person we use.</p>
]]></description><pubDate>Fri, 15 May 2026 18:23:56 +0000</pubDate><link>https://news.ycombinator.com/item?id=48151998</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=48151998</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48151998</guid></item><item><title><![CDATA[New comment by colek42 in "Agents need control flow, not more prompts"]]></title><description><![CDATA[
<p>We built <a href="https://aflock.ai/" rel="nofollow">https://aflock.ai/</a> (open source) to help with this.  Constraining activity tends to work well</p>
]]></description><pubDate>Thu, 07 May 2026 21:01:22 +0000</pubDate><link>https://news.ycombinator.com/item?id=48054937</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=48054937</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48054937</guid></item><item><title><![CDATA[New comment by colek42 in "Signing data structures the wrong way"]]></title><description><![CDATA[
<p>DSSE is great for this, if you need more schema use in-toto</p>
]]></description><pubDate>Thu, 02 Apr 2026 00:22:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=47608485</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47608485</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47608485</guid></item><item><title><![CDATA[New comment by colek42 in "Snowflake AI Escapes Sandbox and Executes Malware"]]></title><description><![CDATA[
<p>We started a "science project" taking concepts from Multi Level Security to constraining AI agents.  <a href="https://aflock.ai/" rel="nofollow">https://aflock.ai/</a>. The idea is to have different data zones, and if an Agent accesses from a private zone, they should not be able to interact with the public zone.</p>
]]></description><pubDate>Thu, 19 Mar 2026 00:08:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=47433008</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47433008</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47433008</guid></item><item><title><![CDATA[New comment by colek42 in "Go-Native Durable Execution"]]></title><description><![CDATA[
<p>We love Dapr's durabletask-go.  <a href="https://pkg.go.dev/github.com/dapr/durabletask-go" rel="nofollow">https://pkg.go.dev/github.com/dapr/durabletask-go</a></p>
]]></description><pubDate>Mon, 02 Mar 2026 15:09:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=47218953</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47218953</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47218953</guid></item><item><title><![CDATA[New comment by colek42 in "Anthropic vs. DoD: "Any lawful use" is a fight about control"]]></title><description><![CDATA[
<p>Where is your line, copy editing, drafting, reorganizing?  You are going to have a busy, boring, and angry life if you want to comment on every post that has signs AI touched it.</p>
]]></description><pubDate>Sun, 01 Mar 2026 14:34:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=47207073</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47207073</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47207073</guid></item><item><title><![CDATA[New comment by colek42 in "Anthropic vs. DoD: "Any lawful use" is a fight about control"]]></title><description><![CDATA[
<p>My job is to communicate quickly and clearly, AI helps me do my job faster and more efficiently.  But thanks for telling me how I <i>should</i> do my job.  You come off as both ignorant and arrogant.</p>
]]></description><pubDate>Sat, 28 Feb 2026 23:43:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=47201797</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47201797</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47201797</guid></item><item><title><![CDATA[New comment by colek42 in "Anthropic vs. DoD: "Any lawful use" is a fight about control"]]></title><description><![CDATA[
<p>That is quite an ignorant statement to make. I spent three years in combat, and am permanently disabled from my service.</p>
]]></description><pubDate>Sat, 28 Feb 2026 17:40:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=47198059</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47198059</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47198059</guid></item><item><title><![CDATA[Anthropic vs. DoD: "Any lawful use" is a fight about control]]></title><description><![CDATA[
<p>I served 12 years infantry, then built targeting tools at JSOC vs ISIS. Now I lead a team building AI tools automating the compliance process. I’ve got opinions on Anthropic + DoD<p>When people argue about “AI in weapons” like it’s a sci-fi trigger bot… I can’t take it seriously.<p>A “kill chain” isn’t a vibe. It’s a process<p>Find, Fix, Track, Target, Engage, Assess (F2T2EA) and most of it is information work: sorting signal from noise, building confidence, tightening timelines, and getting decisions to the right humans fast enough to matter.<p>That’s why this Anthropic vs. DoD fight is getting attention. It’s not just “ethics.”<p>-> It’s about control.<p>Here’s what’s actually on the table:<p>Anthropic says they’ll support the military — but they want two carve-outs: no mass domestic surveillance and no fully autonomous weapons (their definition: systems that “take humans out of the loop entirely” and automate selecting/engaging targets).<p>Anthropic also says DoD demanded “any lawful use” and threatened offboarding / “supply chain risk” pressure if they didn’t comply.<p>A DoD memo posted on media.defense.gov explicitly calls for models “free from usage policy constraints” and directs adding standard “any lawful use” language into AI contracts.<p>The dispute escalated fast — including federal offboarding/blacklist actions and a “supply chain risk” designation as reported by major outlets. 
Now my take, as someone who’s lived inside the targeting reality:<p>AI can absolutely help the kill chain without ever being the one “pulling the trigger.”<p>Speeding up Find/Fix/Track/Target changes outcomes — and it’s not hypothetical.<p>But if we’re going to talk about “any lawful use,” then stop outsourcing national policy to contract fights.<p>DoD already has policy that autonomous weapon systems should allow appropriate human judgment over the use of force. 
So the real question isn’t whether humans matter.<p>It’s this:<p>Do we want safety and governance implemented at the model layer (vendor guardrails), the contract layer (“any lawful use”), or the law/policy layer (Congress + DoD doctrine + auditing)?<p>Because “Terms of Service vs. warfighting” is a stupid place to settle a question this big.<p>If you’ve worked in intel, targeting, acquisition, or governance:<p>Where should the boundary live? model, contract, or law, and who owns accountability when it breaks?</p>
<hr>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47197243">https://news.ycombinator.com/item?id=47197243</a></p>
<p>Points: 2</p>
<p># Comments: 8</p>
]]></description><pubDate>Sat, 28 Feb 2026 16:30:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=47197243</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47197243</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47197243</guid></item><item><title><![CDATA[New comment by colek42 in "The Pentagon threatens Anthropic"]]></title><description><![CDATA[
<p>Bingo,  DoD does not want Anthropic to set guardrails on the technology it buys. If they don't want to abide they are free to deny service.  We all know how that will turn our for them with the current administration.  All while the DoD will just move to another provider that WILL abide.  The only power really lies in whatever our elected officials want to do.  Take the responsibility seriously.</p>
]]></description><pubDate>Wed, 25 Feb 2026 19:49:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=47156849</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47156849</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47156849</guid></item><item><title><![CDATA[New comment by colek42 in "The Pentagon threatens Anthropic"]]></title><description><![CDATA[
<p>The voters and congress tell the military how to use technology, not Anthropic.  Shifting the decision to Anthropic takes away power from the citizenship.<p>Edit:  The point is, go vote if you don't agree with what the administration is doing.  Somebody will sell the DoD whatever they want no matter what Anthropic does.</p>
]]></description><pubDate>Wed, 25 Feb 2026 18:55:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=47156055</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=47156055</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47156055</guid></item><item><title><![CDATA[New comment by colek42 in "How to harden GitHub Actions"]]></title><description><![CDATA[
<p>We just built a new version of the witness run action that tracks the who/what/when/where and why of the GitHub actions being used.  It provides "Trusted Telemetry" in the form of SLSA and in-toto attestations.<p><a href="https://github.com/testifysec/witness-run-action/tree/feature/complete-rewrite-squashed">https://github.com/testifysec/witness-run-action/tree/featur...</a></p>
]]></description><pubDate>Thu, 08 May 2025 22:40:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=43932081</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=43932081</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43932081</guid></item><item><title><![CDATA[New comment by colek42 in "Whose code am I running in GitHub Actions?"]]></title><description><![CDATA[
<p>When I saw the tj-actions attack, I decided it was time to finally implement action wrapping with our `witness-run-action`.  This will generate signed attestations on exactly what the actions are doing.<p>We have some more testing to do before we cut an official release, but it is working correctly for the limited cases we have tested it with.  I'd love this group's feedback.<p><a href="https://github.com/testifysec/witness-run-action/tree/v1.0.1-experimental" rel="nofollow">https://github.com/testifysec/witness-run-action/tree/v1.0.1...</a></p>
]]></description><pubDate>Wed, 26 Mar 2025 03:40:44 +0000</pubDate><link>https://news.ycombinator.com/item?id=43478659</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=43478659</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43478659</guid></item><item><title><![CDATA[Shifting 'Shift Left' and What We Can Learn from Uber]]></title><description><![CDATA[
<p>Article URL: <a href="https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can">https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42229141">https://news.ycombinator.com/item?id=42229141</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Sun, 24 Nov 2024 17:45:19 +0000</pubDate><link>https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=42229141</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42229141</guid></item><item><title><![CDATA[Shifting 'Shift Left' and What We Can Learn from Uber]]></title><description><![CDATA[
<p>Article URL: <a href="https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can">https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42196637">https://news.ycombinator.com/item?id=42196637</a></p>
<p>Points: 1</p>
<p># Comments: 0</p>
]]></description><pubDate>Wed, 20 Nov 2024 18:11:33 +0000</pubDate><link>https://productgovernance.substack.com/p/shifting-shift-left-and-what-we-can</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=42196637</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42196637</guid></item><item><title><![CDATA[New comment by colek42 in "Security Is a Useless Controls Problem"]]></title><description><![CDATA[
<p>I've been thinking about this a lot.  First, the author should replace security with compliance.  Currently they are two different things.  There is a huge divide between compliance teams and developers, they speak completely different languages.  I'm writing an entire series about it.  I do think we can fix the problem, but it is going to be a lot more work than it was to get development and operations on the same page.<p><a href="https://productgovernance.substack.com/publish/posts/detail/150913333" rel="nofollow">https://productgovernance.substack.com/publish/posts/detail/...</a></p>
]]></description><pubDate>Tue, 12 Nov 2024 04:04:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=42112707</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=42112707</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42112707</guid></item><item><title><![CDATA[How to Shift Compliance Left – A Letter to Developers]]></title><description><![CDATA[
<p>Article URL: <a href="https://productgovernance.substack.com/p/how-to-shift-compliance-left">https://productgovernance.substack.com/p/how-to-shift-compliance-left</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42054398">https://news.ycombinator.com/item?id=42054398</a></p>
<p>Points: 3</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 05 Nov 2024 19:19:59 +0000</pubDate><link>https://productgovernance.substack.com/p/how-to-shift-compliance-left</link><dc:creator>colek42</dc:creator><comments>https://news.ycombinator.com/item?id=42054398</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42054398</guid></item></channel></rss>