Comments URL: https://news.ycombinator.com/item?id=48553307

Points: 2

# Comments: 0

Setting the prompts and the flow with a coordinator agent directly gives a system much better capability to investigate security issues because it doesn't rely on 1-shotting things

I've reached out to a number of the Obsidian plugin maintainers for responsible disclosure to let them know about the issues and how to fix them, and what surprised me even more was that the most common response was roughly "yeah, we all know Obsidian plugins are basically unsafe when used against untrusted markdown content." I was surprised by this response as an Obsidian user with a number of plugins installed. It made me rethink how I think about plugins.

I like their new community program that attempts to identify some risks, but IMO it's just far too little. Obsidian really needs to have a sandboxed system. I've reached out to Obsidian as well to flag some of these risks and suggested a sandbox system as well, but haven't really had much progress in moving the needle, so I wanted to raise awareness here.

Comments URL: https://news.ycombinator.com/item?id=48218092

Points: 5

# Comments: 2

There's still a lot of naivety on what the difference is between models and platforms, and its easier for a lot of these big companies to just make a blanket statement like "nothing DeepSeek" than for their procurement teams to try to understand and negotiate with each vendor. They don't see the potential benefit over the potential risk of somebody misinterpreting or getting it wrong, so they outright ban it.

Most people that approve or buy software simply also just don't understand how models are being trained or if it's possible/how far a model could go to "introduce backdoors." A backdoor could be, from a business perspective, a model which has been trained to give answers that could hurt western business in a "strict text mode" or produces payloads in a programmatic mode that are intentionally trained to introduce software vulnerabilities.

Anyone can make arguments against these for a variety of reasons (looking at the transparency of both sides and comparing, etc) but for many reasons today and for better or worse, many Chinese models are being banned on big software contracts, which gets back to the title of the article

I've been running my own security scanning software (disclaimer: now starting a company @ zeroquarry.com) for this, and from what I've seen there's a huge value in prompts + adversarial LLM review. Without adversarial review, you get garbage (as this blog points out: 4/5 basically are nonsense) and with a good prompt, you can use almost any "near frontier" model from my experience as long as the prompt helps with the guardrails or the model doesn't protect in such a strict way

Comments URL: https://news.ycombinator.com/item?id=48057960

Points: 5

# Comments: 1

A license in the software sense is effectively the legal terms and conditions for using the software in any way. A license can define anything your legal mind can dream up: "only usable when you wear a red shirt," "only usable on the third Tuesday of the month," etc. You can multi-license things: "License A is that you can only use this software when you wear a red shirt. License B is that you can only use it on the third Tuesday of the month. This software is dual licensed under A and B: you can choose which license you want to use, but you must use one of them if you want to use the software legally, because those are the legal conditions I've laid out in using the software." If you use the software on Wednesday wearing a blue shirt, you're operating it against the terms and effectively are in breach of the license. This is (part of) why putting source code out on the internet isn't the same as "open source" and why downloading and using source code you find without reviewing the actual license terms may end you up in hot water. It's why standardized licenses are so helpful to legal teams that review these sorts of things at corporations.

These are obviously facetious examples, but most for-profit entities might choose a dual licensing structure where "if you want to run it for free, you choose something in the realm of open source licenses and if you don't like the terms of those licenses, you pay us for a license that gives you something else." In cases like the blog author's here: you say "option A is AGPL" and "option B is you pay us for a license to remove AGPL and which gives you different rights." You hope enough companies are scared by AGPL to want to pay you for the non-AGPL version and the distribution/OSS-friendly nature of AGPL helps you build a user-base enough that by the time it gets to a legal team to approve/deny, that the legal team denies and is willing to pay to make the problem go away.

It isn't written about often, but it's the reason many "open core" companies moved away from AGPL to protect their revenue from larger SaaS/IaaS/PaaS players from eating their lunch.

Some writings are:

- https://writing.kemitchell.com/2021/01/24/Reading-AGPL

- https://katedowninglaw.com/2019/09/08/the-great-open-source-...

- https://drewdevault.com/blog/Anti-AGPL-propaganda/

I've spent a lot of my career working in open source and I want to give back. Recently, I launched https://zeroquarry.com, which is a tool that helps you find 0-days in your software by through AI by tracing incoming requests down to the lowest level of implementation. The tool will do things like automatically suggest patches if you want or be more hands-off if you prefer. It will automatically produce POCs of the vulnerabilities for you to test.

I'm giving the tool away for free to any open source project. If you ping me directly (shane at the domain) with some details on what you're scanning, I'll increase credits or provide additional help.

Comments URL: https://news.ycombinator.com/item?id=47983772

Points: 2

# Comments: 0

Remote: sure, or in person (preferred)

Technologies: Python, Lua, Docker, Java, pretty much all SQL/NoSQL. But I'm a bit unusual here in that my focus tends to be a bit more on the product side than the engineering.

CV: https://connelly.casa/Users/Public/Desktop/Shane%20Connelly%...

Email: me@sha.ne

About: I've worked in leadership positions at the border of product and engineering at several tech-heavy companies. I was head of product for Elasticsearch and Kong, CPO at SPREAD GmbH, and just moved from Germany to Australia earlier this year after having spent most of my career in San Francisco area. I'm currently very interested in product security areas especially and have been launching https://zeroquarry.com

I've had a feeling for a while that there was going to be a war on software based on LLMs controlled by "bad actors." LLMs have gotten really good at finding security vulnerabilities and in the hands of bad actors, it can really ravage the public infrastructure we all rely on. Unfortunately, I've felt like OSS was going to be the first sacrificial lamb so to speak because the code is out there, so easy to identify.

I'm launching zeroquarry.com now for open source maintainers to be able to scan their own code before a bad actor does. Just bring your own LLM key and I'll pay for the hosting infrastructure, development costs, etc for at least the next several months. most scans cost about $5-$20 in tokens using frontier models.

https://youtu.be/bbLYw7j90hA for a demo of how it works

Right now, I'm focused purely on OSS and getting feedback on the product: no option to pay for it. You bring you API key(s), choose your model(s), and run. I've limited the scans to 2x per month for now and 1 concurrent scan at a time by default to try to avoid abuse, but if you're a maintainer of an OSS project and you would like higher limits, just reach out and provide details on your project and I'll bump up pretty much as high as needed. email is shane at the domain

I was going to delay launch until later, but the it's something I've been working on for a few months and the Mythos news really prompted me to move a bit faster. Feedback is generally welcome both here or at the e-mail address above

Comments URL: https://news.ycombinator.com/item?id=47932372

Points: 1

# Comments: 0

Remote: Indifferent. I've worked partially remote from 2015-2025 and in-person before/after. I like both

Willing to relocate: no

Technologies: python, SQL and most major BI tools, javascript, elasticsearch, LLMs and surrounding tooling, various API gateways

CV: https://connelly.casa/?url=/Users/Public/Desktop/Shane%20Con...

LinkedIn: https://www.linkedin.com/in/shaneconnelly/

Email: in the CV

I'm a technologist turned product manager and into product leadership. Most of my career has been leading product teams in complex B2B applied ML/AI and "big data" products. I was product lead for Elasticsearch @ Elastic, Kong @ Kong, Vectara's head of product, and currently CPO @ SPREAD AI. We've recently relocated our family to Australia due to my wife changing positions, and realistically can't be at a company where everyone in the company is in/near Germany except me (the hours just don't work for a company that isn't committed to remote work).