https://lyfe.ninja/

I've always been skeptical of the entire RTO storyline. I literally work on a computer all day with an Internet connection and can complete every aspect of my job remotely, no if, ands, or buts, about it. Also, at this point many are tracking our mouse movements and key strokes, and the work gets done, so they know we're working too

I'm used to the short sided mindset at this point, but the situation just got me thinking about it again.

Meanwhile, companies are throwing everything at AI (which works remotely), laying off employees to do so, and then having obsurd in office policies and skimping on benefits. Just makes you wonder why they distrust people so much.

Comments URL: https://news.ycombinator.com/item?id=47884294

Points: 29

# Comments: 24

Background: I’ve been working on a system using our core tech that can generate and verify digital signatures, but with a slightly different property than traditional approaches. The signatures are natively revocable. If the underlying model/system shouldn’t be trusted anymore, the signatures can be revoked either through a hard (delete the signing model) or soft (revoke the lease for the signing model) mechanism. I believe this feature is very beneficial on its own, but there are several other interesting properties (no key management, distributed verification, embedded metadata, etc.)

Originally this came out of some deeper R&D work we’re doing, but I’ve been thinking this might actually be the most practical “wedge” into the market while we continue that research (and fund the research).

One area that’s been interesting is applying this to AI systems. Specifically as a “know your agent” play. Essentially, how do you verify that the AI-generated content you’re seeing in your browser, workflow, or system actually came from the intended Agent and hasn’t been altered somewhere along the way? Right now “trust” mostly relies on secure transport (TLS, etc.), but not necessarily the integrity of the content at the point of consumption. This is a way to add a verification layer where revocability matters (Would you want to stand by your AI agent’s output forever? I think not.).

So I built a couple demos (I’ve shared these on Show HN previously).The first one simply demonstrates the digital signature ability of the tech and their revocable nature. The second, using the digital signatures to sign a verify content from a AI chatbot in a streaming system (this has received the most traction of anything we’ve shared).

- AI responses are signed after generation

- Verification happens client-side

- Tampering with the content causes verification to fail

- Signatures can be revoked (short-lived leases, or fully invalidated)

It works, at least in controlled settings. But I genuinely don’t know if this is something people would actually adopt, or if it’s solving a problem that only feels real from where I’m sitting. I can think of plenty of uses and see the benefits but that doesn’t mean everyone else will.

A few things I’m trying to figure out:

- Generally, do you see uses for revocable digital signatures?

- If so, where would it matter most?

- Is content-level verification for AI outputs something you’d actually want or use?

- What would make this usable vs annoying in a real system?

The goal would be to make it very developer friendly, since I would imagine they would use it most. Create an account, lease signing model, get oauth creds, sign/verify through simple sdk or API directly.

I’m less interested in pitching this and more trying to understand if this is worth turning into a real product vs keeping it as internal research. I’m also aware there are other approaches that do similar things (C2PA for content attestation, things like CRLs for signature revocation), but they have limitations, and I view this as supplemental tech, not a replacement.

Happy to share more details if helpful, but there is a bunch of documentation on our Project (https://lyfe.ninja/projects/) and News (https://lyfe.ninja/news/) pages of our website. Let me know what you think, Thanks.

Comments URL: https://news.ycombinator.com/item?id=47848539

Points: 3

# Comments: 2

Comments URL: https://news.ycombinator.com/item?id=47848491

Points: 2

# Comments: 0

You do need a market, not just a product. You also need to network to get input, partners, and build a BD pipeline. You don't necessarily need revenue at first, you need to prove external interest, whether that's a beta, pilot, or collaboration/partnership. All these things will add to your momentum.

I'm letting it mature a little before dipping my toe in. I've seem some horror stories, like it deleting repos, system files, and whatnot.

I've seen a some stuff, but wanted to get community input.

Comments URL: https://news.ycombinator.com/item?id=47768134

Points: 2

# Comments: 3

This month: Design and market research on "know your agent" products

Skills: ML, crypto, security folks for independent validation stress testing and just general support. Would love someone to try and forge or break our signatures.

Link: https://lyfe.ninja/projects (or find us on LinkedIn)

Write up and demo here: https://lyfe.ninja/news/#know-your-agent-with-blkbolt

By false positives, I'm assuming you mean, two separate LLMs/agents output and sign the exact same content (e.g. hello world!).

These are not traditional signatures and can have metadata encoded into them (the demo only encodes lease ID, create timestamp). So you could rely on the metadata during verification for provenance (which one came first). The demo has a separate link to additional information about the signatures.

P.S. this is just a demo to demonstrate this in a real-time streaming scenario (mostly for a prospect). But we'd love to hear if anyone thinks this could be useful as a product of its own.

Comments URL: https://news.ycombinator.com/item?id=47750470

Points: 2

# Comments: 4

1. Make sure the market for your product exists before you make it. This is counterintuitive to builders like myself and probably you. building is what I'm good at, and I know what I'm making adds value, but that doesn't mean others will see that value.

2. Kinda goes with #1, but talk to as many people as possible in the market you are considering a product for and learn what their problems and pain points are so you can solve them. If you can relieve someone's pain, the marketing will do itself. It's hard to even get the conversations, but each one is helpful, even if it's telling you something you don't want to hear.

3. Focus on gaining external interest, not necessarily revenue. Again, hard, but a pilot or partnership with another startup or small business can go along way and showing value to future investors or customers.

4. Talk to and learn from other founders. Your already doing this, but there are nuggets of information that can help even if it's just a slight change of perspective.

5. Keep your head up. It's a slog and it's brutal, but it's a marathon.

I'm still working on all these things myself, so you're not alone. The realization that a good product without a market is nothing, was a big revelation for me (and in hindsight makes me feel like an idiot). I honestly thought if you solve a hard enough problem or built a good enough product that the rest would fall in line, but that was not the case, but I'm not ready to give up yet.

I personally like to use AI to make a first draft and then edit from there. It's way faster at that first draft than I am, but I can still maintain my voice and ensure I'm making all my points.

I will say many people are also generally bad writers. Is it slop if it's actually a better writer than the engineer making the site or the owner of a small business without a marketing team? It just seems like a tool to write better.