Hacker News: mafriese

New comment by mafriese in "GPT-5.5"

mafriese — Fri, 24 Apr 2026 06:56:20 +0000

From my experience OpenAI has become very sensitive when it comes to using their tools for security research. I am using MCP servers for tools like IDA Pro or Ghidra (for malware analysis) and recently received a warning:

> OpenAI's terms and policies restrict the use of our services in a number of areas. We have identified activity in your OpenAI account that is not permitted under our policies for: - Cyber Abuse

I raised an appeal which got denied. To be fair I think it's close to impossible for someone that is looking at the chat history to differenciate between legitimate research and malicious intent. I have also applied for the security research program that OpenAI is offering but didn't get any reply on that.

New comment by mafriese in "Wikipedia was in read-only mode following mass admin account compromise"

mafriese — Thu, 05 Mar 2026 18:22:40 +0000

I’m not saying that this is related to Wikipedia ditching archive.is but timing in combination with Russian messages is at least…weird.

New comment by mafriese in "Deobfuscation and Analysis of Ring-1.io"

mafriese — Thu, 12 Feb 2026 07:01:14 +0000

From the conclusion

> Importantly, this work also highlights the defensive implications of such techniques. While Secure Boot and firmware integrity mechanisms would prevent this attack chain when correctly enforced, the explicit requirement for users to disable Secure Boot demonstrates how social and usability tradeoffs continue to undermine otherwise effective platform defenses.

New comment by mafriese in "Claude Code's new hidden feature: Swarms"

mafriese — Sat, 24 Jan 2026 23:11:18 +0000

maybe it's a mix of both :)

New comment by mafriese in "Claude Code's new hidden feature: Swarms"

mafriese — Sat, 24 Jan 2026 22:29:05 +0000

You can define the tools that agents are allowed to use in the opencode.json (also works for MCP tools I think). Here’s my config: https://pastebin.com/PkaYAfsn

The models can call each other if you reference them using @username.

This is the .md file for the manager : https://pastebin.com/vcf5sVfz

I hope that helped!

New comment by mafriese in "Claude Code's new hidden feature: Swarms"

mafriese — Sat, 24 Jan 2026 22:07:26 +0000

Nope it isn’t. I did it as a joke initially (I also had a version where every 2 stories there was a meeting and if a someone underperformed it would get fired). I think there are multiple reasons why it actually works so well:

- I built a system where context (+ the current state + goal) is properly structured and coding agents only get the information they actually need and nothing more. You wouldn’t let your product manager develop your backend and I gave the backend dev only do the things it is supposed to and nothing more. If an agent crashes (or quota limits are reached), the agents can continue exactly where the other agents left off.

- Agents are ”fighting against” each other to some extend? The Architect tries to design while the CAB tries to reject.

- Granular control. I wouldn’t call “the manager” _a deterministic state machine that is calling probabilistic functions_ but that’s to some extent what it is? The manager has clearly defined tasks (like “if file is in 01_design —> Call Architect)

Here’s one example of an agent log after a feature has been implemented from one of the older codebases: https://pastebin.com/7ySJL5Rg

New comment by mafriese in "Claude Code's new hidden feature: Swarms"

mafriese — Sat, 24 Jan 2026 21:05:16 +0000

Ok it might sound crazy but I actually got the best quality of code (completely ignoring that the cost is likely 10x more) by having a full “project team” using opencode with multiple sub agents which are all managed by a single Opus instance. I gave them the task to port a legacy Java server to C# .NET 10. 9 agents, 7-stage Kanban with isolated Git Worktrees.

Manager (Claude Opus 4.5): Global event loop that wakes up specific agents based on folder (Kanban) state.

Product Owner (Claude Opus 4.5): Strategy. Cuts scope creep

Scrum Master (Opus 4.5): Prioritizes backlog and assigns tickets to technical agents.

Architect (Sonnet 4.5): Design only. Writes specs/interfaces, never implementation.

Archaeologist (Grok-Free): Lazy-loaded. Only reads legacy Java decompilation when Architect hits a doc gap.

CAB (Opus 4.5): The Bouncer. Rejects features at Design phase (Gate 1) and Code phase (Gate 2).

Dev Pair (Sonnet 4.5 + Haiku 4.5): AD-TDD loop. Junior (Haiku) writes failing NUnit tests; Senior (Sonnet) fixes them.

Librarian (Gemini 2.5): Maintains "As-Built" docs and triggers sprint retrospectives.

You might ask yourself the question “isn’t this extremely unnecessary?” and the answer is most likely _yes_. But I never had this much fun watching AI agents at work (especially when CAB rejects implementations). This was an early version of the process that the AI agents are following (I didn’t update it since it was only for me anyway): https://imgur.com/a/rdEBU5I

New comment by mafriese in "Studio Ghibli, Bandai Namco, Square Enix Demand OpenAI to Stop Using Their IP"

mafriese — Tue, 04 Nov 2025 12:33:09 +0000

I am still torn on this issue. On the one hand, it feels like a copyright violation when other people's works are used to train an ML model. On the other hand, it is not a copyright infringement if I paint a picture in the Studio Ghibli style myself. The question is whether removing a ‘skill requirement’ for replication is sufficient grounds to determine a violation.

New comment by mafriese in "Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom"

mafriese — Fri, 16 May 2025 11:28:43 +0000

I never doubted that it's possible but it's way harder than identifying bank accounts. There is a massive business behind crypto tracking, that's why companies like MasterCard have acquired CipherTrace. Some years ago there was a really good article / case study from them. I think it was related to a ransomware gang and they were able to identify the threat actor's wallets through crypto tumblers and chain hopping. It's just a matter of how much money and time are you willing to invest into finding out and not a matter of possibility.

New comment by mafriese in "Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom"

mafriese — Fri, 16 May 2025 09:32:11 +0000

You can easily establish the connection from a bank account to a person. A connection from a crypto wallet to a person is extremely difficult. Money laundering with crypto is also much easier (and cheaper usually).

New comment by mafriese in "Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom"

mafriese — Fri, 16 May 2025 08:30:34 +0000

> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities

Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.

> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).

This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...

https://en.wikipedia.org/wiki/Vastaamo_data_breach

New comment by mafriese in "Firefox nightly is running an experiment featuring a Fakespot feed on newtab"

mafriese — Wed, 20 Nov 2024 09:34:38 +0000

This is perfect advertising for the Ladybird browser. I hope that some of the developers (if this really goes live on the release channel) will join other projects. I can understand that Mozilla needs money, but I don't think this feature fits with Firefox and what it stands for.

New comment by mafriese in "Show HN: Facad – A colorful directory listing tool for the command line"

mafriese — Tue, 01 Oct 2024 08:06:40 +0000

Is this in any way better than eza? https://github.com/eza-community/eza

New comment by mafriese in "Show HN: Faktor – The missing 2FA code autocomplete for Chrome"

mafriese — Wed, 03 Jul 2024 08:30:04 +0000

The website uses "Enter your 6-digit authentication code" as an example and then shows a 4-digit auth code in the text field https://imgur.com/a/u4STHPe

New comment by mafriese in "Cyber Scarecrow"

mafriese — Tue, 18 Jun 2024 11:46:05 +0000

https://github.com/mafriese/scarecrow Can upload any files you want there. Direct DL for one of the files: https://github.com/mafriese/scarecrow/raw/main/autoruns.exe

New comment by mafriese in "Cyber Scarecrow"

mafriese — Tue, 18 Jun 2024 11:04:42 +0000

This "thing" is always spawning 3 processes at the time. The processes are always the ones from the virustotal link. I can upload the DLL to a file sharing service of your choice if you don't have a VT premium license. I can also provide an any.run link: https://app.any.run/tasks/bc557b04-5025-46a1-a683-aad3b29b9a... (installer) https://app.any.run/tasks/e257e7f2-7837-4ed1-93c8-5d617d75cc... (zip file containing the files). Let me know if you need further info :).

New comment by mafriese in "Cyber Scarecrow"

mafriese — Tue, 18 Jun 2024 10:22:43 +0000

I don't understand why the software is built how it's built. Why would you want to implement licensing in the future for a software product that only creates fake processes and registry keys from a list: https://pastebin.com/JVZy4U5i . The limitation to 3 processes and license dialog make me feel uncomfortable using the software. All the processes are 14.1MB in size (and basically the scarecrow_process.dll - https://www.virustotal.com/gui/file/83ea1c039f031aa2b05a082c...). I just don't understand why you create such a complex piece of software if you can just use a Powershell script that does exactly the same using less resources. The science behind it only kinda makes sense. There is some malware that is using techniques to check if there are those processes are running but by no means is this a good way to keep you protected. Most common malware like credential stealers (redline, vidar, blahblah) don't care about that and they are by far the most common type of malware deployed. Even ransomware like Lockbit doesn't care, even if it's attached to a debugger. I think this mostly creates a false sense of security and if you plan to grow a business out of this, it would probably only take hours until there would be an open source option available. Don't get me wrong - I like the idea of creating new ways of defending malware, what I don't like is the way you try to "sell" it.

New comment by mafriese in "Give nothing, expect nothing: Gitlab latest punching bag for entitled users"

mafriese — Thu, 11 Aug 2022 08:58:48 +0000

You guys are getting paid?

New comment by mafriese in "Tell HN: 1Password shares passwords you don't want shared"

mafriese — Thu, 17 Feb 2022 14:54:17 +0000

Use Bitwarden instead. fixed.

https://bitwarden.com/

New comment by mafriese in "Paddle announces iOS IAP alternative that avoids Apple's 30% fees"

mafriese — Thu, 07 Oct 2021 14:02:25 +0000

Because the 99$/year are for the dev platform and the 15%/30% cut are for using the infrastructure needed for in app purchases.