Hacker News: ramimachttps://news.ycombinator.com/user?id=ramimacHacker News RSShttps://hnrss.org/hnrss v2.1.1Sun, 24 May 2026 22:33:51 +0000<![CDATA[A Guide to Keyboard Customization]]>Article URL: https://aresluna.org/key-in-sight/

Comments URL: https://news.ycombinator.com/item?id=48212706

Points: 4

# Comments: 0

]]>Wed, 20 May 2026 19:21:39 +0000https://aresluna.org/key-in-sight/ramimachttps://news.ycombinator.com/item?id=48212706https://news.ycombinator.com/item?id=48212706<![CDATA[New comment by ramimac in "We reproduced Anthropic's Mythos findings with public models"]]>Carlini's unprompted talk is one source: https://www.youtube.com/watch?t=204&v=1sd26pWhfmg

]]>Fri, 17 Apr 2026 14:58:15 +0000https://news.ycombinator.com/item?id=47806663ramimachttps://news.ycombinator.com/item?id=47806663https://news.ycombinator.com/item?id=47806663<![CDATA[If [static analysis] could have, why didn't it?]]>Article URL: https://alexgaynor.net/2026/apr/13/why-didnt-it/

Comments URL: https://news.ycombinator.com/item?id=47762417

Points: 2

# Comments: 1

]]>Tue, 14 Apr 2026 07:28:51 +0000https://alexgaynor.net/2026/apr/13/why-didnt-it/ramimachttps://news.ycombinator.com/item?id=47762417https://news.ycombinator.com/item?id=47762417<![CDATA[Brocards for Vulnerability Triage]]>Article URL: https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage

Comments URL: https://news.ycombinator.com/item?id=47738099

Points: 2

# Comments: 0

]]>Sun, 12 Apr 2026 10:30:14 +0000https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triageramimachttps://news.ycombinator.com/item?id=47738099https://news.ycombinator.com/item?id=47738099<![CDATA[New comment by ramimac in "Telnyx package compromised on PyPI"]]>We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports

]]>Fri, 27 Mar 2026 08:59:16 +0000https://news.ycombinator.com/item?id=47540400ramimachttps://news.ycombinator.com/item?id=47540400https://news.ycombinator.com/item?id=47540400<![CDATA[Telnyx package compromised on PyPI]]>https://github.com/team-telnyx/telnyx-python/issues/235

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

Comments URL: https://news.ycombinator.com/item?id=47540388

Points: 133

# Comments: 135

]]>Fri, 27 Mar 2026 08:57:02 +0000https://telnyx.com/resources/telnyx-python-sdk-supply-chain-security-notice-march-2026ramimachttps://news.ycombinator.com/item?id=47540388https://news.ycombinator.com/item?id=47540388<![CDATA[New comment by ramimac in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"]]>It's a spam flood by the attacker to complicate information sharing[1]. They did the same thing in the Trivy discussion, with many of the same accounts.[2]

[1] https://ramimac.me/teampcp/#spam-flood-litellm [2] https://ramimac.me/teampcp/#discussion-flooded

]]>Wed, 25 Mar 2026 09:22:09 +0000https://news.ycombinator.com/item?id=47515089ramimachttps://news.ycombinator.com/item?id=47515089https://news.ycombinator.com/item?id=47515089<![CDATA[New comment by ramimac in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"]]>Blood, sweat, and tears.

The investment compounds! I have enough context to quickly vet incoming information, then it's trivial to update a static site with a new blurb

]]>Tue, 24 Mar 2026 18:42:23 +0000https://news.ycombinator.com/item?id=47507281ramimachttps://news.ycombinator.com/item?id=47507281https://news.ycombinator.com/item?id=47507281<![CDATA[New comment by ramimac in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"]]>This is tied to the TeamPCP activity over the last few weeks. I've been responding, and keeping an up to date timeline. I hope it might help folks catch up and contextualize this incident:

https://ramimac.me/trivy-teampcp/#phase-09

]]>Tue, 24 Mar 2026 13:36:54 +0000https://news.ycombinator.com/item?id=47502402ramimachttps://news.ycombinator.com/item?id=47502402https://news.ycombinator.com/item?id=47502402<![CDATA[New comment by ramimac in "Scaling Vulnerability Management with AI: What Worked"]]>> Upon issue creation another workflow spins up three independent coding agents to analyze the finding.

I'm curious

1) what the current statistics are for consensus

2) how the agents may/may not perform independently

3) what the agent profiles are and how they differ (model, harness, prompt/persona, all three?)

]]>Thu, 19 Mar 2026 13:34:36 +0000https://news.ycombinator.com/item?id=47439177ramimachttps://news.ycombinator.com/item?id=47439177https://news.ycombinator.com/item?id=47439177<![CDATA[It's Their Mona Lisa]]>Article URL: https://ironicsans.ghost.io/its-t-mona-lisa/

Comments URL: https://news.ycombinator.com/item?id=47425186

Points: 75

# Comments: 17

]]>Wed, 18 Mar 2026 12:53:15 +0000https://ironicsans.ghost.io/its-t-mona-lisa/ramimachttps://news.ycombinator.com/item?id=47425186https://news.ycombinator.com/item?id=47425186<![CDATA[Child's Play: Tech's new generation and the end of thinking]]>Article URL: https://harpers.org/archive/2026/03/childs-play-sam-kriss-ai-startup-roy-lee/

Comments URL: https://news.ycombinator.com/item?id=47088685

Points: 451

# Comments: 265

]]>Fri, 20 Feb 2026 14:48:34 +0000https://harpers.org/archive/2026/03/childs-play-sam-kriss-ai-startup-roy-lee/ramimachttps://news.ycombinator.com/item?id=47088685https://news.ycombinator.com/item?id=47088685<![CDATA[Building Multi-Agent Systems (Part 3)]]>Article URL: https://blog.sshh.io/p/building-multi-agent-systems-part-c0c#footnote-anchor-2-184887421

Comments URL: https://news.ycombinator.com/item?id=46680526

Points: 1

# Comments: 0

]]>Mon, 19 Jan 2026 16:06:19 +0000https://blog.sshh.io/p/building-multi-agent-systems-part-c0c#footnote-anchor-2-184887421ramimachttps://news.ycombinator.com/item?id=46680526https://news.ycombinator.com/item?id=46680526<![CDATA[New comment by ramimac in "Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem"]]>Reach out if you'd like me to check - I did the same for the trigger.dev team in fact[1].

(personal site linked in bio, who links you onward to my linkedin)

[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20

]]>Sun, 14 Dec 2025 21:17:08 +0000https://news.ycombinator.com/item?id=46267017ramimachttps://news.ycombinator.com/item?id=46267017https://news.ycombinator.com/item?id=46267017<![CDATA[Okta's NextJS-0auth troubles]]>Article URL: https://joshua.hu/ai-slop-okta-nextjs-0auth-security-vulnerability

Comments URL: https://news.ycombinator.com/item?id=45963350

Points: 372

# Comments: 152

]]>Tue, 18 Nov 2025 10:17:20 +0000https://joshua.hu/ai-slop-okta-nextjs-0auth-security-vulnerabilityramimachttps://news.ycombinator.com/item?id=45963350https://news.ycombinator.com/item?id=45963350<![CDATA[New comment by ramimac in "Replicate is joining Cloudflare"]]>Probably, but you can check out a more robust list here: https://blog.cloudflare.com/tag/acquisitions/

* BastionZero

* Kivera

* Baselime

* PartyKit

* Area 1

* Vectrix

* Zaraz

* Linc

* S2 Systems Corporation

* Neumob

* Eager

* CryptoSeal

* StopTheHacker

]]>Mon, 17 Nov 2025 16:13:41 +0000https://news.ycombinator.com/item?id=45954929ramimachttps://news.ycombinator.com/item?id=45954929https://news.ycombinator.com/item?id=45954929<![CDATA[New comment by ramimac in "AWS Secret-West Region is now available"]]>Always a funny title, see previously: Announcing the New AWS Secret Region (2017) [1]

[1] https://news.ycombinator.com/item?id=15741108

]]>Thu, 23 Oct 2025 16:12:24 +0000https://news.ycombinator.com/item?id=45683577ramimachttps://news.ycombinator.com/item?id=45683577https://news.ycombinator.com/item?id=45683577<![CDATA[Visibility at scale: How Figma detects sensitive data exposure]]>Article URL: https://www.figma.com/blog/visibility-at-scale-how-figma-detects-sensitive-data-exposure/

Comments URL: https://news.ycombinator.com/item?id=45683560

Points: 2

# Comments: 0

]]>Thu, 23 Oct 2025 16:11:13 +0000https://www.figma.com/blog/visibility-at-scale-how-figma-detects-sensitive-data-exposure/ramimachttps://news.ycombinator.com/item?id=45683560https://news.ycombinator.com/item?id=45683560<![CDATA[If Managers Were Angels]]>Article URL: https://www.bonnycode.com/posts/if-managers-were-angels/

Comments URL: https://news.ycombinator.com/item?id=45675318

Points: 1

# Comments: 0

]]>Wed, 22 Oct 2025 21:22:35 +0000https://www.bonnycode.com/posts/if-managers-were-angels/ramimachttps://news.ycombinator.com/item?id=45675318https://news.ycombinator.com/item?id=45675318<![CDATA[Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces]]>Article URL: https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces

Comments URL: https://news.ycombinator.com/item?id=45594056

Points: 1

# Comments: 0

]]>Wed, 15 Oct 2025 15:27:19 +0000https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplacesramimachttps://news.ycombinator.com/item?id=45594056https://news.ycombinator.com/item?id=45594056