Hacker News: thomas34298

New comment by thomas34298 in "Codex for almost everything"

thomas34298 — Thu, 16 Apr 2026 17:25:24 +0000

Does that version of Codex still read sensitive data on your file system without even asking? Just curious.

https://github.com/openai/codex/issues/2847

Codex reads files outside working directory without my permission

thomas34298 — Wed, 07 Jan 2026 18:48:42 +0000

Article URL: https://github.com/openai/codex/issues/5237

Comments URL: https://news.ycombinator.com/item?id=46530706

Points: 1

# Comments: 0

New comment by thomas34298 in "Google Antigravity exfiltrates data via indirect prompt injection attack"

thomas34298 — Tue, 25 Nov 2025 22:04:37 +0000

That's the entire point of sandboxing, so none of what you listed would be accessible by default. Check out https://github.com/anthropic-experimental/sandbox-runtime and https://github.com/Zouuup/landrun as examples on how you could restrict agents for example.

New comment by thomas34298 in "Google Antigravity exfiltrates data via indirect prompt injection attack"

thomas34298 — Tue, 25 Nov 2025 21:05:54 +0000

Codex can read any file on your PC without your explicit approval. Other agents like Claude Code would at least ask you or are sufficiently sandboxed.

Codex can read sensitive files outside the CWD without approval

thomas34298 — Tue, 25 Nov 2025 02:10:46 +0000

If you directly ask Codex to read ~/.ssh/id_rsa, it will usually decline due to "safety concerns". However, the sandbox which the agent is running in doesn't restrict reads outside the working directory in any way and you won't even be asked for approval - it's just a prompt (injection) away. The Codex developers close issues related to this problem and simply suggest running Codex "in a docker container or VM" [1].

To quote the Codex security documentation [2]:

> We’ve chosen a powerful default for how Codex works on your computer. In this default approval mode, Codex can read files, make edits, and run commands in the working directory automatically.

> However, Codex will need your approval to work outside the working directory or run commands with network access. [...]

As a new, naive user (which I was), I'd assume based on the text above that Codex wouldn't be able to extract secrets and read my browser history or whatever else on my PC if I started it in VSCode for example. Running Codex in a Docker container or VM is totally valid and quite a few people are probably doing that, like in a CI/CD pipeline, however, that's definitely the minority.

How is this not a bigger deal? In my experience, other agentic tools like Claude Code give the user much more control in regards to safety and what OpenAI is doing here feels highly irresponsible IMHO.

[1] https://github.com/openai/codex/issues/5237#issuecomment-3536026833

[2] https://developers.openai.com/codex/security/

Comments URL: https://news.ycombinator.com/item?id=46041660

Points: 1

# Comments: 0

New comment by thomas34298 in "Windows 11 adds AI agent that runs in background with access to personal folders"

thomas34298 — Tue, 18 Nov 2025 12:56:18 +0000

Interesting fact: Codex has access to all the files your current user has access to as well, even if you just opened it in the src directory.

Codex does not prevent reads outside the working directory

thomas34298 — Mon, 17 Nov 2025 19:03:52 +0000

Article URL: https://github.com/openai/codex/issues/5237

Comments URL: https://news.ycombinator.com/item?id=45956801

Points: 2

# Comments: 0

Automated PDF Generation with Typst

thomas34298 — Fri, 07 Nov 2025 19:01:51 +0000

Article URL: https://typst.app/blog/2025/automated-generation/

Comments URL: https://news.ycombinator.com/item?id=45849697

Points: 2

# Comments: 0

Welcome to the next generation of Burp Suite: elevate your testing with Burp AI

thomas34298 — Thu, 03 Apr 2025 21:04:52 +0000

Article URL: https://portswigger.net/blog/welcome-to-the-next-generation-of-burp-suite-elevate-your-testing-with-burp-ai

Comments URL: https://news.ycombinator.com/item?id=43575393

Points: 2

# Comments: 0

New comment by thomas34298 in "GPT-4.5"

thomas34298 — Thu, 27 Feb 2025 22:23:08 +0000

Sam tweeted "taking care of my kid in the hospital":

https://x.com/sama/status/1895210655944450446

Let's not assume that he's lying. Neither the presentation nor my short usage via the API blew me away, but to really evaluate it, you'd have to use it longer on a daily basis. Maybe that becomes a possiblity with the announced performance optimizations that would lower the price...

New comment by thomas34298 in "DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via RL"

thomas34298 — Sat, 25 Jan 2025 23:28:04 +0000

Have you even tried it out locally and asked about those things?

New comment by thomas34298 in "RCE Vulnerability in QBittorrent"

thomas34298 — Sat, 02 Nov 2024 01:08:08 +0000

>BUGFIX: Don't ignore SSL errors (sledgehammer999)

>https://www.qbittorrent.org/news

There should be a security notice IMO.

New comment by thomas34298 in "Typst 0.12"

thomas34298 — Fri, 18 Oct 2024 21:55:29 +0000

Changelog: https://typst.app/docs/changelog/0.12.0/

Typst 0.12

thomas34298 — Fri, 18 Oct 2024 21:53:32 +0000

Article URL: https://typst.app/blog/2024/typst-0.12/

Comments URL: https://news.ycombinator.com/item?id=41883851

Points: 19

# Comments: 2

New comment by thomas34298 in "Ask HN: Tech Stack Behind the Claude App?"

thomas34298 — Thu, 10 Oct 2024 07:33:58 +0000

Recently, I decided to try out Claude for a month and bought the subscription right when mine for ChatGPT ended. However, after just a few days, I noticed how sluggish and inconvenient Claude feels on the web. Maybe it's partly because of my 4k screen, and it's not optimized for it, but I quickly switched back to ChatGPT due to the IMO better UX. Also, temporary chats are missing!

New comment by thomas34298 in "Changes to the OSCP"

thomas34298 — Fri, 30 Aug 2024 18:04:00 +0000

Most important changes starting November 1, 2024:

- OSCP+ will replace regular OSCP with a three-year expiration (old lifetime certificates remain valid)

- Removal of bonus points to improve fairness

Changes to the OSCP

thomas34298 — Fri, 30 Aug 2024 18:00:42 +0000

Article URL: https://help.offsec.com/hc/en-us/articles/29840452210580-Changes-to-the-OSCP

Comments URL: https://news.ycombinator.com/item?id=41403077

Points: 3

# Comments: 2

Ask HN: Are there any decent LLM-based web application scanners?

thomas34298 — Tue, 27 Aug 2024 16:22:09 +0000

I'm looking for LLM-based web application scanners capable of finding vulnerabilities that aren't typically detected by traditional scanners like in Burp Pro. Even though LLMs are prone to errors and, in my opinion, don't truly understand what they are saying or doing, I still believe they could be useful for detecting issues like broken access control or business logic errors, or for navigating complex web applications with a little more "thought" while looking for vulnerabilities. I tried googling for solutions, preferably with a trustworthy team and with on-premise deployment, but I didn't find many that met those criteria. Can anyone here recommend something or is working on such a product? Thanks!

Comments URL: https://news.ycombinator.com/item?id=41369270

Points: 1

# Comments: 0

New comment by thomas34298 in "Roblox is the biggest game in the world, but is unprofitable"

thomas34298 — Tue, 20 Aug 2024 12:42:26 +0000

There is a lot of porn. X even added official rules for it: https://help.x.com/en/rules-and-policies/adult-content

I don't have an iPhone, but I know that you can access it via the official app from Google Play.

New comment by thomas34298 in "Roblox is the biggest game in the world, but is unprofitable"

thomas34298 — Mon, 19 Aug 2024 08:52:46 +0000

I think the same argument could be made for Twitter/X. The app stores by Google and Apple specifically disallow pornographic material, yet the app is full of it. Once you're big and important enough, the rules mostly don't apply for you anymore. Of course, if they tried to circumvent the app store tax directly within the app, there would be consequences, but as long as Google/Apple can make a profit, it's okay it seems.