Nightfall by Asimov was a 7 bodies problem - https://en.wikipedia.org/wiki/Nightfall_(Asimov_novelette_an...
And to be fair, Liu Cixin's book is a 4 bodies problem :)
Readit Newsauthnopuz commented on Show HN: Browser-based interactive 3D Three-Body problem simulator trisolarchaos.com/?pr=O_8... · Posted by u/jgchaos
authnopuz commented on Show HN: Browser-based interactive 3D Three-Body problem simulator trisolarchaos.com/?pr=O_8... · Posted by u/jgchaos
I think the URL is telling
Nightfall by Asimov was a 7 bodies problem - https://en.wikipedia.org/wiki/Nightfall_(Asimov_novelette_an...
authnopuz commented on Guy running a Google rival from his laundry room fastcompany.com/91396271/... · Posted by u/coloneltcb
I tried the search site at https://searcha.page/ by searching for something random and got the following message:
"An error has occurred building the search results."
hug of death? I fear the temperature will get very high in his laundry room
authnopuz commented on Guy running a Google rival from his laundry room fastcompany.com/91396271/... · Posted by u/coloneltcb
authnopuz commented on The Agentic Systems Series gerred.github.io/building... · Posted by u/ghuntley
The authentication section is very bizarre, the Agent should go through an OAuth(2?) process to finally access server through an API Key?
That sounds more painful than bringing a better state of security...
authnopuz commented on WonderHuman: 3D avatars from single-view video arxiv.org/abs/2502.01045... · Posted by u/jinqueeny
authnopuz commented on OWASP Non-Human Identities Top 10 owasp.org/www-project-non... · Posted by u/raskelll
Another good source of NHI definitions, concepts, and threats https://nhimg.org/the-ultimate-guide-to-non-human-identities
If you consider the newest rfc9068: https://datatracker.ietf.org/doc/html/rfc9068 for JWT profiled Access Token, the list of discrepancies is even longer.
The gap it doesn't touch: consumer services (email newsletters, SaaS signups, SMS verification flows) will never adopt IETF agent auth standards. They expect a real human email and phone. The verification SMS goes to a phone number. The confirmation email goes to an inbox. A human clicks it.
That's a fundamentally different problem — not 'how does an agent authenticate to an API' but 'how does an agent prove it exists to a service that was built assuming a human is on the other end.' The RFC doesn't help there. You need a different layer.
There are two elements here. Agent can start a full authorization request with AS through authorization code grant flow, even requiring a step-up or some rich authorization details, therefore whatever OTP by SMS or Magic link is an AS - Subject/Client "problem".
For Agent that cannot start a full authorization request (too costly, to complex, subject directly unreachable at the moment), we have a mention to OpenID Connect CIBA into it. With it, the Agent will start a back channel authorization request with the AS and the AS will use a method of authentication / confirmation with the subject in front channel, for example sending a SMS or sending a link to click. Again the resolution will remain an AS - Subject/Client "problem".