More context: Hi all! I ran into an issue with getting tailscale to work for larger payloads from my WSL (windows) box, and I detailed my journey on debugging what the issue was, in a pretty roundabout way. Towards the bottom I hit a huge wall in my investigation where I basically actually had to look up stuff and really learn beyond the abstraction I already knew, and then I try to explain it all. Would welcome any feedback here on the correctness specifically, just so I'm not internalizing any _wrong_ learnings. Thanks!
Readit Newsbadeeya commented on I Wail, for My Tailscale Fails: How My Packets Got Dropped Beyond the Pale jusung.dev/posts/tailscal... · Posted by u/badeeya
Hey, anything other than your domain to submit?
> Please don't use HN primarily for promotion. It's ok to post your own stuff part of the time, but the primary use of the site should be for curiosity.
I'll edit this and add more info. I'm not promoting anything here, I'm just detailing a chronicle with debugging tailscale and dropped packets, which I thought people would find interesting. I'll add more context in a sec.
badeeya commented on Reverse engineering the KakaoTalk app so I can build a Beeper Bridge jusung.dev/posts/kakao-ta... · Posted by u/badeeya
Password managers generally send a hash but for almost all services I would say plain text password is standard, I would definitely go with something like firebase or auth0 vs rolling your own auth in most normal situations. The poster is explicit about not knowing anything about security though so all good.
This makes sense, I guess encrypting it on top of TLS doesn’t meaningfully improve security. My concern is that you’re trusting the server to immediately salt and hash upon receipt (especially before storing), but if the client at least obfuscated the password, then in the worst case of a leak you have an email and an obfuscated password that can be used to login to the pwned service but nothing else. My specific threat model depends on the average person not adopting password manager hygiene and 2fa across their services, which is fairly common amongst my friends personally.
badeeya commented on Show HN: A MitM proxy to see what your LLM tools are sending github.com/jmuncor/sherlo... · Posted by u/jmuncor
Ohh my, no offense taken... The next time I will be a lot more careful with the stuff that I put out there. Learning and getting the hang of it, would love if you either comment on the code or here any other things you think could be improved. I am in the process of getting better and appreciate all the blunt and transparent feedback. No one grows out of praise.
it's incredible that people pointed out very specifically what's wrong and you fell back to weaponized incompetence to shift the intellectual and mental burden of reviewing the code to outsiders instead of thinking for yourself. this is the problem with relying on LLM,s instead of thinking for yourself you just ask LLMs, and now other real people "idk just fix it for me make it work". do you really not see the problem with this?
badeeya commented on Show HN: A MitM proxy to see what your LLM tools are sending github.com/jmuncor/sherlo... · Posted by u/jmuncor
I love the real feedback tbh, I am still learning, and want to learn as much as possible. Would love if you can review it and tell me bluntly either in the repo or here the things that should be improved. I would love to learn more from you and get better :D
it is incredible that people pointed out very specifically what's wrong and you fell back to weaponized incompetence to shift the intellectual and mental burden of reviewing the code to outsiders instead of thinking for yourself. this is the problem with relying on LLM,s instead of thinking for yourself you just ask LLMs, and now other real people "idk just fix it for me make it work". do you really not see the problem with this?
badeeya commented on Using proxies to hide secrets from Claude Code joinformal.com/blog/using... · Posted by u/drewgregory
I'm working on something similar called agent-creds [0]. I'm using Envoy as the transparent (MITM) proxy and macaroons for credentials.
The idea is that you can arbitrarily scope down credentials with macaroons, both in terms of scope (only certain endpoints) and time. This really limits the damage that an agent can do, but also means that if your credentials are leaked they are already expired within a few minutes. With macaroons you can design the authz scheme that *you* want for any arbitrary API.
I'm also working on a fuse filesystem to mount inside of the container that mints the tokens client-side with short expiry times.
made with ai?