Readit News logoReadit News
rdegges commented on Beej's Guide to Learning Computer Science   beej.us/guide/bglcs/... · Posted by u/amruthreddi
matt3210 · 13 days ago
Beej taught me networking in c in the early 00s. He will now teach my son computer science in the 20s. The circle of life.
rdegges · 12 days ago
He also taught me networking in C in the early 2000's! A few years ago I moved from the Bay Area up to Bend, Oregon and ended up running into him in-person at one of the tech meetups.

I was so floored to meet him in person, and as you'd probably imagine, he's super kind and relaxed =D

A++ human being who's contributed so much to our field.

rdegges commented on MCP-Scanner – Scan MCP Servers for vulnerabilities   github.com/cisco-ai-defen... · Posted by u/hsanthan
embedding-shape · 2 months ago
Would you want to share how/why it's different from the submission, since you're making a comment here?
rdegges · 2 months ago
I believe one of the main differences is that our scanner looks for toxic flows between mcp endpoints regarding how they interact with one another. Unless I'm missing something, the Cisco tool does not support this.

Our research lab discovered this novel threat back in July: https://invariantlabs.ai/blog/toxic-flow-analysis and built the tooling around it. This is an extremely common type of issue that many people don't realize (basically, when you are using multiple MCP servers that individually are safe, but together can cause issues).

rdegges commented on MCP-Scanner – Scan MCP Servers for vulnerabilities   github.com/cisco-ai-defen... · Posted by u/hsanthan
rdegges · 2 months ago
At Snyk, we've been working on this for a while. Here's our flagship open source project consolidating a lot of the MCP risk factors we've discovered over the last year or so into actionable info: https://github.com/invariantlabs-ai/mcp-scan
Posted by u/rdegges 2 months ago
Can the 50-Year-Old Actor Model Rescue Agentic AI?thenewstack.io/can-the-50...
rdegges commented on Using AI to secure AI   mattsayar.com/letting-inm... · Posted by u/MattSayar
rdegges · 4 months ago
Here's a better option -- what we've been working on at Snyk.

- Take something like Cursor and plug the Snyk MCP server into it: https://docs.snyk.io/integrations/developer-guardrails-for-a... (it has a one-click install) - Then, either within your project or via global settings, create some human-language rules for your AI code editor to use (this works basically the same between all editors: Claude Code, Cursor, Windsurf, etc...)

For example, a rule might state:

"If you add or change any code, run a Snyk Code scan on the modified files then fix the detected vulnerabilities. When you're done fixing them, perform another scan to ensure they're fixed, and if not, keep iterating until the code is secure."

Obviously, there are other rules you can use here, such as using Snyk's open source dependency testing to identify vulns in third-party dependencies and handle package updates/rewrites/etc., but you get the idea.

This works insanely well -- I've been playing around with it for a while now and we're getting close to rolling this out to all of our users in a major way =)

The best part about it is that you can just "vibe code" whatever you want, and you get really accurate static analysis security testing incorporated by default automagically.

I recorded a little video here that walks through this in-depth (https://www.youtube.com/watch?v=hQtgR1lTPYI), if you want to see the part I'm referencing, jump to 20:09 =)

Posted by u/rdegges 5 months ago
New MCP Security Research and OSS Tooling: Toxic Flow Analysisinvariantlabs.ai/blog/tox...
rdegges commented on We built audio/video RAG   ragie.ai/blog/how-we-buil... · Posted by u/mkauffman23
rdegges · 5 months ago
Great article. This may be my all-time favorite deep dive post on RAG strategies.

It’s super interesting to me how the process of fully making audio/video searchable requires so much processing. Like, extracting the audio and video, transcribing the audio, chunking the video into 15-sec scenes and describing them visually, etc.

I wonder if as a test you could use the video descriptions, run them as a prompt through something like Veo, then stitch them together into something close to the original. Wild.

Posted by u/rdegges 5 months ago
NixOS Privilege Escalation –> Rootlabs.snyk.io/resources/ni...
rdegges commented on Ask HN: To anyone who cares to read this. How old are you roughly?    · Posted by u/michelsedgh
rdegges · 6 months ago
Turning 37 in two days. =D

Been programming since I was 12. The passion has never left. <333

rdegges commented on "Goodwill", key member of the SoCal Python Community has passed away   socalpython.org/in-memori... · Posted by u/rdegges
rdegges · 7 months ago
I wasn't sure if I should post this or not, but if you ever met Michael you probably remember him. He was a kind soul and helped grow the Python developer community in LA for well over a decade.

In addition to being an excellent engineer and human, Michael was also the definition of a hacker. It feels suitable to share the news here.

He was an incredible person and touched many lives. If you ever got to meet him (in person or online), please share your experiences on his in memoriam page.

r

u/rdegges

KarmaCake day3500May 14, 2012
About
meet.hn/city/us-Bend

Socials: - github.com/rdegges - linkedin.com/in/rdegges - reddit.com/user/rdegges - instagram.com/randalldegges - https://bsky.app/profile/rdegges.com

---

I'm just a happy programmer that likes to hack stuff.

You can contact me via my site: https://www.rdegges.com/ or via email r@rdegges.com

View Original