Readit News logoReadit News
waterproof commented on Comet AI browser can get prompt injected from any site, drain your bank account   twitter.com/zack_overflow... · Posted by u/helloplanets
skaul · 6 days ago
That was in the blog from the starting, and it's also the most important mitigation we identified immediately when starting to think about building agentic AI into the browser. Isolating agentic browsing while still enabling important use-cases (which is why users want to use agentic browsing in the first place) is the hard part, which is presumably why many browsers are just rolling out agentic capabilities in regular browsing.
waterproof · 5 days ago
Isn't there a situation where the agentic browser, acting correctly on behalf of the user, needs to send Bitcoin or buy plane tickets? Isn't that flexibility kind of the whole point of the system? If so, I don't see what you get by distinguishing between agentic and no agentic browsing.

Bad actors will now be working to scam users' LLMs rather than the users themselves. You can use more LLMs to monitor the LLMs and try and protect them, but it's turtles all the way down.

The difference: when someone loses their $$$, they're not a fool for falling for some Nigerian Prince wire scam themselves, they're just a fool for using your browser.

Or am I missing something?

waterproof commented on Control shopping cart wheels with your phone (2021)   begaydocrime.com/... · Posted by u/mystraline
xattt · 8 days ago
One reason, beyond cart theft, is aesthetics.

A grocery store at Bayview Village, an upscale mall in Toronto, uses this system to stop cart travel outside the grocery store parking garage. Mall management considers carts trashy and that they otherwise bring down the appearance of the mall. This was one of the conditions when the store opened in 2005. Their cart policy may have changed 20 years since.

waterproof · 8 days ago
Right, the real reason isn't to stop theft, it's to avoid the optics of store-branded carts being left around and save management the hassle of retrieving carts from nearby properties.
waterproof commented on What is going on right now?   catskull.net/what-the-hel... · Posted by u/todsacerdoti
cck9672 · 8 days ago
Can you elaborate on your process and tools here? This use case may actually be valuable for me and my team.
waterproof · 8 days ago
Tools that can build you a quick clickable prototype are everywhere. Replit, claude code, cursor, ChatGPT Pro, v0.app, they're all totally capable.

From there it's the important part: discussing, documenting, and making sure you're on the same page about what to actually build. Ideally, get input from your actual customers on the mockup (or multiple mockups) so you know what resonates and what doesn't.

waterproof commented on The Missing Protocol: Let Me Know   deanebarker.net/tech/blog... · Posted by u/deanebarker
akoboldfrying · 17 days ago
100% this. Per-topic RSS feeds solves this perfectly.
waterproof · 17 days ago
Nah an RSS feed has the ability to contain n feed items. This proposed new protocol would have a maximum of 1 item. The closed contract (1 notification only, ever) makes sure that it doesn't become yet another avenue for producers to push content that you didn't ask for.
waterproof commented on I extracted the safety filters from Apple Intelligence models   github.com/BlueFalconHD/a... · Posted by u/BlueFalconHD
waterproof · 2 months ago
Here's a combined file of all the non-locale-specific rules, for easier review: https://github.com/BlueFalconHD/apple_generative_model_safet...

It was generated as part of this PR to consolidate the metadata.json files: https://github.com/BlueFalconHD/apple_generative_model_safet...

waterproof commented on I extracted the safety filters from Apple Intelligence models   github.com/BlueFalconHD/a... · Posted by u/BlueFalconHD
t-3 · 2 months ago
Rhyming slang rhymes tho. The recipient can understand what's meant by de-obfuscating in-context. Random strings substituted for $proscribed_word don't work in the same way.
waterproof · 2 months ago
In Cockney rhyming slang, the rhyming word (which would be easy to reverse engineer) is omitted. So if "stairs" is rhyme-paired with "apples and pears" and then people just use the word "apples" in place of "stairs". "Pears" is omitted in common use so you can't just reverse the rhyme.

The example photo on Wikipedia includes the rhyming words but that's not how it would be used IRL.

waterproof commented on Launch HN: Exa (YC S21) – The web as a database    · Posted by u/willbryk
waterproof · 4 months ago
I love the enrichments feature. Have you considered making it available separately from the initial web search?

I often have projects where the enrichments feature alone would be super useful: I would provide, say, a list of company names, and then use enrichments to qualify them based on location, age, founder experience etc etc.

Posted by u/waterproof 6 months ago
Show HN: Get webmail link for any(ish) e-mail addressemail-host-detector.optio...
waterproof commented on Scanners Beware: Welcome to the network from hell   medium.com/sensorfu/scann... · Posted by u/vailunka
waterproof · 8 months ago
> Most scanners send three requests per IP address. Our solution observes the first two requests to check if a device exists at that IP

So all an attacker has to do to avoid the tarpit is reduce their retries to 2? And they can detect all your fake devices by seeing who responds on the 3rd try?

I get that this is just one step in the cat-and-mouse game, but the brittleness of this approach makes the grandiose closing statements a little grating:

> Lightweight yet powerful, it empowers you to take control of your network security with minimal effort.

w

u/waterproof

KarmaCake day145January 20, 2015
About
just another software guy, who cares about the purpose of his work.
View Original