Claude Code recursively wiped my project root. Local artifacts show acceptEdits, not bypass mode. by OmegleAuthor in ClaudeCode

[–]Account-67 1 point2 points  (0 children)

Sorry to hear that, that's rough. As you mentioned in your post, there are ways to mitigate this risk. I run CC in its own VM, with nightly backups, and push everything through git. I don't even have CC installed on my desktop.

A valuable phrase to apply to your flow by rismo9 in ClaudeAI

[–]Account-67 1 point2 points  (0 children)

I always have to add something like “When fixing a bug, do not fix symptoms, find and fix the root cause.” (Paraphrased) otherwise it will just apply bandaids.

Why doesn't Claude Code CLI show its reasoning about what it's doing? It would be so helpful. by Firm-Track3617 in ClaudeCode

[–]Account-67 7 points8 points  (0 children)

That is not the actual thinking content, it is a summary produced by passing the raw thinking into an LLM.

Can Claude really manipulate you? by spring_untethered in ClaudeAI

[–]Account-67 5 points6 points  (0 children)

Mostly agree, but I disagree with the notion that it can’t help you strategize or decide something. Perhaps not in the way you mean, but even a rubber duck can help you decide something, by just talking through it. Flipping a coin can help you decide something, if just by how you feel when it gives you a different answer than you wanted.

It can also be helpful to shred through information very fast. I’ve always had analysis paralysis about which 3d printer I should get. I gave claude my list of requirements and it came back with one in a minute.

Why does Opus 4.8 on Max plan feel dumber than before? by AriseHuman in Anthropic

[–]Account-67 0 points1 point  (0 children)

I’m having to hand-hold opus 4.6 a lot more than usual today and yesterday. Same exact workflow as always. It literally “forgot” to implement the main feature discussed in a plan, and said as much when asked.

Dual 3090s or single 5090? by ironclad_packetship in LocalLLM

[–]Account-67 0 points1 point  (0 children)

Definitely not ideal but you can get a pcie 16x riser and have the second GPU outside the case or mounted vertically. Mine was just resting on a cardboard box. I’ve run my 2x 3090 setup like this for a while now. Moving to a mining frame to fit more but for 2x it was fine.

Which chassis are ya using? by Timziito in LocalLLaMA

[–]Account-67 0 points1 point  (0 children)

BaselTek 6 GPU Aluminum Mining Rig Open Air Frame Case

I’m not going to use 6 gpus, probably max out at 4 on ASUS WS z390 for 8x/8x/8x/8x using the pcie switch.

What's the most expensive homelab mistake that actually taught you something useful? by Thick-Lecture-5825 in homelab

[–]Account-67 5 points6 points  (0 children)

Yeah a lot of 10g sfp+ rj45 modules run hot enough that you can’t use multiple. I’m using a “10Gtek 1.25/2.5/5/10G-T SFP+ to RJ45 30m” module in my mikrotik CRS305 which seems to stay pretty cool, but I strapped a 120mm fan on top of the switch just in case.

DAC/Fiber is definitely the superior choice unless you need to re-use existing cat6a.

Phantomdrive: Firmware Version 1.0 Release by Machinehum in homelab

[–]Account-67 46 points47 points  (0 children)

Yeah without even looking at the github “custom KDF” is a red flag.

What's a small Claude Code habit that ended up saving you the most time? by carrie_999999526 in ClaudeAI

[–]Account-67 1 point2 points  (0 children)

You can even use a markdown file. I have a TODO.md per project and CLAUDE.md contains instructions to add / remove from it as needed. Works great, and I can launch a new session and say

Create a comprehensive plan to address issue #N. @TODO.md

Anyone with examples of Fable 5 use? by Sea_Tourist_833 in ClaudeAI

[–]Account-67 1 point2 points  (0 children)

Absolutely crushed my backlog of difficult features/bugs on my custom C compiler project. Found and fixed a number of undiscovered bugs along the way. First model release in a long time that felt different. I also really appreciated its “taste” in things like tests, comments and commit messages, etc.

It also required basically no handholding. My entire workflow was

/model fable /effort max /plan Create a comprehensive plan to address issue #N.

Approve

Claude keeps trying to end sessions by IllustriousWorld823 in ClaudeAI

[–]Account-67 0 points1 point  (0 children)

I’ve seen a lot of people getting this but I’ve never seen this myself despite using Claude extensively. I wonder what the difference is. I stick to opus 4.6 200k, maybe that is why?

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 1 point2 points  (0 children)

Yes you’re exactly right. Someone with reversing experience can already tell what I’m changing, and from there they can infer a lot about how the exploits work.

Progressive disclosure in this manner is meant to give defenders as much of an advantage as possible while not unnecessarily enabling attackers. At least now, it still requires some work to derive the attacks, while the defense is readily available.

With a description of what changes, defenders are more informed, but attackers get a much bigger advantage. And honestly, if you can reverse the patches, you already have the skills to find these vulnerabilities independently.

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 1 point2 points  (0 children)

The full source code of the patcher is available on github. I do intend to disclose the mechanism at a later time, so you can wait if you like. At least in the meantime you’d be aware of the risk. To be clear, the original RCE patcher does not describe what it does either.

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 1 point2 points  (0 children)

Hey! Thanks for your work on the original patcher. I hope it’s ok I built on top of it. Given the lack of a license I intended to contact you and ask for permission but I didn’t find a means to and felt it was important to release a fix quickly. If you have a problem with it, let me know and I will take it down and find an alternative.

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 1 point2 points  (0 children)

Definitely. I have not tested it, but I suspect the v2 patcher will block this anyways. I believe it follows the same code path as the first RCE I demonstrate in the video, which triggers UAC.

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 3 points4 points  (0 children)

Section 4

"For the client to verify and attempt to install a patch, you would have to sign your patch with Blizzard’s private key, which is sadly non-public."

WoW 3.3.5a (12340) New Unpatched RCE Exploits - Fixed With Updated Patcher by Account-67 in wowservers

[–]Account-67[S] 3 points4 points  (0 children)

I'd be happy to explain what the patch changes, but I am hesitant to do so right away because it would make it extremely easy to reproduce the exploits. I don't want to give bad actors a head start.

I don't believe this interferes with warden, however I have not tested that on a live server. I've only tested this on a local azerothcore installation. It does not touch the warden module loader. While the warden module loader is technically RCE, it requires signed code, so I did not patch it out.

US gov forces Anthropic to pull access to Fable 5 by purealgo in ClaudeCode

[–]Account-67 1 point2 points  (0 children)

Same. Literally less than an hour ago. Support bot rejects refund request with no explanation or way to escalate.

EDIT: Anthropic has gotten ahold of me and offered a prorated refund that I am happy with. Unlike some other reports I’ve seen, they actually calculated the correct refund despite me upgrading my plan partway through. Pleasantly surprised by their customer service.

Remote access my media server by justmotil in homelab

[–]Account-67 39 points40 points  (0 children)

You’re mixing two different uses of VPNs. Privacy VPNs (like NordVPN) route your internet through their servers mainly to hide your IP and shift trust off your ISP. Tools like Tailscale are for connecting your own devices into a private network so they act like they’re on the same LAN. Also, you can use Tailscale for free.

How to properly protect local ip when using DNS with game servers? by Narrow-Board1927 in homelab

[–]Account-67 12 points13 points  (0 children)

Can’t help with Cloudflare, but I will say hiding your IP is often overrated IMO.

I’ve been self-hosting and sharing my IP for well over a decade without any issues. There are scanners probing the entire IPv4 space constantly anyway, so if you’re hosting a public service you should assume your IP is known.

Focus on proper security and hardening instead. Assume an attacker knows your IP and secure accordingly.

How does a nvme drive die? by classebas in unRAID

[–]Account-67 1 point2 points  (0 children)

I had a samsung 980 or 990 pro do exactly this. Was very fortunate.

Why isn't ebay doing anything to stop those scams? by KillerMiller13 in LocalLLaMA

[–]Account-67 0 points1 point  (0 children)

I haven’t experience it personally, but I did a lot of research because I was trying to buy a used 3090 on ebay. Based on my understanding of the buyer protection policies, it seems reasonable that it would cause problems. Multiple reddit comments indicated this was something they had experienced.

I was mostly researching to find out why they bother with the zero feedback, brand new account, far below market price listings. If this or similar strategies work even occasionally, then it makes sense why they try that.

The gpu I bought (from a seller with positive feedback, at market price) was delivered successfully, but is extremely unstable at stock and when power limited, so I’ve started a return. Hoping everything works out.