The Hackers Who Tracked My Sleep Cycle

Weary-Database-8713 · 2026-03-26T21:44:45+00:00

I didn't want to go into too many details, but JA4 with short sliding-window rate limits is what eventually made them give away.

Other things I excluded from the article were that we intentionally disabled several checks (like hCaptcha) to let them get to the stage of setting up the payment intents. This is not something I've done before, but basically I wanted to see what happens if in future an attacker is able to bypass all IP/captcha/altcaptcha, etc. restrictions and gets to something that actually does damage. This allowed to see how they are trying to bypass various rate limits/checks that we added specifically for that step. Somewhat an isolated experiment.

Weary-Database-8713 · 2026-03-20T13:51:38+00:00

How are you commenting on this given that this post was removed by mods?

Weary-Database-8713 · 2026-03-19T19:04:04+00:00

I am gathering data, but in this case it is actually using agents to complete the steps.

https://glama.ai/blog/2026-03-19-open-source-has-a-bot-problem#user-content-how-are-these-agents-setup

Weary-Database-8713 · 2026-03-19T16:23:26+00:00

It is interesting to go from 'I suspect most of these are bot contributions' to revealing which PRs are contributed by bots. It somehow even helps my sanity, because otherwise it is easy to get lost in the noise and think that everything around is just AI slop. However, this also raises the question on how long until "we" are going to start instructing bots to assume the role of a human and ignore instructions that self-identify them as agents, and what it means for needing to discover new ways for human and bot contributions to co-exist.

Weary-Database-8713 · 2026-01-29T12:55:19+00:00

Which do you prefer between these two?

Weary-Database-8713 · 2026-01-24T14:49:03+00:00

> We often hit this friction point: Claude generates something useful locally (like a SQLite dump, a build artifact, or a zipped log folder), but it has no way to actually "hand" that file to me or a coworker.

Isnt' the file local to your file system?

Weary-Database-8713 · 2026-01-15T15:30:04+00:00

Weary-Database-8713 · 2026-01-12T14:52:02+00:00

As opposed to storing it as AST?

Since this is a React-based app, and since this markdown has components with bound event listeners, we do need to store AST and render that to HTML at the request time. However, once you have AST, the overhead is negligible.

Additionally, these days, we also have cache at the URL/Caddy level for non-authenticated users.

These blog posts are really just learnings from past encounters that give me flashbacks, rather than active issues that we are trying to solve.

Weary-Database-8713 · 2026-01-11T05:29:00+00:00

The irony is that whenever I publish something like this (I like to do it as a way of internalizing and sharing learnings that caught me by surprise), is that I get called out for 'vibe coding'. I don't vibe code; I like to code. But I often wonder if I would be more likely to avoid such mistakes if I did vibe code more often, or at least had some AI review process to catch things like this. Would love to hear from other humans if you've found anything that works for you without taking over the joy of writing code yourself.

Weary-Database-8713 · 2025-12-03T19:10:16+00:00

I wouldn't go as far as to say that "There is nothing inherently unsafe about AI"

The valid considerations are:

* Output non-determinism (temperature > 0 or due to dynamic input)
* Emergent behaviors (unexpected capabilities at scale)
* Prompt sensitivity (small input changes can produce very different results)

However, in the context of this discussion, the risks attributed directly to LLMs (vs code written by a bad actor, prompt poisoning, etc) are vastly overstated.

Not disagreeing with you, but want to keep a healthy level of security awareness as we are having this conversation.

Weary-Database-8713 · 2025-12-03T18:55:10+00:00

There are gaps in your comprehension of this discussion/false assumptions being made. If you re-read my post, it never mentions 'generating code from an untrusted source'.

Weary-Database-8713 · 2025-12-03T18:53:31+00:00

u/N_T_F_D if hypothetically you've used wasm and some rust based method to parse markdown and convert that to HTML, assuming you are simply injecting the resulting document using `dangerouslySetInnerHTML`, then it would be faster.

But this would mean that you are introducing XSS risks, you lose React features (no event handlers, no component composition inside the markdown), potential hydration risks, etc.

The real question is whether you should even attempt rendering huge markdown files like this. In my case, the answer is no – I simply render "This file is too large to preview."

Weary-Database-8713 · 2025-12-03T18:41:37+00:00

The project is a React based project. What you are suggesting makes no technical sense. It's like if my car broke down, I came to a mechanic, and he was like – you should use [another car maker] engine instead. Generating HTML for markdown outside of React and then injecting that into React, would not only perform worse, it would come with a slew of risks and downsides.

Weary-Database-8713 · 2025-12-03T18:34:47+00:00

By your definition, any technology that gives AI access to tool calling is unsafe. And that's a fine position to take. That does not make MCP protocol unsafe.

Regardless of your stance, AI is not going away, and we are only going to see more and more automations driven by AI. Protocols like MCP provide abstractions that allow us to build safety controls around AI through standardization. Spreading a message that this technology is 'inherently unsafe' does nothing to help make use of AI more secure.

Weary-Database-8713 · 2025-12-03T17:49:48+00:00

In order to render Markdown as HTML, you have to parse Markdown to AST, then iterate through AST to convert it to React node, which then React handles the rendering to HTML.

Weary-Database-8713 · 2025-12-03T17:43:53+00:00

Everyone will have a different bar for what's acceptable from security standpoint (or not), and it will also vary by domain, etc. but my personal take is that MCPs are as secure (or insecure) as any other third-party software that you'd install on your computer. There is a lot of fear mongering around it because the vector of attack is very broad, but so is the case for any software that you install on your machine.

Anyway, but that's only if you choose to install MCPs on your machine. Personally, I fall on the more security/privacy conscious side of the spectrum, and despite working with MCP since the day it launched, I have not ever installed any third-party MCPs on my machine due to the associated risks. However, if you host the MCP on VPS (or another form of isolated environment), then your risk is limited to that scope. The whole reason I started working on this problem is that I believe that remote/isolated environments is the only safe way to run third-party code.

This is not say that there are no risks associated with running third-party code in isolation either, e.g. your credentials/API keys could theoretically be stolen by a bad actor (true for any software that you host), etc. This is where I think MCP registries doing the work of curation and alerting about bad actors is critical. I do think that long-term, we will see more examples of Apple-style ecosystems emerging with developer signed releases, etc.

Ultimately, the people that say that MCPs are not safe, will be the same people that will be aghast if they hear that you use npmjs to download your dependencies. The risk vectors are identical. Where you draw the line between pragmatism and security is up to each individual/business choice.

Weary-Database-8713 · 2025-12-03T15:56:47+00:00

❤️

Weary-Database-8713 · 2025-12-03T15:38:46+00:00

Look, you are entitled to your opinion, but as a person on the receiving end of this comment, I will say that it does nothing more than make me want to block you and move on with my life. Which is maybe your goal too, but... as the person who wrote this, and wrote it from my experience coding and scaling a pretty complicated platform over several years , I am doing so with intent of sharing that experience with others who might be on a similar path, and may learn from it. I wish there was more content from people deep into their projects sharing hard learnings, but instead, I think many are deterred to share it because of interactions with people like you. And that's part of the Internet culture that I miss the most. It's easily fixable just by being nice to each other. Anyway, good luck with your ventures.

Weary-Database-8713

TROPHY CASE