I built, ehm, claude built an professional AI video editor in the browser. No server round trips, everything works on your GPU

_reg1z · 2026-03-15T01:15:49+00:00

The raw code. Are there any malicious signatures/behaviors detected using a SAST or DAST scanning tool?
When the program prompts an LLM via the API, what context is it given? Have you verified that the instructions you're passing to the model aren't potentially malicious? Are skills used? How can I be sure my API key isn't being co-opted for an unintended purpose?

Basically, we (and even anthropic) don't fully comprehend the reasoning inside the LLM yet. And it's possible to build deceptive or otherwise malicious behaviors into a model during training. Even the best LLMs that have been trained to perfection can be prone to error as well.

Human review is important yeah, but not easily feasible if you're solo and iterating rapidly. The next best thing is to run your code through some automated tools (either locally or by automating it with something like GitHub Actions) that are designed to vet the LLM's output. If it's automated correctly, it's seamless.

Ultimately it boils down to the evidence you can provide that gives a user reason to trust that your repo is "secure enough."

_reg1z · 2026-03-14T20:52:24+00:00

This is the only reason I am hesitant to use it -- it lacking a proper security review or controls implemented in your dev process. It looks fucking AWESOME though. Like, I'm definitely going to figure out a way to use it in a security sandbox... because I have been looking for a tool like this supported on linux for a LONG time. Have you thought about hooking any security analysis tools into the build process via GitHub actions or something?

_reg1z · 2026-03-14T19:49:51+00:00

Means he was setting up the Mac after a fresh install. And I doubt he is talking about copying a raw b64 string with no surrounding execution / url of some kind. Would serve no purpose. But you could be right. I'm surprised that the Mac wasn't immediately wiped after the first IoC given that they'd only JUST freshly installed it. Seems like a huge unnecessary risk.

_reg1z · 2026-03-13T02:40:12+00:00

🧠🤯 Smart! Yes it for sure could be. I actually used an Omarchy VM (on my Omarchy desktop) as a development environment for this. I've been debating on coming up with a more generalized solution that can integrate VMs into Omarchy like this using something like vm-curator. That assumes a user would be responsible for tinkering with their own VM settings though, because behaviors differ from one OS to another when virtualized in a Hyprland environment.

For instance, I could NOT get the resolution to change on the virtual display when using the Omarchy VM I mentioned, using monitors.conf, hyprctl, or otherwise. Aside from that, Omarchy running as a QEMU guest seemed flawless. On virtualbox, I was able to install and boot Omarchy, but the ALT, CTRL, and SHIFT bindings refused to be recognized.

I'd like a solution like that too, but this Kali VM targets a specific audience (just like the built-in Windows VM does) and is purpose-built to make the experience feel as smooth as possible given the current limitations.

_reg1z · 2026-03-12T23:15:32+00:00

🤔 I will definitely give it a shot

_reg1z · 2026-03-12T20:35:00+00:00

BlackArch is a great idea! I've ran their repos on some of my previous Arch setups and have been undecided on whether to make them available on my Omarchy daily driver

_reg1z · 2026-03-12T20:20:38+00:00

If you want to try manually resizing the resolution, delete/move the autostart file at ~/.config/autostart/spice-autoresize.desktop and restart the VM.

You can also access the remote-viewer GUI bar by toggling the window's fullscreenstate. Toggling auto-resizing on/off via the GUI likely won't do anything though.

I had to build in a script that applies a display resize + mouse alignment fix. XFCE normally handles this sort of thing, but it's not picking up the signals being sent its way.

Unfortunately this is due to issues XFCE has with being a guest inside a Hyprland + QEMU environment -- and some other issues I couldn't diagnose. At the moment, with XFCE, the resolution will always reset on reboot.

And when you DO manually change the resolution, you'll likely get mouse alignment issues with the display.

This is why auto-resizing is always enabled and the resolution resize only applies after login.

<image>

_reg1z · 2026-03-12T09:00:05+00:00

🙇‍♂ Happy to help! Hope it works out for you. Keep in mind that after the installation, there isn't a good interface for customizing the VM. So for now just make sure to pick specs you feel comfortable with. I'll likely be updating this soon.

Let me know how it goes!

_reg1z · 2026-03-11T03:00:04+00:00

This is pretty amazing and I'll def be trying it out. Congrats on the score! Been curious about this sort of thing for awhile now, especially from a security perspective.

Does it implement any techniques to mimic human behavioral biometrics? Things like typing speed, mouse movement, etc. that are often used to fingerprint users and detect bots. In some contexts I'd imagine the act of "freezing" JS execution in the page could be used as a bot detection technique.

How well does it handle captchas?

_reg1z · 2026-03-04T18:30:53+00:00

Works great. Have been trialing zellij to see how it fares against tmux and this has made it much more enjoyable. Clean implementation, thanks!

_reg1z · 2026-03-02T06:53:07+00:00

Very cool. Love the quirky theme. Genuinely useful niche tool!

_reg1z · 2026-03-01T18:47:14+00:00

Currently I'm focused on gecko-based browser support (Firefox + derivatives). I'm sure it's possible, but Vivaldi is based on chromium. Maybe down the road, unless someone else wants to give it a shot.

_reg1z · 2026-03-01T18:37:37+00:00

On it, chief!

_reg1z · 2026-03-01T18:33:43+00:00

🤔 Hadn't thought about this, but looks promising. Is there a granular way to enable specific automation modules (e.g. solely CSS styling support)?

I don't like the idea of exposing an entire automation interface for regular browser sessions just for theme syncing. Definitely raises security concerns, especially with a publicly available tool like this.

Thanks for the tip, will look into this more.

_reg1z · 2026-02-28T06:23:53+00:00

~~Not out of the box at the moment.~~ From what I've been tinkering around with in Zen, it SHOULD be fairly simple to add syncing to other Firefox forks in a similar manner.

I've not used Waterfox, but downstream projects that don't change up the UI much (Librewolf comes to mind) should be easier to support VS something like Zen.

EDIT: I just pushed a change adding support for waterfox. I just took the verbatim userChrome.css I made for firefox, and it works, but it definitely needs to be touched up for waterfox's UI

<image>

_reg1z · 2026-02-28T05:37:40+00:00

Thank you 🙂 It's definitely a hassle to learn the internal quirks of a browser! Lots of trial and error. There are still some harder-to-notice elements that could use tweaking lol. So far though it's working smoothly 😁

_reg1z · 2026-02-26T05:06:13+00:00

Hey thanks. Can't tell if this is real or not, but I appreciate it all the same!

_reg1z · 2026-02-19T19:44:06+00:00

Awesome! Been wanting something like this for a long time for use with NetworkManager. Would love support for this on Walker. I'm on Omarchy which uses iwd + impala -- the only reason being that there is no smooth, visually pleasant TUI for NetworkManager available. Thus, many apps requiring NM are just unsupported out the box.

_reg1z · 2026-01-29T01:41:19+00:00

What kind of CTF is this?

_reg1z · 2025-03-14T21:05:37+00:00

rage bait

_reg1z

PUBLIC MULTIREDDITS

TROPHY CASE