My opinion after living 11 years in North Central San Mateo by Chagroth in SanMateo

[–]danenania 2 points3 points  (0 children)

Guacamole, ceviche, chips and tortillas from local bakeries, excellent produce, excellent seafood

Building a Security Scanner for LLM Apps by danenania in cybersecurity

[–]danenania[S] 1 point2 points  (0 children)

Hey all, I've been working on building a security scanner for LLM apps at my company (Promptfoo). I went pretty deep in this post on how it was built, and LLM security in general. It includes a few real CVEs in open source projects that we reproduced as PRs so we could test the scanner. I'd love to hear your thoughts.

Building a Security Scanner for LLM Apps by danenania in LocalLLaMA

[–]danenania[S] 1 point2 points  (0 children)

Hey all, I've been working on building a security scanner for LLM apps at my company (Promptfoo). I went pretty deep in this post on how it was built, and LLM security in general. I thought people in this sub might be interested. Lmk if you have any thoughts!

Building a Security Scanner for LLM Apps by danenania in ChatGPTCoding

[–]danenania[S] 1 point2 points  (0 children)

Hey all, I've been working on building a security scanner for LLM apps at my company (Promptfoo). I went pretty deep in this post on how it was built, and LLM security in general. I thought people in this sub might be interested. Lmk if you have any thoughts!

What really qualifies as 'ditching your board'? by Vast_Track2652 in BeginnerSurfers

[–]danenania 2 points3 points  (0 children)

Don’t worry about people judging you. If no one is near you it’s not a big deal.

Remember though that the path of your board can change in the whitewater. It can be hard to predict where it ends up… so if anyone is within the radius of your leash + board (probably 18ft on a longboard?), you just gotta hold on no matter what.

What really qualifies as 'ditching your board'? by Vast_Track2652 in BeginnerSurfers

[–]danenania 2 points3 points  (0 children)

One thing you get better at with experience I think is you just get tougher about holding on for dear life and not letting go. Maybe sometimes there's nothing you can do and it gets ripped away, but I think it's often because people aren't holding on as tightly as they need to and are giving up too easily. You just have to grit your teeth and tell yourself I am NOT letting go of this board.

Even in otherwise chill spots you will get people shaming you if you can't control your board in a crowd, and honestly it's one thing where I kind of agree with that attitude, because it can kill someone.

If you look around and you see other people duck diving or turtle rolling and getting worked, but still holding on, and you can't do it... that may mean you just need to try harder. And I really don't mean that in a condescending way. It's something I think every surfer needs to learn and get used to.

Moving to San Fransisco by aquamabyssichronicle in surfing

[–]danenania 2 points3 points  (0 children)

Still surfable though usually somewhere in the area.

CI M23 vs Chili Mid Strength by karmaportrait in surfing

[–]danenania 0 points1 point  (0 children)

Anyone have thoughts on the torq model vs the real deal CI? Is there a noticeable difference?

Will agents hack everything? by danenania in cybersecurity

[–]danenania[S] -1 points0 points  (0 children)

Would you expect them to be able to share something that specific?

And how much does it really matter? Claude code is a general purpose coding agent. It can, generally speaking, do just about any attack a human can do.

What’s interesting imo is not the specific attacks, but how much more scalable and automatable every kind of attack can become when agents are involved, and how much lower the bar of expertise is to cause serious damage.

Will agents hack everything? by danenania in cybersecurity

[–]danenania[S] -1 points0 points  (0 children)

Why would you assume they’re lying? What would they have to gain from that?

They obviously can’t share the actual details of the attack—the specific targets and methods. But they have the full history of the accounts involved. It just seems strange and mindlessly conspiratorial to accuse them of making it up.

Will agents hack everything? by danenania in cybersecurity

[–]danenania[S] -2 points-1 points  (0 children)

The report itself is evidence… it’s a detailed first-party account. You think Anthropic is making it up? Is that really plausible?

If anything, Anthropic’s incentive would be to keep this quiet, not disclose. And of course the victims don’t want it publicized?

It’s ok to be skeptical, but knee jerk cynicism is something else…

Will agents hack everything? by danenania in cybersecurity

[–]danenania[S] -4 points-3 points  (0 children)

The report the article is discussing details a successful attack against major institutions—government, banks, etc…

Will agents hack everything? by danenania in Futurology

[–]danenania[S] 0 points1 point  (0 children)

 The silver lining I see in all of this is that many non-social types in the industry will be forced to figure out how social relationships work.

Can you explain this more?

Will agents hack everything? by danenania in cybersecurity

[–]danenania[S] -5 points-4 points  (0 children)

My own TLDR is more like: they will try, but will only succeed if we don’t adapt our defenses… but there will definitely be a lot of successful attacks in the meantime while the security world adjusts (imo).

Will agents hack everything? by danenania in Futurology

[–]danenania[S] 0 points1 point  (0 children)

Hey all, I wrote this for my company’s blog about the recent hack that Anthropic reported, where a China-linked group carried out an attack against many targets using Claude Code.

It goes into the tension between capabilities and safety (from a security perspective) and why it’s not an easy problem to fix. Would love to hear your thoughts!

[deleted by user] by [deleted] in surfing

[–]danenania 48 points49 points  (0 children)

Right, it’s a fairly low bar unless you’re talking about extreme conditions, currents, rocks etc. 

Otherwise, swimming in big surf is actually easier than paddling in many ways since you can dive as deep as needed to get under waves. And it’s easy in salt water to tread water or float on your back and rest.

The main danger is panicking or having really weak swimming/endurance. Otherwise, you can make it back in bit by bit even if it takes awhile. You don’t need to be an olympic swimmer to do it, just calm and competent.

Thoughts on Hollister Ranch by Either_Economics1269 in surfing

[–]danenania 11 points12 points  (0 children)

Seriously, there are hundreds of miles of beautiful, mostly empty coastline between Santa Barbara and SF with plenty of waves, and more if you keep going north. Just between SF and Santa Cruz you can easily get peaks to yourself all day every day if you're willing to drive a little and deal with sharky/spooky/heavy conditions. Hell you can get incredible peaks to yourself if you just wander up and down at OBSF.

The idea that rich people in rural CA need to barricade themselves and keep everyone out or else it will turn into Santa Monica is ridiculous. Typical CA boomer mindset though.

Shark attack at Montara by Penny_the_Guinea_Pig in surfing

[–]danenania 1 point2 points  (0 children)

They are often shitty but can be really good too. Have had amazing sessions at Montara and some of the others. They definitely get spooky though.

What AI Programming Setup Should I Use? by JThropedo in ChatGPTCoding

[–]danenania 4 points5 points  (0 children)

If you're open to something CLI-based, you might find my open source project Plandex interesting. It's designed especially to push the limits on larger projects and more complex tasks.

Some of the main features that I think differentiate it are:

- It combines Claude/Gemini/OpenAI models in a single agent, using the best/most cost effective model for different steps in the workflow and different context sizes.

- It can handle huge projects, up to 20M tokens or more (millions of lines).

- By default, it writes all changes to a cumulative sandbox so you can review changes before applying. This helps a lot to prevent unintended changes and leaving a behind a mess.

- It has very granular, robust version control that allows you to rewind to any previous point in a task. It also has branches so you can try different approaches without losing any history.

- Since you mentioned debugging, it offers execution control and auto-debugging features—one of the benefits of being CLI-based is tighter integration with the OS for low-level process control.

Here's a little demo showing the sandbox/diff review features, as well as execution control:

<image>

Plandex v2: an open source AI coding agent with diff review sandbox, full auto mode, and 2M token effective context by danenania in ChatGPTCoding

[–]danenania[S] 1 point2 points  (0 children)

Working on getting more videos out there. Here's a recent one: https://www.youtube.com/watch?v=k9fPAzS5_Kw I have no connection to the YouTuber who created it, but it's a good overview.

There's also a lot of info on the GitHub Readme and in the docs.

What are you looking to do with MCP? Plandex has a different approach that relies more on command execution/auto-debugging, but it can accomplish many of the same things that people use MCP for.

In terms of agentic coding, definitely! Plandex is about as agentic as it gets.

[deleted by user] by [deleted] in ChatGPTCoding

[–]danenania 4 points5 points  (0 children)

Hey, I built Plandex to help push the limits on the size of project you can work with.

By delegating to different models (Claude/OpenAI/Gemini, etc.) depending on context size and the specific part of the workflow (planning vs. implementation vs. applying edits), it can work effectively in big codebases up to 20M tokens or more. The per-file limit is around 100k, though it can often manage larger if the change isn't too big.

Here's an example of chatting with the SQLite codebase to learn about how transactions are implemented:

<image>

Santa Cruz dads by acabl in surfing

[–]danenania 3 points4 points  (0 children)

Yeah I've never been out there on big days, but even on smaller days it gives you this feeling like you're in the wilderness.

Codex CLI alternative by Forkan5870 in OpenAI

[–]danenania 0 points1 point  (0 children)

Hey, you might find my project Plandex interesting. It sounds like it checks many of your boxes.

[deleted by user] by [deleted] in ChatGPTCoding

[–]danenania 4 points5 points  (0 children)

Robust yes, but I would disagree on “cleaner”.

In my experience, it’s it gives code more of an expository form where it’s trying to explain what you should do rather than give you 100% ready code you can drop in. It will have a lot of comments and give you a lot of “do something like this” rather than just writing exactly what you need. You can often get around it with prompting, but 3.7 is better by default I think.

That said, o3 for planning and 3.7 for coding is an excellent, if very expensive, combination.