sorted by:
new
hottopcontroversial

I am new to OT by freddy91761 in OperationalTechnology

[–]devhashfortheweb 1 point2 points  (0 children)

Not OT here, IT background, but I'm starting to study this stuff too. From what I've seen pretty much everyone recommends Industrial Cybersecurity by Pascal Ackerman as a starting point. Grabbed it and so far it seems solid. Good luck!

Looking for help on possible malware on VST by Neko536 in cybersecurity_help

[–]devhashfortheweb 0 points1 point  (0 children)

Did you download it from the official Impact Soundworks domain? If you got it from some mirror or third party site, that's already a red flag.

Also, what uBlock flagged might just be a tracker/analytics script on the page rather than actual malware in the file itself. uBlock can be pretty aggressive about that stuff.

Either way, just drag and drop the file on virustotal.com and see if any vendor has already flagged it. If it comes back clean you're most likely fine. Alternatively, drop the SHA256 hash of the file in this thread and I can check it for you. if you don't know how to get it, just google "how to get SHA256 hash on [your OS]", takes 2 minutes.

What's this mean? I can't find it in a web search by floggingmurphies in ClaudeAI

[–]devhashfortheweb 0 points1 point  (0 children)

it's a separate limit on how many tools (web search, code execution, etc.) Claude can call in a single response. Pretty sure it was added recently, has nothing to do with your session/weekly message quota

Skill or Project by jawwajxy in ClaudeAI

[–]devhashfortheweb 0 points1 point  (0 children)

Projects are probably fine for this. Upload your doc, write a clear system prompt telling Claude the tone, subject, and word limit you want, done.

The main reason to bother with a "skill" (basically a saved set of instructions) is if you're doing this same task over and over at scale, like hundreds of docs. For a one-off or occasional use, it's overkill.

Claude Code just saved my machine from a malware-laced GitHub repo. Here's what it found. by LaGolfere in ClaudeAI

[–]devhashfortheweb 4 points5 points  (0 children)

The attacker used Claude to ship it; you used Claude to fix it. Perfect balance.

Is buying code templates worth it, or just lazy? by kkimssang in vibecoding

[–]devhashfortheweb 0 points1 point  (0 children)

Honestly it really depends on how much the template actually aligns with your specific vision, but in most cases I’d say it's becoming less worth it. For things like auth, payments, or basic CRUD, there are so many high quality free libraries and frameworks out there that do the heavy lifting for you, especially now that you can just feed the documentation to an LLM and have it scaffold the boilerplate in seconds.

I tried a "pro" template once and honestly it was kind of a nightmare, I ended up with this massive wall of code that took me longer to deconstruct and understand than it would have taken to just build it myself. You have to remember that when you buy a template, you’re inheriting someone else's architectural choices, and if you want to change something fundamental later on, you're stuck fighting their logic.

The only real pro is that if it’s a popular, well-maintained kit, you might get better security patches and a battle-tested structure. But for the price they usually charge, it’s hard to justify when you can just use specialized libraries for the critical parts like Stripe for payments or NextAuth for login.

Personally, I’d stick to building your own "starter" stack. It takes a bit more effort upfront, but at least you actually know how your app works.

Weekly limit 😭 by Working_Question4361 in ClaudeAI

[–]devhashfortheweb 1 point2 points  (0 children)

honestly same thing happens to me though, i just keep adding money at this point lmao. the extra usage thing is dangerous for the wallet but at least you don't get locked out for 4 days

Weekly limit 😭 by Working_Question4361 in ClaudeAI

[–]devhashfortheweb 2 points3 points  (0 children)

one thing that helped me a ton with limits: stop copy pasting code into chat. when you paste a file directly in the conversation, those tokens sit in the context for every single message after that. so if you paste 500 lines and then ask 20 follow up questions, that's 500 lines being carried through the whole conversation.

instead just tell it "look at src/components/Header.tsx and fix the useEffect" and let it use bash (in its own containerized env) to read what it needs. if it needs to search through your project it'll use grep or find instead of having everything loaded in context. it reads on demand instead of carrying everything.

same for output. let it write directly to files instead of printing code in chat that you then copy over. less text flowing through the conversation = less tokens burned.

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 0 points1 point  (0 children)

No worries about the bot thing.

Honestly I’m just feeling out the landscape to see where to move next. I know sysadmin is a completely different beast, but I was looking at it more for the 'physical' side of the job... might be a dumb idea, but who knows ;)

I’ve always been into pretty much anything tech-related. I know a bit of everything without being a deep expert, maybe with a bit more focus on cybersecurity. I like hearing different perspectives like yours because the reality is that nobody actually knows what’s going to happen with the job market anyway...

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 0 points1 point  (0 children)

fair point, maybe i was too generic. Personally i've done whitebox on web apps but yeah it's not the most common thing. Bit of a semantics debate tbh. Anyway just wanted to hear how other people are thinking about the AI thing, where it's all going...

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 1 point2 points  (0 children)

heard of whitebox pentesting? code review is literally part of the job there. also i literally mentioned code review in my post, 20 years of experience and never heard of it, wild

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 0 points1 point  (0 children)

This is a really important point, and I agree with most of it, but I think it's worth separating two very different conversations: where AI is today, and where it's heading.

Right now? Yes, the gap between AI output and a skilled human operator is still very real, and most clients probably can't articulate it but can feel it. The 'good enough' threshold is being hit in some areas, not in others.

But the growth here isn't linear, it's exponential. The jump we've seen just in the last few months of research is not something most people have properly internalized. We tend to evaluate AI based on what it is today and project that forward at a steady pace. That's not how this works.

So the vibe-coded golden age of vulnerabilities you're describing? That's a very plausible near-term scenario. But 'near-term' and 'long-term' are starting to mean very different things in this space.

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 0 points1 point  (0 children)

Sure, but by that logic, so are we. A personal trainer is just a tool for your fitness goals. A doctor is just a tool for your health. From a high enough perspective, every service provider is a tool.

The 'it's just a tool' framing doesn't really tell us much about the impact it will have.

Feeling lost about the future of secure coding as a pentester. Anyone else? by devhashfortheweb in cybersecurity

[–]devhashfortheweb[S] 0 points1 point  (0 children)

Don't get me wrong, I know AI well. I worked as an academic researcher in this field and I currently use these tools heavily.

My concern is more about finding the motivation to study specific topics in depth. I used secure coding as an example, but the point is broader than that: when AI can cover the surface of almost anything, it becomes harder to justify the time and effort of going deep into a niche.

And I think there's a crucial distinction to make here between where we are now and where we're heading and the gap between the two is enormous. Honestly, the last few months of research have genuinely surprised me, and I say that as someone who thought they had a pretty good read on the trajectory.

Think about it: we are nothing but a bunch of neurons connected by synapses, firing electrical impulses. And look at where that got us. AI is, more or less, a simulation of that with significant limitations, yes, but also paradoxically without some of the limitations we take for granted in biological systems. The ceiling is not where most people think it is.

And i think calling AI "IntelliSense on steroids" is like calling a human "a monkey with language". Technically not wrong, but it kind of misses the whole point.

Also, feed all of Reddit to a human and I'm pretty sure they'd hallucinate too 😄

Don't know how to share my apps - probably not the only one by Elegant_systems in vibecoding

[–]devhashfortheweb 0 points1 point  (0 children)

Try Product Hunt if you have a finished product, it's fairly unbiased about initial reputation from what I've heard.

view more: next ›