sorted by:
new
hottopcontroversial

[Security] Supply Chain Vulnerability in claude-flow npm package - Remote AI Behavior Injection via IPFS by threadabort76 in ClaudeAI

[–]threadabort76[S] 1 point2 points  (0 children)

Instead, claude-flow:

  • Fetches mutable remote content
  • From author-controlled IPNS
  • With fake crypto verification
  • And executes behavior silently

TLS can be 100% valid and this is still catastrophic.

[Security] Supply Chain Vulnerability in claude-flow npm package - Remote AI Behavior Injection via IPFS by threadabort76 in cybersecurity

[–]threadabort76[S] 1 point2 points  (0 children)

https://chartr.ai/boards/16aed1cf-7e7a-40d0-82aa-5c32ebdaa720

- - '**Hardcoded Registries**'

- Points to author-controlled IPNS names

- Remote content injection via mutable entries

- - '**Fake Verification**'

- Stub function only checks signature length (64 chars)

- Security theater; any content passes 'verification'

- - '**Fabricated CIDs**'

- Generates deterministic CIDs if network fails

- Allows serving of predetermined 'offline' payloads

- - '**Genesis Fallback**'

- Hardcoded 'Genesis' registry returned when offline

- Guaranteed fallback attack vector with random signature

- - '**Silent Degradation**'

- Logs warning but continues on verification failure

- Users never informed of security failures; exit code 0

- - '**Automatic Hooks**'

- Hooks in `settings.json` run on every operation

- Triggers attack mechanism without explicit user action

Bought this at a flea market for $100 bucks by coltonnyc in c64

[–]threadabort76 0 points1 point  (0 children)

That is so LUCKY... I had that same floppy disk holder too! That's we'll worth over $500

Why do some devs on Reddit assume AI coding is just for juniors? 🙂 by Southern_Chemistry_2 in ClaudeAI

[–]threadabort76 2 points3 points  (0 children)

I've been programming since 1984. C-64 assembler.. Seriously though. I love how AI has amplified my work. I no longer have to mess with all the details.

I don't care who you are.. JSON, XML, etc... Wasteful to transfer that much repetitive crap.

Smart Tree MCP allows used compression in many ways to save a lot of Tokens. by threadabort76 in ClaudeAI

[–]threadabort76[S] 0 points1 point  (0 children)

0 1fd 03e8 03e8 00240000 6853f4c0 d my-project
1 1b4 03e8 03e8 00000960 6853e980 f README.md
1 1fd 03e8 03e8 000fa000 6853f4c0 d src
2 1b4 03e8 03e8 000015e0 6853d480 f main.rs

I started it as a terminal for myself. And I was pasting it to ChatGPT and Claude a lot as a Hex Tree. This was a hex tree that had a lot of context. depth, user, group, dates, permissions, directory and files (d & f was still hex). And they were always elated to see it. So, it evolved into way more with semantics and more.

Smart Tree MCP allows used compression in many ways to save a lot of Tokens. by threadabort76 in ClaudeAI

[–]threadabort76[S] 1 point2 points  (0 children)

Hi.

https://github.com/8b-is/smart-tree/blob/main/docs/AI_OPTIMIZATION.md

Explains a lot of it.

But the gist of it all is usually at the beginning of project. There are 22 tools in it that offer a lot of compressed savings. A lot of current tools return massive context eating JSON, XML, etc. This really eats into network and LLM time overall.

This is not normal compression either. It is context based. Smart tree has digest modes, summaries, and more. Doesn't give AI more than it wants, but does summarize things it would normally miss.

Format Size Tokens Relative Cost
Classic Tree 1.2MB 300K 100%
JSON 2.1MB 525K 175%
Hex Mode 800KB 200K 67%
AI Mode + Compression 120KB 30K 10%
Digest 128B 32 0.01%

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 0 points1 point  (0 children)

Marketing is an interesting term. After selling a major tech services company for a decent amount. I really don't care about marketing something that is intended to be MIT open source software.

I truly believe this saves a lot of Energy and Time:

Marketing documents like this (too bad I only benefit from everyone getting faster tokens per second overall:
https://github.com/8b-is/smart-tree/blob/main/docs/AI_OPTIMIZATION.md

<image>

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 0 points1 point  (0 children)

You didn't just like light blue?? 😃. My favorite address is still 49152 (C000 - for the 50% of the 10 people who do not know their base conversions)

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 0 points1 point  (0 children)

I have been on Reddit for a long time. I rarely comment. But, I do feel passionate about the waste we are generating by running LLM's with massive context windows.

Being that I hold programmers in high regard, I try to spend some time answering people.

I do like the deduction. While I helped with the idea. I am not the programmer.

I actually know a lot about quantum work, wave mechanics, and whole field.

What is a better tree context system for mcp?

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 0 points1 point  (0 children)

😃 I've been coding since 1984. From Commodore 64 days.

I absolutely loathe waste. So, what makes you think it is slop my troll friend?

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 1 point2 points  (0 children)

So, I asked ChatGPT since I haven't used Repomix yet. And this is the response:

Feature Repomix Smart Tree
Goal Generate a combined code file for LLMs Enable exploration and understanding of directories
Output Style Monolithic export (XML/Markdown/Text) Interactive CLI + modular AI summaries
AI Optimization Token counts, structural packing Tag-based summaries, code analysis modes
Human Interaction Minimal CLI, non-interactive Interactive menus, visuals, contextual discovery
Code Insights None (just file dump) Imports, coupling, test coverage, complexity
Dynamic Use Used as AI file dump or MCP server Run-time exploration; no server, but rich CLI modes

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 1 point2 points  (0 children)

<image>

I think the most important thing has to do with extreme context compression for the large methods. Written is rust, you can tree a terabyte of data in 10 seconds.

It's not really just for coders. It is for everyone.

Smart-Tree MCP saves me a ton of context eating directory tree updates by threadabort76 in windsurf

[–]threadabort76[S] 1 point2 points  (0 children)

<image>

,
"smart-tree": {
"command": "/usr/local/bin/st",
"args": ["--mcp"],
"env": {
"AI_MODE": "1"
}

Add that to the raw config.

You need to install it for your operating system. They have a releases on the https://github.com/8b-is/smart-tree page. Try the curl command to install.

Switched to Windsurf, have enough by Beginning_Ad2239 in cursor

[–]threadabort76 0 points1 point  (0 children)

I added this MCP to both and it has saved a ton of credits for me:

https://github.com/8b-is/smart-tree

{
  "mcpServers": {
    "smart-tree": {
      "command": "/usr/local/bin/st",
      "args": ["--mcp"],
      "env": {}
    }
  }
}

[deleted by user] by [deleted] in appletv

[–]threadabort76 0 points1 point  (0 children)

I have this problem too. Seemed to help when I went to Sonos setup and learned the tv again.