giladd's comments

giladd · 2026-05-24T03:52:05 1779594725

This is a pretty awesome little game, seems more rewarding than most something-le games I've seen. Will share with friends.

Will you / could you add access to past puzzles? That's the first thing I looked for but couldn't find.

unseen_forms · 2026-05-24T08:23:41 1779611021

That's great to hear!

>Will you / could you add access to past puzzles? That's the first thing I looked for but couldn't find.

Yeah I'm still torn about this. On the one hand, it's obviously a really easy feature to add and allows users who want to play more to do so. And I'm aware that a lot of people really don't like it when daily puzzle games don't let you play through the archive. On the other hand, I am quite romantic about the daily thing. I really loved the fact you could only play Wordle once a day, there was something special about it in an era of unlimited, endless content. I know it's no longer novel to limit players to just one puzzle a day, but something is compelling me to keep it that way.

tomstuart · 2026-05-24T10:17:14 1779617834

The game’s difficult to understand so it’s too punitive to not offer even a single practice/example puzzle to use for learning. One puzzle a day is nice once you’ve got the hang of it, but it’s discouraging to “waste” today’s puzzle on learning the rules and not be able to try for real until tomorrow.

unseen_forms · 2026-05-26T17:54:04 1779818044

Yeah I appreciate that. We're thinking now of perhaps adding a post-game mode that allows people to practise parts of the puzzles so they can sharpen up their skills whilst saving the larger puzzles for the main daily event.

giladd · 2026-04-25T22:18:16 1777155496

This is pretty cool, nice project. Can you expand on what threat model this combats?

Also, does the replace op happen only for specific fields in HTTP, or for every matching string in the request? I can imagine the latter if you want to support non-standard authentications methods, though there's always the edge case where the secret string placeholder is not used as a secret and should not be replaced.

neo2006 · 2026-04-25T22:24:01 1777155841

The main threat model is application leaking secrets: - Internet facing app that could potentially be hacked and bad actor exfiltrating secrets - AI agent that can exfiltrate secrets through prompt injection for example or context poisoning - The general use case where a secret can be for example inject by mistake in logs for instance

__turbobrew__ · 2026-04-25T23:14:51 1777158891

How does this compare with TPUs? Can you not have secrets in the TPU which cannot be accessed directly by apps, solving this threat vector? I get that you want compatibility with popular libraries, but I wonder if the actual solution is to use hardware support to enforce the secret boundaries.

neo2006 · 2026-04-25T23:55:32 1777161332

I'm not super familiar with TPUs and Trusted execution environments but my understanding is that it serve a different threat model.

TEE aim to protect a certain workload from the host to avoid another workload on the same host from steeling secrets. Kloak aim is to protect the secret from the workload itself not the host.

__turbobrew__ · 2026-04-26T18:37:06 1777228626

Protecting the secret from the host is a superset of protecting the secret from a workload.

boistrous · 2026-04-25T22:27:05 1777156025

we currently support rewrites for specific hosts and IPs and we have an open issue for supporting rewrite for specific headers for http/http2

giladd · 2026-04-24T15:19:09 1777043949

> Perhaps there’s some kind of conservation law here: Any increases in programming speed will be offset by a corresponding increase in unnecessary features, rabbit holes, and diversions.

This resonates hard. LLMs enable true perfectionism, the ability to completely fulfil your vision for a project. This lets you add many features without burning out due to fatigue or boredom. However (as the author points out), most projects' original goal does not require these complementary features.

sovenyr · 2026-04-25T19:52:28 1777146748

The flip side is that "fulfil your vision" requires actually having a vision before each session. Without explicit scope set upfront, the LLM defaults to filling time with adjacent improvements that feel like progress.

  I've started writing a one-line success criterion before opening the editor, the way @sambaumann's parent comment hints at — "the failure-mode-resistant version of this task is X." Not because the LLM can't figure out what I want, but because if I can't compress the goal to one        
  sentence, I'm not actually ready to build, I'm ready to wander.                                                                                                                                                                                                                               
                                                                                                                                                                                                                                                                                                
  The scope creep cure pre-LLM was fatigue. Now fatigue takes much longer to kick in, so the cure has to be cognitive instead.

giladd · 2026-03-17T19:41:08 1773776468

It's been a long time since a book has gripped my attention like the one this short film is based on. It has many interesting ideas and a plot with some truly unexpected twists.

The latest version of the book distances itself from the source material (a good decision imo): The SCP Foundation. It's an extremely interesting project, with some parallels to FOSS. I wonder if there are other joint literary projects of similar scale.