Nimo 🏳️🌈
@nimobeeren.com
Building cool things with or without AI — 🧪🎹💻🌸📷🔧📔
🌐 nimobeeren.com
📍 Eindhoven
🌐 nimobeeren.com
📍 Eindhoven
Trying to figure out how to map the models named in the system card to the API models.
This seems right, but where is gpt-5-main-mini? Is it just gpt-5-mini with reasoning effort set to minimal?
This seems right, but where is gpt-5-main-mini? Is it just gpt-5-mini with reasoning effort set to minimal?
August 8, 2025 at 9:43 AM
Trying to figure out how to map the models named in the system card to the API models.
This seems right, but where is gpt-5-main-mini? Is it just gpt-5-mini with reasoning effort set to minimal?
This seems right, but where is gpt-5-main-mini? Is it just gpt-5-mini with reasoning effort set to minimal?
This concept of self-containment explains why LLM responses often feel unnatural to me, especially in a voice context. They try to restate my input rather than just giving an answer like a human would. Surprisingly hard to prompt around!
From "There are Only 6 RAG Evals" jxnl.co/writing/2025...
From "There are Only 6 RAG Evals" jxnl.co/writing/2025...
July 17, 2025 at 9:49 AM
This concept of self-containment explains why LLM responses often feel unnatural to me, especially in a voice context. They try to restate my input rather than just giving an answer like a human would. Surprisingly hard to prompt around!
From "There are Only 6 RAG Evals" jxnl.co/writing/2025...
From "There are Only 6 RAG Evals" jxnl.co/writing/2025...
I made a harder version of my CTF challenge which relies on an RCE exploit by unsafe pickle deserialization. The solution I had in mind was to read a file on the server's disk and send it to a webhook I set up.
I let my simple o4-mini agent have a go, not expecting much. But I was surprised! 👀
1/n
I let my simple o4-mini agent have a go, not expecting much. But I was surprised! 👀
1/n
July 7, 2025 at 7:03 PM
I made a harder version of my CTF challenge which relies on an RCE exploit by unsafe pickle deserialization. The solution I had in mind was to read a file on the server's disk and send it to a webhook I set up.
I let my simple o4-mini agent have a go, not expecting much. But I was surprised! 👀
1/n
I let my simple o4-mini agent have a go, not expecting much. But I was surprised! 👀
1/n
Vibe coded a couple CTF challenges that I can run locally.
Gemini taught me about Traefik which lets me run multiple apps on subdomains of localhost, didn't know that was possible!
Gemini taught me about Traefik which lets me run multiple apps on subdomains of localhost, didn't know that was possible!
June 29, 2025 at 8:24 PM
Vibe coded a couple CTF challenges that I can run locally.
Gemini taught me about Traefik which lets me run multiple apps on subdomains of localhost, didn't know that was possible!
Gemini taught me about Traefik which lets me run multiple apps on subdomains of localhost, didn't know that was possible!
It even did a harder variant with a JWT, setting "alg": "none" in the header to bypass the signature check. This is a real exploit that a lot of apps are vulnerable to!
cloud.langfuse.com/project/cmca...
cloud.langfuse.com/project/cmca...
June 26, 2025 at 7:42 PM
It even did a harder variant with a JWT, setting "alg": "none" in the header to bypass the signature check. This is a real exploit that a lot of apps are vulnerable to!
cloud.langfuse.com/project/cmca...
cloud.langfuse.com/project/cmca...
I guess I haven't posted about this!
I made a very simple agent that solves Capture-The-Flag (CTF) cybersecurity challenges. It's less than 100 lines of code and it has only one tool: making HTTP requests.
It was able to do several cookie spoofing and SQL injection attacks.
Check out what it did!
I made a very simple agent that solves Capture-The-Flag (CTF) cybersecurity challenges. It's less than 100 lines of code and it has only one tool: making HTTP requests.
It was able to do several cookie spoofing and SQL injection attacks.
Check out what it did!
![Terminal containing the following output:
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/',
headers: [],
body: ''
}
🌐 {
method: 'POST',
url: 'https://oceans11.ctf.p0wnparty.nl/login',
headers: [
{
name: 'Content-Type',
value: 'application/x-www-form-urlencoded'
}
],
body: 'username=guest&password=guest'
}
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/',
headers: [ { name: 'Cookie', value: 'session=eyJ1c2VybmFtZSI6ICJndWVzdCJ9' } ],
body: ''
}
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/robots.txt',
headers: [],
body: ''
}
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/',
headers: [ { name: 'Cookie', value: 'session=eyJ1c2VybmFtZSI6ImFkbWluIn0' } ],
body: ''
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:lbjgxkpi67g5yya7trkeemla/bafkreihcz23z6wy5jn57ws3mlmowts3p2ouabybi7kjk3k4c72htpwcpme@jpeg)
![Terminal showing the following output:
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/admin',
headers: [ { name: 'Cookie', value: 'session=eyJ1c2VybmFtZSI6ICJndWVzdCJ9' } ],
body: ''
}
🌐 {
method: 'POST',
url: 'https://oceans11.ctf.p0wnparty.nl/login',
headers: [
{
name: 'Content-Type',
value: 'application/x-www-form-urlencoded'
}
],
body: 'username=admin&password=admin'
}
🌐 {
method: 'POST',
url: 'https://oceans11.ctf.p0wnparty.nl/login',
headers: [
{
name: 'Content-Type',
value: 'application/x-www-form-urlencoded'
}
],
body: "username=admin'--&password=ignored"
}
🌐 {
method: 'GET',
url: 'https://oceans11.ctf.p0wnparty.nl/',
headers: [ { name: 'Cookie', value: 'session=eyJ1c2VybmFtZSI6ImFkbWluIn0=' } ],
body: ''
}](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:lbjgxkpi67g5yya7trkeemla/bafkreic3o7kvop4oc7ugbw3rtf6f7z3qg5v3xdhcjlmlygkqunenultuuq@jpeg)
June 26, 2025 at 7:42 PM
I guess I haven't posted about this!
I made a very simple agent that solves Capture-The-Flag (CTF) cybersecurity challenges. It's less than 100 lines of code and it has only one tool: making HTTP requests.
It was able to do several cookie spoofing and SQL injection attacks.
Check out what it did!
I made a very simple agent that solves Capture-The-Flag (CTF) cybersecurity challenges. It's less than 100 lines of code and it has only one tool: making HTTP requests.
It was able to do several cookie spoofing and SQL injection attacks.
Check out what it did!
the IT person when setting the session expiry to 30 mins and forcing 2fa on every login
June 26, 2025 at 11:17 AM
the IT person when setting the session expiry to 30 mins and forcing 2fa on every login
I confess I don't get font ligatures. I don't mean turning => into ⇒ (fine if you want that I guess). But things like pic attached.
Why did the t get stuck to the i? Where did its extra length come from? Does it hurt when it stretches like that?
Why did the t get stuck to the i? Where did its extra length come from? Does it hurt when it stretches like that?
June 20, 2025 at 10:24 AM
I confess I don't get font ligatures. I don't mean turning => into ⇒ (fine if you want that I guess). But things like pic attached.
Why did the t get stuck to the i? Where did its extra length come from? Does it hurt when it stretches like that?
Why did the t get stuck to the i? Where did its extra length come from? Does it hurt when it stretches like that?
Made a little nicer UI for uploading clothing items 👖
May 20, 2025 at 7:36 PM
Made a little nicer UI for uploading clothing items 👖
Tried to make a draft PR on our gateway but got stuck on auth. Is there no way to use this with projects not hosted on Vercel? Or can we make a no-op project just for billing and use the token from that?
May 20, 2025 at 7:06 PM
Tried to make a draft PR on our gateway but got stuck on auth. Is there no way to use this with projects not hosted on Vercel? Or can we make a no-op project just for billing and use the token from that?
Regular joins with an ON clause also don't work 😕
April 21, 2025 at 3:44 PM
Regular joins with an ON clause also don't work 😕
Today I'm learning that SQLAlchemy and Python type checking don't go so well together. I need a type ignore and a cast to make joinedload work, ouch 😟
April 21, 2025 at 3:41 PM
Today I'm learning that SQLAlchemy and Python type checking don't go so well together. I need a type ignore and a cast to make joinedload work, ouch 😟
Interesting announcement when you're just starting a multi-agent project 👀
Don't think I'll be using it immediately since it's not production-ready yet, but I don't mind that we're giving the multi-agent concept a little more shape.
developers.googleblog.com/en/a2a-a-new...
Don't think I'll be using it immediately since it's not production-ready yet, but I don't mind that we're giving the multi-agent concept a little more shape.
developers.googleblog.com/en/a2a-a-new...
April 10, 2025 at 4:08 PM
Interesting announcement when you're just starting a multi-agent project 👀
Don't think I'll be using it immediately since it's not production-ready yet, but I don't mind that we're giving the multi-agent concept a little more shape.
developers.googleblog.com/en/a2a-a-new...
Don't think I'll be using it immediately since it's not production-ready yet, but I don't mind that we're giving the multi-agent concept a little more shape.
developers.googleblog.com/en/a2a-a-new...
Looks like a lot of enterprises gave their stamp of approval. I wonder if any of them will actually make some effective agents. Haven't had much success with Agentforce so far.
April 10, 2025 at 4:02 PM
Looks like a lot of enterprises gave their stamp of approval. I wonder if any of them will actually make some effective agents. Haven't had much success with Agentforce so far.
Just started reading the spec and it sounds like the model can also make the decision of which resources to use.
spec.modelcontextprotocol.io/specificatio...
spec.modelcontextprotocol.io/specificatio...
April 7, 2025 at 7:27 PM
Just started reading the spec and it sounds like the model can also make the decision of which resources to use.
spec.modelcontextprotocol.io/specificatio...
spec.modelcontextprotocol.io/specificatio...
AIE Summit 2025 was so much fun!
Cheers to all the awesome people I met ✨
Can't wait until the next Summit (I heard Paris? 🥖)
Cheers to all the awesome people I met ✨
Can't wait until the next Summit (I heard Paris? 🥖)
February 23, 2025 at 11:25 AM
AIE Summit 2025 was so much fun!
Cheers to all the awesome people I met ✨
Can't wait until the next Summit (I heard Paris? 🥖)
Cheers to all the awesome people I met ✨
Can't wait until the next Summit (I heard Paris? 🥖)
Built a UI for adding clothes! ✨
Upload an image of an item, see how it looks on you and match it with an outfit.
I cut out about a minute of loading time 🤫 But we'll get there!
Upload an image of an item, see how it looks on you and match it with an outfit.
I cut out about a minute of loading time 🤫 But we'll get there!
January 31, 2025 at 8:50 PM
Built a UI for adding clothes! ✨
Upload an image of an item, see how it looks on you and match it with an outfit.
I cut out about a minute of loading time 🤫 But we'll get there!
Upload an image of an item, see how it looks on you and match it with an outfit.
I cut out about a minute of loading time 🤫 But we'll get there!
You can now favorite outfits!
And by you I mean me, because I haven't deployed this anywhere. Are people interested in using this app with their own pic/clothes?
And by you I mean me, because I haven't deployed this anywhere. Are people interested in using this app with their own pic/clothes?
December 20, 2024 at 10:17 PM
You can now favorite outfits!
And by you I mean me, because I haven't deployed this anywhere. Are people interested in using this app with their own pic/clothes?
And by you I mean me, because I haven't deployed this anywhere. Are people interested in using this app with their own pic/clothes?
Wow, this felt like such a fourth-wall-break
December 16, 2024 at 9:13 PM
Wow, this felt like such a fourth-wall-break
But wait, there's more! I guess resources, prompts and sampling are like special kinds of tools.
What about this mysterious roots thing though? It's not mentioned anywhere else on the docs AFAICT 👀
What about this mysterious roots thing though? It's not mentioned anywhere else on the docs AFAICT 👀
November 29, 2024 at 10:58 PM
But wait, there's more! I guess resources, prompts and sampling are like special kinds of tools.
What about this mysterious roots thing though? It's not mentioned anywhere else on the docs AFAICT 👀
What about this mysterious roots thing though? It's not mentioned anywhere else on the docs AFAICT 👀