HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Rafert

no profile record

comments

Rafert
·قبل 6 أشهر·discuss
The concept of a proxy injecting/removing sensitive data has been for much longer, e.g. VGS has a JS SDK and proxy to handle credit card data for you and keep you out of PCI scope.
Rafert
·قبل 6 أشهر·discuss
I'm surprised it's not mentioned yet, but this seems to compliment last year's acquisition of observability tool HyperDX[1] (part of ClickStack[2]) quite well. I'm in the market for a new o11y platform and it seems all vendors are working to add LLM observability one way or the other, if they haven't added it already.

1: https://news.ycombinator.com/item?id=44194082 2: https://clickhouse.com/use-cases/observability
Rafert
·قبل 6 أشهر·discuss
I know of https://github.com/Shopify/toxiproxy but it is not protocol aware, you might be able to add it yourself.
Rafert
·قبل 7 أشهر·discuss
> This is one of the frustrating realities of these attacks: once the malware runs, identifying the source becomes extremely difficult. The package doesn't announce itself. The pnpm install completes successfully. Everything looks normal.

Sounds like there’s no EDR running on the dev machines? You should have more to investigate if Sentinel One/CrowdStrike/etc were running.
Rafert
·قبل 9 أشهر·discuss
> Using UUIDv7 is generally discouraged for security when the primary key is exposed to end users in external-facing applications or APIs.

I would not call this “generally discouraged” when APIs generally surface a created_at timestamp in their responses. A real life example are Stripe IDs which have similar properties (k-sorted) as UUIDv7: https://brandur.org/nanoglyphs/026-ids#ulids
Rafert
·قبل 7 سنوات·discuss
I'd point towards WebAuthn[0] as a reason why browsers implement CBOR, since that's much more widely supported.

[0]: https://www.w3.org/TR/webauthn-1/#dependencies