HackerTrans
TopNewTrendsCommentsPastAskShowJobs

deidei

no profile record

Submissions

Supreme Court rules Trump cannot be kicked off any ballot

nbcnews.com
11 points·by deidei·قبل سنتين·5 comments

Royal Navy forced to recruit for tob job on social media

independent.co.uk
20 points·by deidei·قبل 3 سنوات·39 comments

Henry Kissinger remains wrong on China

washingtonexaminer.com
3 points·by deidei·قبل 3 سنوات·0 comments

To Save Our Economy, Ditch Taiwan (November 2011)

nytimes.com
5 points·by deidei·قبل 3 سنوات·5 comments

DoNotPay sued for “unauthorized practice of law”

twitter.com
2 points·by deidei·قبل 3 سنوات·0 comments

Less Work Is Making People More Unhappy

bloomberg.com
2 points·by deidei·قبل 3 سنوات·2 comments

Thiel Foundation Announces Next Thiel Fellow Class

businesswire.com
3 points·by deidei·قبل 3 سنوات·0 comments

Ask HN: How to encrypt data in a SQL database?

22 points·by deidei·قبل 3 سنوات·27 comments

Google alleges Competition Commission of India 'copied' EU order

bbc.com
4 points·by deidei·قبل 4 سنوات·0 comments

Gmail to Get End Encryption

indiatoday.in
1 points·by deidei·قبل 4 سنوات·0 comments

Twitter rolls back paid verification, reinstates "Official" labels

washingtonpost.com
13 points·by deidei·قبل 4 سنوات·4 comments

Biden Should Give Big Oil a Bailout

bloomberg.com
2 points·by deidei·قبل 4 سنوات·1 comments

Indian Billionaire Closes in on Bezos with 1k% Stock Surge

bloomberg.com
2 points·by deidei·قبل 4 سنوات·0 comments

Musk wants to delay Twitter trial following whistleblower claims

reuters.com
1 points·by deidei·قبل 4 سنوات·0 comments

[untitled]

1 points·by deidei·قبل 4 سنوات·0 comments

Ask HN: What is the best back end framework in 2022?

10 points·by deidei·قبل 4 سنوات·18 comments

Elon Musk Countersues Twitter

cnbc.com
7 points·by deidei·قبل 4 سنوات·9 comments

Twitter Gets a Win over Musk with Trial Fast-Tracked for October

bloomberg.com
9 points·by deidei·قبل 4 سنوات·3 comments

Ask HN: How can I learn about Spectroscopy?

1 points·by deidei·قبل 4 سنوات·1 comments

Putin’s New Weapon of Mass Disruption: Kazakh Oil

bloomberg.com
2 points·by deidei·قبل 4 سنوات·0 comments

comments

deidei
·قبل سنتين·discuss
> reports that said the app will require a confirmation of identity, such as a driver’s license, your tax records to prove income and a signed form that says you are ready to get married.

Not sure why someone would sign up for a dating app that is this invasive
deidei
·قبل 3 سنوات·discuss
yes, it is a typo from the independent.

> Its driving my insane.

Off topic, but you made another typo here lol
deidei
·قبل 3 سنوات·discuss
> The Royal Navy seems to advertise all levels of jobs on LinkedIn - and wider.

Wasn't aware of this. Can you please link to some more similar job ads? Is this the standard in other militaries too?

Based on what I know there is a roster of eligible candidates with the required experience in most countries. One of them is promoted from there to fill in the vacancy. I've never seen an ad for a post like this before.
deidei
·قبل 3 سنوات·discuss
> why would it be bad to advertise the position?

Not an expert but from what I understand a position of this level should ideally be filled internally by reassigning or promoting a officer that is already serving. These posts are really important and need someone with decades of experience in the navy. It is terrible if they cannot find someone internally.
deidei
·قبل 3 سنوات·discuss
Congrats to the team at ISRO!

It makes me wonder, what is it that ISRO does differently than most other government agencies in India that makes them so efficient.
deidei
·قبل 3 سنوات·discuss
There you go https://archive.ph/fmQR9

Sorry I should probably have put the non-paywalled link in the submission
deidei
·قبل 3 سنوات·discuss
This is exactly what I was looking for! Thank you so much for the help.
deidei
·قبل 3 سنوات·discuss
>If your user can provide an encryption key, he can as well provide the token or whatever directly.

Yeah that makes sense, thanks for pointing that out. I'm just brainstorming at this point and will consult a security person before going to prod. Thanks for your pointers!
deidei
·قبل 3 سنوات·discuss
I was checking out the docs for that and a few other similar solutions too. This is very true. Most of the secret managers are primarily intended for config-like data.
deidei
·قبل 3 سنوات·discuss
Thanks for the help. So that two options that I was thinking about -

Option A 1. My user creates an secure (with API keys or some other method) API endpoint to provide the Client secrets when I need them.

2. When my app needs to access the client secrets, I maker an API call to the users endpoint to get the Client Secret.

Option B 1. 1. When user signs up, generate an encryption key and ask the user to save it securely. (With the warning that in case this key is lost, the user would have to configure the Client Secrets again)

2. Whenever the user makes an API call (over HTTPS ofc) that involves reading/writing sensitive data, require him to provide the encryption key as well.

Which one is better?
deidei
·قبل 3 سنوات·discuss
>What are you going to do to keep the key safe in the scenarios of your threat model where an adversary can access the DB contents?

One option that I have been thinking is - 1. When user signs up, generate an encryption key and ask the user to save it securely. (With the warning that in case this key is lost, the user would have to configure the Client Secrets again) 2. Whenever the user makes an API call that involves reading/writing sensitive data, require him to provide the encryption key as well.

Here I won't store any encryption key on the server side and only the user will be able to decrypt the data.
deidei
·قبل 3 سنوات·discuss
I'm using PostgreSQL and it has a built in encryption library (pgcrypto), so I'll probably use that.
deidei
·قبل 3 سنوات·discuss
That does make sense, thanks. Do you store all the secrets using the Key Vault?
deidei
·قبل 3 سنوات·discuss
It would be better to store all the Client Secrets in such a Secrets Manager right? Or should I create an encryption key per user and store that in the Secrets Manager?
deidei
·قبل 3 سنوات·discuss
Hey, thanks for the reply. My application is a SaaS that helps developers add integrations (with apps like Slack, Linear etc.) to their apps really quick. What is the best way to securely store Client Secrets, Api Keys and Access tokens? Please let me know if you know of any external services too that can help with this.
deidei
·قبل 3 سنوات·discuss
Thanks for the reply. I'm fully aware of the dangers of rolling my own and want to avoid it at all costs. Is using a battle-tested Node.js library or the database's own API for encryption also dangerous?
deidei
·قبل 3 سنوات·discuss
>Specific answers to your questions will depend on your application and use cases (local network? global website? credit card data? health data? etc...)

Thank you so much for the reply! My application is a SaaS that helps developers add integrations (with apps like Slack, Linear etc.) to their apps really quick. The kind of sensitive data is Client Secrets and Access Tokens.
deidei
·قبل 4 سنوات·discuss
>It's cheaper to initially make something because economies of scale in low(er)-wage countries where most of our stuff is built. Repairs are 'artisans' working at high(er) wages

I get your point but my MacBook Pro's screen cracked a few years ago. This happened in India, they quoted $700 (around 55k rupees) for a Mac that cost $1100 (around 90k rupees)
deidei
·قبل 4 سنوات·discuss
I'm probably going to go with Django but I still want to know what people think about FastAPI?
deidei
·قبل 4 سنوات·discuss
Just want to build a REST API really fast, I'm going to be building the frontend in React. I'm not really limited to Python but prefer it a bit over the others, I'd love to know about frameworks in other languages too.