HackerTrans
TopNewTrendsCommentsPastAskShowJobs

_mme

no profile record

Submissions

Ceiling is being raised: analyzing my typescript code that became a meme

ai88.substack.com
17 points·by _mme·2 वर्ष पहले·2 comments

Show HN: Beak.js – Custom conversational assistants for your React app

github.com
36 points·by _mme·3 वर्ष पहले·23 comments

Ask HN: Experiences with Flashcards and Learning?

2 points·by _mme·3 वर्ष पहले·0 comments

Ask HN: Best Practices for storing customer secrets?

6 points·by _mme·3 वर्ष पहले·14 comments

[untitled]

1 points·by _mme·3 वर्ष पहले·0 comments

comments

_mme
·3 वर्ष पहले·discuss
Nice project! I made Beak.js which has a similar way to connect a language model to the UI via React hooks: https://github.com/mme/beakjs
_mme
·3 वर्ष पहले·discuss
Agree!

For now, I added instructions how to run the demo.

https://github.com/mme/beakjs#run-the-demo
_mme
·3 वर्ष पहले·discuss
Exactly, that's the idea - having a backend part of the library that proxies the communication with OpenAI, keeping the API key secret.
_mme
·3 वर्ष पहले·discuss
Thank you!

This should be already possible, but it will give you a compiler error if you use Typescript. I will add support in the next version.
_mme
·3 वर्ष पहले·discuss
You don't! As mentioned in the README:

"Note: Don't expose your API key in public-facing apps. We will be adding a solution for securely using your API key soon."

I have ideas how to implement this, but I would like to get some feedback first.
_mme
·3 वर्ष पहले·discuss
Cool!

I made something similar a while ago, desktop only:

https://songmine.io/
_mme
·3 वर्ष पहले·discuss
I have to be annoying, but - if you have a token that is only valid for X seconds - you still need a token to renew the expiring token.

I have the feeling that damage control is the only option:

1) Secrets store is on different credentials

2) Decryption key is only known outside of secrets storage

3) There is a maximum number of different credentials that can be queried per day (adjustable over time)
_mme
·3 वर्ष पहले·discuss
Thank you, very useful!
_mme
·3 वर्ष पहले·discuss
> this is table stakes level security; realistically if your DB is compromised, your encryption key probably is too, because they probably got in through your application which holds the key in memory. this just prevents "oops I accidentally copied the DB somewhere and it leaked".

Good point. If the attacker gains access to e.g. a web service that needs to access the stored secrets, they will have encryption keys and DB access.

> if you have, or when you get to the point that you have, a competent ops org, just use HashiCorp Vault.

I watched a video about Vault, but I don't see how it would help. Attacker gains access to the web service which can access Vault -> Attacker downloads all API keys from Vault. Or is there something I'm missing?
_mme
·3 वर्ष पहले·discuss
Thanks, but this is about password hashing. I would like to know about storing third party customer secrets, like API keys, in the most secure way possible.

Nice website though.
_mme
·4 वर्ष पहले·discuss
soy un perdedor
_mme
·4 वर्ष पहले·discuss
Any message you receive you should evaluate in the context of your physical life. It’s your life!
_mme
·4 वर्ष पहले·discuss
I‘m 42. Here‘s my advice to someone half my age. Have conflicts. Put your heart into it. If you loose, you receive some truth. If you win you give some truth. The outcome does not matter if it means you grow.

Go eat or drink together as if nothing happened.
_mme
·4 वर्ष पहले·discuss
Amazing attitude.

The mother of my kid and I are separated. I wanted to restrict content/screen time, but she gave him unrestricted access to his iPhone and now I feel it can't be undone. He's 13.

I'm mostly worried about his attention span, especially when I watch him use his phone. But then again, maybe this is just a different generation and I must understand that his way of using the internet is different from mine.

Would you share a story of falling/picking them up?
_mme
·4 वर्ष पहले·discuss
So it's a satire?
_mme
·4 वर्ष पहले·discuss
Thanks, this is interesting, but also very abstract.

What do you mean when you say "scaling on the level of a function"?

Do you mean any "plain old" function or a specific REST endpoint like AWS Lambda?

If you could just throw distributed computing resources at any function that is a bottleneck in your code, that would be alien tech.
_mme
·4 वर्ष पहले·discuss
I don't know Syrus nor Wasmer :)

However, I'm genuinely interested - why would this make Kubernetes obsolete? If Wasm rules the future, as you believe, why shouldn't it run in a pod?