HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gearnode

no profile record

Submissions

How to set up PostHog: GDPR, CCPA, and global privacy laws

probo.com
3 points·by gearnode·2 mesi fa·0 comments

What Is a Risk in Compliance?

probo.com
1 points·by gearnode·2 mesi fa·0 comments

Are you allowed to put that SoC 2 logo on your website?

getprobo.com
2 points·by gearnode·2 mesi fa·0 comments

Do you need a SoC 2 report?

getprobo.com
2 points·by gearnode·3 mesi fa·1 comments

Stripe Won't Save You from Bad Access Control

getprobo.com
1 points·by gearnode·3 mesi fa·0 comments

Potion: Turn your PR review history into Claude Code skills

github.com
3 points·by gearnode·4 mesi fa·0 comments

Google Workspace Default Settings Are Insecure

getprobo.com
1 points·by gearnode·4 mesi fa·0 comments

An Open Letter to Aicpa and ISO Accreditation Bodies

getprobo.com
3 points·by gearnode·4 mesi fa·2 comments

Color-Coded Windows for Git Worktrees on MacOS

github.com
5 points·by gearnode·4 mesi fa·0 comments

Lightpanda migrate DOM implementation to Zig

lightpanda.io
199 points·by gearnode·6 mesi fa·143 comments

Improper HMAC Signature Verification in auth0/node-jws

github.com
1 points·by gearnode·7 mesi fa·0 comments

Mcpgen is a code generator for MCP servers in Go

github.com
2 points·by gearnode·7 mesi fa·0 comments

The Silent Leak: How One Line of Go Drained Memory Across Goroutines

medium.com
3 points·by gearnode·7 mesi fa·0 comments

Building Effective Agents

simonwillison.net
1 points·by gearnode·8 mesi fa·0 comments

Show HN: Granola API Reverse Engineering

github.com
1 points·by gearnode·8 mesi fa·0 comments

comments

gearnode
·4 mesi fa·discuss
The division of labor between implementation, documentation, and sign-off isn't the bug. It's the design. Independence between those layers is how you get credible assurance (in theory).

The bug is when nobody actually verifies. The audit firm holds the mandate to look at the full picture. When they sign without doing that, independence becomes a gap. And right now, the bodies supervising those firms aren't enforcing anything when that happens.