HackerTrans
TopNewTrendsCommentsPastAskShowJobs

_mme

no profile record

Submissions

Ceiling is being raised: analyzing my typescript code that became a meme

ai88.substack.com
17 points·by _mme·2 lata temu·2 comments

Show HN: Beak.js – Custom conversational assistants for your React app

github.com
36 points·by _mme·3 lata temu·23 comments

Ask HN: Experiences with Flashcards and Learning?

2 points·by _mme·3 lata temu·0 comments

Ask HN: Best Practices for storing customer secrets?

6 points·by _mme·3 lata temu·14 comments

[untitled]

1 points·by _mme·3 lata temu·0 comments

comments

_mme
·3 lata temu·discuss
Nice project! I made Beak.js which has a similar way to connect a language model to the UI via React hooks: https://github.com/mme/beakjs
_mme
·3 lata temu·discuss
Agree!

For now, I added instructions how to run the demo.

https://github.com/mme/beakjs#run-the-demo
_mme
·3 lata temu·discuss
Exactly, that's the idea - having a backend part of the library that proxies the communication with OpenAI, keeping the API key secret.
_mme
·3 lata temu·discuss
Thank you!

This should be already possible, but it will give you a compiler error if you use Typescript. I will add support in the next version.
_mme
·3 lata temu·discuss
You don't! As mentioned in the README:

"Note: Don't expose your API key in public-facing apps. We will be adding a solution for securely using your API key soon."

I have ideas how to implement this, but I would like to get some feedback first.
_mme
·3 lata temu·discuss
Cool!

I made something similar a while ago, desktop only:

https://songmine.io/
_mme
·3 lata temu·discuss
I have to be annoying, but - if you have a token that is only valid for X seconds - you still need a token to renew the expiring token.

I have the feeling that damage control is the only option:

1) Secrets store is on different credentials

2) Decryption key is only known outside of secrets storage

3) There is a maximum number of different credentials that can be queried per day (adjustable over time)
_mme
·3 lata temu·discuss
Thank you, very useful!
_mme
·3 lata temu·discuss
> this is table stakes level security; realistically if your DB is compromised, your encryption key probably is too, because they probably got in through your application which holds the key in memory. this just prevents "oops I accidentally copied the DB somewhere and it leaked".

Good point. If the attacker gains access to e.g. a web service that needs to access the stored secrets, they will have encryption keys and DB access.

> if you have, or when you get to the point that you have, a competent ops org, just use HashiCorp Vault.

I watched a video about Vault, but I don't see how it would help. Attacker gains access to the web service which can access Vault -> Attacker downloads all API keys from Vault. Or is there something I'm missing?
_mme
·3 lata temu·discuss
Thanks, but this is about password hashing. I would like to know about storing third party customer secrets, like API keys, in the most secure way possible.

Nice website though.
_mme
·4 lata temu·discuss
soy un perdedor
_mme
·4 lata temu·discuss
Any message you receive you should evaluate in the context of your physical life. It’s your life!
_mme
·4 lata temu·discuss
I‘m 42. Here‘s my advice to someone half my age. Have conflicts. Put your heart into it. If you loose, you receive some truth. If you win you give some truth. The outcome does not matter if it means you grow.

Go eat or drink together as if nothing happened.
_mme
·4 lata temu·discuss
Amazing attitude.

The mother of my kid and I are separated. I wanted to restrict content/screen time, but she gave him unrestricted access to his iPhone and now I feel it can't be undone. He's 13.

I'm mostly worried about his attention span, especially when I watch him use his phone. But then again, maybe this is just a different generation and I must understand that his way of using the internet is different from mine.

Would you share a story of falling/picking them up?