HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kangabru

no profile record

comments

kangabru
·2 lata temu·discuss
Location: Hamburg, Germany

Remote: Remote/Hybrid/Office

Willing to relocate: No

Technologies: Typescript, Javascript, React, Node.js, Next.js, C#, Python, Django, Java, PostgresSQL, AWS, CSS, Tailwind

Résumé/CV: https://scottgibbs.me/resume

Email: Please see resume

Hey I'm Scotty - a full stack Software Engineer looking to work on exciting, challenging, and impactful products based in Europe. For the past few years I've been remote contracting for various US startups and have worked on products with millions of users. I like to work on all parts of the stack from creating rich interactive frontends, to wiring up an API layer, to working on data heavy backend processes. Check out my website to see examples of projects I've worked on. I'm an English native speaker who's recently moved to Europe and I’m looking to work with a larger team and on a more established product. If that sounds like you then please get in touch!
kangabru
·2 lata temu·discuss
With all the hype around AI I'm sure people are trying out all sorts of products that could have vulnerabilities like this. For example, imagine a recruiter hooks up an AI product to auto-read their LinkedIn messages and evaluate candidates. An attacker would just have to contact them, get the AI to read something of theirs, and this prompt attack could expose private information about the recruiter and/or company. The attacker would just need the recruiter to view the image (or better yet, have the service prefetch the image) to expose the data.
kangabru
·2 lata temu·discuss
I've been gradually improving my dev setup security over the past few months based on continuous reports like this. Here are things I'm trying out to improve my setup: - Use VSCode dev containers for development [1a]. Once you've created one once then they're quite easy to use and you don't need much Docker knowledge - it just needs to be installed. It's perfect for spinning up web/console apps but I had trouble with other stuff like Flutter and Electron. - Similarly I got familiar with GitHub Codespaces for smaller projects [1b]. I've done live coding in an interview before (where I had to modify a simple Node project) and I would absolutely use containers/codespaces for anything like that these days [2]. You can spin one up straight from any GitHub repo page and they're easy to work with. - Read the OWASP guidelines regularly for things like npm, Node, and Docker best practises. e.g. for Docker use the smallest image you can (Alpine) and use explicit Docker image tags [3]. - Review npm/python packages before installing them using socket.dev - it shows a full dependency security overview for things like env variable access, network calls, supply chain attacks, recent code ownership changes etc. You can also disable postinstall scripts globally as suggested by OWASP [4].

[1a] https://code.visualstudio.com/docs/devcontainers/create-dev-... [1b] https://github.com/codespaces [2] https://www.welivesecurity.com/en/eset-research/lazarus-luri... [3] https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker... [4] https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_...
kangabru
·2 lata temu·discuss
I had the same problem and didn't want to keep all of my eggs in the same basket, plus I lost faith in these backup apps after Google Auth lost user codes at some point.

I decided to create a private backup which I control and so I built a client-side web app that encrypts QR codes (like 2FA codes). It was inspired by a similar CLI based project I saw here on HN. I still use Authy (for now) but now I have encrypted images that I can decrypt and rescan easily. And since they're just images I saved them in various places and even printed out copies should I lose my phone or Authy access.

To 'migrate' my codes out of Authy I just went through each site and regenerated the codes (plus encrypted them). It's annoying that they force you to do this but doesn't take too long.

I'm still polishing it up but it works well and I would love some feedback if there's anyone who finds it useful - https://encrypt-qr-codes.netlify.app/
kangabru
·6 lat temu·discuss
Everything is generated through a config file which you can completely customise. So you could literally change the colour of bg-white if you wanted to.

It's part of the selling point, that config file becomes your design system. They provide a decent one but you are free to overhaul it as you see fit. It works really well.