HackerTrans
TopNewTrendsCommentsPastAskShowJobs

emurlin

no profile record

Submissions

Show HN: JavaScript Performance Benchmarking

benchmarkstudio.net
2 points·by emurlin·4 เดือนที่ผ่านมา·1 comments

Becoming physically immune to brute-force attacks (2021)

seirdy.one
109 points·by emurlin·2 ปีที่แล้ว·68 comments

How to Convert a WordPress Blog to an Astro Static Site

blog.okturtles.org
18 points·by emurlin·2 ปีที่แล้ว·0 comments

Show HN: Cross-platform file encryption and sharing in the browser

github.com
3 points·by emurlin·2 ปีที่แล้ว·0 comments

Show HN: ECMAScript Sandbox [WIP]

github.com
2 points·by emurlin·3 ปีที่แล้ว·0 comments

Generating Provenance Statements

docs.npmjs.com
2 points·by emurlin·3 ปีที่แล้ว·1 comments

comments

emurlin
·4 เดือนที่ผ่านมา·discuss
This is a browser-based JS benchmarking tool I've been working on for the past weeks, unsatisfied with the alternatives that are out there. The goal is / was supporting most features one would need (like NPM or JSR packages), setup and teardown code, seamless support for async code, etc. and at the same time present a report with not just raw speed (as most tools do) but with useful statistics.

The project is split into two parts, one which is this ready-to-use web UI (obviously, useful for testing in the browser), but also a minimal library that can orchestrate the tests and produce a report (with some nice CLI-based reporters too).
emurlin
·5 เดือนที่ผ่านมา·discuss
In this case, it's based on a per-user secret key and AES-256, which with some careful key and IV-derivation, allows you to have a deterministic (and reversible) address for any given domain name. The basic principle (applied to ids, which extends to domain names) is in this blog post: https://apeleg.com/blog/posts/2023/03/30/enumeration-timing-...

If you're willing / able to sacrifice reversibility, a more orthodox approach can be hash (or *MAC) based. For example, SHA-256(secret + domain-name). However, a key point of this project is attribution, to avoid the need of storing a large set of pre-generated addresses, for portability and for easy reverse aliases.

In terms of the actual SMTP bits, I'm currently relying on Cloudflare workers for receiving and delivering (just a nice and gratis API); however, extensibility within reason is a goal (in scope: provider-agnostic API; very probably not in scope: an SMTP client / server).
emurlin
·5 เดือนที่ผ่านมา·discuss
Most of my time goes to Group Income (https://groupincome.org) / Shelter (https://shelterprotocol.net), a protocol and platform for building rich decentralised rich (web) applications with end-to-end-encryption. The idea is building the tech for an experience rivaling or surpassing that of siloed apps but with a focus on user and data autonomy.

The rest of my time goes into a few personal projects, most with no public URL yet.

  * An IndieAuth provider based on WebAuthn, the idea being that instead of relying on delegating authentication, it could be handled directly using, e.g., U2F keys or a device.
  * A temporary e-mail address provider with deterministic addresses for attribution.
  * A self-service menu / ordering service
  * An E2EE document signing solution
Some of these have led to a few mini-projects that I actively maintain due to not finding a fitting solution, such as:

   * An HTTP media type negotiator (https://github.com/ApelegHQ/ts-http-media-type-negotiator) -- negotiate based on accept headers. This was because I couldn't find a negotiator that correctly parsed headers.
   * A JS sandbox (https://github.com/ApelegHQ/lot) -- Tried to implement something lightweight yet functional
   * A MIME multipart encoder and decoder (https://github.com/ApelegHQ/ts-multipart-parser) -- Attempt at a lightweight, general and spec-correct parser
   * A lightweight ASN.1 DER encoder (https://github.com/ApelegHQ/ts-asn1-der), meant to be used with its sister project (https://github.com/ApelegHQ/ts-cms-classes) --- Part of the document signing project
In addition, trying to move a side-side project to Svelte 5:

    * A web-based self-contained encryption/decryption tool (https://github.com/ApelegHQ/ts-cms-ep-sfx) --- Created to easily share files with maximum compatibility (ZIP archive inside a CMS payload) and minimum requirements.
emurlin
·6 เดือนที่ผ่านมา·discuss
https://riv.ar

At the time, it's mostly just a web CV (with some effort put into implementing RDFa and microformats). The intent is adding a blog section too.
emurlin
·ปีที่แล้ว·discuss
SEEKING WORK | Norway | Remote | Contract (full-time or part-time)

Experienced software engineer specialising in backend development with a proven track record. Over ten years of industry experience, delivering exceptional results to drive projects forward.

What sets me apart:

- Broad expertise: Projects and technologies include data integration, Intel SGX, consensus protocols, REST APIs, and web development. Proficient in C, C++, CSS, Docker, ES6+, express.js, Java, JavaScript, Kotlin, LDAP, Linux, Neo4j, nginx, Node.js, PHP, PL/SQL, Postfix, React, TypeScript, Xen, and (X)HTML5, I possess a versatile skill set.

Why choose me:

- Strong problem-solving skills: Thrive on challenging problems, finding creative solutions. Excel in optimizing performance, designing scalable architectures and resolving complex technical issues.

Expertise in Identity and Access Management (IAM), security, and data integration. Deep understanding and practical experience to deliver secure and seamless solutions. Open to exploring new challenges and technologies beyond these areas.

Available for full-time, part-time, and consulting engagements. Let's connect and discuss how I can contribute to your success.

Location: Trøndelag, Norway

Remote: Yes (remote only, unless within Trøndelag or occasional meetups within Scandinavia)

Willing to relocate: No

Résumé/CV: https://riv.ar/curriculum-vitae/

Email: hn-u5cgNWJM(-at-)protonmail.com

GitHub: https://github.com/corrideat, https://github.com/ApelegHQ
emurlin
·ปีที่แล้ว·discuss
SEEKING WORK | Norway | Remote | Contract (full-time or part-time)

Experienced software engineer specialising in backend development with a proven track record. Over ten years of industry experience, delivering exceptional results to drive projects forward.

What sets me apart:

- Broad expertise: Projects and technologies include data integration, Intel SGX, consensus protocols, REST APIs, and web development. Proficient in C, C++, CSS, Docker, ES6+, express.js, Java, JavaScript, Kotlin, LDAP, Linux, Neo4j, nginx, Node.js, PHP, PL/SQL, Postfix, React, TypeScript, Xen, and (X)HTML5, I possess a versatile skill set.

Why choose me:

- Strong problem-solving skills: Thrive on challenging problems, finding creative solutions. Excel in optimizing performance, designing scalable architectures and resolving complex technical issues.

Expertise in Identity and Access Management (IAM), security, and data integration. Deep understanding and practical experience to deliver secure and seamless solutions. Open to exploring new challenges and technologies beyond these areas.

Available for full-time, part-time, and consulting engagements. Let's connect and discuss how I can contribute to your success.

Location: Trøndelag, Norway

Remote: Yes (remote only, unless within Trøndelag or occasional meetups within Scandinavia)

Willing to relocate: No

Résumé/CV: https://riv.ar/curriculum-vitae/

Email: hn-u5cgNWJM(-at-)protonmail.com

GitHub: https://github.com/corrideat, https://github.com/ApelegHQ
emurlin
·2 ปีที่แล้ว·discuss


  > Many valuable, high-quality pieces of content that people would find useful never make it into Google's index.
I see your point in the light of the article (not indexed = not visible), but it feels like the things that _do_ make it need to follow very particular content and style patterns to rank high.

Anecdotally, this observation comes from searching for any term and seeing the results: they are usually similar-looking plausible-looking-but-actually-low-quality results that seem to follow the same or similar structure and have the same content. This does indeed limit the diversity and depth of information, but I'm not so sure it reduces spam, as these low-quality sites seem to be as prevalent as ever before, if not more.

From experience writing articles to a small tech blog, this means that it's quite difficult to get well-researched articles to rank well, even if they're indexed.

For example, I've written an article on how to block hotlinking (I've just checked, and Google says it's indexed). If you search for this, my article on a not-so-well-known blog is nowhere to be found(*)(**), and this is somewhat expected, for a myriad of reasons. The problem isn't that my post doesn't rank, but rather that none of the top-ranking (or even not-so-top-ranking) results are wrong. They are either about how to do this on cPanel or whatever, which is ineffective (but granted, could be what people are looking for), or instructions using the `Referer` header, which is ineffective.

These days, browsers offer headers like `Cross-Origin-Resource-Policy` which can completely solve the particular issue of hotlinking, unlike `Referer` which is easily bypassed using `referrerpolicy="no-referrer"`. However, because most 'authorities' seem to be wrong on this issue, the correct result isn't displayed, because it's a hard problem to solve algorithmically (or even manually).

(*) This doesn't affect just Google, though.

(**) Because it's indexed, adding the right keywords (which you wouldn't do in this case unless you already knew the answer) does bring it up, although from federated high-authority sites instead of the original canonical source.
emurlin
·2 ปีที่แล้ว·discuss
Interesting approach! As an author of another JS sandbox library[1] that uses workers for isolation plus some JS environment sanitisation techniques, I think that interpreting JS (so, JS-in-JS, or as in this case, JS-in-WASM) gives you the highest level of isolation, and also doesn't directly expose you to bugs in the host JS virtual machine itself. Since you're targeting Node, this is perhaps even more important because (some newer developments notwithstanding) Node.js doesn't really seem to have been designed with isolation and sandboxing in mind (unlike, say, Deno).

From the API, I don't see if `createRuntime` allows you to define calls to the host environment (other than for `fetch`). This would be quite a useful feature, especially because you could use it to restrict communication with the outside world in a controlled way, without it being an all-or-nothing proposition.

Likewise, it doesn't seem to support the browser (at least, running a quick check with esm.sh). I think that that could be a useful feature too.

I'll run some tests as I'm curious what the overhead is in this case, but like I said, this sounds like a pretty solid approach.

[1] @exact-realty/lot