Saturday, April 30, 2022
Show HN: Balloons - A clicker game generated by OpenAI Codex https://ift.tt/hCV2iFq
Show HN: Balloons - A clicker game generated by OpenAI Codex https://ift.tt/EODnf0P April 30, 2022 at 01:22AM
Good News! IAM Is Near-Universal With SaaS
The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap.
source https://www.darkreading.com/tech-trends/good-news-iam-is-near-universal-with-saas
source https://www.darkreading.com/tech-trends/good-news-iam-is-near-universal-with-saas
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
Show HN: Radiopaper – Troll-resistant public conversations https://ift.tt/Db1XRVt
Show HN: Radiopaper – Troll-resistant public conversations Hi HN! We're a bootstrapped team of 4 and have been building Radiopaper for around 16 months alongside other full-time, part-time, and consulting jobs. I wanted to highlight a couple of the unique characteristics of Radiopaper that may not be immediately apparent when browsing https://ift.tt/mTLzuUn * It's possible to interact with Radiopaper entirely by email, and never log-in interactively. The notification emails contain context that explains that if you reply to the email, your message will be published on https://radiopaper.com * The key mechanism that makes Radiopaper different from other social networks, and more resistant to trolling and abuse, is that messages are not published until the counterparty replies or accepts your comment. You can read more about this in our manifesto at https://ift.tt/tnxrevg The technical stack is a Vue/TypeScript app talking to an API backend written in Go, running on Cloud Run, and using Firestore for persistence, Firebase Auth for authentication. Email processing is handled through the Gmail API hooked up to a Cloud Pubsub notification which triggers another Cloud Run service. Outbound emails go through SendGrid. The whole stack "scales-to-zero", and on days that we have a few hundred active users, we're still under the free limits of Firebase Hosting, Cloud Run & Firestore, so this has allowed us to operate for a long time without funding or revenue. Our overall burn rate is around $40/month, mostly from the smattering of other SaaS offerings we use: Sentry, Mixpanel, Github & SendGrid. Dave & I discuss our tech stack in a little more detail in this conversation: https://ift.tt/2DjrLkq The team (myself, daave, davidschaengold, youngnh) will be around to answer any questions! https://ift.tt/mTLzuUn April 30, 2022 at 12:18AM
Show HN: Djaz-Envelope: DocuSign like e-signature https://ift.tt/yrSPTBC
Show HN: Djaz-Envelope: DocuSign like e-signature Landing: https://djaz.io Application: https://app.djaz.io Share one or more documents to sign or view by recipients. This is called Envelope in Djaz. You can also just sign own document without using Envelope. And than include it in Envelope for viewing. Watch here for details: https://youtu.be/-hlThDTyvDQ April 29, 2022 at 11:13PM
Show HN: Porting Zelda Classic to the Web https://ift.tt/4aTZ27M
Show HN: Porting Zelda Classic to the Web I spent the last two months porting Zelda Classic, a 20+ year old C++ Allegro program, to the web. If you're a fan of the 2D Zelda games, you'll likely find some very enjoyable games here. I also write at length about the process of porting a large C++ application to the web. https://ift.tt/3bpswNc April 29, 2022 at 09:57PM
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
source https://www.darkreading.com/vulnerabilities-threats/critical-vulnerabilities-qnap-synology-nas-rce
source https://www.darkreading.com/vulnerabilities-threats/critical-vulnerabilities-qnap-synology-nas-rce
Friday, April 29, 2022
IT Teams Worry Staff Lack Cloud-Specific Skills
Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.
The Ransomware Crisis Deepens, While Data Recovery Stalls
Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.
Bumblebee Malware Buzzes Into Cyberattack Fray
The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.
Show HN: JavaScript widget to help your customers set up DNS records https://ift.tt/3sdJFg9
Show HN: JavaScript widget to help your customers set up DNS records https://ift.tt/X2V1Ehx April 28, 2022 at 07:58PM
IT Teams Worry Staff Lack Cloud-Specific Skills
Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.
source https://www.darkreading.com/edge-threat-monitor/it-teams-worry-staff-lack-cloud-specific-skills
source https://www.darkreading.com/edge-threat-monitor/it-teams-worry-staff-lack-cloud-specific-skills
The Ransomware Crisis Deepens, While Data Recovery Stalls
Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.
source https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls
source https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls
Bumblebee Malware Buzzes Into Cyberattack Fray
The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.
source https://www.darkreading.com/attacks-breaches/bumblebee-malware-cyberattack-fray
source https://www.darkreading.com/attacks-breaches/bumblebee-malware-cyberattack-fray
Thursday, April 28, 2022
Show HN: Create awkward situations with a fake iMessage Popup https://ift.tt/iEUI3Yd
Show HN: Create awkward situations with a fake iMessage Popup https://ift.tt/I6c3PE1 April 27, 2022 at 11:11PM
Synopsys to Acquire WhiteHat Security from NTT
Acquisition expands security software-as-a-service capabilities.
source https://www.darkreading.com/press-release/synopsys-to-acquire-whitehat-security-from-ntt
source https://www.darkreading.com/press-release/synopsys-to-acquire-whitehat-security-from-ntt
Synopsys to Acquire WhiteHat Security from NTT
Acquisition expands security software-as-a-service capabilities.
Tenable's Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets
The four-year-old firm, started by two industry veterans, focuses on gaining visibility into Internet-facing services as more companies seek insight into what attackers see.
Show HN:We built 50+ coming soon pages with Tailwind CSS cause we couldn't find https://ift.tt/Psy4Oi5
Show HN:We built 50+ coming soon pages with Tailwind CSS cause we couldn't find https://ift.tt/gV2BONy April 27, 2022 at 10:58PM
Tenable's Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets
The four-year-old firm, started by two industry veterans, focuses on gaining visibility into Internet-facing services as more companies seek insight into what attackers see.
source https://www.darkreading.com/risk/tenable-s-bit-discovery-buy-underscores-deeper-visibility-of-it-assets
source https://www.darkreading.com/risk/tenable-s-bit-discovery-buy-underscores-deeper-visibility-of-it-assets
Wednesday, April 27, 2022
How Do I Report My Security Program's ROI?
If security leaders focus on visibility and metrics, they can demonstrate their program's value to company leadership and boards.
source https://www.darkreading.com/edge-ask-the-experts/how-do-i-report-my-security-program-s-roi
source https://www.darkreading.com/edge-ask-the-experts/how-do-i-report-my-security-program-s-roi
Show HN: Create beautiful quotes that capture your attention (OSS) https://ift.tt/2aXQ9AP
Show HN: Create beautiful quotes that capture your attention (OSS) https://ift.tt/9JSAKaN April 27, 2022 at 12:00AM
Tenable Acquires External Attack Surface Management Vendor for $44.5M
Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.
source https://www.darkreading.com/analytics/tenable-adds-attack-surface-mapping-know-how-with-latest-acquisition
source https://www.darkreading.com/analytics/tenable-adds-attack-surface-mapping-know-how-with-latest-acquisition
Tenable Acquires External Attack Surface Management Vendor for $44.5M
Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.
Show HN: Linen – Make your Slack community Google-searchable https://ift.tt/HcqMZTY
Show HN: Linen – Make your Slack community Google-searchable Hi HN! Kam here. I’m the founder of Linen.dev https://linen.dev , a website that makes your public Slack community Google searchable. Linen will sync your Slack threads and make it SEO friendly so your community can find Slack content that was previously hidden. Previously I worked on a popular open source project which had a sizable Slack community. Slack was great for engaging with community members and with early sales. However as community scales Slack becomes this black hole where context becomes lost. Most public communities can’t afford to pay for several hundred/thousand members so they are limited to 10,000 free messages. You run into the problem of people asking repeat questions and not searching in Slack. It also doesn’t help that the Slack UX encourages posting and not searching. We experimented with Github discussions and Discourse but didn’t want another channel to maintain and split the community on. With Linen I wanted to build a tool that is very low maintenance without changing my current workflow. By making it search engine friendly and putting it on a website the community members can find answers to repeat questions before ever getting into your Slack channel. Linen is the first result that comes up on Google if you search for “seeing a weird issue with flyte” https://ift.tt/q3dNS8l... or “replace beast http with proxygen” https://ift.tt/9hdYeu6... . As a side effect of syncing conversation to a website you end up with a very long tail of unique and relevant content for your community. Linen is free to use and get setup but I offer a paid version (I am still figuring out the pricing model for it) where you can get the content redirected to your own subdomain where your domain gets all the SEO benefits. Linen is built with Nextjs, Node, Typescript, React, Prisma for the ORM and using AWS aurora for the Postgres db. I chose Nextjs for the server side rendering capabilities and wanted to share types between client side with Typescript. I’ve also enjoyed working with Prisma as the ORM since you don’t have to write a lot of boilerplate with other ORMs. I've also been pretty happy with Vercel and Nextjs especially with the server side rendering and client side caching it provides. Here are a few communities on Linen right now: https://ift.tt/i5UDWm8 https://ift.tt/5TNdAIH https://ift.tt/vMtImUT https://ift.tt/gp0lomw https://ift.tt/gFdNQAV https://ift.tt/UmWlTXw The product is very simple right now but I want to add features like related questions detection with semantic similarity, integrating with Github to notify the thread when it is finished, auto thread detection for conversations that aren’t in thread form. You can sign up for free today at https://www.linen.dev . I am doing manual onboarding at the moment to get better feedback and to manually walkthrough some of the less polished parts of the boarding flow. p.s. I’m actively working on supporting Discord on Linen so would love to hear from anyone that is interested April 26, 2022 at 06:40PM
Tuesday, April 26, 2022
Show HN: Sqwok – A social chat alternative to Twitter and Reddit https://ift.tt/Hu4UKjO
Show HN: Sqwok – A social chat alternative to Twitter and Reddit https://sqwok.im April 25, 2022 at 11:40PM
Monday, April 25, 2022
Overlapping ICS/OT Mandates Distract From Threat Detection and Response
It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency.
Show HN: Voxel Lunar Lander in the Browser https://ift.tt/RfuNT4k
Show HN: Voxel Lunar Lander in the Browser https://ift.tt/iMEs4AS April 25, 2022 at 03:06PM
Show HN: M3O – Universal Public API Interface https://ift.tt/hgDRI6H
Show HN: M3O – Universal Public API Interface Hey all, I'm Asim Aslam, the founder of M3O, a curated catalog of APIs that provides simple abstractions for the most common API use cases. The idea is to create a single place to explore, discover and consume public APIs as higher level building blocks. Most of the time I don’t use all the features of an API and I assume most devs don't either, so picking and choosing the common patterns, abstracting it away and surfacing a new building block is useful. For example, Twilio has a lot of APIs but I only care about SMS. Even then I just want a quick way to send it. So stripping it all away results in something that's one endpoint and 3 fields (from, to and message). Another example is something like email. There are services like sendgrid that provide a really feature rich experience for email but I’m just looking for something simple that will let me send plain text or html. There are a number of API marketplaces out there, but we’re doing something different—our goal is to improve productivity. For example, RapidAPI has thousands of APIs, but there’s a lot of duplication. It’s overwhelming for developers. Choice is the enemy of productivity. AWS, on the other hand, focused on a curated catalog of services where each focuses on a specific problem. We feel the same: from an API perspective you only need one of each building block. You only need one SMS, Email or Geocoding service. My obsession with this problem goes back to working as an SRE at Google in 2011, seeing how the internal platform and APIs were being used by teams. I then worked at a ride hailing startup called Hailo where we got to build something similar, and experience the velocity of development in shipping products on top of simple, easily discovered APIs. I spent the next few years bootstrapping an open source project called Micro, trying to get people to standardize their API development to reach this goal. Ultimately it took raising funding to take a real shot at it. After seeing the productivity Google unlocked and what Hailo could have done with their platform, it was clear it could and should be a product: a single way to consume APIs with one platform, one account and one framework. Our goal is to build an API catalog that can act as the building blocks for most use cases, and then double down on services that have a lot of demand so we can improve the features and reliability. In the wild, every API looks different, the docs are different, you have to figure out if there's client libraries or not. We unify all that, so everything looks and feels the same. All our docs are generated based on OpenAPI specs, and we code generate examples/client libraries for JS, Go, Dart and the CLI. It means you only ever need one client to access all these APIs. Unifying API development and consumption requires a lot of resources to do at scale, hence its only happening inside fast growing startups and large tech cos. There are a lot of barriers to entry. Getting started isn't easy. Our approach has been to first nail API development for ourselves and then focus on API consumption by end users— ultimately we want to let anyone offer APIs on our platform. That requires enough large scale distribution and inbound traffic to make an attractive proposition to developers. We've spent a year building the product with a lot of feedback on what worked and what didn't. We’ve signed up 8000 people, served 5M API requests and have 60+ APIs on the platform. On billing: we're still figuring it out and would like feedback. It started as a free product, then moved into per request pricing. Unfortunately that's hard to scale without a lot of volume and it felt like people were more used to subscriptions for SaaS products so that's the route we've gone. Anyway that's us, hope you like the idea and try it out: https://m3o.com . Cheers Asim https://m3o.com?show=hn April 25, 2022 at 01:09PM
Show HN: I'm making a dynamic language in Rust https://ift.tt/JIxRljO
Show HN: I'm making a dynamic language in Rust https://ift.tt/lfAdGk3 An implementation of a dynamic programming language in Rust. Includes: Parser/Compiler, REPL, Virtual Machine, Bytecode Disassembler This started out as a learning project to teach myself Rust. It has grown into a decently substantial piece of software and I've learned quite a bit in the process! Some neat things: + A garbage collector that can store dynamically sized types without any double-indirection (i.e. I have my own Box implementation with manual alloc/dealloc) + The smart pointer used to reference GCed data is a thin pointer. The ptr metadata needed for DSTs is stored in the GC allocation itself, so that the GC smart pointer is just a single usize wide. This allows me to keep the core value enum Variant down to 16 bytes (8 bytes for data, the enum discriminant, and some padding). + The GC also supports weak references! + Statically dispatched type object model using a newtype wrapper and Rust's declarative macros. Ok, what that means is that I have a MetaObject trait that I can use to easily add new data types and define the behavior for specific types. Similar idea to Python's PyTypeObject though very different in implementation. However, I don't resort to dynamic dispatch or trait objects despite working with dynamically type data. Instead, I have a newtype wrapper over the core value enum Variant that statically dispatches to each of the enum branches! And then a few macros that minimize the boilerplate required if I want to add a new branch to Variant or a new method to MetaObject (just a single line in each case). + Different string representations! This was inspired by the flexstr crate. Strings that are short enough to fit inside a Variant are "inlined" directly in the value. Longer strings are either GCed or interned in a thread-local string table. All identifiers are interned. + An efficient implementation of closures inspired by Lua's upvalues. The language is still pretty WIP. I'm planning to add an import system, a small standard library, and a few other things (Yes, the name might not be the best, being also used by a well-known ReST docs generator, I'll take suggestions. I do like the name though, both as a reference to the mythological creature and the cat :D) April 25, 2022 at 02:46AM
Sunday, April 24, 2022
Show HN: I built a dashboard of official data ahead of French elections https://ift.tt/dtaV3K7
Show HN: I built a dashboard of official data ahead of French elections https://ift.tt/ckDGzeq April 24, 2022 at 01:44PM
Show HN: My typical working day as Software Engineer https://ift.tt/1mHw83O
Show HN: My typical working day as Software Engineer https://ift.tt/NhulpfU April 24, 2022 at 10:44AM
Show HN: I run a newsletter about Chrome extensions https://ift.tt/96APpNr
Show HN: I run a newsletter about Chrome extensions https://ift.tt/5cvk7qZ April 23, 2022 at 07:12PM
Show HN: This AI Does Not Exist https://ift.tt/whk1il3
Show HN: This AI Does Not Exist Hey HN! Author of the site here. I tried a few tricks to keep the text-generation part of the site up, but even leaning hard on Huggingface's API and bumping time-outs up, it looks like the site is struggling a bit. I'm going to see if there's anything I can do to keep the text-generation part available, but in the meantime, the pre-generated set should stay pretty stable. Not sure if there's much else I can do without burning a hole in my cloud bills — sorry for the troubles! I've put up a more detailed description of how this works on the GitHub - https://ift.tt/a73uW4p PS - if anyone at Huggingface is reading this and wants to help out with keeping the API up, that would be super :) https://ift.tt/qDdKmoZ April 23, 2022 at 10:04PM
Show HN: A better Reddit search engine to find Menswear recommendations https://ift.tt/cpzxXC1
Show HN: A better Reddit search engine to find Menswear recommendations Hey HN Community! We built this simple community search tool that basically allows people to search through thousands of past Reddit threads and tens of thousands of recommendations using tags. It mostly covers a few bigger subreddits like r/BIFL, r/MFA, r/AskMen, r/SkincareAddiction but along the way, I expanded it to include other smaller subreddits too. In addition to filtering by category, power users can also search by -Body Fit (big thigh, long torso) -Occupation (work in retail, teacher, doctor) -Age (18-24, 25-35), Size (height, weight) -Brand comparison (similar to: X) -Use (suitable for wedding, everyday wear) -Location (available in UK, use in Northeast US) -Mood/Style (minimalist, vintage, retro) Check it out. Buy fewer, buy better. Happy Earth Day! https://reddrecs.com April 24, 2022 at 12:42AM
Show HN: Def – A zsh plugin for default folder behavior https://ift.tt/1aJoq4i
Show HN: Def – A zsh plugin for default folder behavior https://ift.tt/7xAwrZ8 April 23, 2022 at 11:42PM
Saturday, April 23, 2022
Many Medical Device Makers Skimp on Security Practices
Barely over a quarter of medical device companies surveyed maintain a software bill-of-materials, and less than half set security requirements at the design stage.
source https://www.darkreading.com/tech-trends/many-medical-device-makers-skimp-on-security-practices
source https://www.darkreading.com/tech-trends/many-medical-device-makers-skimp-on-security-practices
Sophos Buys Alert-Monitoring Automation Vendor
Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.
Show HN: A 2MB, GC-Free, Memory-Safe, and Easy-to-Use NPM Audio Lib for Browsers https://ift.tt/rfK01u2
Show HN: A 2MB, GC-Free, Memory-Safe, and Easy-to-Use NPM Audio Lib for Browsers https://glicol.js.org/ April 22, 2022 at 07:07PM
Friday, April 22, 2022
What Steps Do I Take to Shift Left in Security?
Security has benefited from shifting many late-cycle disciplines left, or earlier in the cycle.
Show HN: Secure, use, and manage sensitive data–without touching it https://ift.tt/XATxriJ
Show HN: Secure, use, and manage sensitive data–without touching it https://ift.tt/MtKHJ7x April 21, 2022 at 11:52PM
What Steps Do I Take to Shift Left in Security?
Security has benefited from shifting many late-cycle disciplines left, or earlier in the cycle.
source https://www.darkreading.com/edge-ask-the-experts/what-steps-do-i-take-to-shift-left-in-security
source https://www.darkreading.com/edge-ask-the-experts/what-steps-do-i-take-to-shift-left-in-security
Devo Acquires Threat Hunting Company Kognos
Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.
Thursday, April 21, 2022
CISA, Australia, Canada, New Zealand, & UK Issue Joint Advisory on Russian Cyber Threats
The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.
6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)
Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others.
Show HN: PyInpaint, a lightweight image inpainting tool written in Python https://ift.tt/cWqmy0K
Show HN: PyInpaint, a lightweight image inpainting tool written in Python - A simple and effective tool to remove scratches, bruises and small holes on images. - Basically it does the job by doing Dirichlet interpolation on a non-local graph created using images. - Could be easy integrated at the backend for fask or django projects related to image processing. https://ift.tt/hQiKdPs April 20, 2022 at 11:19PM
CISA, Australia, Canada, New Zealand, & UK Issue Joint Advisory on Russian Cyber Threats
The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.
source https://www.darkreading.com/threat-intelligence/jcdc-russian-state-sponsored-cyberattacks-on-infrastructure-are-coming
source https://www.darkreading.com/threat-intelligence/jcdc-russian-state-sponsored-cyberattacks-on-infrastructure-are-coming
Wednesday, April 20, 2022
More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.
source https://www.darkreading.com/threat-intelligence/exploits-supply-chain-compromises-comprise-over-half-of-initial-infections-leading-to-cyberattacks
source https://www.darkreading.com/threat-intelligence/exploits-supply-chain-compromises-comprise-over-half-of-initial-infections-leading-to-cyberattacks
More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.
Show HN: I have just open-sourced a 3D drafting demo https://ift.tt/RFwji4s
Show HN: I have just open-sourced a 3D drafting demo https://ift.tt/cXeUanC April 20, 2022 at 12:31AM
Tuesday, April 19, 2022
Security-as-Code Gains More Support, but Still Nascent
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.
Show HN: Photogrammetry of Seattle landmarks rendered in WebGL https://ift.tt/8AHb6RG
Show HN: Photogrammetry of Seattle landmarks rendered in WebGL https://ift.tt/BjR0yES April 19, 2022 at 12:12AM
Security-as-Code Gains More Support, But Still Nascent
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.
source https://www.darkreading.com/cloud/security-as-code-gains-more-support-but-still-nascent
source https://www.darkreading.com/cloud/security-as-code-gains-more-support-but-still-nascent
Monday, April 18, 2022
Show HN: Toolkit of software to backup Google Takeout at 6GB/s+ to Azure https://ift.tt/Gc2qyKk
Show HN: Toolkit of software to backup Google Takeout at 6GB/s+ to Azure After seeing all those posts about Google accounts being banned for frivolous and automated reasons, I started to use Google Takeout more and more to prepare for the worst. If you aren't aware of what Google Takeout it, it is a Google service that allows you to download archives of all your data from Google. I understand that this may be kind of niche, but if the size of your Google Takeout is large and prohibitive to transfer and backup, this toolkit I made may be right for you. Problem is, my Takeout jobs are 1.25TB as it also includes the videos I've uploaded in my YouTube account. Without them, it's 300GB which is still a very large amount to me. It got really old to be transferring 1.25TB by hand manually. It's a pain to do it even on a gigabit connection and it is also a pain to do it in a VPS. At most I got 300MB/s doing it inside a VPS but every session took an hour or three to complete and it was rather high-touch. The Google Takeout interface is hostile to automation and download links obtained from it are only valid for 15 minutes before you must re-enter your credentials. You can't queue up downloads. Not only that, you must have some temporary storage on whatever computer you have before you send it off to some final archival storage. What a pain! In HN-overkill fashion, I came up with a toolkit to make this whole process much, much faster. I noticed that each connection of a download from Google Takeout archive seemed to be limited to 30MB/s. However, multiple connections scaled this up well. 5 connections, 150MB/s. I noticed that Azure had functionality to do "server-to-server" transfers of data from public URLs with different data ranges. It seems this is used for built-in transfer of resources from external object storage services such as S3 or GCS. I noticed that you can send as many parallel commands to Azure as you want to do as many transfers in parallel as possible. As it was Google, I'm sure their infrastructure could handle it. I noticed that there were extensions for Chromium browsers that could intercept downloads and get their "final download link". So I glued all this stuff together. Unfortunately, there were some issues with some bugs in Azure that prevented direct downloading of Google links and Azure only exposed their endpoints over HTTP 1.1 which greatly limits the amount of parallel downloads. I noticed that Cloudflare Workers can be used to overcome all these limitations by base64-ing the Google URLs and HTTP3-izing the Azure endpoint. Another great thing is that Cloudflare Workers does not care about charging for ingress and egress bandwidth. Also, like Google, Cloudflare has an absurd amount of bandwidth and peering. With all this combined, I am able to get 6GB/s+ transfers of my 50GB archives from Google Takeout to Azure Storage and am able to back it up periodically without having to setup a VPS, find storage, find bandwidth, or really having any "large" computing or networking resources. I use this toolkit a lot myself and it may be useful for you too if you're in the same situation as me! https://ift.tt/AoT2sw6 April 18, 2022 at 07:00AM
Show HN: I built a Covid sewage numbers Twitter bot https://ift.tt/71EgXTJ
Show HN: I built a Covid sewage numbers Twitter bot https://ift.tt/Wg4ijVo April 18, 2022 at 06:50AM
Show HN: A note-taking CLI for zipfile enthusiasts https://ift.tt/uc6YrKZ
Show HN: A note-taking CLI for zipfile enthusiasts https://ift.tt/urGhWko April 18, 2022 at 04:31AM
Show HN: A React component for WinBox, A virtual window manager for React https://ift.tt/Lm0uUz3
Show HN: A React component for WinBox, A virtual window manager for React https://ift.tt/PgKmlny April 17, 2022 at 11:29PM
Sunday, April 17, 2022
Show HN: Wordle Meets Candy Crush https://ift.tt/1FuQosm
Show HN: Wordle Meets Candy Crush https://ift.tt/aRP2yI4 April 17, 2022 at 10:23AM
Show HN: Subreply News (Beta) https://ift.tt/fDtAYbw
Show HN: Subreply News (Beta) https://ift.tt/uACHR8f April 17, 2022 at 01:50PM
Show HN: 4917 Machine Code for Kids – Card Game https://ift.tt/cGPg9UK
Show HN: 4917 Machine Code for Kids – Card Game https://punkx.org/4917/ April 15, 2022 at 03:07PM
Saturday, April 16, 2022
Show HN: Neptune Lang – A concurrent fast dynamically typed scripting language https://ift.tt/iTBXVs7
Show HN: Neptune Lang – A concurrent fast dynamically typed scripting language https://ift.tt/2FNyPBC April 16, 2022 at 05:34AM
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
source https://www.darkreading.com/attacks-breaches/google-emergency-update-fixes-chrome-zero-day
source https://www.darkreading.com/attacks-breaches/google-emergency-update-fixes-chrome-zero-day
Show HN: A small Hypercard stack running as a PWA https://ift.tt/Y24cJxM
Show HN: A small Hypercard stack running as a PWA In my early programming years, I went from BASIC to HyperCard, then learned C when I couldn't make HyperCard do everything I wanted. Plenty of folks have pointed out how the lack of native support for color doomed HyperCard. But I think it was really over when the web got started and replaced everything in the "personal content" space from underneath, so I decided to see if the idea of HyperCard would work as a web app. There are some missing pieces -- it's not perfectly compatible. You can, however, make stacks online and let others see them. Free, no ads, no personal information, you are not tracked, just a fun project. https://ift.tt/BtEg8xZ April 15, 2022 at 06:19PM
Friday, April 15, 2022
Show HN: Fast,Compiled deep-learning based modules for inferencing on CPUs https://ift.tt/rsK1XGS
Show HN: Fast,Compiled deep-learning based modules for inferencing on CPUs Hi HN,I am Anubhav from RamanLabs.We have been developing dedicated modules based on deep-learning for purposes like face-detection,object-detection,pose-estimation etc. We hope to make it easy for developers,hobbyists to integrate such functionalities into their existing app/pipeline at the cost of a few milliseconds.All our modules run end to end in super-realtime even on consumer-grade CPUs[0]. For now we provide only Python based API. We provide Demo for each of the modules to allow testing for your desired data distribution.We also have a blog[1] where we hope to add more technical details about the framework used to develop these modules. The framework used to develop these modules is completely written in Nim language.We wrap existing ops implementations from libraries like ONEDNN and write our own code where we cannot find one or existing implementation is not good enough,mainly for preprocessing and postprocessing code.Having full access to framework code and being written in a high level language allows us to port newer architectures and optimize them quickly. We would love to hear your feedback on our attempt. [0] Quad-core Cpu with AVX2 instructions. [1] < https://ramanlabs.in/static/blog/index.html > https://ift.tt/NutIY4B April 14, 2022 at 09:08PM
Data Scientists, Watch Out: Attackers Have Your Number
Researchers should take extra care in deploying data-science applications to the cloud, as cybercriminals are already targeting popular data-science tools such as Jupyter Notebook.
source https://www.darkreading.com/attacks-breaches/data-scientists-watch-out-attackers-have-your-number
source https://www.darkreading.com/attacks-breaches/data-scientists-watch-out-attackers-have-your-number
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
source https://www.darkreading.com/threat-intelligence/new-malware-tools-a-clear-and-present-threat-to-ics-environments
source https://www.darkreading.com/threat-intelligence/new-malware-tools-a-clear-and-present-threat-to-ics-environments
Thursday, April 14, 2022
Securing the Stopgap: Controlling Access to SaaS Applications
If enterprises continue to use emergency measures as long-term solutions, they must protect their IT estate.
Show HN: I built a tool to resize/crop/frame images uniformly for documentation https://ift.tt/r6QbhYG
Show HN: I built a tool to resize/crop/frame images uniformly for documentation https://ift.tt/HdGDmnU April 13, 2022 at 11:38PM
KKR to Acquire Barracuda Networks
The transaction is anticipated to close by the end of the year.
source https://www.darkreading.com/cloud/kkr-to-acquire-barracuda-networks
source https://www.darkreading.com/cloud/kkr-to-acquire-barracuda-networks
Palo Alto Networks Extends SASE to Protect Home Networks With Okyo Garde Enterprise Edition
Okyo Garde Enterprise Edition includes an option for at-home employees to create separate private and personal networks.
source https://www.darkreading.com/remote-workforce/palo-alto-networks-extends-sase-to-protect-home-networks-with-okyo-garde-enterprise-edition
source https://www.darkreading.com/remote-workforce/palo-alto-networks-extends-sase-to-protect-home-networks-with-okyo-garde-enterprise-edition
Wednesday, April 13, 2022
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
source https://www.darkreading.com/attacks-breaches/-russian-group-sandworm-s-attempt-to-disrupt-ukraine-power-grid-foiled
source https://www.darkreading.com/attacks-breaches/-russian-group-sandworm-s-attempt-to-disrupt-ukraine-power-grid-foiled
How Do I Conduct a Resilience Review?
As the first step, make sure that all business-critical data across your organization is protected.
How Do I Conduct a Resilience Review?
As the first step, make sure that all business-critical data across your organization is protected.
source https://www.darkreading.com/edge-ask-the-experts/how-do-i-conduct-a-resilience-review-
source https://www.darkreading.com/edge-ask-the-experts/how-do-i-conduct-a-resilience-review-
Tuesday, April 12, 2022
Show HN: Esht – Embeddable SHell Tags https://ift.tt/rXwvzG6
Show HN: Esht – Embeddable SHell Tags https://ift.tt/tmTSsIn April 11, 2022 at 11:45PM
Monday, April 11, 2022
Show HN: Brain, a commandline note-taking tool for creating a zettelkasten https://ift.tt/g61xrKF
Show HN: Brain, a commandline note-taking tool for creating a zettelkasten https://ift.tt/BCxKgVX April 10, 2022 at 09:52PM
Show HN: Cypress Recorder that adapts to UI changes with Email testing https://ift.tt/A5fD4V2
Show HN: Cypress Recorder that adapts to UI changes with Email testing https://ift.tt/WfsaCNG April 10, 2022 at 09:21PM
Show HN: Ultra fast Terraform plan and state parser written in Rust https://ift.tt/XtWjdH0
Show HN: Ultra fast Terraform plan and state parser written in Rust https://ift.tt/dyaRXPn April 10, 2022 at 10:11PM
Sunday, April 10, 2022
Show HN: Turn any data into a fast analytical API https://ift.tt/CfRQh8u
Show HN: Turn any data into a fast analytical API https://columns.ai/dev April 8, 2022 at 12:29PM
Show HN: tmux.nvim – turning Neovim into a terminal multiplexer https://ift.tt/GdvnY0J
Show HN: tmux.nvim – turning Neovim into a terminal multiplexer https://ift.tt/IjKzCle April 9, 2022 at 11:53PM
Show HN: Dev Toolbox – A browser extension with simple offline dev tools https://ift.tt/uDnXGwJ
Show HN: Dev Toolbox – A browser extension with simple offline dev tools Hello HN! I'd like to share a browser extension I made that provides quick offline access to various development tools. Current tool set: Calculate hashes; encode and decode HTML, URI, Base64; convert numbers between different bases; parse and manipulate various time formats; format and inspect IPv4/CIDR addresses; search all v13.1 emoji with quick copying in various formats. It runs entirely offline, making no external requests (even emoji PNG files are bundled), and only requires local storage permission to remember your last tab and input. This was inspired by an old extension called Hasher (no longer on the Chrome Store) that provided a simple interface to similar utilities. This was an opportunity to get back into making extensions, practice with Vue a bit, and expand upon the original idea. It's available for Chrome, Edge (via Chrome Store), and Firefox; links and screenshots are on GitHub, where you can also report any problems. Feedback and suggestions are very welcome. Thanks! https://ift.tt/p0sNCgl https://ift.tt/p0sNCgl April 9, 2022 at 10:43PM
Show HN: MassCode v2 – a code snippets manager for developers https://ift.tt/f3VSzMe
Show HN: MassCode v2 – a code snippets manager for developers https://ift.tt/NoeUtOE April 9, 2022 at 07:53PM
Saturday, April 9, 2022
Show HN: 3D model file thumbnails for Windows Explorer https://ift.tt/cZ0dBzA
Show HN: 3D model file thumbnails for Windows Explorer https://ift.tt/7Eopkdu April 9, 2022 at 11:05AM
Google Removes Dangerous Banking Malware From Play Store
SharkBot was hidden in apps masquerading as antivirus tools.
Show HN: Relevanto (beta) – I curate the relevant web https://ift.tt/cNHh6RG
Show HN: Relevanto (beta) – I curate the relevant web Hi! This is Alex Dragusin and lately I've been working on Relevanto where I look for and save the best of the web. I literally search through search engines for the best of everything (yes, lots of site:reddit.com in there and so on), check it out if it's legit (I search for reputational data like reviews etc) save it, categorize it and list it on Relevanto. I have a knack for curation and organization so I am putting my skills to, hopefully good use. This, at this point is intended for a global audience, stuff that make sense for most people. I got fed up with Google and other search engines results being filled with too many results that are not really useful and I hope Relevanto will eventually be a gateway for most of the stuffs I do on the web, leaving the search engines for more specific stuffs - to use them as an option rather than primary way. Love speed and privacy. I am big on privacy thus no tracking and the usual nonsense. The site is static and managed by a backend I created through which I manage the sites in the database. The static exporter is written in PHP. Nothing too fancy. I am constantly adding, adjusting and since it's beta, many more categories are coming up. In the works: *apart from the highlighter, a similar function that will filter all the sites by [keyword], that is, show only what contain [keyword], hide everything else. *dedicated pages, for example Music, on this page there will be all about music from links to websites for consumption to tools of creation to news and so on. Monetization: Will monetize in 2 ways, one by having a Marketplace page (the only place for ads, no ads on other parts of the site as long as I am at the helm), where one can advertise their service/product/company for a consistent fee (aka high barrier of entry) while abiding by strict guidelines (Money is good but not at the expense of my visitors!) and second by patronages taken through Patreon or other provider. That's it, the goal is not endless growth at the expense of the users but to provide value, real value! This is the future of the web, the relevant web! Thank you and hope to have you along for the ride. https://ift.tt/9myfhdN April 8, 2022 at 09:39PM
Google Removes Dangerous Banking Malware From Play Store
SharkBot was hidden in apps masquerading as antivirus tools.
source https://www.darkreading.com/endpoint/google-removes-dangerous-banking-malware-from-play-store
source https://www.darkreading.com/endpoint/google-removes-dangerous-banking-malware-from-play-store
Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine
The operation aimed to disrupt cyber espionage activity a Russian GRU group was using for the Ukraine war.
Friday, April 8, 2022
Mandiant to Use CrowdStrike Technology in Its Incident Response Services
Collaboration between the two firms will help organizations better identify and protect against complexity cyberthreats, chief executives from both companies said.
source https://www.darkreading.com/attacks-breaches/mandiant-will-use-crowdstrike-technology-for-incident-response-services
source https://www.darkreading.com/attacks-breaches/mandiant-will-use-crowdstrike-technology-for-incident-response-services
Mandiant to Use CrowdStrike Technology in Its Incident Response Services
Collaboration between the two firms will help organizations better identify and protect against complexity cyberthreats, chief executives from both companies said.
SeeMetrics to Help CISOs Measure Security Success
The company makes cybersecurity performance management software to quantify how well cyber-risk solutions are actually working.
Thursday, April 7, 2022
Eliminating Passwords: One Way Forward
Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.
Show HN: A puzzle game based purely on GitHub https://ift.tt/Pvbkr1m
Show HN: A puzzle game based purely on GitHub All you need is some logic, and some basic knowledge of GitHub! https://ift.tt/zlogQe4 April 7, 2022 at 12:25AM
Show HN: I built a tool to aggregate your investments and follow other investors https://ift.tt/deVSPY3
Show HN: I built a tool to aggregate your investments and follow other investors Hi HN! Over the past year, we’ve been building Wealthly ( https://wealthly.com ), a tool to help you aggregate all your investments, and a community of investors who are sharing their portfolios and knowledge. I started working on this idea because I had two personal frustrations: 1. I had a few different brokerage accounts, some retirement accounts, and a little crypto all in different places. It was hard to get a glance of everything I had. I tried all the products in the market, and they all had various issues (poor data quality, constant disconnect, didn’t support options, etc) 2. I learned a great deal about investing from other people online, but I always wanted to see where people actually put their money. I needed the transparency because it gave me a sense of comfort and trust We’ve slowly built up a small group of users who have connected close to $18M of live assets. We’re hoping that the HN community will find a tool and a community like this useful! I think whenever a product like this shows up, the number one thing people get most concerned with is always security and are you scraping brokerages for data. Unfortunately we don’t have a magic bullet around this issue in the US. We use the brokerages’ official OAuth APIs whenever we can, and resort to scraping when we’re forced to with no other solutions. To address the security and privacy concerns people have, we are also thinking about open sourcing our connectors, and creating a desktop app where all your data is stored locally instead of in the cloud. We haven’t opened up sign ups yet, but you can join with this invite link: https://ift.tt/LTiJRSb . Would love to hear any feedback! This is my personal portfolio: https://ift.tt/x83zUWn https://ift.tt/I9CqY1n April 6, 2022 at 11:02PM
Wednesday, April 6, 2022
Developers Increasingly Prioritize Secure Coding
But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.
source https://www.darkreading.com/application-security/developers-increasingly-prioritize-secure-coding
source https://www.darkreading.com/application-security/developers-increasingly-prioritize-secure-coding
Developers Increasingly Prioritize Secure Coding
But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.
'Human Behavior' Security Startup Nets $7M in Seed
Nudge Security plans a general launch of its cloud-based service later this year.
source https://www.darkreading.com/remote-workforce/-human-behavior-security-startup-nets-7m-in-seed
source https://www.darkreading.com/remote-workforce/-human-behavior-security-startup-nets-7m-in-seed
'Human Behavior' Security Startup Nets $7M in Seed
Nudge Security plans a general launch of its cloud-based service later this year.
Show HN: Firecracker Lab – Build a microVM from a container image https://ift.tt/VUQCkhg
Show HN: Firecracker Lab – Build a microVM from a container image https://ift.tt/FXvmxoE April 5, 2022 at 11:08PM
Tuesday, April 5, 2022
Show HN: OpenPIL AI – open-source NLP Python package to compile drug databases https://ift.tt/1Omr6c5
Show HN: OpenPIL AI – open-source NLP Python package to compile drug databases https://ift.tt/eKfbFrc April 5, 2022 at 01:53AM
Millions of Installations Potentially Vulnerable to Spring Framework Flaw
Internet scan indicates hundreds of thousands of vulnerable installations, while data from the major Java repository suggests millions, firms say.
source https://www.darkreading.com/application-security/vulnerable-spring-framework-instances-estimated-at-possibly-millions
source https://www.darkreading.com/application-security/vulnerable-spring-framework-instances-estimated-at-possibly-millions
How Do I Decide Whether to Buy or Build in Security?
To build or buy — that is the question. Security teams have to consider maintenance costs and compliance questions when they go down the build-it-yourself path.
Monday, April 4, 2022
Show HN: CRDTs+WASM for local-first, collaborative note-taking in the browser https://ift.tt/OEqMCYj
Show HN: CRDTs+WASM for local-first, collaborative note-taking in the browser https://fuzzynote.xyz April 4, 2022 at 11:25AM
Show HN: An ever-growing collection of developer blogs https://ift.tt/zBiUthb
Show HN: An ever-growing collection of developer blogs https://ift.tt/ndvoHzh April 4, 2022 at 07:47AM
Show HN: Traindle, the Sydney train game – Make four numbers equal 10 in order https://ift.tt/k6Syltb
Show HN: Traindle, the Sydney train game – Make four numbers equal 10 in order https://ift.tt/xZ9JKNf April 3, 2022 at 11:53PM
Show HN: A CLI tool that analyzes with PMD and posts findings as GitHub comments https://ift.tt/Iu9qhmV
Show HN: A CLI tool that analyzes with PMD and posts findings as GitHub comments https://ift.tt/tjcHFDE April 4, 2022 at 12:32AM
Show HN: Txtai – SQL-driven semantic search with machine learning functions https://ift.tt/EvkPZRt
Show HN: Txtai – SQL-driven semantic search with machine learning functions https://ift.tt/RAsDPkt April 4, 2022 at 12:11AM
Sunday, April 3, 2022
Show HN: A clicker game about the future https://ift.tt/5IvLdTs
Show HN: A clicker game about the future This was supposed to be submitted to a game jam a few months ago, but I ended up missing the deadline. The theme of the jam was "the future". I recently tried to finish it. It's pretty unbalanced and after a certain point it gets impossible to progress, but maybe someone will find it interesting. This is written in C++ and built for the web with emscripten. Link to the source is on the page. The repository also has a Qt-based editor for the tech tree. https://ift.tt/jxetiGq April 3, 2022 at 07:28AM
Show HN: Fusio 3.0 released – open-source, self hosted API management platform https://ift.tt/eQorUWj
Show HN: Fusio 3.0 released – open-source, self hosted API management platform https://ift.tt/Llj2JXR April 3, 2022 at 11:45AM
Show HN: Yaade – An open-source, self-hosted, collaborative API dev environment https://ift.tt/4yQiOD3
Show HN: Yaade – An open-source, self-hosted, collaborative API dev environment https://ift.tt/f63Tk02 April 3, 2022 at 11:23AM
Show HN: NFT floor price alerts, watchlist and portfolio – Coinwink NFT https://ift.tt/Et1meZl
Show HN: NFT floor price alerts, watchlist and portfolio – Coinwink NFT https://ift.tt/nvimDLb April 3, 2022 at 06:31AM
Show HN: I built a Wi-Fi 6 survey kit to see how common it was in my area https://ift.tt/be8UFxE
Show HN: I built a Wi-Fi 6 survey kit to see how common it was in my area https://ift.tt/LjHxGyO April 3, 2022 at 12:47AM
Show HN: I introduced link sharing to Gmail https://ift.tt/MIgkVO3
Show HN: I introduced link sharing to Gmail https://mailie.app/ April 3, 2022 at 12:45AM
Saturday, April 2, 2022
Show HN: Snabl – a practical embedded Lisp in C++ https://ift.tt/Ft56lGv
Show HN: Snabl – a practical embedded Lisp in C++ https://ift.tt/Upj5HRe April 2, 2022 at 03:31AM
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
Show HN: I Made a Node Based Image Processing App https://ift.tt/vBnpf7T
Show HN: I Made a Node Based Image Processing App https://batchnode.com April 1, 2022 at 11:07PM
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
source https://www.darkreading.com/vulnerabilities-threats/apple-s-zero-day-woes-continue
source https://www.darkreading.com/vulnerabilities-threats/apple-s-zero-day-woes-continue
Show HN: An online learning platform but for traders https://ift.tt/4zumUSG
Show HN: An online learning platform but for traders https://ift.tt/CpI0URm April 1, 2022 at 11:17PM
Subscribe to:
Posts (Atom)