frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Python Only Has One Real Competitor

https://mccue.dev/pages/2-6-26-python-competitor
1•dragandj•1m ago•0 comments

Tmux to Zellij (and Back)

https://www.mauriciopoppe.com/notes/tmux-to-zellij/
1•maurizzzio•1m ago•1 comments

Ask HN: How are you using specialized agents to accelerate your work?

1•otterley•3m ago•0 comments

Passing user_id through 6 services? OTel Baggage fixes this

https://signoz.io/blog/otel-baggage/
1•pranay01•3m ago•0 comments

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

https://davmail.sourceforge.net/
1•todsacerdoti•4m ago•0 comments

Visual data modelling in the browser (open source)

https://github.com/sqlmodel/sqlmodel
1•Sean766•6m ago•0 comments

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

https://github.com/chinonsochikelue/tharos
1•fluantix•7m ago•0 comments

Oddly Simple GUI Programs

https://simonsafar.com/2024/win32_lights/
1•MaximilianEmel•7m ago•0 comments

The New Playbook for Leaders [pdf]

https://www.ibli.com/IBLI%20OnePagers%20The%20Plays%20Summarized.pdf
1•mooreds•7m ago•0 comments

Interactive Unboxing of J Dilla's Donuts

https://donuts20.vercel.app
1•sngahane•9m ago•0 comments

OneCourt helps blind and low-vision fans to track Super Bowl live

https://www.dezeen.com/2026/02/06/onecourt-tactile-device-super-bowl-blind-low-vision-fans/
1•gaws•11m ago•0 comments

Rudolf Vrba

https://en.wikipedia.org/wiki/Rudolf_Vrba
1•mooreds•11m ago•0 comments

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

https://www.medpagetoday.com/neurology/autism/119747
1•paulpauper•12m ago•0 comments

Wellness Hotels Discovery Application

https://aurio.place/
1•cherrylinedev•13m ago•1 comments

NASA delays moon rocket launch by a month after fuel leaks during test

https://www.theguardian.com/science/2026/feb/03/nasa-delays-moon-rocket-launch-month-fuel-leaks-a...
1•mooreds•13m ago•0 comments

Sebastian Galiani on the Marginal Revolution

https://marginalrevolution.com/marginalrevolution/2026/02/sebastian-galiani-on-the-marginal-revol...
2•paulpauper•17m ago•0 comments

Ask HN: Are we at the point where software can improve itself?

1•ManuelKiessling•17m ago•0 comments

Binance Gives Trump Family's Crypto Firm a Leg Up

https://www.nytimes.com/2026/02/07/business/binance-trump-crypto.html
1•paulpauper•17m ago•0 comments

Reverse engineering Chinese 'shit-program' for absolute glory: R/ClaudeCode

https://old.reddit.com/r/ClaudeCode/comments/1qy5l0n/reverse_engineering_chinese_shitprogram_for/
1•edward•17m ago•0 comments

Indian Culture

https://indianculture.gov.in/
1•saikatsg•20m ago•0 comments

Show HN: Maravel-Framework 10.61 prevents circular dependency

https://marius-ciclistu.medium.com/maravel-framework-10-61-0-prevents-circular-dependency-cdb5d25...
1•marius-ciclistu•20m ago•0 comments

The age of a treacherous, falling dollar

https://www.economist.com/leaders/2026/02/05/the-age-of-a-treacherous-falling-dollar
2•stopbulying•20m ago•0 comments

Ask HN: AI Generated Diagrams

1•voidhorse•23m ago•0 comments

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

https://www.windowscentral.com/microsoft/windows-11/windows-locked-me-out-of-notepad-is-the-thin-...
5•josephcsible•23m ago•1 comments

Show HN: A delightful Mac app to vibe code beautiful iOS apps

https://milq.ai/hacker-news
6•jdjuwadi•26m ago•1 comments

Show HN: Gemini Station – A local Chrome extension to organize AI chats

https://github.com/rajeshkumarblr/gemini_station
1•rajeshkumar_dev•26m ago•0 comments

Welfare states build financial markets through social policy design

https://theloop.ecpr.eu/its-not-finance-its-your-pensions/
2•kome•30m ago•0 comments

Market orientation and national homicide rates

https://onlinelibrary.wiley.com/doi/10.1111/1745-9125.70023
4•PaulHoule•30m ago•0 comments

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

https://www.cbsnews.com/news/california-death-cap-mushrooms-poisonings-liver-transplants/
1•rolph•31m ago•0 comments

Matthew Shulman, co-creator of Intellisense, died 2019 March 22

https://www.capenews.net/falmouth/obituaries/matthew-a-shulman/article_33af6330-4f52-5f69-a9ff-58...
3•canucker2016•32m ago•1 comments
Open in hackernews

Ask HN: Prevent Secrets from Committing to Repos

7•abhijais1•7mo ago
Hey I have been working on a solution to prevent secrets from committing to VCS repos, so far have prevented 10+ AWS keys from accidentally being committed. Github has an offering but it's very costly for our team. Does anyone of you want to try out ?

Comments

scarface_74•7mo ago
Why are AWS keys anywhere near your code in the first place?

For instance in Python, you initialize an object using

    boto3.client(“s3”)
When you use IAM identity center, you get temporary access keys which you assign to environment variables and the keys are automatically picked up.

Even if you use “aws configure” and have long lasting keys (don’t do that), your keys will be stored in your home directory, nowhere near your repository and still usable locally.

When running your code on AWS, whatever you are using to run it on will get permission from the IAM role attached to the Lambda, EC2, etc.

muzani•7mo ago
It tends to happen more on front end I think, especially since it's in the tutorial and many haven't been given the training on what to do better. Not really AWS, but even the trained ones will put it in a .local.properties file or something and then forget to add it to gitignore
SlightlyLeftPad•7mo ago
You really just need to not forget to do that. Isn’t it that simple?

A less snarky answer, and why AWS is largely a non issue these days is because the secrets were designed out of code And are effectively provided as an integral part of the infrastructure which includes regular and reliable expiration and rotation. So any chance you get, design secrets in this way.

The only thing ever in code are references to the correct roles or secrets. Only ever references to the location of the secret. Get in the habit of this and the problem is drastically reduced and becomes something you don’t have to think about.

abhijais1•7mo ago
In a ideal world yes developers should care about these issues but developers need access to AWS keys to locally test integration with AWS services like SQS and Dynamo so access to micro service keys needs to be provided.

The problem occurs when they forget and commit, that key needs to be rotated which has caused downtimes in the past, or scrubbed which involves a messy fight with VCS support teams.

The problem is not just AWS, in general for third party integrations with platform like banks developers needs to test locally but they forget removing those keys. Each keys committed is a potential SOC2 / PCI non-compliance avenue.

scarface_74•7mo ago
You never need to have your access keys in your repository or read them explicitly from any properties file. The SDK will automatically get the keys from your home directory when you run your code.
scarface_74•7mo ago
There is no sample code from AWS that has you read access keys in your code from a .local file. The SDK automatically picks it up from your local environment when you run AWS configure to store them in your home directory or better when you get temporary credentials via the IAM identity center and store them in environment variables
2rsf•7mo ago
perplexity offered me those:

https://github.com/awslabs/git-secrets

https://www.infracloud.io/blogs/prevent-secret-leaks-in-repo...

https://www.reddit.com/r/git/comments/1h1r0ep/best_practices...

In addition GitGuardian cost something around $220/year per developer which is not too bad

cwinq•7mo ago
How big is your team? GitGuardian is free for team below 25 dev. And it will make sure secrets don't make it to your code and highlight any historical leaks too.
austin-cheney•7mo ago
The easy but less secure solution:

Store all secrets in one file WITHIN your local repo and add that one secrets file to something like a .gitignore file. Then validate the file is excluded using git status.

The more secure solution is to store all secrets within a secrets vault and access that vault from application logic on application restart, provided the application is a service that rarely restarts.

scarface_74•7mo ago
No that’s not more secure. You never need to read your secrets for AWS into your code. Your secrets never need to be anywhere near your repository in a vault nothing.

The SDK will pick them up from your local computers home directory or from the AWS environment when running on AWS.

joshstrange•7mo ago
I’m a little confused, is this mostly for public repos? Because for internal repos you’ll catch it in code review and then just revoke the creds?
abhijais1•7mo ago
Revoking crews is not easy in general
ChrisGermano•7mo ago
My team has faced issues like this and other than ensuring any secrets are removed from your code and stored in a .gitignore'd config file (if you really need them to live so close to the codebase in the first place), you need to prioritize that everything goes through proper PRs, privacy/access is properly configured, and any compromised secrets are rotated immediately. We have some tools like Snyk and Trufflehog but even those don't catch a lot of things - human review is best.
maxcomperatore•7mo ago
1) secrets in code are a symptom of broken dev culture not just tooling. fix the culture first, train devs early on using environment variables and iam roles. make secrets invisible to code.

2( relying on gitignore or vaults alone is band-aid. sdk picks up creds from environment or home dir automatically if you use aws properly.

3) automate secret scans in ci but dont trust them blindly, human reviews and rotating keys asap is still critical.

4) biggest risk is devs rushing and skipping processes, so build workflows that make mistakes obvious and costly to push.

5) at scale, even perfect tech fails without good process + education. focus there and tools become backup not main defense.

this mindset saves time and downtime. secrets leaks cost more than any fancy tool subscription.