Hey I'm Scotty - a full stack Software Engineer looking to work on exciting, challenging, and impactful products based in Europe. For the past few years I've been remote contracting for various US startups and have worked on products with millions of users. I like to work on all parts of the stack from creating rich interactive frontends, to wiring up an API layer, to working on data heavy backend processes. Check out my website to see examples of projects I've worked on. I'm an English native speaker who's recently moved to Europe and I’m looking to work with a larger team and on a more established product. If that sounds like you then please get in touch!
With all the hype around AI I'm sure people are trying out all sorts of products that could have vulnerabilities like this. For example, imagine a recruiter hooks up an AI product to auto-read their LinkedIn messages and evaluate candidates. An attacker would just have to contact them, get the AI to read something of theirs, and this prompt attack could expose private information about the recruiter and/or company. The attacker would just need the recruiter to view the image (or better yet, have the service prefetch the image) to expose the data.
I've been gradually improving my dev setup security over the past few months based on continuous reports like this. Here are things I'm trying out to improve my setup:
- Use VSCode dev containers for development [1a]. Once you've created one once then they're quite easy to use and you don't need much Docker knowledge - it just needs to be installed. It's perfect for spinning up web/console apps but I had trouble with other stuff like Flutter and Electron.
- Similarly I got familiar with GitHub Codespaces for smaller projects [1b]. I've done live coding in an interview before (where I had to modify a simple Node project) and I would absolutely use containers/codespaces for anything like that these days [2]. You can spin one up straight from any GitHub repo page and they're easy to work with.
- Read the OWASP guidelines regularly for things like npm, Node, and Docker best practises. e.g. for Docker use the smallest image you can (Alpine) and use explicit Docker image tags [3].
- Review npm/python packages before installing them using socket.dev - it shows a full dependency security overview for things like env variable access, network calls, supply chain attacks, recent code ownership changes etc. You can also disable postinstall scripts globally as suggested by OWASP [4].
I had the same problem and didn't want to keep all of my eggs in the same basket, plus I lost faith in these backup apps after Google Auth lost user codes at some point.
I decided to create a private backup which I control and so I built a client-side web app that encrypts QR codes (like 2FA codes). It was inspired by a similar CLI based project I saw here on HN. I still use Authy (for now) but now I have encrypted images that I can decrypt and rescan easily. And since they're just images I saved them in various places and even printed out copies should I lose my phone or Authy access.
To 'migrate' my codes out of Authy I just went through each site and regenerated the codes (plus encrypted them). It's annoying that they force you to do this but doesn't take too long.
I'm still polishing it up but it works well and I would love some feedback if there's anyone who finds it useful - https://encrypt-qr-codes.netlify.app/
Everything is generated through a config file which you can completely customise. So you could literally change the colour of bg-white if you wanted to.
It's part of the selling point, that config file becomes your design system. They provide a decent one but you are free to overhaul it as you see fit. It works really well.
Yeah I had the same issue and have been following the Typescript thread on GH for a while now [1]. But I agree, I actually like using untyped JS for development.
What I do now is throw a "tsc --noEmit" call before tests/prod build to type everything before parcel runs. Works well enough.
I made yet another COVID-19 tracker, but it features some things I haven't seen elsewhere. Specifically it allows you to compare 2 countries and scrub data back in time to see how the virus spreads.
Well the virus situation has changed things a bit. For instance I have some travel centric ideas which wouldn't be worth trying at the moment. I didn't plan on making the game but figured the situation would make my game a more viable option.
Anyway I've got a bunch, some include:
- a UI mocking tool using your website rather than an app. It something I've partially built that's great for dev specs, rapid prototyping, even marketing.
- A graphic design tool which takes a bunch of icons and generates certain types of collage beautifully and easily. They're a pain to make manually but I see the style used often.
- An idea generation and collaboration tool.
- A tinder-like job searching app with a fun twist.
- Even a funny bong design.
I'll come up with more and re-evaluate as I go. And they'll be under one legal structure for the time being.
Hey thanks for the reply! You make some valid points.
Regarding my previous Reddit account the user is 'kangabru'. I now notice that it's not visible despite the fact I can still log in - I guess it's definitely banned. What happened was that I posted a link [1] which is a splash page for one of my open source tools. It didn't receive replies, I checked if it was shadow banned, and the bot said yes. So I wasn't trying to hide anything, it just there's nothing there. I'm not sure why it was banned but I guess it was flagged as spam since my username matched the domain.
Regarding the game aspect there's a sister post which goes into the design of the game [2]. You make a great point though, I should make it fun for me too. I'm exicted for the 'zen' mode feature since that's something I'll definitely use. I'll keep that in mind as I work on it this month.
Remote: Remote/Hybrid/Office
Willing to relocate: No
Technologies: Typescript, Javascript, React, Node.js, Next.js, C#, Python, Django, Java, PostgresSQL, AWS, CSS, Tailwind
Résumé/CV: https://scottgibbs.me/resume
Email: Please see resume
Hey I'm Scotty - a full stack Software Engineer looking to work on exciting, challenging, and impactful products based in Europe. For the past few years I've been remote contracting for various US startups and have worked on products with millions of users. I like to work on all parts of the stack from creating rich interactive frontends, to wiring up an API layer, to working on data heavy backend processes. Check out my website to see examples of projects I've worked on. I'm an English native speaker who's recently moved to Europe and I’m looking to work with a larger team and on a more established product. If that sounds like you then please get in touch!