alexbouchard (u/alexbouchard)

alexbouchard commented on The double standard of webhook security and API security speakeasy.com/blog/webhoo... · Posted by u/mfbx9da4

dcow · 3 months ago

> Signing requests does give extra security points, but why do we collectively place higher security requirements on webhook requests than API requests?

TFA is exploring the juxtaposition of signed web-hook requests vs bearer token api requests, both of which provide authentication but one of which is arguably superior and in common enough use to question why it hasn't become common practice at large.

To flip the question: if there aren’t meaningful benefits to signing requests, why don’t web-hooks just use bearer token authentication?

alexbouchard · 3 months ago

Some do; Gitlab, Otka, and Pipedrive come to mind. I think this is more about the expectations set over the last decade. If you do things differently, there's a need to justify it, and it's just perceived as less secure, regardless of whether it's true or not (the pros and cons are well articulated in the article).

alexbouchard commented on Show HN: Outpost – OSS infra for outbound webhooks and event destinations github.com/hookdeck/outpo... · Posted by u/alexbouchard

ksajadi · 4 months ago

Looks great! how is this different from your commercial offering (Hookdeck)?

alexbouchard · 4 months ago

I expect to have to answer that question a lot! Hookdeck is an event gateway, an unopinionated event log/message bus that operates over HTTP. It can be used to send webhooks, but 80%+ of use cases are for inbound webhooks (consumer side).

We think outbound is best served with an opinionated, purpose-built product, as the use case is very specific. The common feedback we got from event producers is that they are all annoyed by the complexity and costs of their current solution for sending webhooks. We think OSS / self-hosted is the solution to that. We drew from our experience handling 100 billion events, but also kept the scope to the table stakes to be highly efficient and simple to operate.

Event destinations' support is also crucial here because it means more efficient delivery with fewer errors, which can drastically reduce the overhead of event delivery.

alexbouchard commented on We're bringing Pebble back repebble.com/... · Posted by u/erohead

nym3r0s · 7 months ago

The primary use for a smartwatch for myself (and many of my family, friends) is fitness and health tracking. Card payments, notifications, WatchFaces etc. are all secondary.

Basically what Whoop is doing with their strap - but minus the subscription model. I know a ton of people who tried the whoop but felt it was extremely pricey and didn't have the accuracy of an apple watch.

I would be happy to pay ~$400-500 up front for hardware that integrates with Apple Health and provides solid, reliable health tracking without a need for a subscription.

And by health/fitness - features expected would be sleep tracking, activity (gps), heart rate, Sp02, skin temperature sensors, fall detection. Then secondarily - additional things like ECG/EKG, apnea, AFib detection

The in-accuracy of some of the devices in the market is why I still choose to remain with my Apple Watch.

This youtube channel may help understand a consumer's perspective on health accuracy - https://www.youtube.com/@TheQuantifiedScientist

alexbouchard · 7 months ago

From most watch market positioning I'd assume this to be true. However for me it's the exact opposite, the watch is a tool to cut phone use. All I care about is LTE and the minimum I need to get around the world. SMS, calls, WhatsApp, Gmaps. All existing decent looking watch have atrocious battery life to offer all the health features.

alexbouchard commented on Show HN: Self-Hostable Algolia DocSearch Replacement github.com/fastrepl/canar... · Posted by u/yujonglee

alexbouchard · a year ago

Been looking for something like this! Doc search just hasn't kept up with what's possible now and is such a hassle to get the indexing to work properly. Will try it out!

alexbouchard commented on Show HN: Hatchet – Open-source distributed task queue github.com/hatchet-dev/ha... · Posted by u/abelanger

jerrygenser · a year ago

Something I really like about some pub/sub systems is Push subscriptions. For example in GCP pub/sub you can have a "subscriber" that is not pulling events off the queue but instead is an http endpoint where events are pushed to.

The nice thing about this is that you can use a runtime like cloud run or lambda and allow that runtime to scale based on http requests and also scale to zero.

Setting up autoscaling for workers can be a little bit more finicky, e.g. in kubernetes you might set up KEDA autoscaling based on some queue depth metrics but these might need to be exported from rabbit.

I suppose you could have a setup where your daemon worker is making http requests and in that sense "push" to the place where jobs are actually running but this adds another level of complexity.

Is there any plan to support a push model where you can push jobs into http and some daemons that are holding the http connections opened?

alexbouchard · a year ago

The push queue model has major benefits has you mentioned. We've built Hookdeck (hookdeck.com) on that premise. I hope we see more projects adopt it.

alexbouchard commented on Brex’s Prompt Engineering Guide github.com/brexhq/prompt-... · Posted by u/appwiz

aledalgrande · 2 years ago

do you also get it to return responses in YAML?

alexbouchard · 2 years ago

Yes and then format it back to JSON

alexbouchard commented on Brex’s Prompt Engineering Guide github.com/brexhq/prompt-... · Posted by u/appwiz

alexbouchard · 2 years ago

YAML is just as effective at communicating data structure to the model while using ~50% less tokens. I now convert all my JSON to YAML before feeding it to GPT API's

alexbouchard commented on Ask HN: Who is hiring? (December 2022) · Posted by u/whoishiring

alexbouchard · 3 years ago

Hookdeck (https://hookdeck.com) | Product Eng, Growth Eng, Backend Eng | Full-Time | Remote (World)

Hookdeck is an infrastructure to consume webhooks simply & reliably. Incoming webhooks are challenging because they require a well-built (and often complex) asynchronous system. We help developers spend less building and troubleshooting issues with their webhooks to focus on their products instead. We offer a complete infrastructure to develop, test, receive, distribute and monitor webhooks and asynchronous events.

If you are looking to be part of a early stage team, fully leverage your knowledge & talent, have an impact on the product experience and implement features from scratch then this might be for you!

We are offering competitive compensation, generous stock options and liberty over your geo & schedule.

We are looking forward to hearing from you! Email me at alex@hookdeck.com

alexbouchard commented on Ask HN: Who is hiring? (April 2022) · Posted by u/whoishiring

alexbouchard · 3 years ago

Hookdeck (https://hookdeck.com) | Backend Eng, SRE, Product (Fullstack) Eng, Product Designer | Full-Time | Remote (World)

Hookdeck is an infrastructure to consume webhooks reliably. Incoming webhooks are challenging because they require a well-built (and often complex) asynchronous system. We help developers spend less building and troubleshooting issues with their webhooks to focus on their products instead. We offer a complete infrastructure to develop, test, receive, distribute and monitor webhooks and asynchronous events.

If you are looking to be part of an early (funded) team, fully leverage your knowledge & talent, have an impact, and work on hard scaling and concurrency challenges, this might be for you.

We are offering competitive compensation, generous stock options and liberty over your geo & schedule.

We are looking forward to hearing from you! Email me at alex@hookdeck.com