Hacker Newsnew | past | comments | ask | show | jobs | submit | efortis's commentslogin

  man security
on FreeBSD

https://man.freebsd.org/cgi/man.cgi?query=security

reply


  Location: Puerto Rico

  Remote: Yes

  Willing to relocate: Yes

  Technologies: React, Three, JS, TS, CSS, HTML

  Résumé/CV: https://ericfortis.com

  Email: efortis@gmail.com


A two-server networking setup with VNET Jails:

https://ericfortis.com/blog/freebsd-jails-network-setup


I just refactored my colors to use the light-dark function:

https://github.com/ericfortis/mockaton/commit/acf21803480412...

…and it deduplicated autocomplete suggestions in WebStorm


I’ve used (and wrote) https://mockaton.com for this. It has a browser extension, which downloads all API responses in your flow.

then you can run mockaton with those mocks. you’ll manually have to anonymize sensitive parts though.

also, you can compile your Frontend(s) and copy their assets, so yo can deploy a standalone demo server. see the last section of: https://mockaton.com/motivation

mocks don’t have to be fully static, it supports function mocks, which are http handlers.

for demoing, the dashboard has a feature for bulk selecting mocks by a comment tag.


Thanks for the Mockaton suggestion! I like the API mocking approach - that handles the backend data cleanly.

The challenge I kept running into was the frontend side during live screen shares. Even with mocked APIs, I'd have credentials visible in browser tabs, notifications popping up with client names, or sidebar elements showing sensitive info.

Did you find Mockaton solved the full screen-share exposure problem, or did you combine it with other approaches?


I’d need more details, but here are few guesses:

1. If Frontend is directly fetching from a third-party API. Maybe, you could add an env var with the base URL, so it points to the mock server.

2. If it’s a third-party auth service

2a. If the auth service sets a cookie with a JWT, you could inject that cookie with Mockaton like this: https://github.com/ericfortis/mockaton/blob/354d97d6ea42088b...

2b. If it doesn't set a cookie (some SSO providers set it in `sessionStorage`), and assuming it’s a React app with an <AuthProvider>, you might need to refactor the entry component (<App/>) so you can bypass it. e.g.:

  SKIP_AUTH // env var
   ? <MyApp/> 
   : <AuthProvider><MyApp/></AuthProvider>
Then, instead of using the 3rd party hook directly (e.g., useAuth). Create a custom hook, that fallbacks to a mocked obj when there's no AuthContext. Something like:

  function useUser() {
    const context = useContext(AuthContext)

    if (!context) 
      return {
       id_token: 'aa',
       profile: { name: 'John' }
      }

    return {
      id_token: context.id_token ?? '',
      profile: context.profile ?? {},
    } 
  }


Related. A few days ago I found two broken links that had `-` instead of `-`.

https://github.com/ericfortis/ericfortis/commit/88be84b77834...


Since this works

  const style = document.createElement('style')
  style.textContent = `* { font-family: Arial }`
  document.head.appendChild(style)
I'd say the `data:` URL of the font is violating the Content-Security-Policy, which should show an error in the Console.

Their CSP has `default-src 'self'` and has no font-src, so font-src is 'self' too (it would need `data:` as well)


A custom browser can set its own CSP, right?


CSP is inherently a client-side browser security feature, so yes.


Renamed the "Sign In" button on the website to "Launch App". That way there’s no need to check if the user is authenticated to show the username.

IOW, I can serve the website statically. So no iframe is needed for dynamic parts, or allowing the cookie from a subdomain on the www.


Prefetching critical API data on the index.html of an SPA instead of using SSR.

https://github.com/ericfortis/aot-fetch-demo


A set of Wera lasertip screwdrivers.

Or, a Knipex Cobra pair of pliers.


TIL Lasertip:

https://www.wera.de/en/tools/highlights-great-tools/lasertip...


I love my wera kraftform


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: