The best Hacker News stories from All from the past day
Latest posts:
The Federal Helium reserve is for sale
Show HN: Puck – Open-source visual editor for React
Hey hackers, OP here!<p>I've been dipping in and out of this problem space for the last few years with many of my clients.<p>Puck sits somewhere between an old-school WYSIWYG-powered CMS and headless one, allowing content teams to author content using real React components.<p>Traditional CMS solutions were flexible but often resulted in page that completely broke the brand guidelines. Headless CMS solutions are a fantastic way of controlling brand by restricting UI changes to developers, but makes layout changes restrictive and slow as developers often need to get involved.<p>Puck provides a visual editor for React that can sit on top of your existing headless CMS (or act as standalone). We've been dog-fooding it on a few pages at <a href="https://measured.co" rel="nofollow noreferrer">https://measured.co</a> and on <a href="https://wellpaid.io" rel="nofollow noreferrer">https://wellpaid.io</a>. So far, so good<p>The API is built for React, which allows FE devs to quickly integrate their existing component and add some form fields for author input, or connect it to a headless CMS of choice.<p>It's open-source under MIT, and pairs nicely with Next.js (check out the demo application). Next in the pipeline: support for multi-column layouts, richer demos, new plugins.<p>Looking forward to hearing your comments!
Oscilloscope watch ships after 10 years on Kickstarter
Android 14 blocks all modification of system certificates, even as root?
ZFS for Dummies
OpenTF repository is now public
Get a cable modem, go to jail (1999)
Ask HN: I’m an FCC Commissioner proposing regulation of IoT security updates
Hi everyone, I’m FCC Commissioner Nathan Simington, and I’m here to discuss security updates for IoT devices and how you can make a difference by filing comments with the FCC.<p>As you know, serious vulnerabilities are common in IoT, and it often takes too long for these to be patched on end-user devices—if the manufacturer even bothers to release an update, and if the device was even designed to receive them. Companies may stop supporting a device well before consumers have stopped using it. The support period is often not communicated at the time of sale. And sometimes the end of support is not even announced, leaving even informed users unsure whether their devices are still safe.<p>I’ve advocated for the FCC to require device manufacturers to support their devices with security updates for a reasonable amount of time [1]. I can't bring such a proposal to a vote since I’m not the chairman of the agency. But I was able to convince my colleagues to tentatively support something a little more moderate addressing this problem.<p>The FCC recently issued a Notice of Proposed Rulemaking [2] for a cybersecurity labeling program for connected devices. If they meet certain criteria for the security of their product, manufacturers can put an FCC cybersecurity label on it. I fought hard for one of these criteria to be the disclosure of how long the product will receive security updates. I hope that, besides arming consumers with better information, the commitments on this label (including the support period) will be legally enforceable in contract and tort lawsuits and under other laws. You can see my full statement here [3].<p>But it’s too early to declare victory. Many manufacturers oppose making any commitments about security updates, even voluntary ones. These manufacturers are heavily engaged at the FCC and represented by sophisticated regulatory lawyers. The FCC and White House are not likely to take a strong stand if they only hear the device manufacturer's side of the story.<p>In short, they need to hear from you. You have experienced insecure protocols, exposed private keys, and other atrocious security. You have seen these problems persist despite ample warning. People ask, ‘why aren’t there rules about these things?’ This is your chance to get on the record and tell us what you think the rules should be. If infosec doesn’t make this an issue, the general public will continue falsely assuming that everything is fine. But if you get on the record and the government fails to act, the evidence of this failure will be all over the Internet forever.<p>If you want to influence the process, you have until September 25th, 2023 (midnight ET) to file comments in the rulemaking proceeding.[4] Filing is easy: go to <a href="https://www.fcc.gov/ecfs/search/docket-detail/23-239" rel="nofollow noreferrer">https://www.fcc.gov/ecfs/search/docket-detail/23-239</a> and click to file either an ‘express’ comment (type into a textbox) or a ‘standard’ comment (upload a PDF). Either way, the FCC is required to consider your arguments. All options are on the table, so don’t hold back, but do make your arguments as clear as possible, so even lawyers can understand them. If you have a qualification (line of work, special degree, years of experience, etc.) that would bolster the credibility of your official comment, be sure to mention that, but the only necessary qualification is being an interested member of the public.<p>I’m here to listen and learn. AMA. Feel free to ask any questions about this or related issues, and I’ll answer as many as I can. I just ask that we try to stay on the topic of security. My legal advisor, Marco Peraza, a security-focused software engineer turned cybersecurity lawyer, will be answering questions too.
I’m open to incorporating your ideas (and even being convinced I’m wrong), and I hope that my colleagues at the FCC are as well. Thank you!<p>Edit: The Q&A is over now, but please keep this great discussion going without us. Thanks again everyone for your input. Don't forget to file comments if you want to make sure your arguments get considered by the full FCC.<p>[1] <a href="https://www.fcc.gov/document/simington-calls-mandatory-security-updates" rel="nofollow noreferrer">https://www.fcc.gov/document/simington-calls-mandatory-secur...</a><p>[2] <a href="https://www.fcc.gov/document/fcc-proposes-cybersecurity-labeling-program-smart-devices" rel="nofollow noreferrer">https://www.fcc.gov/document/fcc-proposes-cybersecurity-labe...</a><p>[3] <a href="https://www.fcc.gov/document/fcc-proposes-cybersecurity-labeling-program-smart-devices/simington-statement" rel="nofollow noreferrer">https://www.fcc.gov/document/fcc-proposes-cybersecurity-labe...</a><p>[4] If your comments are purely in response to arguments made in other comments, you have an extra 15 days, until October 10, 2023.
Ask HN: I’m an FCC Commissioner proposing regulation of IoT security updates
Hi everyone, I’m FCC Commissioner Nathan Simington, and I’m here to discuss security updates for IoT devices and how you can make a difference by filing comments with the FCC.<p>As you know, serious vulnerabilities are common in IoT, and it often takes too long for these to be patched on end-user devices—if the manufacturer even bothers to release an update, and if the device was even designed to receive them. Companies may stop supporting a device well before consumers have stopped using it. The support period is often not communicated at the time of sale. And sometimes the end of support is not even announced, leaving even informed users unsure whether their devices are still safe.<p>I’ve advocated for the FCC to require device manufacturers to support their devices with security updates for a reasonable amount of time [1]. I can't bring such a proposal to a vote since I’m not the chairman of the agency. But I was able to convince my colleagues to tentatively support something a little more moderate addressing this problem.<p>The FCC recently issued a Notice of Proposed Rulemaking [2] for a cybersecurity labeling program for connected devices. If they meet certain criteria for the security of their product, manufacturers can put an FCC cybersecurity label on it. I fought hard for one of these criteria to be the disclosure of how long the product will receive security updates. I hope that, besides arming consumers with better information, the commitments on this label (including the support period) will be legally enforceable in contract and tort lawsuits and under other laws. You can see my full statement here [3].<p>But it’s too early to declare victory. Many manufacturers oppose making any commitments about security updates, even voluntary ones. These manufacturers are heavily engaged at the FCC and represented by sophisticated regulatory lawyers. The FCC and White House are not likely to take a strong stand if they only hear the device manufacturer's side of the story.<p>In short, they need to hear from you. You have experienced insecure protocols, exposed private keys, and other atrocious security. You have seen these problems persist despite ample warning. People ask, ‘why aren’t there rules about these things?’ This is your chance to get on the record and tell us what you think the rules should be. If infosec doesn’t make this an issue, the general public will continue falsely assuming that everything is fine. But if you get on the record and the government fails to act, the evidence of this failure will be all over the Internet forever.<p>If you want to influence the process, you have until September 25th, 2023 (midnight ET) to file comments in the rulemaking proceeding.[4] Filing is easy: go to <a href="https://www.fcc.gov/ecfs/search/docket-detail/23-239" rel="nofollow noreferrer">https://www.fcc.gov/ecfs/search/docket-detail/23-239</a> and click to file either an ‘express’ comment (type into a textbox) or a ‘standard’ comment (upload a PDF). Either way, the FCC is required to consider your arguments. All options are on the table, so don’t hold back, but do make your arguments as clear as possible, so even lawyers can understand them. If you have a qualification (line of work, special degree, years of experience, etc.) that would bolster the credibility of your official comment, be sure to mention that, but the only necessary qualification is being an interested member of the public.<p>I’m here to listen and learn. AMA. Feel free to ask any questions about this or related issues, and I’ll answer as many as I can. I just ask that we try to stay on the topic of security. My legal advisor, Marco Peraza, a security-focused software engineer turned cybersecurity lawyer, will be answering questions too.
I’m open to incorporating your ideas (and even being convinced I’m wrong), and I hope that my colleagues at the FCC are as well. Thank you!<p>Edit: The Q&A is over now, but please keep this great discussion going without us. Thanks again everyone for your input. Don't forget to file comments if you want to make sure your arguments get considered by the full FCC.<p>[1] <a href="https://www.fcc.gov/document/simington-calls-mandatory-security-updates" rel="nofollow noreferrer">https://www.fcc.gov/document/simington-calls-mandatory-secur...</a><p>[2] <a href="https://www.fcc.gov/document/fcc-proposes-cybersecurity-labeling-program-smart-devices" rel="nofollow noreferrer">https://www.fcc.gov/document/fcc-proposes-cybersecurity-labe...</a><p>[3] <a href="https://www.fcc.gov/document/fcc-proposes-cybersecurity-labeling-program-smart-devices/simington-statement" rel="nofollow noreferrer">https://www.fcc.gov/document/fcc-proposes-cybersecurity-labe...</a><p>[4] If your comments are purely in response to arguments made in other comments, you have an extra 15 days, until October 10, 2023.
When tech says ‘no’
Google preemptively banned hundreds of millions of 'pirate' URLs last year
Portal 64 – A demake of Portal for the Nintendo 64
Glove80 Ergonomic Keyboard
Sony sends copyright notices to TV Museum about shows 40 to 60 years old
Writing a C compiler in 500 lines of Python
Writing a C compiler in 500 lines of Python
Tidal energy is not renewable
VSCodium – Open-source binaries of VSCode
Sag-AFTRA votes unanimously to expand its strike to include the games industry
Harry Browne’s Rules of Financial Safety (1999)