Show HN: Coder Guard – Protect Your IDE from Malicious Extensions There is a growing problem with VSCode extensions: - they're not sandboxed (yet) - just like double-clicking an .exe file - they don't have a permission model - they auto update - they have built-in persistence - they are installed on developer machines with high-value credentials The recent CircleCI and LastPass incidents were both suspected to originate from a compromised developer machine - which is becoming every organization's Achilles heel in terms of cyber posture So I've been working on a way to help mitigate some of these risks Right now, only an MVP of a "CLI" is available: $ code --list-extensions --show-versions | curl --data-binary @- https://ift.tt/CR5N6uV Which will list your installed extensions with some enriched information to vet their trustfulness But much more detailed threat intel will be shown in the upcoming website and extension, including - Behavioural data gathered from running the extension on an instrumented sandbox environment - The ability to define policies to allow or block extension installs/updates, based on your specific risk appetite For updates, sign up at https://coderguard.io or follow https://twitter.com/coderguard The reason I'm posting this now is because I'd like to get some feedback in order to course-correct to make sure what I build actually solves people's problems I'd be happy to read any comments, or answer any questions January 26, 2023 at 12:49PM
Show HN: Tape It, iOS recording app for musicians Hello HN, Over the last 15 months, two friends and I developed the music recording app we felt we wanted based on our own needs as musicians. It's called Tape It [1] and has just recently hit the Apple App Store [2]. We put a lot of effort into a good UX to help musicians really focus on playing their instrument instead of pretending to be a recording engineer. The app records in stereo on newer iPhones (although that's a premium feature; the free version only records in standard mono audio quality). I would be really grateful for advice from this community on how to best approach marketing. We had a great TechCrunch article covering our launch [3], and we posted it on various music websites. Turns out advertising on Google or Apple Search is a dark art, though. We have some good ideas for developing a good social media presence, but they will take time. Please hit us with feedback, opinions and advice that you think a young ind...
Comments