Hey! Config.ly Co-founder here. I agree that utilizing a database/S3 or rolling your own lightweight version is a big competitor to Configly. I'm not sure if you saw it, but I tried to highlight some of the reasons we think Config.ly is more effective over a DB for certain usage patterns in the intro note [1]
> Databases can do this but often aren’t used that way for good reasons (they can be cumbersome to wire-up, there are scale concerns about adding extra load to your DB, it’s risky to touch a production database, etc).
I can think of other benefits; you generally don't want really anyone touching your prod DB directly -- but _especially_ non engineers. So what if they want to update copy? You could build or leverage a web UI... but now you're going down the path of building Config.ly. You also don't get version history for free with most databases. And once a value is in the database, you also need to worry about the middle layer of getting that value to your clients and having your clients fetch it intelligently/caching, etc.
all the comments here are getting hung up on the encryption.
me, personally, i think you did a hell of a job with this. personally i'm not going to be sharing any launch codes with my spouse, so i could care less about how industry standard and unbreakable the encryption is, but for account based credentials like netflix and spotify, this is great.
also, the landing page is spot on showcasing what this app is and how easy it is to share with others. take a bow dude and i wish you some good fortune.
Netflix yeah but how many bank passwords are going in there?
Consider there are at least three copies of the data at rest: on each member's phone and more seriously, assuming also on OP's server. How long until the whole database gets breached and shows up on PasteBin?
Then as another thread mentioned, it's trivial to brute force the whole heap of vaults trynig 4-digit PINs and then look for treasure.
Hi imglorp - we don't save your passwords on our servers when you save them. It is only stored on your own device, encrypted. If you choose not to share, it will never leave your phone. When sharing, we use end-to-end encryption. When sharing, we only store the encrypted version of the shared content until it is received by the recipient (or 30 days whichever comes first). This is similar to the technique WhatsApp follows.
Yea but you can also just use Open-Source bitwarden and either self-host, use free-tier for personal use or buy their service for 10$/year and it also enables sharing credentials.
honestly... how was this even a thing? i never got the appeal or the concept to wanting to watch my own TV from a device. i mean... do people actually miss their local programming that much when they are away?
It's somewhat common for ex-pats to have one of these devices hosted in their home country (at one of their places or at a friends) to watch some of the local programming (typically sports as most everything else can be found fairly easily online).
Exactly, for an expat the Slingbox was perfect (well, the idea was, the actual thing was buggy, but...). You had full control of the cable box, so you could still record shows, timeshift, watch on demand, etc. Plus it only cost about $100 with no monthly fees so it was better deal than "renting" multiple TV series.
I have an HD Homerun and Plex. I've used this setup numerous times to stream college football games that were broadcast OTA when I was away from home for one reason or another.
Yes? It was a fairly recent development that all sports leagues had games online, and even then it requires a fairly steep fee. Perhaps you want to watch local news or are used to seeing a program at a certain time. There's nothing wrong with the service, per se, but the fact that it leans on outside servers does set it up for this problem.
google dorking or using shodan can find things like this extremely easily. personally i don't do this sort of crap cause i don't need any legal problems, but it's good to know so you can do it against your own sites to see if you're exposing anything by accident like these dudes did.
it looks like they have already taken the source code down, which sucks cause i would have LOVED to look at it. github has some of the smartest developers in the world working for them and i would love to pour over the code and see the thought process involved in creating the github backend.
i agree with you... now show them your support by sending them a blank check for their legal fees. oh... i'm sorry... did i offend HN, strike a nerve and become a troll?
no i did not. i am demonstrating that most people on this site haven't the slightest clue what they are talking about.
it costs money and time to fight something and companies have something called a risk management department that decides whether it is worth the risk to fight or comply.
github knows that getting into a heated legal battle is going to cost alot, especially going up against the deep pockets of the RIAA. not saying that github and microsoft don't have deep pockets, but that this _will_ become an expensive battle to fight and defending a grey area open source project isn't worth the time nor the money.
it costs money and time to fight something and companies have something called a risk management department that decides whether it is worth the risk to fight or comply
Genuine question: why? The police won't get involved in a civil matter, only a criminal one. So what happens if you just ignore the other side's lawyers?
> So what happens if you just ignore the other side's lawyers?
IAN[even_close_to_being]AL but I'm fairly sure this would result in a default judgment. At least it does in civil cases between citizens (in the US) and corporations- when a company files with the court clerk, a complaint ("you've been served" kind of thing) is issued to the defendant and they typically have 21 days to respond by filing their own motion with the clerk. If they ignore this or never actually receive this, a hearing is scheduled where a court date is decided, which the court will attempt to communicate to the defendant if they didn't show up to the hearing. The court date will come and go, and if the defendant is still ignoring the situation, the judge assumes there's no contest and will issue a default judgment against the defendant. In the case of corporations vs citizens, this is when damages/fines are accessed and wage garnishment notices get issued. Garnishments (and the corporate equivalent of fines) are no joke- corporate accountants take them extremely seriously because of the penalties for failing to carry them out: if they don't, the company's assets can get seized, accounts can get raided (depending on the type of case [medical and taxes are two large categories] and the plaintiff), and fines get levied and even increase. I imagine it's the same way with default judgments against corporations, but again, I'm no lawyer- just a guy musing about corporate civil suits based on citizen civil suits.
either cancel the card you used, call the bank and have them disallow the charge to the card or issue a charge back. don't ever feel that a company leaves you no choice in paying them.
that's the key to this whole things, is that you have to stick with it for at least 4 weeks. i know quite a few people who have tried IF and rarely do they make it through the first week without cheating (including myself when i first started). IF is one of _the_ best ways to lost weight in my opinion (second only to hot yoga), but the key is that you have to very regime with it and follow it precisely in order to get the benefits. you cannot have _any_ calories what so ever in order to trigger the fast response of the body. even taking vitamins or protein powders breaks the fast. also most non-calorie drinks do contain calories just not in a single serving (which is VERY deceptive), so the best things to drink is just plain cold water through out the day.
