Hacker News: joshghent

New comment by joshghent in "AISLE Discovers 38 CVEs in OpenEMR Healthcare Software"

joshghent — Tue, 28 Apr 2026 18:20:31 +0000

Had exactly the same sort of experience using AI to audit a code base we inherited recently at $dayJob.

Spotted over 100 “security issue but after whittling them down via reproduction scripts and validating they were real CVE’s - that number was around 30.

Even so - it was a huge win and something we wouldn’t have spotted.

It’s something I’ve now codified into repowarden.dev

Show HN: RepoWarden – Autopilot for your GitHub dependency updates

joshghent — Thu, 09 Apr 2026 19:40:56 +0000

RepoWarden monitors your repos and opens PRs for dependency updates and security patches automatically. I got tired of manually managing Dependabot PRs across dozens of repos, so I built something that handles the whole lifecycle - from detecting outdated deps to opening well-described PRs.

I’ve taken a lot of care to ensure security of this app. Each “run” exists in a fresh container in cloudflare with its own network. And there are a myriad of protections against dependency poisoning and other attacks.

I’ve been dogfooding this app for about a month and has merged over 50 PR’s for me and found and fixed security issues for me.

Hope you find it useful :) Free for open source folk of course

Comments URL: https://news.ycombinator.com/item?id=47708725

Points: 3

# Comments: 0

Show HN: LoginLlama – behaviour-based login anomaly detection for small teams

joshghent — Fri, 02 Jan 2026 14:36:26 +0000

Hey HN

I recently rebuilt my microsaas Loginllama. It uses the same stack but I've made the API much much better and it's now a product I'm happy to promote.

As with most developers I hide behind building instead of marketing.

As this a developer focused product, this is me marketing! It's a product built in anger for myself when I had to implement a similar system for a number of clients. I released it as I assume that other people had the same problem.

There are SDK's available for Nodejs, PHP and Python. Auth0 and Wordpress integrations are coming soon.

Let me know what you think and if this is a product you would like/want to us. Any feedback is helpful.

Comments URL: https://news.ycombinator.com/item?id=46465142

Points: 2

# Comments: 0

New comment by joshghent in "Mikeal Rogers has died"

joshghent — Thu, 19 Jun 2025 06:50:13 +0000

How tragic. I only had the pleasure to work with Mikeal for a few months but always found his presence wise and humble. He consistently approached decisions with the kind of pragmatism that came from a wealth of experience. I hope his family and loved ones cope through this time.

Show HN: Bucketscan – Turn Key Anti-Virus for Cloud Storage (AWS S3, etc.)

joshghent — Mon, 07 Apr 2025 11:28:51 +0000

Hey HN!

A coworker and I were recently tasked with securing cloud storage against malware — specifically for S3. We expected to find a simple API-based antivirus service. Instead, we mostly found self-hosted ClamAV setups and/or a lot of duct tape.

So, we built Bucketscan. It’s an API-first malware scanner for cloud object storage (S3, Azure Blob, R2, etc). You can get scanning up and running in about 15 minutes. There’s also a dashboard for visibility into detections and usage, and we’re working on things like policy-based actions and historical forensics.

We have tried to keep the MVP as small as possible - functional, but far from "done". We’re keen to hear from others who’ve faced similar challenges. What would make something like this actually useful for you? We’re offering steep discounts in exchange for feedback and would love to involve early users in shaping the roadmap.

Would love your thoughts!

Comments URL: https://news.ycombinator.com/item?id=43610094

Points: 1

# Comments: 0

New comment by joshghent in "You're not a senior engineer until you've worked on a legacy project (2023)"

joshghent — Tue, 18 Feb 2025 23:56:19 +0000

I agree with you. But, I have found the middle out effect in online discourse means we get articles (such as this one) polarising viewpoints for attention. Sadly, it works.

Rules of thumb for event driven architecture

joshghent — Mon, 10 Feb 2025 15:19:07 +0000

Article URL: https://joshghent.com/eda-rules-of-thumb/

Comments URL: https://news.ycombinator.com/item?id=43001297

Points: 2

# Comments: 0

New comment by joshghent in "Ask HN: What projects are you working on?"

joshghent — Sun, 26 Jan 2025 23:36:54 +0000

Building antivirus software for cloud storage (S3, R2, etc) after having the problem at a job - https://bucketscan.com

New comment by joshghent in "A story on home server security"

joshghent — Sun, 05 Jan 2025 13:26:41 +0000

Despite people slating the author, I think this is a reasonable oversight. On the surface, spinning up a Postgres instance in Docker seems secure because it’s contained. I know many articles claim “Docker= Secure”.

Whilst easy to point to common sense needed, perhaps we need to have better defaults. In this case, the Postgres images should only permit the cli, and nothing else.

DynamoDB Considered Harmful

joshghent — Wed, 23 Oct 2024 10:55:24 +0000

Article URL: https://joshghent.com/dynamodb-harmful/

Comments URL: https://news.ycombinator.com/item?id=41923733

Points: 2

# Comments: 2

New comment by joshghent in "Show HN: Play with an interactive heatmap of SF crime (and other cities)"

joshghent — Thu, 08 Aug 2024 08:38:01 +0000

Hey, remember me? We met randomly on a bus from Machu Picchu to Cusco a couple weeks ago! First "orange site" people I've met IRL lol.

Great work on this - very slick UX and super quick.

Be cool to expand it to support the UK or maybe develop some open standard for the way data can be reported. I'm sure businesses would pay for a consolidated data api.

New comment by joshghent in "Studies suggest that relying on will power to break habits is hopeless (2019)"

joshghent — Sat, 06 Jan 2024 22:34:20 +0000

Completely agree! Ultra processed people by Chris Van Tullekan is similar for eating unhealthily.

Show HN: LoginLlama – API to email customers for new suspicious logins

joshghent — Mon, 11 Dec 2023 17:14:26 +0000

Article URL: https://loginllama.app

Comments URL: https://news.ycombinator.com/item?id=38602394

Points: 1

# Comments: 0

New comment by joshghent in "Average distance to a supermarket in Amsterdam is 400 meter or 1300 feet"

joshghent — Fri, 08 Dec 2023 08:48:56 +0000

Absolutely, design of cities dictates behaviour. The secondary effects of this are interesting too. For example, european kitchens can be smaller because they don’t need to store as much.

New comment by joshghent in "Show HN: IP Guide – Info on IP addresses, Networks, and ASNs"

joshghent — Fri, 24 Nov 2023 23:14:47 +0000

Great site and product! Congratulations on the launch.

I actually have a use case for this in my product Loginllama. I need to grab information about the IP addresses. I’m currently using a different API but don’t really like the product.

Is it rate limited or have any key authentication? My email is me at joshghent.com if you want to chat about this more.

New comment by joshghent in "HTML First"

joshghent — Mon, 13 Nov 2023 00:54:52 +0000

The author raises some interesting points.

But these arguments seem a little tired now. Does a customer actually care what technology you use - absolutely not. If react is easier for you, go for it. If that’s HTMX - fine.

What matters is speed of delivery of new features. And react has huge amounts of support (and a large developer base) that makes development quick and cheap.

I’ve never understood these html purist arguments. As if React/Vue/Angular are desecrating this pure text language.

There are other issues of far greater importance - accessibility, multi-language, browser consistency, sane defaults and easy tooling.

Why use suspicious login detection?

joshghent — Wed, 06 Sep 2023 14:44:47 +0000

Article URL: https://loginllama.app/blog/why-suspicious-login-detection

Comments URL: https://news.ycombinator.com/item?id=37405919

Points: 1

# Comments: 0

New comment by joshghent in "Show HN: LoginLlama – Protection against suspicious logins, powered by AI"

joshghent — Thu, 27 Jul 2023 08:27:30 +0000

Hey! Thanks for checking out this product. I built this after implementing similar systems for other clients and couldn't find an API that allowed flexibility of implementation. Other solutions took control of your login process (which is often not practical with Cognito, Auth0 etc). Instead, I built this API that can fit into login system in 10 minutes or less. Hope you enjoy!

Show HN: LoginLlama – Protection against suspicious logins, powered by AI

joshghent — Thu, 27 Jul 2023 08:26:48 +0000

Article URL: https://loginllama.app/

Comments URL: https://news.ycombinator.com/item?id=36890577

Points: 2

# Comments: 1

New comment by joshghent in "Ask HN: What is the best place to hire part time devs?"

joshghent — Wed, 26 Jul 2023 16:31:25 +0000

As it happens I’m a part time developer! (I do voluntary work 2 days a week)

If you’d like to work together my GitHub is @joshghent or my email is me [at] joshghent.com :)