Hacker News Top Stories with Summaries (October 22, 2023)
<style>
p {
font-size: 16px;
line-height: 1.6;
margin: 0;
padding: 10px;
}
h1 {
font-size: 24px;
font-weight: bold;
margin-top: 10px;
margin-bottom: 20px;
}
h2 {
font-size: 18px;
font-weight: bold;
margin-top: 10px;
margin-bottom: 5px;
}
ul {
padding-left: 20px;
}
li {
margin-bottom: 10px;
}
.summary {
margin-left: 20px;
margin-bottom: 20px;
}
</style>
<h1> Hacker News Top Stories</h1>
<p>Here are the top stories from Hacker News with summaries for October 22, 2023 :</p>
<div style="margin-bottom: 20px;">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td style="padding-right: 10px;">
<div style="width: 200px; height: 100px; border-radius: 10px; overflow: hidden; background-image: url('https://opengraph.githubassets.com/9a85c41068db8974f40f04af2ca23a2e46558380840b0d745fcd3be70087f49f/aperturerobotics/bifrost'); background-size: cover; background-position: center;">
Bifrost: A peer-to-peer communications engine with pluggable transports
Summary: Bifrost is a modular networking daemon and library that offers a peer-to-peer communication engine with pluggable transports. It supports cross-platform usage, efficient multiplexing, encryption, flexible transport and protocol handling, meshing, and pub/sub channels. Bifrost can be used as a Go library or a command-line/daemon and integrates with networking, pubsub, and RPC libraries like libp2p, noise, drpc, starpc, and nats.
<div style="margin-bottom: 20px;">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td style="padding-right: 10px;">
<div style="width: 200px; height: 100px; border-radius: 10px; overflow: hidden; background-image: url('https://cdn.hashnode.com/res/hashnode/image/upload/v1691553710865/484c5af8-4152-4d19-9baf-ec600b2e38f0.jpeg'); background-size: cover; background-position: center;">
Microsoft Account's OAuth tokens leaking via open redirect in Harvest
Summary: Security researcher Vikrant Singh Chauhan discovered a Microsoft Account OAuth token leak via open redirect in Harvest App, a time-tracking software. The vulnerability allowed attackers to steal access tokens through an implicit grant. The Harvest team took three years to fix the issue and did not inform Chauhan about the fix. The vulnerability was confirmed as patched on August 1, 2023, and publicly disclosed on October 21, 2023.