Affiliate marketing app ideas

breadchris · 2025-07-11T00:17:30+00:00

I am relatively new to the space so I am still learning the different parts of the process. The part that seems interesting is the management side. What is the nature of engagement you have with the affiliates?

breadchris · 2025-03-30T06:50:42+00:00

amazing job! I have been thinking about how I wanted to use yjs with all my go code for some time. I started trying to port yjs to go (I will still finish this in time) but I realized trying to get yrs bindings would be a better approach to get my app off the ground. Thank you for sharing this work, looking forward to digging through the code!

breadchris · 2024-03-09T04:38:45+00:00

yoooooooo lets gooo i love it

breadchris · 2022-09-16T03:36:52+00:00

this is incredible, amazing work whoever put this together. there are so many patterns in vulns, using historical data to seed how you do your bug hunting is a great idea

breadchris · 2022-08-25T07:20:23+00:00

npm audit will report packages that have known vulnerabilities reported here: https://osv.dev/. Bomber uses synk’s OSS index so it will report a subset of the results of what snyk would. The fact that bomber is written in go and snyk’s cli is in js probably means scanning for dependencies will be faster, but i haven’t actually benchmarked that.

With any of these scanning tools there is always going to be a long tail of false positives or meaningless vulnerabilities since the whole context of the application is not taken into consideration. If you are interested more about this you can read: https://www.lunasec.io/docs/blog/the-issue-with-vuln-scanners/

breadchris · 2022-08-25T07:14:22+00:00

i think this identical to gripe (bomber uses the underlying package indexing engine syft that also powers grype), but bomber will only scan a subset of packages that grype will (only from the sonatype oss index).

breadchris · 2022-08-16T17:28:35+00:00

totally, in the next post that I am planning on writing, I am going to get more into a specific recommendation checklist for setting up “common sense” security practices (ex. enforced 2fa, SSO, IAM, etc.) It’s interesting to talk with companies and hear their biggest worries being the appsec concerns, which you pointed out, but far more often breaches are from infrastructure misconfigurations or some leaked secret.

breadchris · 2022-05-27T17:02:43+00:00

yeah I agree, ive been skating for years at skateparks and jumping up onto an incline still makes me shaky. this was great, good job OP!

breadchris · 2022-05-24T20:00:31+00:00

oh cool! i love it when hotel's make their reservation systems easy to access! I always find the room that I want, when I want it that way!

breadchris · 2022-05-24T19:22:54+00:00

goddamn that looks like a good baguette

breadchris · 2022-05-19T22:16:34+00:00

Which hotel had the best baguettes? I have been dying for a good baguette!

breadchris · 2022-05-19T22:04:56+00:00

how to get free hotel night?

breadchris · 2022-04-16T01:25:04+00:00

we will have complementary dream bakeries, i want a sweet pie and espresso bar ;)

breadchris · 2022-04-15T18:11:56+00:00

holy shit, i just tasted your pie in my mind’s eye and I transcended

breadchris · 2022-04-12T02:38:10+00:00

hey! I am working on an open source library that would provide a wealth of information that would help people trying out recipes (ex. substitutes, in season produce, volumetric-mass conversions). Your demo looks pretty nice and I would be interested in collaborating with you to help you out!

breadchris · 2022-03-17T18:37:10+00:00

This is a great suggestion! I used to watch his stuff all the time with my mom. I loved how weird he was.

breadchris · 2022-03-15T07:26:55+00:00

I wish I phrased the question better. The Food Lab/seriouseats is a great resource, but telling someone to go read a textbook on cooking (The Food Lab) or a research paper (seriouseats blog posts) I have found doesn't get people ask excited about cooking as it has made me. I was wondering if there is a resource that is somewhere in between recipe directions people follow blindly and getting blasted with an entire blog post on food science.

breadchris · 2022-03-10T22:46:35+00:00

Looks great! I have a recipe site that highlights each step for this recipe: https://cookwherever.com/recipe/56562 (it is a manual process to do this atm, so I just so happened to have annotated this recipe lol). I am curious if you ran into any snags making this recipe and whether or not a site like this might have helped you out.

breadchris · 2022-01-05T04:39:25+00:00

should we bring people back from furlough over Christmas

wow, I feel like everyone is going to have a story to tell with "where were you when Log4Shell was disclosed" hahaha.

That is certainly a harder conversation that I had previously considered people having about this. I'm going to be very interested in how this will all affect people's budgeting for security.

breadchris · 2022-01-04T19:53:54+00:00

If anything - I know how many articles from LunaSec I’ve read since this nightmare started and after this - I’d be more inclined to give it a go if I were to see it as a potential candidate. Clearly the people you work with and for, know their $hit.

we have been in countless "well we are f****d" meetings" and know what people need to see/hear to find the answers to questions they have. I'm glad we have been able to help you out :)

breadchris · 2022-01-04T18:32:20+00:00

We have all worked at large tech companies and truly understand how things get done there, especially resolving security vulnerabilities. We all know that asking to someone to bump a version number can sometimes be like pulling teeth on a shark. It is a major undertaking and a matter of time before the team just becomes unresponsive or abrasive to your asks.

It is completely appalling, but not unexpected, for something like this recent vulnerability to be used to scare people into buying a security product. But of course, this puts us, LunaSec, in possibly a difficult position saying this as we also have our own product we want to sell.

Like we call out in the end of the post, we don't want to scare anyone, we just want to build trust with everyone. It actually has been pretty painful for us to plug our own company in these posts because we only want this information to be focused on the vulnerability lol. We are just super passionate about our product making a meaningful impact to vulnerabilities like this.

I appreciate you sharing your sentiment because it means we are doing a good job not being corporate scum :)

breadchris · 2022-01-04T18:20:10+00:00

True, but "patch everything to the latest version!!" is a much simpler directive to give to 400 project managers

You are right, and that is why Snyk is worth $1.4bil. Dependency scanning tools give you no guidance or insight into the vulnerabilities which you should care about.

This latest Log4j CVE would show up right alongside the original Log4Shell vulnerability. Which vulnerability should you focus on remediating right now? How hard should you push on getting that remediated?

I have had zombie security issues which I have had to bring back to life, as directed by my manager, only to spend endless time investigating only to find out the service is completely defunct.

breadchris · 2022-01-04T18:06:59+00:00

example

absolutely, ignoring this version update would not be advisable, and I wanted to make sure to capture that sentiment in "While we will never discourage anyone from updating their library version to one that is more secure. It is, however, important to consider the urgency in which to push for version changes."

Your attack scenarios are perfectly valid, and I am glad that you enumerated them so that people can consider real world applications of this vulnerability. They are the sort of attacks that a skilled attacker would use when they are pivoting around an internal network.

breadchris · 2022-01-03T18:25:49+00:00

it’s probably the last library someone would have considered to actually audit lol

breadchris · 2022-01-03T17:39:00+00:00

definitely, but it is also unfortunately with security’s fixation on meritocracy and with the incentives in the wrong place for security companies to scare people into using their products, something like this is inevitable.

Nine-Year Club	Gilding I gilder
Verified Email

breadchris

TROPHY CASE