FarmOps Desk Hackathon Project Eliminates Static AWS Credentials Using OIDC

·1 views

Developer built FarmOps Desk, an agricultural AI application, for the H0 hackathon on a Vercel, Aurora PostgreSQL, and AWS Bedrock stack with a strict no-static-credentials policy. Instead of storing permanent AWS access keys, the app uses Vercel's OIDC integration to request short-lived, 15-minute AWS session tokens each time a serverless function runs. Permissions were split into two isolated AWS roles — one exclusively for database access and another solely for invoking Bedrock AI models — to limit the blast radius of any potential breach. Fresh database authentication tokens are fetched dynamically via the AWS RDS Signer SDK, meaning no passwords are ever stored on disk. The project also addressed a voice-mode challenge for field use by deploying a dedicated bridge service to handle long-lived bidirectional audio streams that serverless environments typically cannot sustain.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

csh Shell Incompatibility Bug Fixed Across SSH Codebase With Unified Helper

A user reported that WordPress auto-detect via SSH always failed while the WP-CLI path test on the same connection succeeded, pointing to an asymmetric bug. Investigation revealed the root cause was csh, the default login shell on some hosts like Sakura Internet, which cannot interpret Bash/POSIX idioms such as 2>/dev/null passed through Python's paramiko SSH library. An earlier fix had wrapped commands in /bin/sh -c for one endpoint only, leaving all other SSH-command APIs still broken on csh hosts. Developers resolved this by introducing a _safe_run helper function that automatically wraps every SSH command in /bin/sh -c, ensuring POSIX shell interpretation regardless of the user's login shell. A static analysis test was also added to the codebase to prevent raw SSH command calls from being introduced again in the future.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Aegis Pulse to Automate GitHub Analytics Tracking for OSS Projects

A developer behind the open-source tool Aegis Stack publicly launched the project on Reddit on December 3rd and began manually tracking GitHub clone metrics daily due to the platform's 14-day rolling data window. To extract insights, they routinely pasted the collected data into three separate AI chats — ChatGPT, Claude Opus, and Google Gemini — preloaded with project context. Over time, growing context sizes caused the AI chats to lose coherence, forcing repeated and time-consuming chat migrations. This frustration ultimately led the developer to automate the entire workflow, giving rise to Aegis Pulse. Aegis Pulse is a free, no-signup tool that provides real human-versus-bot download analytics for open-source packages.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Mobile-Originated iMessage 2FA Could Eliminate SMS Pumping Fraud and Cut Costs

SMS pumping, also known as Artificially Inflated Traffic fraud, is a scheme where bad actors submit thousands of phone numbers to a company's verification endpoint, triggering paid SMS codes that generate revenue for fraudsters through carrier termination fees. The scam exploits the fact that companies pay for every outgoing one-time password, creating a direct financial incentive for abuse at scale. Elon Musk cited this fraud as costing Twitter approximately $60 million per year before the platform removed free SMS two-factor authentication, with around 390 telecom operators allegedly implicated. A proposed alternative flips the model: instead of companies sending codes to users, users send a pre-filled one-time code from their own iMessage to the service, eliminating any outbound per-message cost that fraudsters could exploit. Because the message originates from the user's Apple ID over end-to-end-encrypted iMessage, the approach is also more resistant to spoofing than traditional SMS-based verification.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Free CLI Tool Validates Shopify Product CSVs Before Import to Catch Silent Errors

A command-line tool called Shopify CSV Preflight Validator allows merchants and developers to check product CSV files for errors before uploading them to Shopify. The tool runs locally without requiring any login or third-party data upload, scanning for common issues such as UTF-8 BOM characters, incorrect header casing, missing parent handles, duplicate handles, and invalid pricing. It produces three outputs: a corrected CSV file, a machine-readable errors list, and a human-readable markdown report. Two categories of unambiguous errors — BOM at file start and header case mismatches — are automatically fixed, while all other issues are flagged for the user to resolve manually. The tool is aimed at solo merchants handling bulk product updates as well as agencies managing client store imports.

0 comments Read more at DEV Community