Interesting! Is there a way to deploy this on AWS RDS?

I'd imagine it just comes down to whether or not the extensions are allowed or not

Unfortunately the pgml extension does not work on AWS RDS so there is not.

Congrats on shipping! Feature request: Make it easy to expose triggers and actions from internal enterprise tools. Zapier makes this possible via an API/webhook, but it's not trivial. Many workflows and business processes rely on internal tools that aren't designed to support workflow automation. If you find a way to automate processes that use those internal tools, you may create a bigger differentiator/moat.

Thanks! And 100%, this is something we'd love to do with upmarket businesses. We have primitives for integrating raw API calls into the workflow layer as well as ingesting documentation to create dynamic "blocks" per-business, so it's fully possible and a really cool use case. Definitely agree though -- it's hard to get right.

How many of you have received this notice via an official security advisory channel you're monitoring/acting on? If so, which advisory service do you use and how you configure it? Learning about HN is useful, but far from a reliable solution.

I am subsribed to their Github releases and when I saw a release for every old version I knew what's up :-)

Yeah I do the same for projects I use. I also received an email but don't remember if I also signed up to their newsletters or something like that.

Saw it on HN.

It is definitely not announced on Full Disclosure nor on oss-security mailing lists.

Doesn't look like there is a CVE either: https://www.cvedetails.com/vulnerability-list/vendor_id-1947...

> Will you release any information about the vulnerability?

> Yes, we’ll be releasing the patch publicly, as well as a CVE and an explanation in two weeks. We’re delaying release to give our install base a bit of extra time before this is widely exploited.

From their blog.

Oh absolutely, but its trivial to get a CVE from the relevant CNA's. A webform or a phone call.

Its a bit silly.

Don't you have to share more details about the exploit then? That seems to be the thing they're trying to avoid for now.

Negative, you can request a CVE without specific details, CNA's do this all the time until unembargo.

I got an email directly from Metabase.

Dialogue | dialogue.co | Montreal | various roles | full time

Dialogue is a hybrid telemedicine service powered by AI and multi-disciplinary medical team. https://medium.com/@alexissmirnov/join-dialogue-build-the-he...

Dialogue is hiring (dialogue.co)

Congratulations! It's been a long time coming. Can't wait to see what the users think.

Thanks! It's been long. Hope others love it as much as we do too. (:

Installed on a fully-updated MacBook Pro Retina. Crashes on startup. Every. single. time.

Maybe there's something wrong with your MBP, because it works fine on mine.

Insightful piece. Thank you.

One point I wish the author would elaborate on is the value a company gets by acquihiring a great designer. I haven't used Summly so I cannot measure the talent of a designer Yahoo gets. But it would be wrong to ignore the design by focusing on technology advancement in "glue vs thought" argument.

How much would a company pay to acquihiring Jonathan Ive or Philippe Stark?

The author may be right to question the designer's talent or by googling "I use Summly", but it seems rather shallow analysis.

If you're running a hackathon in a company do it on company time and make sure to be prepared to do something with the ideas they generate. Results of our recent hackathon is a good example how to do it: out of 7 out of 14 projects are finding their way to the product roadmap. We run it on Thursday-Friday with demos on Monday morning.

If you don't follow up, event may backfire and will remain an example how a company merely pays lip service to ideas coming from developers.

"6. I think the part that's hard to scale is the notification."

Why not email (SMTP/IMAP)? Deployed, standardized, widely supported.