Matthew Turland
Paul Shryock@elazar yikes
datawench@elazar So glad I abandoned postman years ago. Mostly using Bruno these days.
gunstick@datawench @elazar I just write python scripts.
morgan@elazar I also noticed a while back if you join a corporate team it leaks details on who’s in the group and I think some other info, before confirming your email. I was investigating this when I got fired sooooo *shrug*
Oleg Shanyuk 🇺🇦@elazar is it a Postman problem? (Btw. Amazing tool).
mbeddedDev@elazar I'm just reading the article and to be honest: WTF
Last time I've used postman is around 8-9 years ago.
Private secrets are sent to them. Very very dangerous.
Last time I've used postman is around 8-9 years ago.
Private secrets are sent to them. Very very dangerous.
robert daniel pickard
Andrei Kucharavy@elazar @petrillic never understood why people used in the first place tbh
gullevek ☢️ 🇯🇵@andrei_chiffa @elazar @petrillic I want to know some tool that just runs local without some fricking cloud service shit. Currently I use "REST" extension in vscode ... because I do not trust things like Postman ...
@gullevek @andrei_chiffa @petrillic There are numerous alternatives by this point.
@elazar @andrei_chiffa @petrillic Thanks.
The only one I know from them is Firecamp. I remember that the brew install version was only intel (and had oauth2) and the download from the github with apple silicion support didn't have oauth2. Should try it again if this has changed ...
@gullevek TBH I've always used Python's Flask/requests combo to deploy endpoints and run tests against them. So I never really understood the need for an additional tool, but if you can explain the pain point it is solving for you...
Hugo 雨果@elazar It seems that it’s much worse than what the title makes it out to be. Not only does it log all secrets, but it also streams all logs to their servers. “logging” is an understatement; it’s exfiltrating all secrets.
jonathankoren™@whynothugo @elazar there’s no real point to log this stuff. Maybe there’s just too much telemetry these days.
CyberFrog@elazar damn, sure am glad I was too lazy to set this up and have just been using curl the entire time, like wtf kind of shit is this lol
jon r@froge CLI tool for making HTTP requests, but syntactically closer to the HTTP protocol, and supports storing and reusing requests using flat plain text files. https://hurl.dev/ @yala
jlapoutre@elazar came here to say I’m using Bruno as well. All collections storend locally, ready for chrcking in to git. Secrets are properly masker and never checked in. Recommended! https://github.com/usebruno/bruno
EndlessMason@elazar
Watering hole? I'd say it's pretty moist at minimum
Watering hole? I'd say it's pretty moist at minimum
Ludwig Vielfrass@elazar I thought Postman being a privacy and security nightmare was widely known since about the time it transited from a free plug-in to a product?
@lerxst It would seem not. 🤷♂️
BB 
@elazar: the replies saying "this is not the only bad software", as if it is somehow revelatory 😬
Marcel-Jan Krijgsman@elazar Yikes indeed. But also interesting how you did this. I have an app that comes with my weight scales and I'm wondering where they send my data. Looks like I could use Charles in the same way to investigate that.
@MarcelJan To clarify, I just shared the post; I'm not the original author. You seem to understand why I shared it, though. 😉