rust-u2f
hn-search
rust-u2f | hn-search | |
---|---|---|
8 | 1,650 | |
284 | 526 | |
- | 0.6% | |
5.4 | 2.9 | |
4 months ago | 7 months ago | |
Rust | TypeScript | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rust-u2f
-
Software U2F with Fingerprint (On Linux)
This project aims to support U2F / FIDO2 using fingerprint reader on Linux (via libfprint). The goal is to have the same user experience with 2FA using Windows Hello.
This project is based on https://github.com/danstiner/rust-u2f with minor modification (see my fork: https://github.com/ngxson/rust-u2f-pkexec)
Link to the project: https://github.com/ngxson/softu2f-fprintd-docker
- The mechanics of a sophisticated phishing scam and how we stopped it
-
Apple, Google, and Microsoft commit to expanded support for FIDO standard
I've considered adding FIDO2 support to the software-only U2F token I wrote ( https://github.com/danstiner/rust-u2f). It's a fair bit of work though, and I am not sure how comfortable I am with passwordless login unless the keys are kept purely in hardware such as a TPM.
That said, my reading of this post is that FIDO2 support will get built into Chromium directly, which is itself open source. Or if you do want a hardware key but running open software, I'd definitely recommend https://solokeys.com/, I've been following them for a long time.
Also there was some related discussion on this same article last week: https://news.ycombinator.com/item?id=31274677
- Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
- Howdy – Windows Hello style facial authentication for Linux
-
Google is going to ban “less secure sign in method”
On a Workspace account you only need U2F token emulator (https://github.com/danstiner/rust-u2f woks fine) and thenn you can setup u2f first and add normal TOTP in second step. But u2f must stay there. I don't have a personal account to try if it works the same.
-
Ask HN: Is Google phasing out Authenticator/TOTP?
As it becomes easier to emulate hardware tokens[1], Google may start limiting which ones it accepts. I believe they can use attestation keys to do that.
This is just a softer layer of security to slow down less sophisticated mass signup attempts.
They may very well eventually phase out TOTP, under the justification that it is not as secure, but I would be shocked if they ever retire the highly insecure SMS verification.
TOTP is really easy to implement, and adds a ton of value. I have a oneliner that takes a screenshot, extracts the QR code with zbarimg, and adds it to my pass[2] password database, which then hooks back into my browser. I use it whenever it is available because it is so low effort.
[1]: https://github.com/danstiner/rust-u2f
-
Does 2FA actually prevent phishing?
GitHub has a couple of others listed, but I have not tested them personally: Example https://github.com/danstiner/rust-u2f
hn-search
-
Rule of Thumb: Anything that looks fancy is not worth you time
- Ads with Psychological tricks
Truly good websites have around 2 facts per 10 word sentence, and get instantly to the chase. Also: good websites give you the names of all their competitors/alternative websites before showing their own stuff, and give you further reading.
Right now the world of technology is supposedly more innovative than ever, but somehow Wikipedia (https://www.wikipedia.org/) and Search Hackernews (https://hn.algolia.com/) beat billion dollar search engines.
Articles written decades ago are still unsurpassed in terms of quality and ease of understanding, but the best modern websites can do is textbook explanations. It is time society graduates from boilerplate buzzword textbook culture.
Now the gems of the internet are slowly being buried beneath mountains of trash.
If something sounds boilerplate it isn't good enough.
Don't bother saying something that has been said before, and better.
-
What makes a translation great
>for more detail: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Oh, I see. We actually discussed Pound about four years ago - just a little back and forth about the ABC of Reading: https://news.ycombinator.com/item?id=24196681
>What's your explanation of why Pound went Fascist?
I'm not sure I particularly have one; I haven't read any of his longer political or cultural (i.e. non-literary) works. I just think it's silly to correlate an approach to translation that you dislike with fascism. Especially as I'm not sure it even makes sense on its own terms: I can only read your comment as 'lazy translator? Figures that he would be a fascist', but if I imagine the type of translation a fascist would approve of, the approach I picture is fastidious, fussy, concerned with fidelity to the point of stickler-ishness. (Isn't that from where we get 'grammar nazi'?)
And oh, well, since you ask I'll take a shy at it: my vague sense is that he became fascist because saw a society in decline due to it becoming more and more a sham society: opulence without virtue, power without vigour, money no longer tied to actually existing goods. (Of course, all of this shades easily into antisemitism.) He saw fascism as the answer; It's easier to see in retrospect that it wasn't.
-
Zed Decoded: Linux When? – Zed Blog
"multiplayer notepad" goes back 15 years at least - https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... notepad&sort=byDate&type=comment
it was used back with a popular website which opened a text document and anyone viewing could type, but I can't remember the name. That became a thing in Google Docs, Microsoft Office, Floobits, and lots of self-hosted and cloned sites.
-
Louis Rossmann: YouTube's Legal Team sent me a letter [video]
If you see a post that ought to have been moderated but hasn't been, the likeliest explanation is that we didn't see it. You can help by flagging it or emailing us at [email protected].
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
-
An Oil Price-Fixing Conspiracy Caused 27% of All Inflation in 2021
Ok, but please don't post unsubstantive comments to Hacker News.
I understand the reason for repeating these sentiments—it's the same reason why they get upvoted to the top of threads*—but repetition of this kind is what we're most trying to avoid here.
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
https://news.ycombinator.com/newsguidelines.html
* I've marked this one off topic now.
-
Validating app for manufacturers enhancing process reliability and efficiency
I was looking for it in the guidelines. There are a couple of conventions for postings. Consider a bit of prior examples: [https://hn.algolia.com/?q=show+hn]
-
Show HN: Hacker Search – A semantic search engine for Hacker News
yeah there are only three stories coming up from the site search
https://hn.algolia.com/?q=postgres+clustering
only one is semanthically correct, the other pick up the wrong version of clustering (i.e. k-means instead of multi master writes)
but yeah if one doesn't test the hard cases, how does one know it preserves semantics :D
- Longevity of Recordable CDs, DVDs and Blu-Rays
-
The Scientific Method Part 5: Illusions, Delusions, and Dreams
Like dismissing the work of Feyerabend or Wittgenstein without seemingly having read either:
https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=tr...
-
Any Google Analytics Alternatives?
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
What are some alternatives?
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
secretive - Store SSH keys in the Secure Enclave
v - Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io
Coze - Coze is a cryptographic JSON messaging specification.
parser - 📜 Extract meaningful content from the chaos of a web page
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
readability - A standalone version of the readability lib
solo1 - Solo 1 firmware in C
yq - Command-line YAML, XML, TOML processor - jq wrapper for YAML/XML/TOML documents
CozeJS - Coze Javascript - cryptographic JSON messaging specification
milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.