rust-u2f VS hn-search

This project aims to support U2F / FIDO2 using fingerprint reader on Linux (via libfprint). The goal is to have the same user experience with 2FA using Windows Hello.

This project is based on https://github.com/danstiner/rust-u2f with minor modification (see my fork: https://github.com/ngxson/rust-u2f-pkexec)

Link to the project: https://github.com/ngxson/softu2f-fprintd-docker

I've considered adding FIDO2 support to the software-only U2F token I wrote ( https://github.com/danstiner/rust-u2f). It's a fair bit of work though, and I am not sure how comfortable I am with passwordless login unless the keys are kept purely in hardware such as a TPM.

That said, my reading of this post is that FIDO2 support will get built into Chromium directly, which is itself open source. Or if you do want a hardware key but running open software, I'd definitely recommend https://solokeys.com/, I've been following them for a long time.

Also there was some related discussion on this same article last week: https://news.ycombinator.com/item?id=31274677

On a Workspace account you only need U2F token emulator (https://github.com/danstiner/rust-u2f woks fine) and thenn you can setup u2f first and add normal TOTP in second step. But u2f must stay there. I don't have a personal account to try if it works the same.

As it becomes easier to emulate hardware tokens[1], Google may start limiting which ones it accepts. I believe they can use attestation keys to do that.

This is just a softer layer of security to slow down less sophisticated mass signup attempts.

They may very well eventually phase out TOTP, under the justification that it is not as secure, but I would be shocked if they ever retire the highly insecure SMS verification.

TOTP is really easy to implement, and adds a ton of value. I have a oneliner that takes a screenshot, extracts the QR code with zbarimg, and adds it to my pass[2] password database, which then hooks back into my browser. I use it whenever it is available because it is so low effort.

[1]: https://github.com/danstiner/rust-u2f

GitHub has a couple of others listed, but I have not tested them personally: Example https://github.com/danstiner/rust-u2f

If it's not [flagged], there's no flagging and hence also no flagging ring. baybal2 has been banned on and off for years now https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

The submitted title was "Gary Killdall, creator of CP/M, wrote Pixar's original 3D renderer".

Submitters: If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...

(From https://news.ycombinator.com/newsguidelines.html: "Please use the original title, unless it is misleading or linkbait; don't editorialize.")

Vision therapy for myopia helps some people, but not everyone, likely due to genetic and neuroplasticity differences, https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu.... Nevertheless, many of the principles are useful for children whose eyes and brains are still developing.

I'm a huge Tesla skeptic, but Tesla and Musk are lightning rods for tabloid-style garbage that doesn't belong on HN, so it doesn't surprise me that we often see negative Tesla content flagged to death. Meanwhile we also see plenty of content that hits the front page and stays there [0].

Do you have examples of professional, interesting Tesla content that got flagged?

[0] More than half of the past year's most popular Tesla articles were negative: https://hn.algolia.com/?dateRange=pastYear&page=0&prefix=tru...

It's April 23rd, 2024, and I am still looking for a good, reliable, honest and simple search engine.

All I want to do is search.

No AI.

No ads.

No shopping.

Please don't "Answer my question." I enjoy doing my own original research, thanks.

I'm entirely willing - wanting even - to pay for it.

Currently Kagi has my $, but I'm saddened and frustrated that they're not even focused on Search, they're focused on AI[1] and t-shirts.

Amazingly, in 2024, there is still a market opportunity for a good search engine.

It can't really just be me, can it?

[1]: https://hn.algolia.com/?query=%22kagi%22+%22ai%22

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...

For historical purposes

Most likely because there have been oodles of low-quality stories on these topics. We turned the flags off on this one since it maybe rises above the noise (see https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so... for past explanations on how we approach that).

Hey HN,

I'm sure you've seen the monthly "Ask HN: What Are You Working On?" headlines on [Hacker News](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...).

Honestly, it's my favorite topic because it's packed with insights about what other hackers are up to.

I wondered what it would be like if instead of just a headline, there was a whole website where hackers could post daily updates, and where we could follow the hackers we're interested in for their latest updates. And so, this web site was born.

I hope it gets used frequently so we can all benefit from it together. I look forward to hearing your thoughts.

Let me know what you think!

I don't know what one thing you're referring to, but it's a core principle of HN to try to avoid repetition, and especially the repetition+indignation combo, which is the commonest and most tedious thing on the internet.

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...

Happy 10,000 day to you

https://news.ycombinator.com/from?site=nand2tetris.org

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...