rust-u2f
wasmer
rust-u2f | wasmer | |
---|---|---|
8 | 131 | |
285 | 17,786 | |
- | 3.7% | |
5.4 | 9.9 | |
3 months ago | 6 days ago | |
Rust | Rust | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rust-u2f
-
Software U2F with Fingerprint (On Linux)
This project aims to support U2F / FIDO2 using fingerprint reader on Linux (via libfprint). The goal is to have the same user experience with 2FA using Windows Hello.
This project is based on https://github.com/danstiner/rust-u2f with minor modification (see my fork: https://github.com/ngxson/rust-u2f-pkexec)
Link to the project: https://github.com/ngxson/softu2f-fprintd-docker
- The mechanics of a sophisticated phishing scam and how we stopped it
-
Apple, Google, and Microsoft commit to expanded support for FIDO standard
I've considered adding FIDO2 support to the software-only U2F token I wrote ( https://github.com/danstiner/rust-u2f). It's a fair bit of work though, and I am not sure how comfortable I am with passwordless login unless the keys are kept purely in hardware such as a TPM.
That said, my reading of this post is that FIDO2 support will get built into Chromium directly, which is itself open source. Or if you do want a hardware key but running open software, I'd definitely recommend https://solokeys.com/, I've been following them for a long time.
Also there was some related discussion on this same article last week: https://news.ycombinator.com/item?id=31274677
- Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
- Howdy – Windows Hello style facial authentication for Linux
-
Google is going to ban “less secure sign in method”
On a Workspace account you only need U2F token emulator (https://github.com/danstiner/rust-u2f woks fine) and thenn you can setup u2f first and add normal TOTP in second step. But u2f must stay there. I don't have a personal account to try if it works the same.
-
Ask HN: Is Google phasing out Authenticator/TOTP?
As it becomes easier to emulate hardware tokens[1], Google may start limiting which ones it accepts. I believe they can use attestation keys to do that.
This is just a softer layer of security to slow down less sophisticated mass signup attempts.
They may very well eventually phase out TOTP, under the justification that it is not as secure, but I would be shocked if they ever retire the highly insecure SMS verification.
TOTP is really easy to implement, and adds a ton of value. I have a oneliner that takes a screenshot, extracts the QR code with zbarimg, and adds it to my pass[2] password database, which then hooks back into my browser. I use it whenever it is available because it is so low effort.
[1]: https://github.com/danstiner/rust-u2f
-
Does 2FA actually prevent phishing?
GitHub has a couple of others listed, but I have not tested them personally: Example https://github.com/danstiner/rust-u2f
wasmer
-
Bebop v3: a fast, modern replacement to Protocol Buffers
This is awesome. I'd love to have upstream support in Wasmer ( https://wasmer.io )
-
Unlocking the Power of WebAssembly
WebAssembly is extremely portable. WebAssembly runs on: all major web browsers, V8 runtimes like Node.js, and independent Wasm runtimes like Wasmtime, Lucet, and Wasmer.
-
Show HN: dockerc – Docker image to static executable "compiler"
Unfortunately cosmopolitan wouldn't work for dockerc. Cosmopolitan works as long as you only use it but container runtimes require additional features. Also containers contain arbitrary executables so not sure how that would work either...
As for WASM, this is already possible using container2wasm[0] and wasmer[1]'s ability to generate static binaries.
[0]: https://github.com/ktock/container2wasm
[1]: https://wasmer.io/
- RustPython
-
Howto: WASM runtimes in Docker / Colima
I could not find any guide how to add WASM container capability to Docker running on Colima. This guide provides a few Colima templates for exactly this, which adds WasmEdge, Wasmtime and Wasmer runtime types.
-
Show HN: Mutable.ai – Turn your codebase into a Wiki
Just suggested as well Wasmer on Twitter! https://github.com/wasmerio/wasmer
Looking forward to seeing the results :)
- Jaq – A jq clone focused on correctness, speed, and simplicity
-
Prettier $20k Bounty was Claimed
The Biome team has been incredibly fast on solving the challenge and achieving 95% compatibility with Prettier [1]
Just as a note, as it was not mentioned in the article, Wasmer [2] also participated with a $2,500 bounty to compile Biome to WASIX [3], and it has been awesome to see how their team has been working to achieve this as well... hopefully we'll get Biome running in Wasmer soon!
Keep up the great work!!
[1] https://github.com/biomejs/biome/issues/720
[2] https://wasmer.io/
[3] https://wasix.org/
-
The Curse of Docker
It's funny how WebAssembly can help overcome most of the issues mentioned on the blogpost (packaging, configuration, portability) if addressed properly.
That's the main reason Wasmer [1] was created :)
[1] https://wasmer.io
-
Bring garbage collected programming languages efficiently to WebAssembly
Thanks for the mention to Wasmer.
I'll put here a link in case is useful for future readers: https://wasmer.io/
What are some alternatives?
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
wasmtime - A fast and secure runtime for WebAssembly
secretive - Store SSH keys in the Secure Enclave
SSVM - WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.
Coze - Coze is a cryptographic JSON messaging specification.
wasm3 - 🚀 A fast WebAssembly interpreter and the most universal WASM runtime
solo1 - Solo 1 firmware in C
quickjs-emscripten - Safely execute untrusted Javascript in your Javascript, and execute synchronous code that uses async functions
CozeJS - Coze Javascript - cryptographic JSON messaging specification
awesome-wasm-runtimes - A list of webassemby runtimes
tokei - Count your code, quickly.
wasm-bindgen - Facilitating high-level interactions between Wasm modules and JavaScript