54 comments

[ 0.26 ms ] story [ 47.0 ms ] thread
A series of projects having to do with API communications, specifically emails, text messages, and phone calls. Specializing in memory, focus, security, and privacy.
My first mobile app in react-native. Working on it for quite sometime. Lacking some courage to push it to play store/app store . Currently using it.
Why are you lacking courage? It's tough, reach me if you need a support network. I understand.
Thanks for the kind words.i will definitely reach out to you .
Start by sharing you're expo url! Also, what does it do?
Whenever I tried an app on expo it crashed for me so in my head expo was never the option.i will.investigate that path too. It's basically send images to friends and comment / conversation literally over the image .
Udemy tutorials for Unity, OpenGL and Corona SDK, as well as a ton of game development library code in C++ and Lua. I have a list of (very, stupid simple) games I want to MVP with it, starting with Pong and ending with something using OpenGL, which I'm just starting to teach myself.

So, likely, nothing anyone is likely to care about, or that will make money, or an interesting Show HN thread once I manage to actually finish something.

Killing the password.
How? (Just posted about my password manager... I'm interested in the space)
Trying to generate good test data using generative adversarial networks.
A new password manager.

The core idea [1] is that there are some passwords that you only want to remember, never write or store, and yet be able to access even in the worst possible situation.

I'm negating all these assumptions by creating an app. :) Jokes apart, most of the time you do want the comfort of an app or browser extension.

[1] https://medium.com/@0x0ece/how-i-manage-my-passwords-technic...

@bascule addresses deterministic password managers as a category here:

https://tonyarcieri.com/4-fatal-flaws-in-deterministic-passw...

Certainly you’ve considered these points, and I’m interested in hearing your responses to these points if you’re using this scheme yourself and want others to use it.

I’m particularly interested in point 4 where, unlike traditional password managers like 1Password and Lastpass, where you need both the password and some form of data access, the leakage of my master password (say by a shoulder surfing security camera at any time) literally means every credential can be derived from scratch at any time.

I read it indeed. Before I respond please let me say that this is just my opinion, and I'm totally happy if other people think differently. Also, the point that I wrote and I'd like to stress is that there are some passwords, the most critical ones (i.e. Google, Facebook, banks), that I never want to store and just remember. The reason is that I've found myself in situation where my devices aren't available and I have a urgent need to access these services.

For all the other passwords I honestly don't care, deterministic or vault both have pros and cons, but in reality it doesn't really matter. First, I never experienced the same urgent need of access. Second, I could temp reset the password provided that I can access my gmail.

On point 4 specifically I have two things to say.

> With a traditional encrypted password vault scheme, we need two things to obtain site-specific passwords: the ciphertext of the password vault, and the master password.

To me this is not a feature at all. I want exactly the opposite, meaning I don't want to depend on a file to retrieve my passwords, at least not the most critical ones. So, I guess this is a critical distinction. Are you ok with this dependency? Then definitely go for a vault. Ar you against? Then you can't use a vault.

Second, and to your point. It's worth noting that, because you need the vault file, you probably have it replicated in multiple places or at least accessible by multiple devices. To me, this makes the probability to get access to your vault file higher than the probability to find out the master password. Or, said in another way, I wouldn't base the security of the system on the fact that the attacker can access the master password but not the vault file.

To limit the attack surface you have to create multiple groups with different master passwords. The one that you type more often are the one more exposed, so you want to group sites with similar security risk and frequency of login (this is another thing that often seems amplified, I don't logout+login every day in all sites, I typically keep things logged in).

I hope this replies to your question, happy to chat more.

I'm f-unemployed which means I can spend time doing interesting stuff meanwhile I drawn my savings. I'm doing mostly two projects:

# 1: A game boy advance emulator in Rust - just for fun to learn the language and to implement a virtual machine.

# 2: A cold storage secret manager with a James Bond feeling.

In the case I die <everyone is gonna die anyways> I need to let people instructions, documents, bank ids, passwords and other stuff. So I designed a secret sharing mechanism which allows me split secrets and generate tokens for specific people. Once enough people gather and join their keys, they can unlock their specific secrets. If you want to understand a bit just go through the 1password design docs and Shamir secret sharing mechanism, although I had to improve the later to improve security.

Once I gave some friends a piece of paper with a QR code with says "in case I die access this website", most of then got interested in having a service like this. I registered a domain but I'm still not confident enough to make it public.

If you want to invest or discuss drop me a line on hn@eternity.is :P

> I registered a domain but I'm still not confident enough to make it public.

Honestly, this sounds like a far more productive way to burn through your savings and free time than a GBA emulator...

Does everything have to be productive? Is the pursuit of joy not worthy in and of itself?

Also, as a project for a CV, the complexity involved in emulating any system makes it a reasonable feat (if even partially successful).

>Is the pursuit of joy not worthy in and of itself?

It is, but unless postit has a lot of savings, lives in a country with a robust social safety net, or is confident about finding employment without effort, they risk winding unemployed and broke. I know this from personal experience, although, of course, everyone's experience is different.

You might have made your domain public with that email address...
It is, but not more than a landing page. The project is hosted elsewhere for now.

  Mapping out chicago's parking tickets
  Polling metrics over I2C for a distributed power stack
  7 ongoing FOIA requests for email metadata.
  A clojure web scraper
  Building an caching server with an nvme raid
  Building a large LAN party with some friends
Security hardening of Meso's cluster
(comment deleted)
1. Online sales course, bootcamp, and training 2. A way to consolidate sales content and communication onto a single page, eliminating the need for followup emails. [https://www.recapped.io]
A comprehensive guide for employee equity decision making.

Even the best posts out there are B+ in my opinion and they often miss something.

AMT is always the stumbling block for my own analysis though so I might point on that part =\",

A simple journal app to note periodic progress - A side project for practice, but something that I think I really need.
even I had plans to make such an app, to study Nodejs on the way. Also make it such a way that anybody can host the application on their own so that the data can remain private. can you mention how you are planning to build it?
I'm working on a web-based workout, activity, and meal logger because I'm not satisfied with the performance of any of the current offerings. They all seem to be missing something I would like to have so I decided I'd just build what I want and maybe others would like it too.
A multiplayer game of reading against your opponents.

Made it mainly to learn about sockets.io and Web Speech APIs.

Interested to extend this to a player vs bot mode, as well as supporting Mandarin Chinese in the future if I have time.

http://funreading.io/

A WordPress theme aggregator:

https://themeranch.com

So far I've learned a bunch about WordPress and php, and overall I'm pretty happy with the results. However, I haven't worked on it for a while, and honestly I'm not sure what do to next. Any advice/suggestions appreciated.

Smart fridge device, tracks what's in your fridge.

Just some hardware prototypes that I'm working on, using OpenCV and TensorFlow for food recognition. The fact that Amazon doesn't have an official product purchasing API is irritating, but makes complete sense.

Figuring out where to post flyers in town. Because, obviously, that is how you promote a website or two.
(comment deleted)
Been throwing around ideas for a personal database for a few months now. The idea now is a sort of personal wiki system where ideas can be collected in markdown formatted pages with internal and external links, as well as all of the other features you would expect from a wiki.

This wiki acts as a backend for the larger project, which will be a personal assistant type service that will be able to read and write from this "database" of personal knowledge and organize deadlines, events, notes, documentation, and references.

Im thinking of making this functionality happen through a MycroftAI plugin, so that you can query the database by voice, and give Mycroft the ability to make agendas and such on the fly based on your personal database.

It's still in the early stages though, as Im still trying to figure out what kind of backend I want to use. I need something cross platform (at least Linux, windows, Android) to edit the database, as to be able to update it as I do research or take notes. Im currently leaning towards DokuWiki due to it's variety of formatting and the fact that it has an API built in, but I have a feeling it's going to get hacky.