A series of projects having to do with API communications, specifically emails, text messages, and phone calls. Specializing in memory, focus, security, and privacy.
Whenever I tried an app on expo it crashed for me so in my head expo was never the option.i will.investigate that path too. It's basically send images to friends and comment / conversation literally over the image .
Udemy tutorials for Unity, OpenGL and Corona SDK, as well as a ton of game development library code in C++ and Lua. I have a list of (very, stupid simple) games I want to MVP with it, starting with Pong and ending with something using OpenGL, which I'm just starting to teach myself.
So, likely, nothing anyone is likely to care about, or that will make money, or an interesting Show HN thread once I manage to actually finish something.
The core idea [1] is that there are some passwords that you only want to remember, never write or store, and yet be able to access even in the worst possible situation.
I'm negating all these assumptions by creating an app. :)
Jokes apart, most of the time you do want the comfort of an app or browser extension.
Certainly you’ve considered these points, and I’m interested in hearing your responses to these points if you’re using this scheme yourself and want others to use it.
I’m particularly interested in point 4 where, unlike traditional password managers like 1Password and Lastpass, where you need both the password and some form of data access, the leakage of my master password (say by a shoulder surfing security camera at any time) literally means every credential can be derived from scratch at any time.
I read it indeed. Before I respond please let me say that this is just my opinion, and I'm totally happy if other people think differently. Also, the point that I wrote and I'd like to stress is that there are some passwords, the most critical ones (i.e. Google, Facebook, banks), that I never want to store and just remember. The reason is that I've found myself in situation where my devices aren't available and I have a urgent need to access these services.
For all the other passwords I honestly don't care, deterministic or vault both have pros and cons, but in reality it doesn't really matter. First, I never experienced the same urgent need of access. Second, I could temp reset the password provided that I can access my gmail.
On point 4 specifically I have two things to say.
> With a traditional encrypted password vault scheme, we need two things to obtain site-specific passwords: the ciphertext of the password vault, and the master password.
To me this is not a feature at all. I want exactly the opposite, meaning I don't want to depend on a file to retrieve my passwords, at least not the most critical ones. So, I guess this is a critical distinction. Are you ok with this dependency? Then definitely go for a vault. Ar you against? Then you can't use a vault.
Second, and to your point. It's worth noting that, because you need the vault file, you probably have it replicated in multiple places or at least accessible by multiple devices. To me, this makes the probability to get access to your vault file higher than the probability to find out the master password. Or, said in another way, I wouldn't base the security of the system on the fact that the attacker can access the master password but not the vault file.
To limit the attack surface you have to create multiple groups with different master passwords. The one that you type more often are the one more exposed, so you want to group sites with similar security risk and frequency of login (this is another thing that often seems amplified, I don't logout+login every day in all sites, I typically keep things logged in).
I hope this replies to your question, happy to chat more.
I'm f-unemployed which means I can spend time doing interesting stuff meanwhile I drawn my savings. I'm doing mostly two projects:
# 1: A game boy advance emulator in Rust - just for fun to learn the language and to implement a virtual machine.
# 2: A cold storage secret manager with a James Bond feeling.
In the case I die <everyone is gonna die anyways> I need to let people instructions, documents, bank ids, passwords and other stuff. So I designed a secret sharing mechanism which allows me split secrets and generate tokens for specific people. Once enough people gather and join their keys, they can unlock their specific secrets. If you want to understand a bit just go through the 1password design docs and Shamir secret sharing mechanism, although I had to improve the later to improve security.
Once I gave some friends a piece of paper with a QR code with says "in case I die access this website", most of then got interested in having a service like this. I registered a domain but I'm still not confident enough to make it public.
If you want to invest or discuss drop me a line on hn@eternity.is :P
>Is the pursuit of joy not worthy in and of itself?
It is, but unless postit has a lot of savings, lives in a country with a robust social safety net, or is confident about finding employment without effort, they risk winding unemployed and broke. I know this from personal experience, although, of course, everyone's experience is different.
Mapping out chicago's parking tickets
Polling metrics over I2C for a distributed power stack
7 ongoing FOIA requests for email metadata.
A clojure web scraper
Building an caching server with an nvme raid
Building a large LAN party with some friends
Mostly because it's an extremely difficult problem that pushes me to learn new things across a wide field. If you're interested in checking it out, it's at [1].
I'd like to make something similar to [2] in the mid-term, but the longer goal's to find tickets given in error.
1. Online sales course, bootcamp, and training
2. A way to consolidate sales content and communication onto a single page, eliminating the need for followup emails. [https://www.recapped.io]
even I had plans to make such an app, to study Nodejs on the way. Also make it such a way that anybody can host the application on their own so that the data can remain private.
can you mention how you are planning to build it?
I'm working on a web-based workout, activity, and meal logger because I'm not satisfied with the performance of any of the current offerings. They all seem to be missing something I would like to have so I decided I'd just build what I want and maybe others would like it too.
So far I've learned a bunch about WordPress and php, and overall I'm pretty happy with the results. However, I haven't worked on it for a while, and honestly I'm not sure what do to next. Any advice/suggestions appreciated.
Smart fridge device, tracks what's in your fridge.
Just some hardware prototypes that I'm working on, using OpenCV and TensorFlow for food recognition. The fact that Amazon doesn't have an official product purchasing API is irritating, but makes complete sense.
Been throwing around ideas for a personal database for a few months now. The idea now is a sort of personal wiki system where ideas can be collected in markdown formatted pages with internal and external links, as well as all of the other features you would expect from a wiki.
This wiki acts as a backend for the larger project, which will be a personal assistant type service that will be able to read and write from this "database" of personal knowledge and organize deadlines, events, notes, documentation, and references.
Im thinking of making this functionality happen through a MycroftAI plugin, so that you can query the database by voice, and give Mycroft the ability to make agendas and such on the fly based on your personal database.
It's still in the early stages though, as Im still trying to figure out what kind of backend I want to use. I need something cross platform (at least Linux, windows, Android) to edit the database, as to be able to update it as I do research or take notes. Im currently leaning towards DokuWiki due to it's variety of formatting and the fact that it has an API built in, but I have a feeling it's going to get hacky.
54 comments
[ 0.26 ms ] story [ 47.0 ms ] threadAnd
Charity fundraising 2.0
https://836813826457287383.weebly.com
So, likely, nothing anyone is likely to care about, or that will make money, or an interesting Show HN thread once I manage to actually finish something.
The core idea [1] is that there are some passwords that you only want to remember, never write or store, and yet be able to access even in the worst possible situation.
I'm negating all these assumptions by creating an app. :) Jokes apart, most of the time you do want the comfort of an app or browser extension.
[1] https://medium.com/@0x0ece/how-i-manage-my-passwords-technic...
https://tonyarcieri.com/4-fatal-flaws-in-deterministic-passw...
Certainly you’ve considered these points, and I’m interested in hearing your responses to these points if you’re using this scheme yourself and want others to use it.
I’m particularly interested in point 4 where, unlike traditional password managers like 1Password and Lastpass, where you need both the password and some form of data access, the leakage of my master password (say by a shoulder surfing security camera at any time) literally means every credential can be derived from scratch at any time.
For all the other passwords I honestly don't care, deterministic or vault both have pros and cons, but in reality it doesn't really matter. First, I never experienced the same urgent need of access. Second, I could temp reset the password provided that I can access my gmail.
On point 4 specifically I have two things to say.
> With a traditional encrypted password vault scheme, we need two things to obtain site-specific passwords: the ciphertext of the password vault, and the master password.
To me this is not a feature at all. I want exactly the opposite, meaning I don't want to depend on a file to retrieve my passwords, at least not the most critical ones. So, I guess this is a critical distinction. Are you ok with this dependency? Then definitely go for a vault. Ar you against? Then you can't use a vault.
Second, and to your point. It's worth noting that, because you need the vault file, you probably have it replicated in multiple places or at least accessible by multiple devices. To me, this makes the probability to get access to your vault file higher than the probability to find out the master password. Or, said in another way, I wouldn't base the security of the system on the fact that the attacker can access the master password but not the vault file.
To limit the attack surface you have to create multiple groups with different master passwords. The one that you type more often are the one more exposed, so you want to group sites with similar security risk and frequency of login (this is another thing that often seems amplified, I don't logout+login every day in all sites, I typically keep things logged in).
I hope this replies to your question, happy to chat more.
# 1: A game boy advance emulator in Rust - just for fun to learn the language and to implement a virtual machine.
# 2: A cold storage secret manager with a James Bond feeling.
In the case I die <everyone is gonna die anyways> I need to let people instructions, documents, bank ids, passwords and other stuff. So I designed a secret sharing mechanism which allows me split secrets and generate tokens for specific people. Once enough people gather and join their keys, they can unlock their specific secrets. If you want to understand a bit just go through the 1password design docs and Shamir secret sharing mechanism, although I had to improve the later to improve security.
Once I gave some friends a piece of paper with a QR code with says "in case I die access this website", most of then got interested in having a service like this. I registered a domain but I'm still not confident enough to make it public.
If you want to invest or discuss drop me a line on hn@eternity.is :P
Honestly, this sounds like a far more productive way to burn through your savings and free time than a GBA emulator...
Also, as a project for a CV, the complexity involved in emulating any system makes it a reasonable feat (if even partially successful).
It is, but unless postit has a lot of savings, lives in a country with a robust social safety net, or is confident about finding employment without effort, they risk winding unemployed and broke. I know this from personal experience, although, of course, everyone's experience is different.
I'd like to make something similar to [2] in the mid-term, but the longer goal's to find tickets given in error.
[1] http://github.com/red-bin/chicago_tickets [2] http://toddwschneider.com/posts/analyzing-1-1-billion-nyc-ta...
Even the best posts out there are B+ in my opinion and they often miss something.
AMT is always the stumbling block for my own analysis though so I might point on that part =\",
https://suet.co/
Made it mainly to learn about sockets.io and Web Speech APIs.
Interested to extend this to a player vs bot mode, as well as supporting Mandarin Chinese in the future if I have time.
http://funreading.io/
https://themeranch.com
So far I've learned a bunch about WordPress and php, and overall I'm pretty happy with the results. However, I haven't worked on it for a while, and honestly I'm not sure what do to next. Any advice/suggestions appreciated.
Site - https://betterself.io Open sourced - https://github.com/jeffshek/betterself
Just some hardware prototypes that I'm working on, using OpenCV and TensorFlow for food recognition. The fact that Amazon doesn't have an official product purchasing API is irritating, but makes complete sense.
https://www.producthunt.com/upcoming/press-kite
This wiki acts as a backend for the larger project, which will be a personal assistant type service that will be able to read and write from this "database" of personal knowledge and organize deadlines, events, notes, documentation, and references.
Im thinking of making this functionality happen through a MycroftAI plugin, so that you can query the database by voice, and give Mycroft the ability to make agendas and such on the fly based on your personal database.
It's still in the early stages though, as Im still trying to figure out what kind of backend I want to use. I need something cross platform (at least Linux, windows, Android) to edit the database, as to be able to update it as I do research or take notes. Im currently leaning towards DokuWiki due to it's variety of formatting and the fact that it has an API built in, but I have a feeling it's going to get hacky.