frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

We Built a New Editor. Want to Try It?

https://simplenote.com/2026/07/03/we-built-a-new-editor-want-to-try-it/
1•ingve•1m ago•0 comments

Library Song

https://authorscalendar.info/
1•jruohonen•3m ago•0 comments

Rare copy of US Declaration of Independence found by volunteer in UK archives

https://www.bbc.co.uk/news/articles/cgrkl104ly5o
3•iam-TJ•4m ago•0 comments

The AI Superforecasters Are Here

https://www.astralcodexten.com/p/the-ai-superforecasters-are-here
1•Michelangelo11•5m ago•0 comments

Show HN: Scopewalker, an MCP server for codebase complexity metrics

https://github.com/timohaa/scopewalker-mcp
1•thaanpaa•6m ago•0 comments

Wordgard: The new in-browser rich-text editor from the creator of ProseMirror

https://wordgard.net/
1•indy•6m ago•0 comments

Show HN: Numbword – a daily word game where letters add up to a target

https://numbword.com/
1•celltalk•8m ago•0 comments

30-Second Cherry Trick Sleep Formula Explained

https://gamma.app/embed/30-Second-Cherry-Trick-For-Sleep-Yu-Sleep-Review-2026-tsv4bcfbd4syqwf?mod...
1•prepostseo•8m ago•0 comments

Check any website up/down Status?

https://urlwatch.io/
1•rajkverma123•10m ago•0 comments

The mathematical secrets of Barcelona's Sagrada Familia

https://mappingignorance.org/2026/06/30/sagrada-familia/
1•Gedxx•13m ago•0 comments

EU Parliament temporarily defies Chat Control

https://www.heise.de/en/news/Partial-victory-with-a-catch-EU-Parliament-temporarily-defies-chat-c...
3•donpott•14m ago•0 comments

SmrtLnks – Cheaper Bitly link shortener that routes by GEO, dynamic QR included

https://smrtlink.link/
1•ExcellentNobody•14m ago•0 comments

India asks WhatsApp to pause username feature rollout over fraud concerns

https://www.bbc.com/news/articles/ckg8e0n9l41o
2•Markoff•17m ago•0 comments

JPEG-XL Libjxl 0.12 Brings More Performance Optimizations

https://www.phoronix.com/news/JPEG-XL-libjxl-0.12
2•blurred•19m ago•0 comments

Multiple Linux tarballs return 404 on kernel.org

https://kernel.org/
1•Lwrless•24m ago•1 comments

Alibaba to ban Claude Code in workplace over alleged backdoor risks, source says

https://www.reuters.com/world/china/alibaba-ban-claude-code-workplace-over-alleged-backdoor-risks...
8•nsoonhui•25m ago•1 comments

Half-Baked Product

https://weli.dev/blog/half-baked-product/
2•weli•33m ago•1 comments

How eveRy webSite is tRacking you 24/7. SiTe STaMpS

https://medium.com/@thesuperrepemail/how-every-website-is-tracking-you-24-7-site-stamps-333e8026eaba
1•mssblogs•33m ago•0 comments

Giotto.ai: "A Swiss lab with European heart"

https://www.giotto.ai/#about
1•theanonymousone•34m ago•0 comments

ECTC 2026 Roundup, Intel, TSMC, SK Hynix, Samsung, Micron, Marvell, Lightmatter

https://newsletter.semianalysis.com/p/ectc2026
1•felixdoerp•36m ago•0 comments

Nobody Reads the SQL Anymore

https://tabularis.dev/blog/nobody-reads-the-sql-anymore
1•debba•36m ago•1 comments

'guix substitute' and 'guix pull' Vulnerabilities

https://guix.gnu.org/en/blog/2026/guix-substitute-pull-vulnerabilities/
2•elephant-ocean•36m ago•0 comments

I replaced my GitHub runners with Lambda MicroVMs, and maybe you should too

https://lucvandonkersgoed.com/2026/07/01/i-replaced-my-github-runners-with-lambda-microvms-and-ma...
1•touristtam•38m ago•1 comments

NVCF: Deploy and Route GPU-Accelerated AI Workloads at Scale

https://github.com/NVIDIA/nvcf
1•mastabadtomm•39m ago•0 comments

Amazon's Mechanical Turk to stop accepting new customers

https://www.theregister.com/off-prem/2026/07/03/amazons-mechanical-turk-to-stop-accepting-new-cus...
7•50kIters•44m ago•0 comments

Action Preflight: consequence-aware admission for LLM agent actions

https://github.com/gfernandf/agent-skills/blob/main/docs/ACTION_PREFLIGHT_FORECAST_QUICKSTART.md
1•gfernandf1•45m ago•2 comments

Exploring Nix for Enterprise Teams

https://medium.com/ekino-france/exploring-nix-for-enterprise-teams-2e61d755e473
1•tduyng•46m ago•0 comments

Global gridded population datasets underrepresent rural population (2025)

https://www.nature.com/articles/s41467-025-56906-7
2•bryanrasmussen•51m ago•1 comments

The Law of Leaky Abstractions (2002)

https://www.joelonsoftware.com/2002/11/11/the-law-of-leaky-abstractions/
1•SmartHypercube•52m ago•0 comments

What Happened to the Fight for the Internet?

https://dustycloud.org/blog/what-happened-to-the-fight-for-the-internet/
1•birdculture•53m ago•2 comments
Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.