frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Passwords are okay, impulsive Internet isn't

https://www.dedoimedo.com/life/passwords-passkeys.html
3•brycewray•1y ago

Comments

palata•1y ago
Hmm... I see a rant against the state of software (bad software, AI diarrhea, ...) and TooBigTech having control over everything. I can agree with that, but it has nothing to do with the "passwords vs passkeys" question.

The rant against passkeys? I don't get it. Just like one can use a password manager controlled by TooBigTech or KeePass, one can use a passkey controlled by TooBigTech or a Yubikey. I find it great to authenticate directly with my Yubikey (over FIDO2) instead of using my Yubikey to decrypt a password and copying it in a form.

And then there is the part that is completely wrong about security. They say that they "can't trust their phone" so they don't want to keep the passkeys there. But that is not correct: if the passkeys are encrypted and the key is stored in a TPM, then that's effectively similar to having a security key (you have to trust the TPM, just as you have to trust the security key of course).

And then there is the nonsense:

> I can set up KeePass Portable on a USB key, run it in Linux via WINE, place it inside an encrypted VeraCrypt container, copy to any which file sharing service, if I want.

If the device where you enter the password is compromised, then the password will be compromised as soon as you enter it on that device. No matter how much you show off with your funny setup with WINE and VeraCrypt. A password manager doesn't protect against that, so passwords can be exfiltrated as they are used. Whereas a FIDO2 authentication requires the passkey every time. E.g. I need to physically touch my Yubikey for it to sign the challenge. It could be MitM, but it is visible ("I touched my Yubikey and it didn't work, what happened?").

Authenticating over FIDO2 with a security key is strictly superior to entering a password in a field, period.

Show HN: Can I Walk My Dog? Weather-based safety calculator for dog walks

https://rainbow-salmiakki-336e9b.netlify.app/
1•OtmaneBenazzou•1m ago•0 comments

Show HN: Thunderstorm tracker for Mexico England world cup game

https://tlaloc.cloud/
1•mgranados•5m ago•0 comments

Reparaible and open source paper printer

https://www.opentools.studio/
2•bouh•10m ago•0 comments

Dungeon Proof Crawler: learn how to write proofs with RPG

https://dhilst.github.io/algae/game/index.html
3•SchwKatze•13m ago•1 comments

Why New Jersey's balcony solar bill is a huge deal for renters

https://www.cnn.com/climate/new-jersey-balcony-solar-renters
2•breve•15m ago•1 comments

Y Combinator.singles

https://www.ycombinator.singles/
1•nadermx•16m ago•0 comments

Ask HN: Are you guys happy with existing social networkin apps?

4•julienreszka•17m ago•3 comments

Pint in England

https://dispatch-media.com/the-best-pint-in-england/
2•gripfx•18m ago•0 comments

The new Teddy Roosevelt library is a gorgeous extension of the prairie

https://www.fastcompany.com/91568422/theodore-roosevelt-presidential-library
2•eatonphil•18m ago•0 comments

Hollywood's spent 25 years chasing the wrong lessons from The Lord of the Rings

https://www.polygon.com/lord-of-the-rings-25-years-fantasy/
3•HelloUsername•21m ago•0 comments

How to Dox Anyone

https://madattheinternet.substack.com/p/how-to-dox-anyone
4•majorchord•23m ago•1 comments

Show HN: clip.video - Turn podcasts and long videos into short vertical clips

https://clip.video/
1•nadermx•25m ago•0 comments

Organic Maps open source dispute

https://isitreallyfoss.com/projects/organic-maps/
2•maxloh•26m ago•0 comments

What Should We Optimize Away?

https://www.autodidacts.io/holistic-optimization/
1•Curiositry•28m ago•0 comments

Dependencies should be fetched directly from VCS

https://www.arp242.net/deps-vcs.html
2•mrngm•29m ago•0 comments

OpenAI is fast-tracking its own "AI Agent Phone" for 2027 to challenge iPhone

https://old.reddit.com/r/OpenAI/comments/1unbqyd/openai_is_fasttracking_its_own_ai_agent_phone_for/
4•rmason•32m ago•1 comments

Therac-25

https://en.wikipedia.org/wiki/Therac-25
3•thunderbong•33m ago•0 comments

Mercy Otis Warren

https://en.wikipedia.org/wiki/Mercy_Otis_Warren
1•vinnyglennon•34m ago•0 comments

Show HN: Sidenote – comment on your rendered blog, an LLM writes the Git diff

https://github.com/bharadwaj-pendyala/sidenote
1•bharadwajp•34m ago•0 comments

Surveillance Companionship Entertainment: Intelligent Machines Ancient History

https://thereader.mitpress.mit.edu/the-ancient-history-of-intelligent-machines/
2•andsoitis•35m ago•0 comments

Scaling Laws, Honestly

https://www.completeskeptic.com/p/scaling-laws-honestly
1•dreamingincode•41m ago•0 comments

Show HN: A bedside camera detects REM sleep and agrees with a clinical EEG

https://lucidcode.com/2026/06/20/inspec-with-cgx-patch-clinical-eeg-sleep-stage-classification/
2•MichaelCoder•46m ago•0 comments

Show HN: Osint tool that finds exposed files on domains

https://search.cerast-intelligence.com/
2•PatchRequest•49m ago•0 comments

Zero-copy in Go: sendfile, splice, and the cost of io.Copy

https://segflow.github.io/post/zero-copy-sendfile-splice/
1•mrngm•49m ago•0 comments

Show HN: Open-source guided code reviews

https://twitter.com/plannotator/status/2073845811847512372
2•ramoz•50m ago•0 comments

ARRR: Pirate MMO vibecoded by its players

https://www.arrr.fun
2•m0dE•50m ago•1 comments

RePost API Tester Extension

https://chromewebstore.google.com/detail/repost-api-tester/eipmeckflplenlbnlhbpmjojahephhkp
1•info-chirila•52m ago•0 comments

3D-print your own modular eyeglasses frames

https://eiga.works/design/hitomi-frames/
3•thinkalone•54m ago•0 comments

Fugu – A multi-agent LLM orchestrator delivered as a single API

https://github.com/SakanaAI/fugu
4•terminalchai•1h ago•0 comments

Vibe-coding platform Base44 launches own model as AI startups seek defensibility

https://techcrunch.com/2026/06/29/vibe-coding-platform-base44-launches-own-model-as-ai-startups-s...
3•gmays•1h ago•0 comments