frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Passwords are okay, impulsive Internet isn't

https://www.dedoimedo.com/life/passwords-passkeys.html
3•brycewray•1y ago

Comments

palata•1y ago
Hmm... I see a rant against the state of software (bad software, AI diarrhea, ...) and TooBigTech having control over everything. I can agree with that, but it has nothing to do with the "passwords vs passkeys" question.

The rant against passkeys? I don't get it. Just like one can use a password manager controlled by TooBigTech or KeePass, one can use a passkey controlled by TooBigTech or a Yubikey. I find it great to authenticate directly with my Yubikey (over FIDO2) instead of using my Yubikey to decrypt a password and copying it in a form.

And then there is the part that is completely wrong about security. They say that they "can't trust their phone" so they don't want to keep the passkeys there. But that is not correct: if the passkeys are encrypted and the key is stored in a TPM, then that's effectively similar to having a security key (you have to trust the TPM, just as you have to trust the security key of course).

And then there is the nonsense:

> I can set up KeePass Portable on a USB key, run it in Linux via WINE, place it inside an encrypted VeraCrypt container, copy to any which file sharing service, if I want.

If the device where you enter the password is compromised, then the password will be compromised as soon as you enter it on that device. No matter how much you show off with your funny setup with WINE and VeraCrypt. A password manager doesn't protect against that, so passwords can be exfiltrated as they are used. Whereas a FIDO2 authentication requires the passkey every time. E.g. I need to physically touch my Yubikey for it to sign the challenge. It could be MitM, but it is visible ("I touched my Yubikey and it didn't work, what happened?").

Authenticating over FIDO2 with a security key is strictly superior to entering a password in a field, period.

Wp2shell: Pre Authentication RCE in WordPress Core

https://slcyber.io/research-center/wp2shell-pre-authentication-rce-in-wordpress-core/
1•tjwds•1m ago•0 comments

Intel Starts Shipping High-NA EUV Silicon

https://morethanmoore.substack.com/p/intel-starts-shipping-high-na-euv
1•zdw•4m ago•0 comments

Give Agents Homeplace via SSH

https://www.xshellz.com/
1•stfnon•4m ago•1 comments

Why huge pages matter for Postgres?

https://clickhouse.com/blog/huge-pages-clickhouse-managed-postgres
1•saisrirampur•5m ago•0 comments

IBM CEO Arvind Krishna Has Nowhere to Hide from AI

https://www.wsj.com/tech/ibm-ceo-arvind-krishna-has-nowhere-to-hide-from-ai-c9ff290f
2•johnbarron•10m ago•0 comments

Sync.md – keep AGENTS.md, Claude.md, .cursorrules in sync by meaning, not diff

https://marketplace.visualstudio.com/items?itemName=sync-md.sync-md
1•anzilzedex•11m ago•0 comments

Against Mind-Blindness: Recognizing and Communicating with Diverse Intelligences [video]

https://www.youtube.com/watch?v=RHkFmUwW0kM
1•lioeters•12m ago•0 comments

Things I Won't Work With: Dioxygen Difluoride (2010)

https://www.science.org/content/blog-post/things-i-won-t-work-dioxygen-difluoride
2•downbad_•15m ago•0 comments

Show HN: Waylou / a multi-provider CLI coding agent / fork of Gemini CLI

https://github.com/helis-d/waylou
1•Emirhan123•15m ago•1 comments

Tool to benchmark AGENTS.md file on swe tasks

https://github.com/emiliolugo/clawmark
1•emiliolugo•16m ago•0 comments

Apple dethrones Nvidia to regain title of world's most valuable company

https://www.theguardian.com/technology/2026/jul/17/apple-nvidia-most-valuable-company
4•Brajeshwar•17m ago•0 comments

Tutorial: Introduction to Formal Verification with Lean (Part 1)

https://hashcloak.com/blog/tutorial-introduction-to-formal-verification-with-lean-(part-1)
1•birdculture•20m ago•0 comments

No President Has Embarrassed This Country the Way Trump Did Last Night

https://newrepublic.com/post/213195/trump-primetime-speech-no-embarrassed-country
7•petethomas•20m ago•0 comments

Valve's 14-Year Journey to Make the Steam Machine

https://www.bloomberg.com/news/newsletters/2026-07-17/valve-s-14-year-journey-to-make-the-steam-m...
1•HelloUsername•21m ago•0 comments

World Models

https://twitter.com/selimonder/status/2078540842822733993
1•selimonder•21m ago•0 comments

Typing Speed Test, but for Developers

https://haxxorwpm.0s.is/
3•hronecviktor•22m ago•3 comments

Kimi K3 Might Have Just Started a Crash of the US Economy

https://danielmiessler.com/blog/kimi-k3-us-economy
4•zelmetennani•24m ago•1 comments

Taylor Farms Recall. 27 States and the List Includes Bags Sold in Grocery Stores

https://www.marlerblog.com/case-news/taylor-farms-posted-its-own-recall-it-went-to-27-states-not-...
3•speckx•26m ago•0 comments

Jack Conte: Why I'm (sort of) not worried about AI [video]

https://www.youtube.com/watch?v=17_HcR95YBc
1•magistr4te•27m ago•0 comments

Is there any need for low cost LinkedIn followup reminder solution

1•vinayrsbalhara•27m ago•0 comments

Show HN: Medows – an AI clinical workspace for doctors on ward rounds

https://www.medows.ai/demo
1•alapanx•29m ago•1 comments

Meta's new AI chips will begin production in September

https://techcrunch.com/2026/07/09/metas-new-ai-chips-will-begin-production-in-september/
1•gmays•29m ago•0 comments

Amazon invents the Attachment Economy bait-and-switch

https://www.machinesociety.ai/p/amazon-invents-the-attachment-economy
1•mikelgan•30m ago•1 comments

I indexed 15,000 company hiring boards to search every (most) live tech jobs

https://www.padmi.ai/
1•anirudra•33m ago•1 comments

/dev/tcp to do fast and light TCP health checks

https://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip
1•arberx•33m ago•0 comments

Real-Time LuaTeX: Recompiling Large Documents in 1 ms [video]

https://www.youtube.com/watch?v=It9BMNGtjao
1•amichail•34m ago•1 comments

Show HN: Firedeck – Firebase Console for iPhone and iPad

https://firedeck.net/
1•adamgelatka•37m ago•0 comments

The Java Story, the Official Documentary

https://www.youtube.com/watch?v=ZqGSg4b_cZA
1•Dr_Emann•37m ago•0 comments

Spotify Deleted 75M AI-Generated Tracks – and It's Not Done Yet

https://www.gadgetreview.com/spotify-deleted-75-million-ai-generated-tracks-and-its-not-done-yet
1•CharlesW•37m ago•0 comments

Show HN: Typedeck – a Mac presentation app with a deterministic layout engine

https://apps.apple.com/us/app/typedeck/id6761032503?mt=12
1•TypeDeck•40m ago•0 comments