frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Help, the PS5 Store Is Flooded with AI Slop

https://kotaku.com/ps5-psn-playstation-store-ai-slop-brainrot-junk-spam-1851786494
1•mikhael•31s ago•0 comments

Making a short film with AI – harder than I thought

https://pranshum.com/blog/video-ai-lessons/
1•pranshum•2m ago•0 comments

Felix Baumgartner, who jumped from edge of space, dies in paragliding crash

https://www.theguardian.com/sport/2025/jul/18/skydive-pioneer-felix-baumgartner-who-jumped-from-edge-of-space-dies-in-paragliding-accident
1•bookofjoe•4m ago•0 comments

Centaur: AI that thinks like us–and could help explain how we think

https://techxplore.com/news/2025-07-centaur-ai.html
1•PaulHoule•5m ago•0 comments

Do falling birth rates matter in an AI future?

https://www.vox.com/economy/420074/ai-birth-rates-pronatalism-future-of-work-automation-jobs-economy
1•ryan_j_naughton•8m ago•1 comments

Show HN: molab, a cloud-hosted marimo notebook workspace

https://marimo.io/blog/announcing-molab
4•akshayka•8m ago•1 comments

Conference Report: C++ on Sea 2025

https://www.sandordargo.com/blog/2025/07/02/cpponsea-trip-report
1•transpute•10m ago•0 comments

Playable preview of ARC-AGI-3

https://three.arcprize.org/
3•dcre•10m ago•0 comments

Cancer DNA is detectable in blood years before diagnosis

https://www.sciencenews.org/article/cancer-tumor-dna-blood-test-screening
2•bookofjoe•10m ago•1 comments

How I keep up with AI progress (and why you must too)

https://blog.nilenso.com/blog/2025/06/23/how-i-keep-up-with-ai-progress/
2•itzlambda•12m ago•0 comments

The New Surprising Number of Steam Games That Use GenAI

https://www.totallyhuman.io/blog/the-surprising-new-number-of-genai-games-on-steam
2•larsiusprime•19m ago•0 comments

Netflix reveals that one of its shows used generative AI for the first time

https://www.businessinsider.com/netflix-generative-ai-use-artificial-intelligence-2025-7
1•amrrs•22m ago•0 comments

Third patient dies from acute liver failure caused by a Sarepta gene therapy

https://www.biocentury.com/article/656520/third-death-from-a-sarepta-gene-therapy
2•randycupertino•22m ago•0 comments

Kap Lang

https://kapdemo.dhsdevelopments.com/
1•Bogdanp•24m ago•0 comments

ChatGPT Angent vs. Genspark Super Agent Side by Side

https://twitter.com/genspark_ai/status/1946005869533311030
1•sangwen•27m ago•0 comments

Using AI to make lower-carbon, faster-curing concrete

https://engineering.fb.com/2025/07/16/data-center-engineering/ai-make-lower-carbon-faster-curing-concrete/
1•mostdefinite1•31m ago•0 comments

Gradient Descent on Token Input Embeddings

https://www.lesswrong.com/posts/GK2LSzxjEejzDjzDs/gradient-descent-on-token-input-embeddings
1•kp1197•33m ago•1 comments

I built a GH Action that uses AI to manually QA your PR using Magnitude/Claude

https://github.com/ka-brian/self-testing-github-action
1•bpmcgough•35m ago•1 comments

Why Banks Are on High Alert About Stablecoins

https://www.wsj.com/finance/currencies/why-banks-are-on-high-alert-about-stablecoins-2f308aa0
4•petethomas•36m ago•1 comments

OpenAI unveils ChatGPT Agent for task automation

https://www.msn.com/en-us/money/insight/chatgpt-s-new-update-can-create-powerpoint-presentations-and-excel-spreadsheets-for-you/gm-4A64F53E00
1•pattychow•37m ago•0 comments

Transmuting mercury into gold via fusion [pdf]

https://www.marathonfusion.com/alchemy.pdf
2•frankus•37m ago•0 comments

Save your M-series Mac's energy and battery

https://eclecticlight.co/2025/07/18/save-your-m-series-macs-energy-and-battery/
2•alwillis•38m ago•1 comments

My password is same as username

1•ycombadmin•39m ago•0 comments

Language-driven cognitive architecture for AGI from scratch, alone, meet ALLA

http://dx.doi.org/10.13140/RG.2.2.24576.75523
1•darwinSir•40m ago•1 comments

The Complete Evolution of Canon EOS Autofocus Sensors

https://exclusivearchitecture.com/03-technical-articles-AFSE-01-PD-autofocus-sensor-evolution.html
2•ExAr•40m ago•1 comments

Section 174 is reversed! Mostly, that is.

https://newsletter.pragmaticengineer.com/p/the-pulse-section-174-is-reversed
13•jawns•41m ago•4 comments

Trump admin squanders nearly 800k vaccines meant for Africa

https://arstechnica.com/health/2025/07/trump-admin-squanders-nearly-800000-vaccines-meant-for-africa-report/
15•BallsInIt•41m ago•0 comments

Distillation Makes AI Models Smaller and Cheaper

https://www.quantamagazine.org/how-distillation-makes-ai-models-smaller-and-cheaper-20250718/
1•defrost•42m ago•0 comments

Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and

https://socket.dev/blog/knip-hits-500-releases
1•feross•44m ago•0 comments

Teaching Men Who Will Never Leave Prison

https://www.newyorker.com/culture/the-weekend-essay/teaching-men-who-will-never-leave-prison
3•mitchbob•47m ago•1 comments
Open in hackernews

Gmail's backup codes are useless to access account

75•Andrew_nenakhov•2h ago
Ok, I have a work account on Gmail. Having the experience of being locked out of Gmail previously (endless loop of "You are entering the correct password but we're not sure that it is you, try again later"), I created a 2fa via Google Authenticator and set up Backup Codes and thought I'm safe from them asking me to sign in on another device or enter sms code (I don't carry that phone with me).

So, one sunny day I decided to add standard iOS mail app to this account, and lo, an hour after connection I get a message, that due to strange activity on my account, I need to enter code sent via sms.

Ok, I don't have that phone with me, so I try to log in with Authenticator, and no, no good: 'we are not sure that it is you, enter code sent to sms'. Ok, I dig backup codes, enter them, and still get 'we are not sure what it is you' message.

What's even the point of allowing to set up Authenticator or Backup Codes if they don't do anything?

If there are some people from Google reading this, please, don't reach out to me offering to help. Just change this dumb system.

Comments

rvnx•2h ago
It can even escalate to https://support.google.com/a/answer/1110339?hl=en

"Automatically suspended by Google systems for being at risk"

+ This is an automated message. Replies are not monitored.

https://www.linkedin.com/pulse/when-you-get-locked-out-your-...

Good luck.

Andrew_nenakhov•2h ago
I wonder if there is a way to disable this SMS 'security' antifeature once and for all? I imagine it is a constant nightmare for people who travel abroad and do not always have connection on their number registered in their 'home' country.
Youden•1h ago
On Gmail: https://myaccount.google.com/security -> "How you sign in to Google" -> "2-Step Verification Phone" -> trash can.

In general, no. I've wondered if legislation would be feasible though, especially given the flaws that have already been shown.

lxgr•1h ago
To be a person is to have a phone number capable of receiving SMS, at least according to approximately every US company.
FabHK•1h ago
Indeed. I have a university alumni account that I haven't been able to use for some years because it is managed by Google, and they in their wisdom figured somethings was suspicious (maybe leaving the country or not logging in multiple times a day or cleaning cookies or something else that good patriots don't do).

They're asking for a phone number (so, good to know - if a hacker actually got my username and password, they could access everything Google has on me if they have a fresh phone number, I feel super protected), which I am reluctant to provide, but it still doesn't work.

As you highlight, no support.

vouaobrasil•2h ago
In my opinion, the #1 way to make Gmail better is to enable forwarding. Then you don't have to deal with their ugly interface, login system, new features, weird compose window, etc....
Andrew_nenakhov•2h ago
That's actually how I use that account, but this time I decided to check how it works with the iOS mail app on new iOS beta with that liquid glass interface.

I even dug out my computer that was logged in to this account in desktop browser, and it too blocks access. Crazy.

icedchai•1h ago
I'm one of the few that likes the gmail interface, I guess. Whenever I'm forced to use Outlook's web interface, I want to vomit.
vouaobrasil•1h ago
Yeah Outlook is harsh. I was comparing it to a dedicated mail reader like Thunderbird.
fauigerzigerk•1h ago
Me too. I forward Outlook to Gmail.

Outlook is unusable but harmlessly so. What's worse is Microsoft 365. I simply can't find a way to configure 2FA in any kind of sensible way. Right now it's simply turned off, which makes me very nervous. Whatever I do, it is somehow overridden in other parts of their byzantine and always changing cat herd of admin sites. I'm waiting impatiently for our M365 subscription to expire so we can finally migrate off this nightmare.

robertoandred•1h ago
Or just use a different email client?
midnightblue•1h ago
Gmail has one killer feature which is the auto-acceptance of calendar invites. to put it better yet, it will put any and all invites and invite-looking things from emails into your Calendar. you still need to mark "yes i will attend" manually. that, as far as i am concerned, is the perfect UX for this workflow. i don't wanna have to create calendar items manually, feels very previous-century.

i tried to migrate from Workspace to iCloud but dealing with the insane OSX Calendar app which not only does not put anything into your itinerary automatically but is liable to just disappear items from the Calendar randomly, put me off so much i went right back to Workspace.

mikece•1h ago
One of the first things I do with all of my Google accounts is set up TOTP authentication and not with Google Authenticator. So far I haven't had any issues getting into an account after not logging in for a while (because my gmails all forward) but I wonder if Google will disable standard TOTP in favor of requiring Google Authenticator (which will be a problem because then I would need to get a separate handset for each account).
Andrew_nenakhov•1h ago
Google Authenticator is a TOTP client as far as I know, and it can transfer codes to third party clients without problems.

The point of my rant was that with modern day Google, TOTP authentication is not enough.

mikece•1h ago
Google Authenticator, like the Microsoft Authenticator, goes beyond mere TOTP and if you use that (or it's required by Google) then you need an app that can receive a push notification as part of the 2FA. This is the part that would screw up a lot of the consulting work I'm doing with client Google accounts because it would mean getting a separate installed instance of Google Authenticator for each account.
hocuspocus•1h ago
You're confusing Google device prompts and Authenticator. The latter is indeed a mere TOTP client.

By the way I'm pretty sure the prompts work with as many Google/Workspace accounts as you want.

Eduard•1h ago
last time I checked (two years ago), Google Authenticator made it horribly complicated to export TOTPs managed by it. It took me an evening and many unsuccessful attempts to get my 10 or so Google Authenticator-managed TOTPs in a format that I was able to import into other open source solutions (eg Authy Authenticator Android app, KeePassX Linux application).

I don't care if things have changed, it was a shit experience. I highly suggest to stay away from the Google Authenticator lock-in danger.

thesuitonym•1h ago
I haven't used Google Authenticator, but most authenticator apps allow you to have multiple accounts connected. It would be insane to me if Google didn't.
hocuspocus•1h ago
Of course, it can hold as many secrets as you want. It syncs them to only one Google account though, but that's irrelevant.
bpodgursky•1h ago
There's a button in the admin page for your workspace admin to disable extra security prompts for 10 minutes. Just ask them to help.
Andrew_nenakhov•1h ago
it's a simple gmail.com account, not a workspace one.
ASalazarMX•1h ago
I got the same impression as the root comment, since you stated "I have a work account on Gmail". In reality, you have a personal account that you use for work, with the accompanying dismal tech support.

Losing that account is a big risk for your work, paying Google Workspace is an investment in your case.

bpodgursky•1h ago
Yeah I would really clarify that this is not a "work account" in the way most people would interpret it. I agree OP should be paying for Google Workspace if your income depends on this account.
Andrew_nenakhov•1h ago
To be specific, I use it for a separate Google Play developer account, which Google refused to create on my Workspace account, saying it must be a regular Gmail account. (They also restrict Workspace accounts from some Google Play functions like rating the apps and leaving reviews).
tkj922•56m ago
I don't get it. To me it seems that being locked out of a "work" email is far better (far less worse) than being locked out of a "personal life" one, which probably includes stuff like telecom, utility, insurance, social media being tied to that entity. It is easier to get another job than to "recover" all the other aspects of life
thibaut_barrere•1h ago
A bit of a sidenote but: what is a gmail alternative that really works? For instance, spam handling is worse in pretty much any alternative I've tried.

I'm interested in EU-based products first. But they need to handle spam well!

delusional•1h ago
How do you defined "handling spam well"? What problem did you have with the alternatives you've tried?
barbazoo•1h ago
They definitely do have regular false positives for me, marking something as spam that isn't. Never personal email though.
BoppreH•1h ago
I'm a happy user of Fastmail. It's a paid service (€5 per month) but that comes with higher standards. The webmail has been pretty good. Barely any spam to speak of (once a week?), even though I have various email addresses in public places.
classichasclass•1h ago
Another satisfied Fastmail user. We don't pay a great deal for it and the service has been very good. Be the customer, not the product.
lucianbr•1h ago
Protonmail works in the sense that I can receive and send emails, it's always up when I need it. I don't know how much of the spam is not arriving or being filtered.
fauigerzigerk•1h ago
Do you have any deliverability issues when sending mails? I find Protonmail interesting and I like the clean UI, but I worry my mails may end up in recipients' spam folder more often.
bsoles•52m ago
Not the original poster. I use all three Proton domains (pm.me, proton.me, protonmail.com) and haven't had an issue so far.
lucianbr•26m ago
I have not had any issues so far.
AndersSandvik•1h ago
I recommrnd Fastmail! Switched to them like 3 years ago. They Are perfect for me. I use masker emails for my domain so i never get spam
fauigerzigerk•1h ago
My company used to be on Fastmail. Spam was definitely a problem. It's not EU based either if that matters (although the relevant servers may be).
barbazoo•1h ago
It's hard to judge but for me Fastmail seems to be pretty great at detecting spam, at least it always ends up in my Spam folder. False positives are pretty regular, so far never actual human written emails though, only newsletters, but still. Overall for me a set and happily forget kind of service. Support is decent too.
Tijdreiziger•1h ago
Soverin
kstrauser•1h ago
I use Apple's hosted domain service, which is included in the price of Apple One we were already paying for. It's been surprisingly great since I switched my domains to it.
paul-tharun•1h ago
mxroute is pretty good with their spam handling
jeffbee•1h ago
None of these things is a saving throw versus suspicious login detection. It's for the safety of your account. Wait an hour or two, or resolve the reason for the suspicious activity if you may have caused it (VPN, for example).
tczMUFlmoNk•1h ago
VPNs are a wholly legitimate way to use the Internet. The onus should never be on a legitimate user to disengage measures that they've taken for their privacy and safety.

In this case, the user has already authenticated with three factors(!). Framing potential VPN use as "suspicious" normalizes a more locked down, surveilled web with fewer rights for humans. We shouldn't be pushing that direction.

jeffbee•1h ago
And with a workspace account you can express that preference to Google. But the fact remains that 99.5% of the people who suddenly switch their login traffic from US to Romania or whatever have been hacked and your aesthetic beliefs about supposed rights strongly conflicts with what humans actually want.
beeflet•1h ago
>But the fact remains that 99.5% of the people who suddenly switch their login traffic from US to Romania or whatever have been hacked

Why wouldn't a 2-factor or a recovery email sent to another address be enough to refute this?

If you can hack someone's device, it's not that much more difficult to tunnel the connection through a residential VPN. If you can't hack their device, then you can't get 2-factor codes or access their other accounts.

a2128•1h ago
Using a VPN is not even the suspicious part. Using a public network (e.g. hotel Wi-Fi) can make you equally suspicious, in that case you would actually need to have a VPN to your home network to erase suspicion. So it's not about using VPN, it's about not making yourself easily trackable and surveillable
MintPaw•1h ago
While I agree in this specific case, in general, the idea that privacy and safety measures trump all other factors is poorly thought out. What if, for my privacy and safety, I don't want to log into my account to view a specific piece of content? It ignores the reality and impacts of bot activity. And like, what if you paid the for the content? Obviously you have to sign in to view it.

Although maybe you didn't mean to make such a strong statement.

beeflet•1h ago
Why should my login be tied to my IP address, which gets randomly re-assigned instead of a secure TOTP tied to my device? What if I'm in a foreign country and I need to check my email? My account has been totally secured ... against me!

Not only is the email protocol (SMTP) an unreliable transport now due to spam filtering, but the actual login interface (IMAP) is also unreliable! Not that this will actually accomplish anything. Spear phishing and spam campaigns seem to be ever-present.

david422•1h ago
I created a gmail account in 2004 and then completely forgot about it. Just last week I realized that I had registered that account. I went to the forgot my password page, and it prompted for the last password I remembered using, which I took a guess at. It told me that wasn't enough information to recover the account, and that was it, because I didn't have a backup phone, email etc. attached.

But then I thought- what if I just try that password to login. And it worked.

So when I thought I had forgotten my password, gmail prompted me for a piece of information that I got correct, and then wouldn't accept it.

I also have another email account that forwards all mail to my main account, but I've definitely forgotten that password, and I have no way to actually get back into that account, even though I've tried. I guess it just forwards mail forever.

roywiggins•1h ago
> I guess it just forwards mail forever.

Probably not forever:

https://www.npr.org/2023/11/27/1215285876/google-inactive-ac...

NearAP•1h ago
It isn't just the backup codes.

More than once, I was in a different country and tried logging into a workspace gmail account. Google flags it as a strange activity (fair enough) and needs to authenticate me. It asks me to enter the complete address for my recovery email (I do this), it sends me a code to use for sign in (I do this) but it still refuses to sign me and says it can't authenticate me. It says I need to sign in from a location that I've signed in from before.

So, for the period that I was out of the country, I couldn't access my email. This happened each time I'm in a new country. My only work around was to sign in to my email (on my laptop) before traveling and not sign out (for security reasons, I don't like to do this).

Something similar happened when I used a new laptop.

I just don't understand this. What then is the point of having recovery email and phone number if you won't use them?

Ezhik•1h ago
There's a Gmail account I've lost forever because Google wouldn't let me in even after doing 5 factor authentication (password, phone number, code from SMS, backup email, code from email).
Andrew_nenakhov•1h ago
I try to always log in to Gmail via VPN that uses the same IP address from any location.
xdfgh1112•12m ago
This doesn't happen for me with regular gmail. I wonder if your workspace had a very strict policy.
nickdothutton•1h ago
I’d love to see a fully mapped login/auth flowchart with every permutation. New accounts, ancient accounts, accounts with 2FA, without. I bet Google themselves dont even have one now. Remind yourself they are really just an advertising monopoly that does other things as a side project.
politelemon•44m ago
They for sure won't have one, and various parts of the flow will have been worked on and happy path tested in isolation at different times, so that no googler ever hits the real world cases like OP did. I didn't even say edge cases because they are hit fairly commonly.
ChrisArchitect•1h ago
Related/unrelated outage today:

Ask HN: GCP Outage?

https://news.ycombinator.com/item?id=44605732

modeless•1h ago
If you want to prevent SMS from being used, remove the recovery phone number and/or 2-step phone number from your account. That's how I've had my account set up for many years, to prevent SIM swapping attacks. Just make sure you set up all the other 2-step options.
Andrew_nenakhov•1h ago
I did it on the account mentioned in post (didn't set TOTP though), and Google locked me out saying "You're entering correct password but we're not sure it is you. Try again later". And I tried and tried and tried, for a few weeks.

Then, after 2 months, I tried logging in and suddenly it worked.

modeless•1h ago
I would start looking at the networks you are using. You may be unknowingly sharing your public IP or IP block with compromised machines that are part of botnets, which makes Google (rightfully) very suspicious of logins coming from there. I would also definitely get several hardware FIDO2 security keys as Google will likely trust those more than other forms of authentication.
SoftTalker•1h ago
When my bank introduced the option to use TOTP codes instead of SMS for 2FA, I said "Great!" and enabled it immediately. Unfortunately they don't let you remove the other 2FA options. So logging in, I now get three options for 2FA: SMS code, emailed code, or Authenticator code.
modeless•1h ago
Yes, a lot of places don't let you remove the phone number. But Google does.
fauigerzigerk•1h ago
True, I deleted mine long ago. They keep nagging me to add a recovery phone number though.
modeless•59m ago
Yeah I get nagged once every few months, maybe. Easy enough to ignore.
ikekkdcjkfke•31m ago
So we are at a point where just a strong password stored in memory is actually the safest option (given brute force protection)?
modeless•30m ago
The safest option is a hardware security key because it is not vulnerable to phishing. And I expect Google to trust it above all other forms of authentication because of that. So anyone who is worried about losing access to their account should immediately buy multiple hardware security keys.
mzajc•1h ago
Google will occasionally brick my account telling me I "didn't provide enough info for Google to be sure this account is really yours". There is absolutely nothing I can do but wait for it unbrick itself after a while. Support is completely useless, all while not being able to read any mail that comes its way.

Needless to say I decided to forward all mail elsewhere. I wouldn't touch Google for work with a 3m pole.

jbombadil•1h ago
+1!

Please Google let me have a normal TOTP authentication. No SMS, no "open the gmail app on this other device and tap this prompt", no mandatory Google Authenticator, etc.

fauigerzigerk•49m ago
You can add normal TOTP and delete Google Authenticator. You can also delete SMS. What you cannot do (I think) is remove Google Prompt if you are logged into your Google account on a phone.
jonathantf2•1h ago
From all my years working in IT I've never had a good experience with the iOS/macOS mail app for either Exchange or Gmail, things break constantly. You're much better off using the proper Gmail or Outlook app.
bsoles•56m ago
LinkedIn did the same thing to me after I have enabled 2FA, completely locking me out of all my devices. Then, they asked me to send a picture of my driver's license to a third-party company, who does some kind of validation I guess, to re-enable my account. God, I wish I can delete my LinkedIn account, but it is my only professional visibility to the business world.