frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Looking for 4 Autistic Co-Founders for AI Startup (Equity-Based)

1•au-ai-aisl•6m ago•1 comments

AI-native capabilities, a new API Catalog, and updated plans and pricing

https://blog.postman.com/new-capabilities-march-2026/
1•thunderbong•6m ago•0 comments

What changed in tech from 2010 to 2020?

https://www.tedsanders.com/what-changed-in-tech-from-2010-to-2020/
2•endorphine•11m ago•0 comments

From Human Ergonomics to Agent Ergonomics

https://wesmckinney.com/blog/agent-ergonomics/
1•Anon84•15m ago•0 comments

Advanced Inertial Reference Sphere

https://en.wikipedia.org/wiki/Advanced_Inertial_Reference_Sphere
1•cyanf•16m ago•0 comments

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

https://www.phoronix.com/news/Fluorite-Toyota-Game-Engine
1•computer23•18m ago•0 comments

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

https://publicdomainreview.org/essay/typing-for-love-or-money/
1•prismatic•19m ago•0 comments

Show HN: A longitudinal health record built from fragmented medical data

https://myaether.live
1•takmak007•22m ago•0 comments

CoreWeave's $30B Bet on GPU Market Infrastructure

https://davefriedman.substack.com/p/coreweaves-30-billion-bet-on-gpu
1•gmays•33m ago•0 comments

Creating and Hosting a Static Website on Cloudflare for Free

https://benjaminsmallwood.com/blog/creating-and-hosting-a-static-website-on-cloudflare-for-free/
1•bensmallwood•39m ago•1 comments

"The Stanford scam proves America is becoming a nation of grifters"

https://www.thetimes.com/us/news-today/article/students-stanford-grifters-ivy-league-w2g5z768z
1•cwwc•43m ago•0 comments

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

https://cheekypint.substack.com/p/elon-musk-on-space-gpus-ai-optimus
2•simonebrunozzi•52m ago•0 comments

X (Twitter) is back with a new X API Pay-Per-Use model

https://developer.x.com/
3•eeko_systems•59m ago•0 comments

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

https://github.com/dmtrKovalenko/zlob
3•neogoose•1h ago•1 comments

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

https://github.com/mabrucker85-prog/Project_Lance_Core
2•mav5431•1h ago•1 comments

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

https://phys.org/news/2026-02-scientists-levitating-crystals.html
3•sizzle•1h ago•0 comments

When Michelangelo Met Titian

https://www.wsj.com/arts-culture/books/michelangelo-titian-review-the-renaissances-odd-couple-e34...
1•keiferski•1h ago•0 comments

Solving NYT Pips with DLX

https://github.com/DonoG/NYTPips4Processing
1•impossiblecode•1h ago•1 comments

Baldur's Gate to be turned into TV series – without the game's developers

https://www.bbc.com/news/articles/c24g457y534o
3•vunderba•1h ago•0 comments

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

https://www.youtube.com/watch?v=40SnEd1RWUU
2•dangtony98•1h ago•0 comments

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

https://github.com/bowang-lab/EchoJEPA
1•euvin•1h ago•0 comments

Disablling Go Telemetry

https://go.dev/doc/telemetry
1•1vuio0pswjnm7•1h ago•0 comments

Effective Nihilism

https://www.effectivenihilism.org/
1•abetusk•1h ago•1 comments

The UK government didn't want you to see this report on ecosystem collapse

https://www.theguardian.com/commentisfree/2026/jan/27/uk-government-report-ecosystem-collapse-foi...
5•pabs3•1h ago•0 comments

No 10 blocks report on impact of rainforest collapse on food prices

https://www.thetimes.com/uk/environment/article/no-10-blocks-report-on-impact-of-rainforest-colla...
3•pabs3•1h ago•0 comments

Seedance 2.0 Is Coming

https://seedance-2.app/
1•Jenny249•1h ago•0 comments

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

https://apps.apple.com/us/app/fitspire-5-minute-workout/id6758784938
2•devavinoth12•1h ago•0 comments

Dexterous robotic hands: 2009 – 2014 – 2025

https://old.reddit.com/r/robotics/comments/1qp7z15/dexterous_robotic_hands_2009_2014_2025/
1•gmays•1h ago•0 comments

Interop 2025: A Year of Convergence

https://webkit.org/blog/17808/interop-2025-review/
1•ksec•1h ago•1 comments

JobArena – Human Intuition vs. Artificial Intelligence

https://www.jobarena.ai/
1•84634E1A607A•1h ago•0 comments
Open in hackernews

Show HN: Building a future where security checks leave no permanent trails

1•csp_dev•2w ago
Every time someone checks if a password has been breached, a permanent record is created: this person checked this password at this time.

(All code is open-source, MIT licensed)

I've been exploring whether we can design a different future—one where security doesn't require this privacy trade-off. The Credential Shield Protocol (CSP) is a step in that direction: it allows checking password breaches without the checking service learning whether your password was actually found.

The key insight: send only a fragment (prefix) of the password hash. The server returns possible matches from breach databases, but the actual verification happens on your device. The server is intentionally kept "blind."

What's available today: • RFC-style draft with formal analysis • Complete reference implementation (Node.js) • Test vectors and collision probability analysis

This is early-stage protocol research, not a product. I'm looking for: - Cryptographic review of the approach - Feedback on the threat model - Implementation critique - Discussion on whether this future is worth building toward

GitHub: https://github.com/IAmAxolotl-04/password-smoke-detector RFC Draft: https://github.com/IAmAxolotl-04/password-smoke-detector/tre...

Comments

chrisjj•2w ago
Surely this is just a data compression exercise - proved by the fact that where the database is small enough to be downloaded and stored locally, the vulnerability need not exist.
csp_dev•2w ago
You’ve summed it up perfectly. This is fundamentally about the trade-off between total privacy (local DB) and practicality (server query). The protocol exists only if that middle ground has real users. The compelling case might not be for individuals, but for organizations that must prove due diligence in password screening for compliance like for example, ISO 27001, but want to minimize their own liability and logging footprint.
pkolbus•2w ago
The concept of sending a hash prefix is exactly what haveibeenpwned.com uses for its Pwned Passwords API, and has used for years. Although that uses SHA-1, no other details of the credential are sent. https://haveibeenpwned.com/API/v3#PwnedPasswords. The shorter prefix length increases the size of the response and makes it harder for the server to infer which of the hashes is of interest to the client; it also facilitates caching.

There is also Password Set Intersection with Blinding, which takes advantage of homomorphic encryption: https://openmined.org/blog/private-set-intersection/

Neither of these leave the record that a particular password was checked at a particular time.

I’d also argue that anything requiring a server query leaves some record and is not “100% local”, although some server interaction is pragmatic given the billions of breach records. What is important is to not leave additional record of a user/password association.

csp_dev•2w ago
You’ve summed it up perfectly. This is fundamentally about the trade-off between total privacy (local DB) and practicality (server query). The protocol exists only if that middle ground has real users. The compelling case might not be for individuals, but for organizations that must prove due diligence in password screening for compliance like for example, ISO 27001 but want to minimize their own liability and logging footprint.
csp_dev•2w ago
My open question to you both and others is this: In your view, is that "organizational compliance with minimal logging" use case substantial enough to warrant a new, standardized protocol? Or is it adequately served by either a) mandating HIBP's API, or b) telling companies to download and manage the full HIBP dataset locally? What's the approach from a consumer standpoint?