frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Third places and neighborhood enterpenuership: Evidence from Starbucks cafes

https://thetreeoflife.cc/demo
20•WasimBhai•51m ago•25 comments

A new PNG spec

https://www.programmax.net/articles/png-is-back/
506•tbillington•9h ago•218 comments

Reading NFC Passport Chips in Linux

https://shkspr.mobi/blog/2025/06/reading-nfc-passport-chips-in-linux/
145•robin_reala•5h ago•41 comments

Kid gamers to adult gamblers? Investigation of childhood gaming and YA gambling

https://www.tandfonline.com/doi/full/10.1080/14459795.2025.2488867
11•tokai•46m ago•14 comments

Show HN: I built a tool that blocks social media until you scream "I'm a loser"

25•madinmo•2h ago•1 comments

Introducing Qodo Gen CLI: Build and Run Coding Agents Anywhere in the SDLC

https://www.qodo.ai/blog/introducing-qodo-gen-cli-build-run-and-automate-agents-anywhere-in-your-sdlc/
7•benocodes•52m ago•0 comments

Microsoft Edit

https://github.com/microsoft/edit
313•ethanpil•12h ago•171 comments

Yarn (YC W24) is hiring engineers in NYC

https://www.ycombinator.com/companies/yarn-2/jobs/dAUuy2r-founding-engineer
1•jasperstory•1h ago

Thnickels

https://thick-coins.net/?_bhlid=8a5736885893b7837e681aa73f890b9805a4673e
254•jxmorris12•12h ago•62 comments

Authors hit by bad reviews on Goodreads before review copies are even circulated

https://www.thebookseller.com/news/authors-hit-by-bad-reviews-on-goodreads-before-review-copies-are-even-circulated
38•healsdata•1h ago•32 comments

Fun with uv and PEP 723

https://www.cottongeeks.com/articles/2025-06-24-fun-with-uv-and-pep-723
512•deepakjois•18h ago•171 comments

Writing toy software is a joy

https://blog.jsbarretto.com/post/software-is-joy
704•bundie•21h ago•277 comments

Web Translator API

https://developer.mozilla.org/en-US/docs/Web/API/Translator
33•kozika•4h ago•18 comments

The probability of a hash collision (2022)

https://kevingal.com/blog/collisions.html
81•subset•3d ago•16 comments

A Dictionary of the Language of Myst's D'ni

http://www.eldalamberon.com/dni_dict.htm
6•lelandfe•2d ago•0 comments

Bill Atkinson: Polaroids Showing the Evolution of the Lisa GUI [video]

https://www.youtube.com/watch?v=Qg0mHFcB510
34•zdw•3d ago•15 comments

ChatGPT's enterprise success against Copilot fuels OpenAI/Microsoft rivalry

https://www.bloomberg.com/news/articles/2025-06-24/chatgpt-vs-copilot-inside-the-openai-and-microsoft-rivalry
253•mastermaq•21h ago•254 comments

Thoughts on Asunción, Paraguay

https://cpsi.media/p/thoughts-on-asuncion-paraguay
45•Michelangelo11•2d ago•13 comments

PlasticList – Plastic Levels in Foods

https://www.plasticlist.org/
411•homebrewer•22h ago•164 comments

CareerBuilder and Monster job boards, file for bankruptcy

https://www.reuters.com/legal/litigation/careerbuilder-monster-which-once-dominated-online-job-boards-file-bankruptcy-2025-06-24/
10•gscott•42m ago•4 comments

Finding a 27-year-old easter egg in the Power Mac G3 ROM

https://www.downtowndougbrown.com/2025/06/finding-a-27-year-old-easter-egg-in-the-power-mac-g3-rom/
374•zdw•23h ago•109 comments

The Fairphone (Gen. 6)

https://shop.fairphone.com/the-fairphone-gen-6
91•DavideNL•3h ago•65 comments

Managing time when time doesn't exist

https://multiverseemployeehandbook.com/blog/temporal-resources-managing-time-when-time-doesnt-exist/
126•TMEHpodcast•12h ago•60 comments

XBOW, an autonomous penetration tester, has reached the top spot on HackerOne

https://xbow.com/blog/top-1-how-xbow-did-it/
249•summarity•21h ago•107 comments

MCP is eating the world

https://www.stainless.com/blog/mcp-is-eating-the-world--and-its-here-to-stay
291•emschwartz•3d ago•188 comments

Ancient X11 scaling technology

https://flak.tedunangst.com/post/forbidden-secrets-of-ancient-X11-scaling-technology-revealed
247•todsacerdoti•18h ago•199 comments

How to Think About Time in Programming

https://shanrauf.com/archive/how-to-think-about-time-in-programming
154•rmason•17h ago•53 comments

Subsecond: A runtime hotpatching engine for Rust hot-reloading

https://docs.rs/subsecond/0.7.0-alpha.1/subsecond/index.html
173•varbhat•18h ago•27 comments

Show HN: I Built AskMedically – Get Research-Backed Answers to Medical Queries

9•arunbhatia•3h ago•2 comments

The bitter lesson is coming for tokenization

https://lucalp.dev/bitter-lesson-tokenization-and-blt/
279•todsacerdoti•22h ago•123 comments
Open in hackernews

Reading NFC Passport Chips in Linux

https://shkspr.mobi/blog/2025/06/reading-nfc-passport-chips-in-linux/
144•robin_reala•5h ago

Comments

stavros•3h ago
Hm, he doesn't say whether he managed to decrypt the passport with the missing checksum in the end, or whether the piercing doesn't matter because it's trivial to calculate the checksum from the rest of the info, or how long that would take. Did I miss it, or is that useful information omitted?
edent•3h ago
OP here. It is trivial to create the missing checksum. It is detailed at https://shkspr.mobi/blog/2025/06/reading-nfc-passport-chips-...
stavros•2h ago
Yep, I saw that section, but thought that the next section was a continuation of it. Maybe you could say a few more things about it, like "since it was trivial to recreate the checksum, I managed to read my passport fine, and then wondered what it would take to guess the entire MRZ" as a segue.
dzhiurgis•3h ago
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
23434dsf•3h ago
Conscience
ragebol•2h ago
Expectation of punishment
neoromantique•3h ago
Considering how often it is done, not much?
agnishom•2h ago
What makes you think it is done often?
crowbahr•42m ago
(It's not)
edent•3h ago
The data are signed with the passport issuing authority's private key.

So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.

23434dsf•2h ago
So if I strolled through the airport with a high power NFC reader/writer, I could ruin a lot of peoples trips?
daveoc64•2h ago
What makes you think you could do this?
lukan•2h ago
"The NFC chip in a passport is protected by a password. The password is printed on the inside of the physical passport. As well as needing to be physically close to the passport for NFC to work0, you also need to be able to see the password."
wkat4242•2h ago
Yes but. In Europe this tech is also in our id cards whether said passport is printed on the outside (considering it's just a credit card format). You still have to see it but it doesn't have to be opened to the right page like a passport.

Both sides even have the info printed. One side in human format, the owner side in machine readable.

lukan•2h ago
Yes, but this still means a attacker needs to have physical access to the passport?
tialaramex•1h ago
They need to know the information which functions as key. Because many people don't trust government secrets, the information used for this purpose on a passport is actually just facts about you which were already printed in your passport, plus the passport number. The machine summarises these in a "Machine readable zone" but they're nothing you didn't know.

For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard

For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.

lukan•1h ago
"For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued."

From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.

wkat4242•1h ago
Kinda the same as with the NFC.

You can read from a small distance, probably further than you can read an NFC tag with your phone. And you can automate both on a phone (OCR and NFC)

edent•2h ago
No.

NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.

I suppose you could use an EMP - but that would ruin a lot more than just some trips.

crowbahr•45m ago
In addition to the mechanisms people are describing here - passports have a metal mesh in them to disrupt NFC signals. It's not a full faraday cage but it works on similar principles. The passport has to be _open_ to be read from, and then only after you transmit the MRZ will you get anything.
wkat4242•2h ago
I doubt border guards know what a cryptographic signature is. But they'll probably have a big red marker that tells them to hold you and get someone who knows :)
Nextgrid•2h ago
I remember reading an article or paper that checked the validity and spec compliance of various nations's passports, and found lots of variation, so a valid signature isn't actually a guarantee even in a legit passport.
vbezhenar•1h ago
Invalid signature probably will result from chip degradation or other electronic failures and I'm pretty sure that you won't be the first they see. Passport is supposed to be valid without any digital things, so they'll proceed with ordinary procedures, with manual entry of data from passport.
remcob•3h ago
Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.

There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.

crowbahr•42m ago
Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.
SXX•1h ago
Countries like UK actually have publicly database for e-visas (share code) that can easily be verified via online API. So probably at least some foreign governments can cross validate some of passport data with each other.
crowbahr•44m ago
Countries all know each other's signing certs. There's a question of how much they _trust_ the other country but the certs are all public.
frelp•3h ago
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
hypeatei•2h ago
Burning a zero day like that in front of border / travel officers will probably land you in prison very quickly.
edent•2h ago
The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.

But you could achieve much the same effect with a hammer.

giantg2•2h ago
But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.
monai•39m ago
You can transmit arbitrary data in certain steps of the passport reading process. The possibility of disruption depends on whether the reading system has bugs exploitable by the incoming data.

I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.

wkat4242•2h ago
Many passports also contain digitized fingerprint scans. But those are even harder to access. You need a private key that only governments have.
aneutron•52m ago
Sounds fairly sensible to me
SXX•1h ago
I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?

I read this article, but seems like any information about it is kind a omited.

janmo•1h ago
The passports contain a digital signature and a DSC (Document Signing Certificate). This DSC is signed by a CSCA certificate which you can download from the ICAO Public Key Directory. Link here: https://pkddownloadsg.icao.int/
landgenoot•1h ago
Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.

Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.

Fun fact. The cryptographic system even differs per country.

E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.

SXX•57m ago
Thanks for details.

Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.

bluesign•10m ago
but why would passport contain a private key ?
tauntz•1h ago
The spec for machine readable travel documents is sadly not the most concise but if you're interested in the nitty-gritty details of how to validate documents, how to read data from them, etc then jump into ICAO 9303:

https://www.icao.int/publications/documents/9303_p10_cons_en...

https://www.icao.int/publications/documents/9303_p11_cons_en...

But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)

nemoniac•11m ago
Here's a tidied up version of the Python code to generate the MRZ from the passport data. It also corrects a padding error.

    https://pastebin.com/k0Tty22a
My Dutch driver's licence has a single MRZ-like line across the bottom. It seems to encode the country and licence number but I can't make any sense of the rest of the line. Anyone have any leads?