frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Start all of your commands with a comma (2009)

https://rhodesmill.org/brandon/2009/commands-with-comma/
289•theblazehen•2d ago•95 comments

Software Engineering Is Back

https://blog.alaindichiappari.dev/p/software-engineering-is-back
20•alainrk•1h ago•10 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
34•AlexeyBrin•1h ago•5 comments

Reinforcement Learning from Human Feedback

https://arxiv.org/abs/2504.12501
14•onurkanbkrc•1h ago•1 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
717•klaussilveira•16h ago•217 comments

The Waymo World Model

https://waymo.com/blog/2026/02/the-waymo-world-model-a-new-frontier-for-autonomous-driving-simula...
978•xnx•21h ago•562 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
94•jesperordrup•6h ago•35 comments

Omarchy First Impressions

https://brianlovin.com/writing/omarchy-first-impressions-CEEstJk
11•tosh•1h ago•8 comments

Making geo joins faster with H3 indexes

https://floedb.ai/blog/how-we-made-geo-joins-400-faster-with-h3-indexes
138•matheusalmeida•2d ago•36 comments

Unseen Footage of Atari Battlezone Arcade Cabinet Production

https://arcadeblogger.com/2026/02/02/unseen-footage-of-atari-battlezone-cabinet-production/
74•videotopia•4d ago•11 comments

Ga68, a GNU Algol 68 Compiler

https://fosdem.org/2026/schedule/event/PEXRTN-ga68-intro/
16•matt_d•3d ago•4 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
46•helloplanets•4d ago•46 comments

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

https://github.com/valdanylchuk/breezydemo
242•isitcontent•16h ago•27 comments

Monty: A minimal, secure Python interpreter written in Rust for use by AI

https://github.com/pydantic/monty
242•dmpetrov•16h ago•128 comments

Cross-Region MSK Replication: K2K vs. MirrorMaker2

https://medium.com/lensesio/cross-region-msk-replication-a-comprehensive-performance-comparison-o...
4•andmarios•4d ago•1 comments

Show HN: I spent 4 years building a UI design tool with only the features I use

https://vecti.com
344•vecti•18h ago•153 comments

Hackers (1995) Animated Experience

https://hackers-1995.vercel.app/
510•todsacerdoti•1d ago•248 comments

Sheldon Brown's Bicycle Technical Info

https://www.sheldonbrown.com/
393•ostacke•22h ago•101 comments

Show HN: If you lose your memory, how to regain access to your computer?

https://eljojo.github.io/rememory/
309•eljojo•19h ago•192 comments

Microsoft open-sources LiteBox, a security-focused library OS

https://github.com/microsoft/litebox
361•aktau•22h ago•187 comments

An Update on Heroku

https://www.heroku.com/blog/an-update-on-heroku/
437•lstoll•22h ago•286 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
32•1vuio0pswjnm7•2h ago•31 comments

PC Floppy Copy Protection: Vault Prolok

https://martypc.blogspot.com/2024/09/pc-floppy-copy-protection-vault-prolok.html
73•kmm•5d ago•11 comments

Was Benoit Mandelbrot a hedgehog or a fox?

https://arxiv.org/abs/2602.01122
26•bikenaga•3d ago•13 comments

Dark Alley Mathematics

https://blog.szczepan.org/blog/three-points/
98•quibono•4d ago•22 comments

How to effectively write quality code with AI

https://heidenstedt.org/posts/2026/how-to-effectively-write-quality-code-with-ai/
278•i5heu•19h ago•227 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
43•gmays•11h ago•14 comments

I now assume that all ads on Apple news are scams

https://kirkville.com/i-now-assume-that-all-ads-on-apple-news-are-scams/
1088•cdrnsf•1d ago•469 comments

Understanding Neural Network, Visually

https://visualrambling.space/neural-network/
312•surprisetalk•3d ago•45 comments

Delimited Continuations vs. Lwt for Threads

https://mirageos.org/blog/delimcc-vs-lwt
36•romes•4d ago•3 comments
Open in hackernews

Reversing a Fingerprint Reader Protocol (2021)

https://blog.th0m.as/misc/fingerprint-reversing/
65•thejj100100•6mo ago

Comments

abstractspoon•6mo ago
Excellent
Liftyee•6mo ago
Damn, I always thought that the fingerprint data was encoded somehow and never left the sensor hardware itself! OS-level access to the imagery seems like a security risk, but also opens some interesting possibilities for alternative uses.
jeroenhd•6mo ago
AFAIK it depends per reader. This one seems to be a weird webcam on steroids, but others do the matching locally.

IIRC, none of them do it particularly securely.

cinntaile•6mo ago
What's the security status of fingerprints on phones? Surely they don't leave the security chip? I hope?
maxhille•6mo ago
I don't think fingerprints should be regarded as a secret.
ta8645•6mo ago
Can you please post a link to high quality images of your own fingerprints? It should be fine, probably nobody has the technology to make them show up on a threatening letter mailed to the government, or anything like that.
maxhille•6mo ago
Of course I won't, but then again I would send you pictures of any other body parts the same.

If someone gets a hand on anything you touched, they have your fingerprint. Last time you traveled to another country - did you have to give them fingerprints? Is the software running your phone closed source? Could you ambush me at night near my house and forcefully take them?

All I am saying is they are so weak as a secret that rhey should not be regarded as one.

jeroenhd•6mo ago
AFAIK many phones store the fingerprints on-chip. I haven't looked too deeply into it, though, so it's possible there's a brand out there that streams fingerprint information as a video.

On Android, there are different levels of biometrics: https://source.android.com/docs/security/features/biometric If your fingerprint scanner reports Class 3/STRONG, hardware key stores are a requirement. Anything Class 2/WEAK or higher is supposed to make sure a kernel compromise cannot leak keys/authenticate to the OS. If it's Class 1/CONVENIENCE, simply running the biometrics in the trusted execution environment (think "secure VM acting as TPM") is also permitted.

On iOS the TPM/secure element deals with credentials, they're not submitted to the CPU.

JJJollyjim•6mo ago
As noted in the article I reversed the protocol for a related Goodix device (which was on Intel so used actual SGX instead of the white-box): I used the firmware update system to insert additional vulnerabilities in the sensor firmware and extract the PSK from that side.

I did a talk about it here: https://www.youtube.com/watch?v=IyjUY-xvFw4

th0mas•6mo ago
Author here, didn't expect to see this on HN today! If you've got any questions, shoot!
unlucky666•6mo ago
Do you have more posts similar to this one? Noticed your blog was a bit empty...
th0mas•6mo ago
Ha yeah I should really get on updating some of the info there. Got derailed with work quite a bit.

Most recently did some work on BitLocker: https://news.ycombinator.com/item?id=42747877

ge96•6mo ago
The real work ha underneath the software eg. I can't write a camera driver but thankfully someone else can

That's cool the raw data image GIMP

johnflan•6mo ago
I didn't follow the byte ordering of the image format at the end. Anyone have an explanation?
pastage•6mo ago
You have four 12 bit values, they are packed into 6 bytes. Camera image formats are different but I am guessing this is probably MIPI RAW12?

EDIT: You have the code in the repo. https://github.com/tlambertz/goodix-fingerprint-reversing/bl...

mrheosuper•6mo ago
> It then proceeds to generate a new, random, PSK and sends it to the device. This represents a trust-on-first-use security model.

Wow, i expect them using hardcoded PSK, with PSK is flashed in factory.