You're certainly more of an authority on it than I, so I trust when you say most schemes don't keep long-term keypairs around; but of the two companies I've worked at that use SSH CAs: one used Teleport, and the other had long-lived keypairs, but fairly-short-lived certificates -- you had to get your public key re-signed each day. They used Yubikeys to store (or maybe just unwrap?) the private key material during the SSH handshake; much as a TPM or the Secure Enclave could be used to do this.
This is a non-sequitur, even if you use SSH certificates you still need a public/private keypair, hosts just authorize the key by checking the signature from a trusted CA on the public half of the user key. The OP is about a way to store the private key part of the user key that can't be extracted even with physical access to the machine. So, this is an equivalent/alternative to using a YubiKey, that is conveniently built in to a popular piece of hardware; not something orthogonal to using SSH certificates.
Being able to change your email address is a known gap, sorry about that. For now if you want to use a different email you'll need to make a second account. We plan to make account merging possible in the future.
A short-sighted technical decision on my part: we use the Firebase Auth UIDs as our internal user IDs, but Firebase Auth does not allow you to have multiple email auth-providers on a single account. So we need to add a layer of indirection in our data model.
Yes! They will receive an email with the message, and some boilerplate explaining that it was sent from Radiopaper and that if they reply to the email the message will be published. They'll also receive a link to view the post on the site if they prefer.
It's helpful feedback that this isn't as discoverable as it should be. If you hover your cursor towards the bottom of the explore page, some links show up.
You can change your _display name_ on your profile page, and that's what appears publicly on the site (your email doesn't appear publicly, even if you log in by address!).
Today to get a custom profile URL like radiopaper.com/Dave, you just need to ask and we'll create an alias for you. There isn't a self-serve alias mechanism available today, but we're thinking about how to provide one. Any profile can be linked by the URL radiopaper.com/uid, for instnace my profile can be reached at https://radiopaper.com/user/AwQLwnOgQFdyDfNoYfNCSSsVdx43, "Dave" is just an alias.
Clearly having separate concepts of login method vs display name vs profile URL is all a bit confusing, this is helpful feedback!
Hacker News has definitely pushed us out of the free tier for today, but these services are still impressively cheap. We may have a $5 cloud bill this month.
The ability of the OP to accept or ignore replies is in addition to, not instead of, regular spam filtering techniques. Certainly we'll want to automatically block bots and other bad actors that violate our policies to reduce the burden on users.
As a counterpoint- I take express bus 545 from Redmond to Seattle between 8 and 9am on weekdays, and there’s typically less than a half dozen people on the bus. I get from my home to the office in 30-40mins. The slowest part is the tiny stretch of I-5 with no bus lane.
I don’t think public transit has failed to keep up, it’s under-utilized, in part due to anxiety about COVID. These same routes were jam packed in 2019.
I use LastPass’s Emergency Access feature for this.
You can designate people who can access your Vault, after a certain waiting period. If they request access prematurely, I can revoke it during the waiting period.
There are written instructions for my next of kin on what to look for in the Vault.
The main difficulty is if my next of kin forget their LastPass master password.
I’ve been thinking of distributing a key via a set of USB stick using Shamir’s secret sharing, with written instructions to use them to recover a backup of the Vault kept offline… but have not gotten around to this.
It's not pointless, but I do think it's reasonable to question whether this is the best thing one can do to have an impact.
Could the time spent taking the neighbors trash away be spent doing something even more impactful?
Is the interaction with these neighbors caring and educative, or antagonistic? In the latter case they're unlikely to emulate it or pass on the idea to others.
I take it the author is not a fan of w3schools.com, a web site that's been around for a very long time and is highly ranked for many html-related queries.
Personally I find most of their content to be pretty decent, so I wouldn't filter it out as a rule.
Engineer at Snowflake. Co-founder at Radiopaper, PerfectSchedule. Ex-Google. Ex-Mixpanel. Ex-Stripe.
Views here are my own.