HackerTrans
TopNewTrendsCommentsPastAskShowJobs

imcotton

no profile record

Submissions

Ongoing: Cloudflare customers seeing incorrect invoice payments for 2.5 days

cloudflarestatus.com
2 points·by imcotton·hace 26 días·0 comments

My –/.ssh folder has NO private keys

blog.imcotton.xyz
2 points·by imcotton·hace 2 meses·2 comments

The Nginx default page hides 5 clues that lead to same 24-word BIP39 mnemonic

bip39-recast.pages.dev
4 points·by imcotton·hace 4 meses·0 comments

Cloudflare is using timingSafeEqual incorrectly in its own example docs

github.com
3 points·by imcotton·hace 7 meses·0 comments

Blending crypto wallet seed into an AI slop essay

blog.imcotton.xyz
1 points·by imcotton·hace 8 meses·0 comments

Show HN: Use color strips to wrap your crypto wallet

bip39-recast.js.org
1 points·by imcotton·hace 10 meses·0 comments

Show HN: Constant Entropy Mixtape Vol.01

jsr.io
1 points·by imcotton·hace 11 meses·0 comments

Show HN: Client side rendered static site without JavaScript

cornerlation.xyz
4 points·by imcotton·el año pasado·0 comments

Show HN: Generate Subresource Integrity (SRI)

sri-shasum.js.org
2 points·by imcotton·el año pasado·0 comments

Ask HN: Why Cloudflare kept sending email on Invoice Amount: $0.00?

1 points·by imcotton·el año pasado·1 comments

Show HN: Cutting 100k Pi digits offline (PWA)

accdoo.app
1 points·by imcotton·el año pasado·0 comments

You can not lose your key, if you drop it first

blog.imcotton.xyz
2 points·by imcotton·el año pasado·0 comments

Accessible settings to disable all hovercards on GitHub

github.blog
2 points·by imcotton·el año pasado·0 comments

Port a URL Shortener Web App from Deno Deploy to Cloudflare

blog.imcotton.xyz
2 points·by imcotton·hace 2 años·0 comments

Show HN: Personal URL Shortener Web App (Via Hono and Deno KV)

2 points·by imcotton·hace 2 años·0 comments

Spots Around Hyrule (TotK)

totk-loci.mataroa.blog
1 points·by imcotton·hace 2 años·0 comments

You can not lose your private key, if you drop it first

blog.imcotton.xyz
2 points·by imcotton·hace 2 años·4 comments

My –/.ssh folder has NO private keys

blog.imcotton.xyz
2 points·by imcotton·hace 2 años·0 comments

Show HN: Client only public key authentication IdP (similar: SSH and OAuth 2.1)

sign-poc.js.org
3 points·by imcotton·hace 2 años·2 comments

NPM package koa-router was forked due to inactivity after sold (2019)

github.com
1 points·by imcotton·hace 2 años·0 comments

comments

imcotton
·hace 2 meses·discuss
How many AI agent running on your system right now?
imcotton
·hace 6 meses·discuss
The first thing I need to do after creating a repo on GitHub, disable Project in repo settings.
imcotton
·hace 12 meses·discuss
xkcd/538 never gets old.
imcotton
·hace 12 meses·discuss
I did this in console:

    $('#container').style = 'display: unset'
imcotton
·hace 12 meses·discuss
Does anyone have the courage to perform a similar inspection on the Cloudflare homepage like the author did? On my M4 Mac mini, Safari lagged with single-digit frames per second (FPS), which scared me so much that I had to close the page as quickly as possible.
imcotton
·el año pasado·discuss
Thanks, I have being putting medium domain into dns blocklist for years.
imcotton
·el año pasado·discuss
now try this:

    cat Makefile.md | npx offmark
imcotton
·el año pasado·discuss
It's good to have a client side that does not send data to remote, improvements:

- CSP and security headers, currently this site scores D on https://securityheaders.com

- no SRI check on CSS or JavaScript files.

- by loading adsbygoogle.js which invalidates any privacy protection claims.
imcotton
·el año pasado·discuss
I have previously written a blog post on this very topic, tl;dr: deleting your keys.

https://blog.imcotton.xyz/my-ssh-folder-has-no-private-keys
imcotton
·el año pasado·discuss
I also think OAuth could be used to better serve AX in the age of agent, but before the whole industry find the PMF, shall we not leave the humans (us) behind? Thus I made one for breaking the grip of big IdPs and offer a more secure and easier authentication solutions for humans [1].

You can find its dogfooding demo on the Show HN [2].

[1]: https://sign-poc.js.org

[2]: https://news.ycombinator.com/item?id=42076063
imcotton
·hace 2 años·discuss
In case one not digging into the source code, the key stretching here is PBKDF2-HMAC-SHA512 with 400,000 iterations (OWASP recommended 210,000).

The reason for not using Argon2 or scrypt is because PBKDF2 is native provide by Webcrypto yet FIPS-140 compliance.
imcotton
·hace 2 años·discuss
Now, brute-force my private key and post new blog entry with your wallet address, I will send you rewards.
imcotton
·hace 2 años·discuss
Not in detailed setup yet (as you could tell by spotting the 'PoC' in the domain), but you could try following the mock wizard on the build page (click the build button at the top) and go through the user flow.

I want to have it up and running ASAP so that people with experience in the related field can code themselves against the site right away or create a design audit from the outline.

Sorry for any inconvenience at this stage.
imcotton
·hace 2 años·discuss
accdoo.app is a Web App / PWA that help you to crunch some numbers:

    arr.map(BigInt).reduce((a, b) => (a * b) ** 2n)


The same operation can be performed on any off-the-shelf calculator (or in mind), but this one comes in handy for large numbers without losing its precisions, up to 100,000 digits on Web, 1,000,000 in CLI, configurable from API (npm:accdoo).

Aside from the spirit of xkcd/936, it is widely applicable (does not require a dictionary nor an ANSI keyboard) and can be used for things like door locks, vaults, pins, passcodes, entropy seeding, or even root password for password managers (yes, all numeric is fine), etc.

Now back to Pi, it is an infinite data source and constant across the universe (base-10), figured would be great to have it chopped freely and then mixed into the calculations above. The Pi is produced on-the-fly, using JavaScript native BigInt and Chudnovsky Algorithm ([wiki]), the code was taken from one of the examples in the QuickJS project ([quickjs/pi], [pi_bigint.js]).

The syntax for cutting is the same as in the manual ([accdoo.app/about]):

    pi#6     // take 6 digits of Pi (314_159)
    pi#6#3   // take 6 digits of Pi but drop 3 beforehand (159_265)

    pi#1#40000   // take one digit at 40,000th


This is the second Show HN post as its major feature bump, here's the link to its first intro 10 days ago ([39115559]) and a previous sideways on Ask HN 8 days ago ([39138957]).

[wiki]: https://en.wikipedia.org/wiki/Chudnovsky_algorithm

[quickjs/pi]: https://bellard.org/quickjs/pi.html

[pi_bigint.js]: https://github.com/bellard/quickjs/blob/master/examples/pi_b...

[accdoo.app/about]: https://accdoo.app/about#manual

[39115559]: https://news.ycombinator.com/item?id=39115559

[39138957]: https://news.ycombinator.com/item?id=39138957
imcotton
·hace 2 años·discuss
Added Download ZIP button under (settings / learn more), you can self host it as needed.
imcotton
·hace 3 años·discuss
I've being building something have similar functionality recently, thus have the underneath tech stacks in mind the moment I saw the title, (webcrypto: ecdhe, kdf, aes/gcm), further glance into the source code seems legit to me.

My only nitpick is for service like this, the shared private key shall be short lived one time using, storing into localStorage might potentially be a foot-gun with low ROI tho.
imcotton
·hace 5 años·discuss
The very ticket [1] is locked by this epic ending:

> You were overly confident in your opinion, but I hope this website helps you understand that it's actually really damn hard.

> The reason your program shows a high FPS under other terminal emulators is simply, because their rendering pipeline works independent of VT ingestion. Gnome Terminal is not laying out text faster than your display refresh rate either. And of course, again, this is something WT will probably do as well in the future... but this project is nowhere near as old as Gnome Terminal is.

[1] https://github.com/microsoft/terminal/issues/10362#issuecomm...