HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bschmidt1

no profile record

comments

bschmidt1
·10 दिन पहले·discuss
[dead]
bschmidt1
·10 दिन पहले·discuss
[dead]
bschmidt1
·28 दिन पहले·discuss
[dead]
bschmidt1
·2 माह पहले·discuss
[dead]
bschmidt1
·4 माह पहले·discuss
[dead]
bschmidt1
·4 माह पहले·discuss
[dead]
bschmidt1
·4 माह पहले·discuss
[dead]
bschmidt1
·4 माह पहले·discuss
[dead]
bschmidt1
·2 वर्ष पहले·discuss
> This is _not_ true, as cryptocurrency has already demonstrated.

His whole argument against AI is basically the anti-tech stance: "Well crypto failed that means AI will too" It's coming from a place of disdain for technology. That's your typical Hacker News commenter. This site is like Fox News in 2008 - some of the dumbest people alive
bschmidt1
·2 वर्ष पहले·discuss
[flagged]
bschmidt1
·2 वर्ष पहले·discuss
I love how people are like "there's no use case" and there's already products on shelves. I see AI art everywhere, AI writing, customer support - already happened. You guys are naysaying something that already happened people already replaced jobs with LLMs and already profit due to AI. There are already startups with users where you provide a OPENAI_API_KEY, or customers where you provide theirs.

If you can't see how this tech is useful Idk what to tell you, you have no imagination AND aren't looking around you at the products, marketing, etc. that already exists. These takes remind me of the luddites of ~2012 who were still doubting the Internet in general.
bschmidt1
·2 वर्ष पहले·discuss
Oh please the content online now is so fake as hell. You're acting as if AI can only produce garbage but CNN and Fox News are producing gold. The internet is 4 total websites now, congrats big media won. And you want to shut down the only decent attempt against it. Shame on you "hackers"
bschmidt1
·2 वर्ष पहले·discuss
Same here hungry neigh thirsty for prompt-2-film

"output a 90 minute harry potter sequel to the final film starring the original actors plus Tom Hanks"
bschmidt1
·2 वर्ष पहले·discuss
Anyone who grew up with artist impressions and scientific guesses about Pluto was quite surprised when the first close-up photos of Pluto were released. NASA was very wrong about how it looked and what it was made of.

The blue we all thought it was came from its atmosphere as seen from far away, not because it was an icy world reflecting blue light through ice and snow - the ice and snow on its planetary surface is a lot more red and brown like Titan because it's methane (like on Titan, and presumably by the color of Europa, on Europa too).

I know we have high fidelity photos of [a reddish brown] Europa, but when I was younger seeing those documentaries of the "oceans under the surface" they were always depicted as blue with alien-looking dolphins swimming through them. To this day they claim it's composed of "water ice", despite being that color in the newer high definition photos.

Another commenter here said "it's an awful odd color for ice" - it's probably methane, like Pluto and Titan, not water ice. Maybe I'm overly skeptical, but just connecting dots.
bschmidt1
·2 वर्ष पहले·discuss
Re: Hashing - The point of one-way encryption is that it can't be decrypted. A plaintext password has 1 job, to be read, not saved - yet you want to encrypt it as if it will be saved, but because it's one-way encrypted now it can't be read. What problem did you solve? You created a problem (that you now need ZKP to solve...)

Anyway, the ZKP concept is not about decrypting hashes at all, but looking at peripheral data to prove something (Alibaba Cave - Victor only knows Peggy knew the password because he had access to some other data - the path she took). "checking length etc." only if those hints are already available to the system in some way. And because of this approach, why would you need the hash? Just don't use passwords at all in the case of ZKP right? Simply rely on the other identifying data that you have access to, that you use anyway. Also - how secure is this loose profiling technique compared to email-backed passwords over HTTPS?

I imagine few product use cases allow for a server to trust all the clients with encryption, while not trusting itself - but there are some use cases like when the server is not the source of truth - file system service, or peer-to-peer stuff like ledgers: If the server's purpose is just to maintain a shared ledger and all the clients in the network are trusted.

But in the case we're talking about, of a service that authenticates clients, you're saying you can't trust the authenticator when that is kinda the point of authentication - they don't trust you, or rather - the server cannot tell for sure that any incoming connection is who they say they are, even if it has "zero knowledge" like their IP address and a face scan (your brother in the same house might pass). The point of a username and password is that you want the server to not trust any connecting clients unless they have this specific data precisely.

So I wouldn't use it for auth.
bschmidt1
·2 वर्ष पहले·discuss
If I had a penny for every straw man argument. Who said anything about writing plaintext passwords to files - you just made that up?

Also you might not understand web dev 101. Every website including this one that uses HTTPS sends encrypted data, the password you enter in a text input is in plaintext. For the backend - as I said above, the server hashes it and saves the hash, never the plaintext password.

That's how it works - nobody said anything about "log files".
bschmidt1
·2 वर्ष पहले·discuss
To address edits:

> when to encrypt

It depends on what you want to do, if it's user login over HTTPS you can pass a plaintext password to the server and hash/compare on the server only. It would still be secure because the plaintext is never saved in a db (only the hash is), and was TLS encrypted in transport.

-----

> This is a sha256 hash of my birthday, write a function that returns if I'm over 21: `1028d7ea22cbbcb17c4926b08b591506227d7b0e32ce6ce76122461e551a5ab2`

You hash the point of access like a password or key, not the data itself. When the access is granted, you return the data. sha256 is never meant to be decrypted. It would be like this:

    interface User {
      id: sha256;
      name: string;
      age: number;
    }

    const users: User[] = fetchUsers();

    const isOver21 = plaintextId => users[encrypt(plaintextId)]?.age >= 21;
If your requirement is to actually to decrypt the sha256 you misunderstand the purpose of one-way encryption. That said - if you really wanted such a system, for such a finite list of dates (365 x 21 = 7665) you can easily maintain an array of the valid 7,665 sha256's on any given day. If it doesn't match a sha256 on file, that birthdate is not a person over 21.

    const validHashes: BirthdateHashSha256[] = seedHashesForToday();
    
    const isOver21 = hash => validHashes.includes(hash);
bschmidt1
·2 वर्ष पहले·discuss
First you described exactly the concept of password hashing, now you're describing something else entirely:

> It doesn't answer arbitrary questions about the data.

Why would you need a "ZKP" to prevent anyone from "asking arbitrary questions" you simply don't build that functionality.

When I create a web server and allow people to login through an endpoint, they can't ask arbitrary questions about user data either - how would that functionality even exist without me writing it? Typically the server doesn't even know passwords. It simply compares a hash - the hash is computed client-side and the server never sees the real password.

Any peripheral user data you want to return is up to you. Identity is not "built in" to conventional programming languages.

Furthermore, none of the ZKP libraries on npm do anything. Most of them are utility libraries with functions like "generateUUID" and "leftPad". The ones from providers like Cloudflare (their least popular stuff) are just private/public key encryption libraries that they call "ZKP".
bschmidt1
·2 वर्ष पहले·discuss
[flagged]
bschmidt1
·2 वर्ष पहले·discuss
> Re: Validating passwords > You haven't provided an alternative way though?

Check if it has numbers: \d

Check if it has symbols: \W

Check if it's 6-64 chars long: {6,64}

> This doesn't make sense

Promise you it's how it works.

> Hashes are binary yes/no checks

Nope, just means encrypted text.

> every government in the world runs an API

Hilarious you think a decentralized approach where every participant has a copy of an append-only ledger is simpler than a central server with SQL database. The argument for decentralization was never that it was simpler - it's of course way simpler in many ways to have a single source of truth. If you mean using that passport library on a regular server, then you also have to run an API or nobody can use it.