HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Ronnie76er

no profile record

Submissions

Ask HN: Why did ID.me (USA) remove social logins?

2 points·by Ronnie76er·11 mesi fa·1 comments

comments

Ronnie76er
·8 mesi fa·discuss
Someone else mentioned this up the thread. I am a huge fan of YNAB too, but I just gave Actual Budget a try and I'm hooked. Some things are better and some things worse than YNAB, but it's open source and self-hosted. I'd recommend either.
Ronnie76er
·anno scorso·discuss
As others have noted, this feels like an issue in the relying parties not relying on the `sub` field to validate the user. It feels the exact same as this issue here: https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-a....

In both, the details around the `sub` field, the field that should actually be used to identify the user, is poorly described. I would say that both of these feel a bit sensationalist, but then again, if relying parties are NOT using the sub field to validate users, they should be called out.

It seems to be that a good way to make some money is find every such situation where RPs are not using sub, and submit vuln bugs.
Ronnie76er
·2 anni fa·discuss
My Pixel 8 (not sure what other Android phones do this) can screen calls using their AI assistant. It asks what the call is about. If they answer, it displays the text to you as it rings through.

It sounds surprisingly human-like, even saying "Hello?" in a slightly annoyed tone when the other person doesn't respond in time.
Ronnie76er
·2 anni fa·discuss
I don't use Mattermost (but use slack and discord), but looking here, they look the same as Slack threads: https://docs.mattermost.com/collaborate/organize-conversatio.... I always thought Slack threads were decent, but I'm interested what could be.
Ronnie76er
·2 anni fa·discuss
Check out the RSA spec here: https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2. It's still verification, because all you need is a message and a signature. The message can be constructed from the data in the diploma, presumably. It's just, it's not disclosed to you how to construct the message (maybe it is online somewhere). So a verifier could construct the same message you decrypted, and then run the verification function.