HackerTrans
TopNewTrendsCommentsPastAskShowJobs

imcotton

no profile record

Submissions

Ongoing: Cloudflare customers seeing incorrect invoice payments for 2.5 days

cloudflarestatus.com
2 points·by imcotton·há 25 dias·0 comments

My –/.ssh folder has NO private keys

blog.imcotton.xyz
2 points·by imcotton·há 2 meses·2 comments

The Nginx default page hides 5 clues that lead to same 24-word BIP39 mnemonic

bip39-recast.pages.dev
4 points·by imcotton·há 4 meses·0 comments

Cloudflare is using timingSafeEqual incorrectly in its own example docs

github.com
3 points·by imcotton·há 7 meses·0 comments

Blending crypto wallet seed into an AI slop essay

blog.imcotton.xyz
1 points·by imcotton·há 8 meses·0 comments

Show HN: Use color strips to wrap your crypto wallet

bip39-recast.js.org
1 points·by imcotton·há 9 meses·0 comments

Show HN: Constant Entropy Mixtape Vol.01

jsr.io
1 points·by imcotton·há 11 meses·0 comments

Show HN: Client side rendered static site without JavaScript

cornerlation.xyz
4 points·by imcotton·ano passado·0 comments

Show HN: Generate Subresource Integrity (SRI)

sri-shasum.js.org
2 points·by imcotton·ano passado·0 comments

Ask HN: Why Cloudflare kept sending email on Invoice Amount: $0.00?

1 points·by imcotton·ano passado·1 comments

Show HN: Cutting 100k Pi digits offline (PWA)

accdoo.app
1 points·by imcotton·ano passado·0 comments

You can not lose your key, if you drop it first

blog.imcotton.xyz
2 points·by imcotton·ano passado·0 comments

Accessible settings to disable all hovercards on GitHub

github.blog
2 points·by imcotton·ano passado·0 comments

Port a URL Shortener Web App from Deno Deploy to Cloudflare

blog.imcotton.xyz
2 points·by imcotton·há 2 anos·0 comments

Show HN: Personal URL Shortener Web App (Via Hono and Deno KV)

2 points·by imcotton·há 2 anos·0 comments

Spots Around Hyrule (TotK)

totk-loci.mataroa.blog
1 points·by imcotton·há 2 anos·0 comments

You can not lose your private key, if you drop it first

blog.imcotton.xyz
2 points·by imcotton·há 2 anos·4 comments

My –/.ssh folder has NO private keys

blog.imcotton.xyz
2 points·by imcotton·há 2 anos·0 comments

Show HN: Client only public key authentication IdP (similar: SSH and OAuth 2.1)

sign-poc.js.org
3 points·by imcotton·há 2 anos·2 comments

NPM package koa-router was forked due to inactivity after sold (2019)

github.com
1 points·by imcotton·há 2 anos·0 comments

comments

imcotton
·há 2 meses·discuss
How many AI agent running on your system right now?
imcotton
·há 6 meses·discuss
The first thing I need to do after creating a repo on GitHub, disable Project in repo settings.
imcotton
·há 12 meses·discuss
xkcd/538 never gets old.
imcotton
·há 12 meses·discuss
I did this in console:

    $('#container').style = 'display: unset'
imcotton
·há 12 meses·discuss
Does anyone have the courage to perform a similar inspection on the Cloudflare homepage like the author did? On my M4 Mac mini, Safari lagged with single-digit frames per second (FPS), which scared me so much that I had to close the page as quickly as possible.
imcotton
·ano passado·discuss
Thanks, I have being putting medium domain into dns blocklist for years.
imcotton
·ano passado·discuss
now try this:

    cat Makefile.md | npx offmark
imcotton
·ano passado·discuss
It's good to have a client side that does not send data to remote, improvements:

- CSP and security headers, currently this site scores D on https://securityheaders.com

- no SRI check on CSS or JavaScript files.

- by loading adsbygoogle.js which invalidates any privacy protection claims.
imcotton
·ano passado·discuss
I have previously written a blog post on this very topic, tl;dr: deleting your keys.

https://blog.imcotton.xyz/my-ssh-folder-has-no-private-keys
imcotton
·ano passado·discuss
I also think OAuth could be used to better serve AX in the age of agent, but before the whole industry find the PMF, shall we not leave the humans (us) behind? Thus I made one for breaking the grip of big IdPs and offer a more secure and easier authentication solutions for humans [1].

You can find its dogfooding demo on the Show HN [2].

[1]: https://sign-poc.js.org

[2]: https://news.ycombinator.com/item?id=42076063
imcotton
·há 2 anos·discuss
In case one not digging into the source code, the key stretching here is PBKDF2-HMAC-SHA512 with 400,000 iterations (OWASP recommended 210,000).

The reason for not using Argon2 or scrypt is because PBKDF2 is native provide by Webcrypto yet FIPS-140 compliance.
imcotton
·há 2 anos·discuss
Now, brute-force my private key and post new blog entry with your wallet address, I will send you rewards.
imcotton
·há 2 anos·discuss
Not in detailed setup yet (as you could tell by spotting the 'PoC' in the domain), but you could try following the mock wizard on the build page (click the build button at the top) and go through the user flow.

I want to have it up and running ASAP so that people with experience in the related field can code themselves against the site right away or create a design audit from the outline.

Sorry for any inconvenience at this stage.
imcotton
·há 5 anos·discuss
The very ticket [1] is locked by this epic ending:

> You were overly confident in your opinion, but I hope this website helps you understand that it's actually really damn hard.

> The reason your program shows a high FPS under other terminal emulators is simply, because their rendering pipeline works independent of VT ingestion. Gnome Terminal is not laying out text faster than your display refresh rate either. And of course, again, this is something WT will probably do as well in the future... but this project is nowhere near as old as Gnome Terminal is.

[1] https://github.com/microsoft/terminal/issues/10362#issuecomm...