I cannot remember my own SSN. What happens if I lose my license, SSN, and master password manager password in a fire? What happens if someone has a stroke and forgets a recent pin code, etc.
Do I go to my state and request new IDs? How do they authenticate me?
This has been solved by just about any other western country, and probably a lot of other countries.
E.g. I have an eID card. The gov can reset the pin. There are procedures to request a new one. Therecare revocation lists. Fake eIDs are rare. Its not perfect, but it works great compared to the USA.
The real problem is a semi religious fear of the US governement having working ID systems. So there are all kinds of half baked substitutes in use, that barely work and push the trouble on the end user. ID theft is a solved problem just about anywhere, if the US wants it, it can solve it too.
So in the US you can do "credit freezes" which prevent people from taking out new loans/new cards in your name.
HOWEVER - you can't do anything about the fact they can call up your bank, say "I forgot my password" and then give them your SSN. Your bank will happily reset the password for them. If someone has your SSN they essentially have everything they need to get access to any of your financial, medical, or utility accounts, and can also use it for KYC/AML to open say a crypto account in your name. You cannot do anything to prevent this option.
Have you gone into your bank and asked about additional security measures? For my credit union, I have a call center password I have to give them and mom's maiden name is not mom's maiden name. I think—I'd have to double check—but I think I had them put a note in my file that I would have to go into unlock my account and show 2 forms of ID
Sure, every frame announces its own length in the frame header, so the frame content iself does not need to be escaped (apart from the usual escaping of MP3 synchronisation markers, called „unsynchronisation“, but that’s not relevant to the question at hand).
I'm not defending github specifically, I have no experience with the customer service and have no reason to beleive they are or aren't garbage. I'll assume they are garbage.
To be fair, what do you expect the first representative to do/say? They responded in 3 hours, and it's unlikely they can do much beyond escalate this issue internally. We can't expect them to say "We're going to do sweeping changes" at this point.
Github in the past has done sweeping changes for things such as youtube-dl. They created a large blog post about it, including having both programmers and laywers review every DMCA request, and allowing the most minimal amount of changes to comply, etc. That type of response takes time and coordination.
Even cloudflare with their CEO/CTO can't offer sweeping changes in a HN comment. There's layers to this. You can only really expect damage control from a HN comment.
They could have posted from a non-throwaway (or at least non-anonymous) account and identified a clear point of contact. As it is with such vague instructions, it would be far too easy for the issue to get lost in the Rube Goldberg machine of their support infrastructure again.
Disclosure: I have no specific experience with GitHub support, but I have experience with other support organizations and "send us a new ticket" can easily result in a repeat of the original bad experience. I'm not saying this would necessarily happen to the OP, but we also don't have any assurance at this point that it wouldn't happen.
> We will have a security overview doc up soon, we ran out of time to have it ready today.
I mean this respectfully - why would you release a cryptographic method of transferring money - without going into detail of how it actually works? That's kinda the entire point of cryptocurrency, that we have a way to be mathematically confident the money is safe - but you didn't tell us the math. Especially on HN were a lot of the audience is technical enough to want to and be able to verify it to some degree.
I see you have patent US10896412B2, which honestly I have to ask how this is any different from any other hardware wallet?
> A physical cryptocurrency may comprise a physical medium and an attached processor.
I read some of the details (admittedly not all) and I'm still unsure how this is different from any other hardware wallet. AFAIK this is just a hardware wallet that exposes it's public key, then exposes it's private key when you cut the wire? Then we still need your signature to transfer the crypto, which is so double spend is prevented?
Also, if your servers go down or you're hacked or rm -rf dir/ * happens, will all the notes become unusable? Are we relying on you to maintain servers indefinitely?
> I mean this respectfully - why would you release a cryptographic method of transferring money - without going into detail of how it actually works? That's kinda the entire point of cryptocurrency, that we have a way to be mathematically confident the money is safe - but you didn't tell us the math. Especially on HN were a lot of the audience is technical enough to want to and be able to verify it to some degree.
As noted, the app will be open source as will the (brief) Bitcoin script for audit. For the sake of simplicity 2-of-2 multisig that downgrades to 1-of-2 multisig over time should capture the essence of how these notes work.
> Also, if your servers go down or you're hacked or rm -rf dir/ * happens, will all the notes become unusable? Are we relying on you to maintain servers indefinitely?
Nope. Users can always claim funds after the expiration date of January 3rd 2029 using the user key stored on the note.
> For the sake of simplicity 2-of-2 multisig that downgrades to 1-of-2 multisig over time should capture the essence of how these notes work.
> Users can always claim funds after the expiration date of January 3rd 2029 using the user key stored on the note.
Interesting, thank you. That does seem more reasonable to me. Best of luck with your project.
>Nope. Users can always claim funds after the expiration date of January 3rd 2029 using the user key stored on the note.
Wait what? If your service gets hacked or goes away, the funds will be usable seven years from now? How is this statement different from “You’ll find out whether or tech stack works years from now “?
This kind of "smart-contracts" can be made and tested today on the Bitcoin network. Instead of picking a block-height of 7-9 years in the future, you could pick one on the next 20 minutes....
The code (if not put in a Taproot transaction) is "naked" visible on the blockchain, so no "trust" is needed.
Yes, that makes more sense, I was mischaracterizing it. 1-of-1 is more appropriate (although the notion of a 1-of-1 multisig is a little odd at face value until one digs in).
> Innovation is overrated. And standardising is not blocking.
Hard disagree? Both lightning and USB C were massive improvements in durability compared to Micro USB - I'd argue lightning is still better in that regard, because there's no thin piece inside the phone that can break (did phone repair, and 99% of the time a "broken" iphone port was just stuck lint).
USB C is not universally better then then Micro, namely it has a much larger footprint both on the connector side and the PCB.
> Will EU block innovation?
So my question is - if there's a new USB standard connector that's smaller, or is inside-out for better durability - is it now prevented from being used?
Granted this isn't the fault of the connector, but USB-C is certainly a mess. My Nintendo Switch uses USB-C charging, but I can't use my MacBook charger for it. There are different cables, ratings, etc. "make everything USB-C" is asking for confusion. As much as I hate having a different cable for every device, at least when I pick up a (Apple-branded) lightning cable, I know it will work correctly for my iPhone.
Isn't the switch a notorious outlier and oddball with respect to its usb-c implementation though? I think it's more just that Nintendo screwed up one product than the standard is bad.
It's certainly the most popular example of poor implementation. But one could argue that USB-C isn't even implemented and they just used the connector/form factor for their cable. I recall the RPI4 also having issues early on with power over USB-C.
But that's precisely my problem with this - if we're forcing every device to merely adopt a USB-C port, that does nothing to ensure they're actually using USB-C specifications or interoperable. Game System X and Phone Y may only work with USB-C cables/chargers X and Y, which satisfy the requirement without fixing the compatibility problem.
> …if we're forcing every device to merely adopt a USB-C port, that does nothing to ensure they're actually using USB-C specifications or interoperable.
You certainly need more than just the physical port. IMHO the minimum reasonable requirement would be that the device must charge at near the maximum supported rate (minimum of the device's, cable's, and charger's advertised rates) with any combination of compliant charger & cable. There wouldn't be much point in mandating the use of USB-C ports otherwise.
> My Nintendo Switch uses USB-C charging, but I can't use my MacBook charger for it.
Then I guess you got one from the first hardware revision. I have a 2018 Switch (second hardware revision as far as I understand), and I have in the past charged it successfully with Apple chargers and Lenovo chargers.
I really like what USB-C has done for peripherals and non-iphone devices, but I agree with you.
I'd be fine with a new USB-D that fixed all these issues. USB-C is just mostly better than the other alternatives for Android and charging laptops. Its far from perfect.
I've read that USB-C is a durability improvement over micro USB. This surprised me because I've never had the USB port on a phone fail on me until I got a USB-C phone.
Or apple's iCloud (see their passkey thing also currently on the front page)
EDIT: Yes you don't need to use a syncing service. But it will be important for it to be portable between syncing services, as that is what most consumers will be using.
Does anyone know how this/FIDO/Webauthn affect privacy? How well supported are alt accounts? Are they easy to tell they're from the same signer?
I figure privacy is fine as long as the implementations allow you to select which account to login with. Is this currently a thing? From everything I read it seems like the current implementations are only meant to support one identity?
EDIT: These are great responses, also curious if anyone is aware if Apple's current implementation supports multiple identities?
FIDO2/WebAuthn don't have anything to do with user management from an application architecture perspective. They leave all the work of combining the attestation credentials and your application's concept of a "user" to the application.
This means you can (and should as a designer) have multiple sets of credentials for one "user", multiple distinct credentials that you (the user) can register to multiple separate "user"s in the application, etc.
I believe all FIDO2 authenticators (like hardware keys) should generate a new hardware / key ID for each request for pairing a new credential. I know that my key does that, when I was working on implementing WebAuthn for $DAYJOB.
FIDO2 resident keys (the thing people are now calling passkeys) allow for multiple credentials for a single site. If you have a device that supports resident keys you can try this for yourself on https://webauthn.io.
There is also no way for a site to know if two sets of credentials belong to the same physical hardware device or not. Sites can request the attestation certificate, but that is not unique per device (the spec says the attestation cert should be shared by at least 100,000 devices). If you want to see the attestation cert for a fido(2) device, I made a little tool that will show it to you: https://what-the-fido.sanford.io/
FIDO/WebauthN are generally "the good guys" when it comes to privacy bc "bring your own secure hardware key" is always an option. I'm kinda torn over the "use your cellphone as a key" approaches as not privacy friendly but we can't actually prevent them (you can always simulate a key).
But you can't simulate an attestation that you're using a device from one of the "approved" manufacturers in the cartel. This is basically DRM for human identity.
> Unfortunately only mobile OSes are on the forefront of this.
I'm not sure why the OS would have to manage this. For example when using electron you can use node's vm and run js in a seperate context. Its a seperate process but doesn't require anything special from the os for it.
mobile OSes do sandbox the entire program usually by default though.
Ubuntu sorta tried to with snapd. Windows tried to with UWP.
Because that is why the OSes exist in first place, to provide common services to applications, otherwise we could still code like in the old 16 bit days, a bit like Arduino nowadays.
Windows is still trying, hence why now WinUI 3.0, WinAppSDK and packaged applications.
Likewise Ubuntu hasn't given away snapd, rather doubled down on it.
Yet none of them are as enforceable as iOS and Android are. It isn't only the program that is sandboxed, plugins are also required to be installed as separate packages and communicate over IPC with the host.
I think the idea is that the OS has a better chance of keeping the plugin isolated than a VM sandbox.
I'd certainly trust v8's sandboxing over any attempt to do it myself but OS level sandboxing + IPC seems like an even better idea if you're trying to be really sure.
> In fact, they get paid well to do it. Your typical family law attorney should be arrested, tried and convicted, and they've destroyed countless families, harmed countless children.
I was with you up until this. While I understand the view that what many attorneys do is immoral or wrong - generally speaking to my knowledge there isn't widespread illegal behavior?
I understand but don't fully agree with the view that laywers are "evil" - but the way I see it is they are skilled at playing by the rules of the law. This makes them incredibly powerful (for both sides of people that can afford it), but if they are generally playing by the law - thus not arrestable. Tearing a family apart because the mother is an A hole and lies about things the father does might be immoral - but it's not illegal for an attorney to represent them.
>While I understand the view that what many attorneys do is immoral or wrong - generally speaking to my knowledge there isn't widespread illegal behavior?
From my own experience, and the attorneys I've talked to, and the other fathers/husbands, certain practices are rampant. False allegations of abuse are regularly made by the female, which grant injunctions/TROs, ex parte, which are then used to withhold children. Perjury is never prosecuted. Not ever. Judges don't care about timelines, and regularly ignore the statutory limits on holding hearings, meaning that a TRO can be in effect indefinitely without a single hearing. Judges regularly don't read motions, do not rule on them.
Time is on the side of the most shameless liar. Both attorneys make more money in this kind of case, because it takes time, its very litigious. Both attorneys have every incentive to not just not deescalate, but escalate the situation. If you are representing yourself, they will try to overwhelm you with paperwork - my wife had one attorney who would, instead of filing motions, would keep appending to a single motion and resubmitting the entire omnibus. They filed invalid motions, they filed hearsay. The entire premise of the actions were to delay, keep the kids, increase the pain until I gave into all demands. From what I've heard, this is a common tactic, because it works. To hold out means to give up your kids for years. Everything, and I mean everything here, is in violation of statute, and no-one in power gives two fucks. Plus at the end of it they count on the fact that you're too exhausted to pursue any kind of remedy, and in fact your faith in the system has been so destroyed that you're convinced that it would do no good anyway. Like I said, they do it because it works.
I cannot remember my own SSN. What happens if I lose my license, SSN, and master password manager password in a fire? What happens if someone has a stroke and forgets a recent pin code, etc.
Do I go to my state and request new IDs? How do they authenticate me?