Readit Newsdaave commented on Secretive: Store SSH Keys in the Secure Enclave github.com/maxgoedjen/sec... · Posted by u/ValentineC
It's not really a non-sequitur. The idiom for SSH certificates is to be issued extremely short-term certificates in response to MFA authentication. You don't get long-term secrets in most SSH CA schemes.
You're certainly more of an authority on it than I, so I trust when you say most schemes don't keep long-term keypairs around; but of the two companies I've worked at that use SSH CAs: one used Teleport, and the other had long-lived keypairs, but fairly-short-lived certificates -- you had to get your public key re-signed each day. They used Yubikeys to store (or maybe just unwrap?) the private key material during the SSH handshake; much as a TPM or the Secure Enclave could be used to do this.
daave commented on Secretive: Store SSH Keys in the Secure Enclave github.com/maxgoedjen/sec... · Posted by u/ValentineC
Practically an anti-pattern nowadays. Get a YubiKey and leverage SSH certificates.
This is a non-sequitur, even if you use SSH certificates you still need a public/private keypair, hosts just authorize the key by checking the signature from a trusted CA on the public half of the user key. The OP is about a way to store the private key part of the user key that can't be extracted even with physical access to the machine. So, this is an equivalent/alternative to using a YubiKey, that is conveniently built in to a popular piece of hardware; not something orthogonal to using SSH certificates.
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
This looks like an interesting idea. A twist on mailing lists with a web facing interface. One thing I couldn't figure out, are all threads one-on-one? Or is it possible to have threads with many people in them?
A small technical nitpick, it seems cache headers are not set correctly for images and such right now. When you scroll up and down the homepage, the same images get re-requested again and again. Out of curiosity, why are the top items unrendered when scrolling down?
Re caching:
I had a look into it, and it seems we set the following headers when retrieving user images:
> cache-control: public, max-age=3600
So I believe your browser _should_ be caching these.
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
Ahh okay, thanks! Could I have the username "Stavros" then please? I am currently https://radiopaper.com/user/U2goL6aTrtYs38S1l0kMkJuMwMm1
Also, having a section in the profile where I could change my login email address would help with the UX.
Done - https://radiopaper.com/Stavros
Being able to change your email address is a known gap, sorry about that. For now if you want to use a different email you'll need to make a second account. We plan to make account merging possible in the future.
A short-sighted technical decision on my part: we use the Firebase Auth UIDs as our internal user IDs, but Firebase Auth does not allow you to have multiple email auth-providers on a single account. So we need to add a layer of indirection in our data model.
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
this is the first modern social network i immediately signed up for. great job!
i am kinda confused on the email thing. when i use the email of someone i know and they are not on the network, do they still get the message in their email?
Yes! They will receive an email with the message, and some boilerplate explaining that it was sent from Radiopaper and that if they reply to the email the message will be published. They'll also receive a link to view the post on the site if they prefer.
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
This is a fantastic idea. My only suggestion would be to make those features that are not immediately apparent more apparent. Even a simple “About” or “What is Radiopaper?” page would help a lot.
https://radiopaper.com/about
It's helpful feedback that this isn't as discoverable as it should be. If you hover your cursor towards the bottom of the explore page, some links show up.
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
This looks like a nice idea, though I can't really wrap my head around the UI. How do I tell people how to discover me? I signed up and my username was my email, I changed it to my name but the URL didn't change, and now I don't know if my email is set to something unusable (or, if not, where to find it).
We don't have usernames!
You can log in with OAuth, or by Email.
You can change your _display name_ on your profile page, and that's what appears publicly on the site (your email doesn't appear publicly, even if you log in by address!).
Today to get a custom profile URL like radiopaper.com/Dave, you just need to ask and we'll create an alias for you. There isn't a self-serve alias mechanism available today, but we're thinking about how to provide one. Any profile can be linked by the URL radiopaper.com/uid, for instnace my profile can be reached at https://radiopaper.com/user/AwQLwnOgQFdyDfNoYfNCSSsVdx43, "Dave" is just an alias.
Clearly having separate concepts of login method vs display name vs profile URL is all a bit confusing, this is helpful feedback!
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
Radiopaper is both empowering and requiring every user to be a content moderator. Let's say Alice and Bob sign up and start holding interesting conversations. Then Nasty McNasterson starts sending hate mail and death wishes to Alice and Bob. Alice and Bob can stop Nasty's messages from showing publicly, but first they have to see the never-ending stream of abuse. What can they do to stop this? Can they block Nasty from sending them messages? If enough people block Nasty, can Nasty be kicked off the platform? On the other hand, if Nasty and an army of sock puppets (or a brigade of chat buddies) block Alice and Bob, will they get kicked off instead?
Adding a feature to block specific accounts is on our short-term roadmap.
We'll also endeavor to block accounts from the platform that violate our policies (https://radiopaper.com/policies).
daave commented on Show HN: Radiopaper – Troll-resistant public conversations radiopaper.com/explore... · Posted by u/evnp
Love the design and after reading the post that @duck linked to it clicked. Not sure how to elevator pitch the concept more efficiently but the email interaction mechanism might be viral enough to not have to really sell people on the idea. Super cool, hope it keeps growing and you can't fit in the free tier anymore!
Hacker News has definitely pushed us out of the free tier for today, but these services are still impressively cheap. We may have a $5 cloud bill this month.