Hacker News: Ronnie76er

New comment by Ronnie76er in "Show HN: Wealthfolio 2.0- Open source investment tracker. Now Mobile and Docker"

Ronnie76er — Sat, 22 Nov 2025 20:15:56 +0000

Someone else mentioned this up the thread. I am a huge fan of YNAB too, but I just gave Actual Budget a try and I'm hooked. Some things are better and some things worse than YNAB, but it's open source and self-hosted. I'd recommend either.

Ask HN: Why did ID.me (USA) remove social logins?

Ronnie76er — Mon, 01 Sep 2025 16:10:28 +0000

ID.me previously allowed, in addition to login via username and password, the option to log in via google or facebook. That was recently removed, and I can't find any information about why it was removed. Does anyone know why?

Comments URL: https://news.ycombinator.com/item?id=45093927

Points: 2

# Comments: 1

New comment by Ronnie76er in "Google’s OAuth login doesn’t protect against purchasing a failed startup domain"

Ronnie76er — Tue, 14 Jan 2025 18:44:17 +0000

As others have noted, this feels like an issue in the relying parties not relying on the `sub` field to validate the user. It feels the exact same as this issue here: https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-a....

In both, the details around the `sub` field, the field that should actually be used to identify the user, is poorly described. I would say that both of these feel a bit sensationalist, but then again, if relying parties are NOT using the sub field to validate users, they should be called out.

It seems to be that a good way to make some money is find every such situation where RPs are not using sub, and submit vuln bugs.

New comment by Ronnie76er in "Daisy, an AI granny wasting scammers' time"

Ronnie76er — Thu, 14 Nov 2024 18:25:03 +0000

My Pixel 8 (not sure what other Android phones do this) can screen calls using their AI assistant. It asks what the call is about. If they answer, it displays the text to you as it rings through.

It sounds surprisingly human-like, even saying "Hello?" in a slightly annoyed tone when the other person doesn't respond in time.

New comment by Ronnie76er in "SAMA – open-source Chat server"

Ronnie76er — Fri, 06 Sep 2024 15:54:15 +0000

I don't use Mattermost (but use slack and discord), but looking here, they look the same as Slack threads: https://docs.mattermost.com/collaborate/organize-conversatio.... I always thought Slack threads were decent, but I'm interested what could be.

New comment by Ronnie76er in "Reverse Engineering the Verification QR Code on My Diploma"

Ronnie76er — Fri, 05 Jul 2024 00:20:16 +0000

Check out the RSA spec here: https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2. It's still verification, because all you need is a message and a signature. The message can be constructed from the data in the diploma, presumably. It's just, it's not disclosed to you how to construct the message (maybe it is online somewhere). So a verifier could construct the same message you decrypted, and then run the verification function.

New comment by Ronnie76er in "Less secure apps and your Google Account"

Ronnie76er — Tue, 01 Mar 2022 13:52:47 +0000

In my dim recollection, I've used mail clients that used OAuth for IMAP access, plus it appears they are not taking away App Passwords, which I use for almost all my mail clients.

New comment by Ronnie76er in "Zero-day in Sign in with Apple"

Ronnie76er — Sat, 30 May 2020 20:23:16 +0000

Just want to mention something about the id_token provided. I'm on my phone, so I don't have apples implementation handy, but in OIDC, the relying party (Spotify for example) is supposed to use the id_token to verify the user that is authenticated, specifically the sub claim in the jwt id_token.

https://openid.net/specs/openid-connect-core-1_0-final.html#...

It's likely (although like others have noted, this is scant on details), that this value was correct and represented the authenticated user.

A relying party should not use the email value to authenticate the user.

Not contesting that this is a bug that should be fixed and a potential security issue, but perhaps not as bad.

Anyone else? Am I reading this right?

New comment by Ronnie76er in "Happy Public Domain Day: Gershwin’s “Rhapsody in Blue” Is Copyright Free"

Ronnie76er — Wed, 01 Jan 2020 21:47:59 +0000

I remember this article from a while ago (beginning of 2018), saying the RIAA and MPAA was not actively pursuing anything to extend it again: https://arstechnica.com/tech-policy/2018/01/hollywood-says-i...

I didn't see anything refuting that in a short look around, but maybe that's changed.

AWS Services Updated to Address OpenSSL Vulnerability

Ronnie76er — Tue, 08 Apr 2014 19:24:30 +0000

Article URL: http://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

Comments URL: https://news.ycombinator.com/item?id=7555402

Points: 6

# Comments: 0

New comment by Ronnie76er in "Heartbleed vulnerability tester"

Ronnie76er — Tue, 08 Apr 2014 16:47:48 +0000

I think it's also possible you are getting a false positive, because it's timing out or whatever. The newer version of that check tells you if it's timing out.

New comment by Ronnie76er in "Ask HN: Who Is Hiring? (August 2012)"

Ronnie76er — Thu, 09 Aug 2012 03:28:19 +0000

Newtown Square, PA (Philadelphia suburbs)

konciergeMD (http://konciergemd.com/) is an early stage startup in the Philly suburbs. We're building a product that changes how caregivers and providers collaborate to deliver healthcare. We're a small, polyglot team with diverse backgrounds. Our stack is Java/Scala on the back end and HTML5/CSS3/Javascript on the front end. We care deeply about aesthetics. We care deeply about coffee. We are seeking developers who are equally comfortable with front and back end development and who understand web-scale, high-availability, high-traffic application architectures.

We're looking to bring on a top-notch software engineer, a pragmatist focused on shipping. We are open to contract or full-time work candidates. You will play a role in shaping this product -- this is core to our culture, so bring your opinions. We're generalists, but the path we're blazing will heavily rely on Javascript, jQuery, Backbone.js, HTML5, CSS3, Java, Scala, Play Framework, and Amazon Web Services. We're web first but mobile is quickly approaching on the horizon. Bonus points if you have experience working with medical informatics. Gold stars if you have experience working with big data, machine learning, or semantic web.

If you're interested, ping ron@konciergemd.com.

"Manage your energy first"

Ronnie76er — Wed, 01 Feb 2012 16:34:01 +0000

Article URL: http://dilbert.com/blog/entry/the_right_priority/

Comments URL: https://news.ycombinator.com/item?id=3538646

Points: 4

# Comments: 0

New comment by Ronnie76er in "We've invented waterfall"

Ronnie76er — Fri, 09 Dec 2011 16:15:07 +0000

Waterfall isn't bad in all circumstances. Lockheed Martin isn't iterating a jet into the side of a mountain 100 times until they get it right.