Hacker News: banger180

New comment by banger180 in "Millions of Accounts Vulnerable Due to Google's OAuth Flaw"

banger180 — Tue, 14 Jan 2025 18:01:46 +0000

> I wonder what action is causing the sub to change like the author suggests is happening.

Indeed this would be very interesting.

This issue is also very similar to CVE-2024-25618.

What we did to mitigate this is the following: - Federated login with OIDC - Look for a user based on the sub claim - If they are found: authenticate that user and optionally update their profile (email, name, ...) based on then new id claims. - Else look for a user matching on the `email` claim and link the `sub` to that user - If no user is found create a new one

New comment by banger180 in "Google’s OAuth login doesn’t protect against purchasing a failed startup domain"

banger180 — Tue, 14 Jan 2025 17:29:17 +0000

> “The sub claim changes in about 0.04% of logins from Log in with Google. For us, that's hundreds of users last week”.

What I don't understand is why the `sub` claim is not consistent for those users at Google. To my understanding of the OIDC protocol the `sub` should be unique for a specific user.

Additionally as far as I understand if you take over a defunct domain and create a new google workspace with new users those new user account should get assigned a new `sub`.

40 Years of European Digital Policies. Forgotten Lessons [video]

banger180 — Fri, 05 Jul 2024 17:52:52 +0000

Article URL: https://www.youtube.com/watch?v=kXefs6tmTgo

Comments URL: https://news.ycombinator.com/item?id=40884676

Points: 2

# Comments: 0

New comment by banger180 in "Flathub: One million active users and growing"

banger180 — Mon, 29 Jan 2024 19:46:10 +0000

I really like flatpaks, easy to install and work with. Definitely superior over Ubutnu's snaps. As a user you do have to be somewhat aware that the application is running in a sandbox and won't behave exactly like one running without a container. For example the Belgian digital ID card software does not work in a sanboxed browser. At least not by default a the moment.

New comment by banger180 in "USB-C is about to go from 100W to 240W, enough to power beefier laptops"

banger180 — Wed, 26 May 2021 11:06:54 +0000

USB-c Power Delivery does not require an intel CPU, so I don't see a problem.

New comment by banger180 in "Response to Flatkill.org"

banger180 — Mon, 22 Mar 2021 16:49:33 +0000

And what if i do not use a debian based distro for which the ppa works?

Maintaining one package that works on all distros is a lot easier.

New comment by banger180 in "The Signal Server repository has not been updated since April 2020"

banger180 — Thu, 04 Mar 2021 18:30:34 +0000

I honestly believe matrix will become the go to for (federated) messaging everywhere. The element client has much improved and matrix is continuing to get better.

New comment by banger180 in "This Week in Matrix 2021-01-08"

banger180 — Sat, 09 Jan 2021 08:40:53 +0000

> This might not be the right place to ask but I've been looking into matrix and am I right that if you don't want to rely on a central authority then you need to run your own homeserver, which at minimum requires a publicly accessibly HTTPS server?

If you run your own homeserver you are completely independent and don't rely on anyone else.

If you want to join the federation and talk to people on other homeservers you do need a publicly accessible web server with a valid TLS certificate (which you can get for free from let's encrypt).

If you only want to chat with people on the same server you can choose not to join the federation, but this is not what matrix was designed for.

> those homeservers seem very public by default if you just want one for your personal use.

You can disallow public user creation in the homeserver config. Then only users you have created can access your homeserver. Of course anyon in the federation can invite your users to a room etc.

> Which makes it seem a bit risky

I don't think there is a very large risk to running your own homeserver (not more than running other services).

A matrix homeserver can require quite some resources depending on how many users you host and how large the rooms are. Also there is some normal administration required (updating, making sure the cert is valid, ...).

New comment by banger180 in "How Discord (somewhat accidentally) invented the future of the internet"

banger180 — Sun, 01 Nov 2020 19:46:10 +0000

Too bad it is a completely proprietary walled garden and that they do not care about privacy or security.

I would love for matrix to eventually replace discord, but ATM discord is still a better user experience.

New comment by banger180 in "Huawei’s HarmonyOS is now open source"

banger180 — Fri, 11 Sep 2020 09:18:26 +0000

Yep, The largest threat to the international FOSS collaboration is the US bullying other countries.

New comment by banger180 in "The Day AppGet Died"

banger180 — Thu, 28 May 2020 08:48:32 +0000

> "apt-get" is the classic tool for Windows Subsystem for Linux

APT is the classic tool for debian-like Linux distributions. FTFY

New comment by banger180 in "Ubuntu 20.04 LTS’ snap obsession has snapped me off of it"

banger180 — Sat, 02 May 2020 16:47:07 +0000

There are many kinds of linux users, just like there are many kinds of windows users.

New comment by banger180 in "Zoom 5.0"

banger180 — Tue, 28 Apr 2020 21:33:14 +0000

My Guess is that it is mostly a security through obscurity thing for now, we do not know exactly how they mark the audio. When someone figures this out I believe that it should be possible to filter this out.

It would be interesting if they found a way to watermark the audio in such a way that removing the mark makes the audio unusable.

New comment by banger180 in "Ask HN: Best current mailing list manager?"

banger180 — Mon, 27 Apr 2020 19:40:02 +0000

Fedora usses mailman 3 and hyperkitty at https://lists.fedoraproject.org/archives/

It is infidelity inspired by the layout of a forum, but looks great IMO.

New comment by banger180 in "ICANN delays .org selloff after California’s attorney general intervenes"

banger180 — Fri, 17 Apr 2020 20:48:54 +0000

Except that centralization will eventually give rise to corruption =p. It's and endless debate I guess. But for an organization like ICANN my vote goes to decentralization.

New comment by banger180 in "Curl will now output JSON"

banger180 — Tue, 17 Mar 2020 20:30:01 +0000

Yep this would be really great.

New comment by banger180 in "Share Now, formerly Car2Go, is leaving North America"

banger180 — Thu, 19 Dec 2019 03:17:04 +0000

and sad...

New comment by banger180 in "Websites can change content inside a selection"

banger180 — Mon, 28 Oct 2019 16:45:02 +0000

An alert that you did not copy what you think you copied would not be out of place in my opinion.

New comment by banger180 in "Guess I'm Done with Discord"

banger180 — Sun, 25 Aug 2019 04:48:47 +0000

Yep, I wished matrix would replace discord and all other proprietary crap. Unfortunately the UX is still a bit lacking, but if you somewhat know what you are doing it's great.

New comment by banger180 in "Google's Quantum Processor May Achieve Quantum Supremacy in Months"

banger180 — Mon, 24 Jun 2019 08:24:22 +0000

Do you have a reference to these theories? Seems interesting