Comments URL: https://news.ycombinator.com/item?id=46707327

Points: 5

# Comments: 6

Comments URL: https://news.ycombinator.com/item?id=43025157

Points: 1

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=42863547

Points: 3

# Comments: 1

I don't remember the exact number but something like 30% of people who didn't use a password manager got caught. Basically no-one using a manager was.

Granted there might be some selection bias (people who had managers were probably already slightly more security conscious), but people were feeling slightly embarrassed to have been caught and it worked great to have everyone do the switch. And everyone remembered after that that if it doesn't autofill, something's amiss.

Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.

With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)

If your main issue is the keybinding though there is a vscode plugin[1] that recreates Intellij IDEA bindings, which I found helped smooth the transition during my tryouts for me.

[1] https://marketplace.visualstudio.com/items?itemName=k--kato....

I didn't have any easy solution and this looks promising, congrats!

A few dealbreaker things I can share:

- she has lots of albums already on gphoto. She'd need to easily import them.

- she makes heavy use of the map and text blocks you can add in gphoto albums, which makes each album a kind of travel diary. I don't get the sense these are supported in your product yet, these would be required for her.

- she doesn't have a ton of videos but sometimes she does have a few.

- I'd have some concerns about the longevity of your product - if she invests time into it she wants to be able to look back at the albums in 10-20 years time. Having a convenient way to export the albums would be reassuring to me.

- I think she has a few 1000s photos in those albums, so your highest tier would be too low for her, if there was a way to buy storage that might suit her usage better (though she has a hobbyist budget).

It might be technically difficult and you rejected that path already, but I'm thinking an ideal way for her would be to keep editing her albums in gphotos and sync them to your site, which would take care of the longevity concerns and allow her to keep using the interface she knows (if you linked directly to the pics/vids on google server that would eliminate the cost of storing pictures for you, but I assume that's impossible or prohibited by google's tos).

Anyway, just sharing my use case in case that's useful but congrats on launching and on the good looking product!

It's done by the same people as the second paper I linked, on people attending a 10-day silent meditation retreat. My understanding so far is that the participants will be "zapped" a couple of time over the 10 days, to explore exactly what you describe ie alterations of consciousness similar to what's found in long term meditators on retreat, except induced on people who are already on retreat instead of people who'll have to go back to work afterwards.

I'll have more to report in a couple weeks time!

(If you'd like to share, I'm also curious as to what interests you in that field of study)

If anyone's interested I found those two paper really interesting:

- Aubry et al 2023[1], on potential risks and limitions of using focused ultrasound in the brain (tldr we don't know but have conservative estimates. Really interesting for me to see that HN article adding to that)

- Lord et al 2024[2], a first study on using Transcranial Focused Ultrasound to modulate the DMN and subjective experience

[1] https://arxiv.org/pdf/2311.05359

[2] https://www.researchgate.net/publication/381488518_Transcran...

This includes movements of attention: attention is drawn to a sound perception because a frog makes a sound, then conditioned on interest being high interest dwindles, conditioned on that plus nerves shooting in the back a sensation catches the attention, it goes to a thought of planning that appears conditioned on you having a deadline tomorrow...

Even the arising of intention to move the hand arises at that moment conditioned on other things (that include you playing around with your perception a moment ago, pre-existing view around how decision work and wanting to prove it, having a hand...)

Looking for conditionality in everything we might identify with - thoughts, perceptions, intention... - is a central practice in numerous schools of Early Buddhism, and can lead to a deep, deep sense of letting go, inhabiting a flow of things "just unfolding", and classical insights around what our sense of self actually is.

It has some valid other use cases but it has drawbacks too and htpasswd can definitely be the better solution in many situations. StatiCrypt just aims at being another tool with different trade-offs.

I saw that StatiCrypt is listed is the alternative section of your README, I'll do the same on StatiCrypt (and add a bunch of the one listed there that I didn't know about!)

The "Alternatives" section of StatiCrypt has always felt a bit empty to me, I'm glad to discover all those great looking projects and beef it up a bit. :)

There's a (warning: very detailed) issue covering the topic of PBKDF2 iterations and password length over here, if you feel like diving into that rabbit hole: https://github.com/robinmoisson/staticrypt/issues/159

Would you be okay with me listing your project in the Community and Alternatives[1] section of the StatiCrypt readme?

[1] https://github.com/robinmoisson/staticrypt#community-and-alt...

Do you mind if I list in the Community and Alternatives[1] section of the StatiCrypt readme?

[1] https://github.com/robinmoisson/staticrypt#community-and-alt...

If you're open to sharing what didn't work for you in remembering people through re-deploy I'd love to hear it, I spent quite a few brain-cycles to think about making that as seamless as possible for the user (semver major version bump shouldn't break this, for example).

I'm assuming the problem is the salt being changed if it's not pinned by the .staticrypt.json file (auto-created but needs to be commited) or the `-s ` CLI option.

[1] https://github.com/robinmoisson/staticrypt#community-and-alt...