noperator's comments

noperator · 2025-02-20T13:39:03 1740058743

> palm rejection while using the stylus

Do you mean that it doesn't sufficiently reject palm touch while writing with stylus? I'm a long-time Onyx BOOX user and hoping that DC-1 writing experience is as good or better.

noperator · 2025-02-14T00:03:41 1739491421

PRs welcome ;)

noperator · 2025-02-12T23:11:18 1739401878

I just like to be notified when I need to tap something with explicit intent.

agwa · 2025-02-13T00:02:40 1739404960

The concern is that if you don't know how many times you should be tapping the YubiKey when you clone a git repo, then an attacker could slip in its own signing requests and you would dutifully tap the YubiKey to authorize them. If you do know how many times to tap, do you still need the notification?

(It's true that if an attacker slipped in a request right before I was expecting to tap my YubiKey, I would tap it a second time to get my operation to succeed under the assumption that it didn't detect my touch the first time. But I would become suspicious if that kept happening.)

noperator · 2025-02-12T21:58:38 1739397518

I published a nearly identical tool, referencing the same paper, a few weeks ago :) Although I implemented a listwise algorithm instead of pairwise as described in the paper; ends up being a lot faster.

https://github.com/BishopFox/raink

https://bishopfox.com/blog/raink-llms-document-ranking

    raink \
        -f testdata/sentences.txt \
        -r 10 \
        -s 10 \
        -p 'Rank each of these items according to their relevancy to the concept of "time".' |
        jq -r '.[:10] | map(.value)[]' |
        nl
    
       1  The train arrived exactly on time.
       2  The old clock chimed twelve times.
       3  The clock ticked steadily on the wall.
       4  The bell rang, signaling the end of class.
       5  The rooster crowed at the break of dawn.
       6  She climbed to the top of the hill to watch the sunset.
       7  He watched as the leaves fell one by one.
       8  The stars twinkled brightly in the clear night sky.
       9  He spotted a shooting star while stargazing.
      10  She opened the curtains to let in the morning light.

noperator · 2025-02-12T21:08:01 1739394481

I've found that when I'm cloning submoduled private repos via YK-backed SSH key, I'll need to touch multiple times but there's not always text in the terminal notifying me to do so. Easy to miss the small flashing green light.

gtirloni · 2025-02-13T00:49:27 1739407767

Is it possible to add it to ssh-agent once?

capitol_ · 2025-02-13T09:40:08 1739439608

No, the idea behind yk-backed keys are that part of the secret lives on the yubikey and can't be extracted.

So you need to approve the usage of that secret by touching the yubikey.

jmholla · 2025-02-13T21:43:21 1739483001

Well, if it's the same git server using the same SSH key for every repo, can't you still use SSH's ControlMaster to open the connection once and leave it open?

noperator · 2025-02-14T00:02:34 1739491354

Yeah could do. I do this for some SSH hosts but not all.