Tell HN: Somebody implemented something I wrote a blog about
If you don't mind I'm just just pasting the URL into a comment to make it a link:
One of my GitHub projects was used in a demo at Google Cloud next a while ago. the presenter was considerate enough to attribute the project to me by name during the demo and even sent me an issue just letting me know about it. That was so nice! Absolutely people should do this.
I thought that was silly: how do I know if I want to save the password before I've seen whether it's correct? Which I can't see until the form is submitted.
At the time I was using Opera, so I wrote in to their customer support suggesting that the prompt appear after the new page loaded. I never heard back, but a couple months later their next major release implemented exactly that behavior. A few months after, every other browser had followed suit.
I can't have been the only one bothered by the existing behavior, but given how long browsers had worked that way before I wrote in, I like to tell myself that the timing wasn't a coincidence, and that my little suggestion rippled out into a change that made a small thing better for the whole world :)
> When a user enters their password, but fails to authenticate using a second factor...:
> Notify the user of the failed login attempt, and encourage them to change their password if they don't recognize it.
> The notification should include the time, browser and geographic location of the login attempt.
> This should be displayed next time they login, and optionally emailed to them as well
Customer support burden when the lose the 2FA key is solved by adding a hefty fee (around €100) to recover it. No webauthn support yet though.
You should verify a user's second factor before password.
All in all it is a great feeling to see your idea getting a concrete life. In a way, reporting an issue and a possible improvement to any product you care about is an essence of collaboration. Open source further helps to contribute by augmenting such effort with a skill to implement it.
I didnt do this with NYT writers or anything. Just people who clearly dont get paid/paid much to make this content but I found it useful/interesting/helpful. I think that stuff goes a long way and it really doesnt take that long to do.
I've got a tech podcast now and about once every month or two someone contacts me to say they liked it or something nice. It's a huge reason why I keep doing it. I know that sounds silly but the internet can be such a black hole. A little feedback goes a long way.
After your password is approved before 2FA you get an email. So even if someone is somehow using the right 2FA you are aware.
Our thinking was the mosly likely outcome was someone would hit 2FA, not have the code and so close the request without even entering a bad code.
Apart from that though, it is always nice to get recognition for the stuff you put out there. I know I should do it more myself too.
About communication piggybacked over TCP/IP without changing any one bit of packet data.
Some 20 years later, a guy posted on GitHub.
And made my day.
I often just want to follow up later by “adding to my library,” and it feels weird to “LOVE” it before ever hearing it. I really feel pain when I hear something terrible that I’ve already “liked” and consider the impacts to my algorithm.
Please distinguish between “like” and “save.”
A simple “plus sign” or really any other symbol that signifies “adding to a collection” without “liking” connotations (stars are out too).
I had written about (what I considered as) a vulnerability that allowed remote triggering of Bird Scooter alarms (Bird disagreed of course) on my blog . I then saw this github repo linked in the comments for setting off alarms of Bird scooters  and reached out to the author.
The author let me know that they had used the info in my blog to script a tool for setting off Bird Scooters en masse. They then targeted the script at all the scooters in Lyon and subsequently fell asleep. When they woke up the noticed the end point was disabled... Bird had taken the action to disable the API endpoint in response of course.
Probably would've been easier to fix before someone scripted it out but it made for a fun story.
He went for it and offered me PDF copies of every Pocket Guide as a thank you.
Thank you for putting this out there!
I once reverse engineered the protocol for a popular mobile game so I could write my own client for it and posted my library online for others to do the same without any expectation it'd ever get seen. Months later, I received an email from someone reverse engineering the protocol as well for different purposes. They got stuck on a particularly difficult issue I also encountered (and documented), and googling it led them to my library, saving them hours of future work.
It definitely made my day and I'm still very proud of that project because of that.
Edit: There's a second part too! I just remembered that I've posted this story on HN before, and the last time I did a dev for the game emailed me saying he looked over the code and was impressed that I was able to figure out so much despite their deliberate efforts to keep the protocol locked down. Another great day!
Recently, I got into RC cars. I was watching a YouTube video discussing the long-term issues that can arise with the particular model I own. In the video, the presenter mentions that “maybe you could 3D print something” to help address a deficiency in the vehicle design.
I just purchased a 3D printer, and thought, “Maybe I can design it myself.”
Lo and behold, someone already did, and cited the same YouTube video as their inspiration: https://www.thingiverse.com/thing:4982263
How amazing and cool is that??!
(I don't really believe that my message really caused this to happen, it's for sure a weird coincidence to me)