HN Reader

The Fed says this is a cube of $1M. They're off by half a million (calvin.sh)

884 points by c249709 8h ago 352 comments

Using Sun Ray thin clients in 2025 (catstret.ch)

49 points by todsacerdoti 1h ago 4 comments

We've Issued Our First IP Address Certificate (letsencrypt.org)

31 points by soheilpro 1h ago 2 comments

Figma Files Registration Statement for Proposed Initial Public Offering (figma.com)

185 points by kualto 5h ago 77 comments

Effectiveness of trees in reducing temperature & outdoor heat exposure in Vegas (iopscience.iop.org)

60 points by PaulHoule 3h ago 50 comments

Fakespot shuts down today after 9 years of detecting fake product reviews (blog.truestar.pro)

51 points by doppio19 4h ago 33 comments

Australians to face age checks from search engines (ia.acs.org.au)

8 points by stubish 52m ago 1 comments

The Roman Roads Research Association (romanroads.org)

36 points by bjourne 4h ago 3 comments

Code⇄GUI bidirectional editing via LSP (jamesbvaughan.com)

109 points by jamesbvaughan 8h ago 33 comments

Feasibility study of a mission to Sedna - Nuclear propulsion and solar sailing (arxiv.org)

165 points by speckx 10h ago 56 comments

Ask HN: Who is hiring? (July 2025)

182 points by whoishiring 9h ago 207 comments

Show HN: Spegel, a Terminal Browser That Uses LLMs to Rewrite Webpages (simedw.com)

304 points by simedw 12h ago 138 comments

I built something that changed my friend group's social fabric (blog.danpetrolito.xyz)

505 points by dandano 3d ago 220 comments

Soldier's wrist purse discovered at Roman legionary camp (heritagedaily.com)

15 points by bookofjoe 3d ago 0 comments

Show HN: Core – open source memory graph for LLMs – shareable, user owned (github.com)

53 points by Manik_agg 8h ago 24 comments

Muxio: Rust layered stream and RPC toolkit (crates.io)

26 points by zombiej5 3d ago 1 comments

The Hoyle State (2021) (johncarlosbaez.wordpress.com)

42 points by gone35 6h ago 8 comments

Experience converting a mathematical software package to C++20 modules [PDF] (arxiv.org)

91 points by vblanco 11h ago 19 comments

Ask HN: Who wants to be hired? (July 2025)

62 points by whoishiring 9h ago 166 comments

Cua (YC X25) is hiring an engineer (ycombinator.com)

1 points by GreenGames 7h ago 0 comments

America's Hot Garbage Problem (bloomberg.com)

34 points by petethomas 1h ago 5 comments

Voyage of Magellan – Epilogue: Sailor of Eternal Fame (analog-antiquarian.net)

4 points by tmsbrg 2d ago 0 comments

OpenFLOW – Quickly make beautiful infrastructure diagrams local to your machine (github.com)

268 points by x0z 18h ago 64 comments

Graph Theory Applications in Video Games (utk.claranguyen.me)

61 points by haywirez 3d ago 4 comments

Show HN: Jobs by Referral: Find jobs in your LinkedIn network (jobsbyreferral.com)

111 points by nicksergeant 12h ago 53 comments

Building a Personal AI Factory (john-rush.com)

67 points by derek 3h ago 40 comments

Swearing as a Response to Pain: Assessing Effects of Novel Swear Words (frontiersin.org)

35 points by sega_sai 2d ago 39 comments

The wanton destruction of a creative-tech era (blog.greg.technology)

56 points by gregsadetsky 5h ago 10 comments

The Hidden Engineering of Liquid Dampers in Skyscrapers (practical.engineering)

36 points by chmaynard 4h ago 6 comments

All Good Editors Are Pirates: In Memory of Lewis H. Lapham (laphamsquarterly.org)

53 points by Caiero 2d ago 8 comments

Show HN: HackerNewt - Breadth-first exploring HN client for iOS (apps.apple.com)

40 points by hnand 8h ago 21 comments

When Did Nature Burst into Vivid Color? (quantamagazine.org)

86 points by jandrewrogers 4d ago 60 comments

'new stars' have exploded into the night sky – both visible to the naked eye (livescience.com)

7 points by ricksunny 1h ago 0 comments

The Palette of the Medieval North (nature.com)

12 points by bryanrasmussen 2d ago 1 comments

Show HN: I built the tool I wished existed for moving Stripe between countries (stripemove.com)

82 points by felphos 11h ago 41 comments

Vibe Specs: Vibe Coding That Works (lukebechtel.com)

8 points by marviel 4h ago 0 comments

Give footnotes the boot – alternatives to footnotes on the web (jakearchibald.com)

12 points by jaffathecake 5h ago 12 comments

Show HN: Arch-Router – 1.5B model for LLM routing by preferences, not benchmarks

47 points by adilhafeez 7h ago 15 comments

1KB JavaScript Demoscene Challenge Just Launched

95 points by babakode 6h ago 21 comments

Aesop in Words of One Syllable (blog.pgdp.net)

30 points by sohkamyung 11h ago 17 comments

HN Slop: AI startup ideas generated from Hacker News (josh.ing)

82 points by coloneltcb 9h ago 25 comments

Embabel Agent Framework for the JVM (github.com)

40 points by t0mas88 2d ago 5 comments

Slouching Towards Sensemaking (karanchawla.io)

20 points by karchaw 2d ago 1 comments

The new skill in AI is not prompting, it's context engineering (philschmid.de)

854 points by robotswantdata 1d ago 487 comments

Sam Altman Slams Meta's AI Talent Poaching: 'Missionaries Will Beat Mercenaries' (wired.com)

89 points by spenvo 6h ago 203 comments

Show HN: A continuation of IRS Direct File that can be self-hosted (github.com)

199 points by elijahwright_ 1d ago 23 comments

Genetic code enables zebrafish to mend damaged organs (caltech.edu)

104 points by bookofjoe 2d ago 12 comments

Exploring Trichromacy through Maxwell's Color Experiment (2023) (maxwell.kohterai.com)

37 points by niwrad 3d ago 10 comments

Grammarly acquires Superhuman (reuters.com)

168 points by thm 10h ago 106 comments

MicroPython on M68k Mac (social.afront.org)

43 points by zdw 8h ago 5 comments

Border search safe TOTP authenticator app?

10 jakedata 12 7/1/2025, 6:33:44 PM
While crossing international borders, a traveler may be legitimately asked to provide access to their devices. Such a person is often not in a position to refuse.

I am searching for a dual-pin TOTP app that looks like it is working whether it is or not. Entering the wrong PIN might cause the app to generate invalid codes while optionally wiping the real config.

Actually attempting to use the invalid code could potentially trigger all kinds of actions on the server that received the bogus login request. Sending an SOS email might be one such action.

I am not sure such a thing exists in either major app store. Thoughts?

Comments (12)

jasonpeacock · 4h ago
FYI, you're asking about duress codes[1] - it may help your search to use that term.

[1] https://en.wikipedia.org/wiki/Duress_code

Nextgrid · 3h ago
You need to re-evaluate your threat model and change your approach. As others have said here, a TOTP that doesn't work would attract more attention that one that does or one that outright doesn't exist, all the way up to escalating the encounter from casual privacy-conscious user to alleged spy.

The best way is to legitimately not have anything on the phone or your online presence that would cause problems, and then just be transparent (honestly, they're not after your nudes or embarrassing texts). A lot of border checks are based on feelings and if you look the part they'll quickly flick through the phone for obvious stuff they're after and will let you go once they don't find it.

If you are actually doing something that would cause issues, then you keep this off the local device and onto a remote one. Use a YubiKey or other dual-use authenticator (that gives you plausible deniability for having it - you can use the same key on benign social media accounts, etc) to access it from a secure device once you're through.

wkat4242 · 2h ago
Also, the obvious: don't visit countries with border device searches.

I can understand customs looking for suspicious contraband. We all want drugs confiscated. But data is easier to transport across borders online than on a person's device. If they're looking for hints of terrorism these can be done also after entering the country with the proper warrants.

The only reason these are done is just theater and muscle flexing/bullying. They don't serve a real purpose. And the countries carrying these out are just trying to look tough.

slau · 4h ago
Just store the TOTPs you actually care about on a Yubikey. Leave a few “worthless” TOTP in whatever TOTP app you use. Remove the Yubico Authenticator app before crossing the border.
xxpor · 5h ago
Be very careful with your threat model here. If an agent attempts to use the codes and they don't work, and they find out there's a dual pin mechanism, you could end up in more trouble than with whatever they'd have seen in the first place.
mrsilencedogood · 5h ago
Yeah, people love to LARP being Snowden but never actually have anything even theoretically worth being sent to border-jail over protecting.

And, if you do, and you're really asking hacker news for opsec advice, I would suggest you abandon your career as a super-spy or whatever you're doing, because you're doing it very wrong.

soraminazuki · 2h ago
This is the nothing to hide argument dressed up with hyperbole, straw men, and insults. You're making fun of people protecting basic human rights.
jakedata · 5h ago
Not a superspy. Oblig: https://xkcd.com/705
ectospheno · 5h ago
Have a phone just for travel. Different account. Only have things you actually need during travel on it. Turn on a cheap plan when you need it. If they ask for something just say you can't remember and let them keep it.
esbranson · 4h ago
Lying to US officials is 5 years in prison. Per instance. One assumes other countries have similar laws, but I doubt anyone knows what actually happens in courts outside the US.
Elfener · 4h ago
This post came to mind: https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/

I doubt anyone wants to search a f-91w.

altairprime · 4h ago
Memorize one TOTP key for a cloud offering; then store the rest in it. 1password, Lastpass, etc. It’s not that much longer than a Windows product key, and I still know one of those.

The secret key is just an RNG output so you could also take it in 4 byte chunks and memorize 16 PRNG inputs that generate each the 4 bytes.

Or you could memorize a passphrase, take a sha2 hash of it, and then memorize a single PRNG input that spits out the bitstring diff between the hash output and the TOTP key. That way you aren’t wholly dependent on memorizing numbers and you can still safely use a more predictable and weak ‘PRNG’ that can amplify the bitstring salt out of an input.

etc.