Hacker Newsnew | past | comments | ask | show | jobs | submit | jdmoreira's commentslogin

Sure... but it should degrade to work when the central services are down.

You should still be able to authenticate with each individual service when the centralised service is down.

There is no reason why you shouldn't be able to login to your bank under these circumstances.


Finnish system works like that. If central system is down I can still log in to bank. But I can not log into say tax or healthcare system.

These things should be offline / resilient first right?

Smartcards / YubiKeys.

Never understood the logic for these to be centralised / online.


PKI works offline until you realize you need to handle revocations.

For this and related reasons, such as enforcing protocol upgrades, most smartcard systems end up permanently online.


You can have a mixed system, such that revocation lists are downloaded and cached every hour or so, and you can even try to check online more often than that, but fall back to the downloaded lists if the system is down.

Revocation.

can be solved with a hybrid model that degrades when the central service is down. No?

Well they provide that if you want. they have both a OTP dongle, a OTP loud speaker and one that uses FIDO U2F (though you need to pay for that one).

https://www.mitid.dk/en-gb/get-started-with-mitid/how-to-use...


If you can see the messages unfortunately thats a deal breaker for me. If its encrypted end-to-end than I’m in.


Fair concern. We don't have true E2EE yet because our service needs access to message content for cross-device sync, notifications, and agent execution. Everything is encrypted in transit and at rest, and all repo operations happen locally on your machine.

We've heard this from other users and it's on our roadmap. The challenge is we're building features like voice coding agents and hosted sandboxes that require plaintext inputs, so we'd need two execution models. Doable, but adds complexity for our team size.

That said, it's something we're prioritizing as we grow. No promises on timing, but it's coming.

If you want to discuss specific requirements or a local-only mode, happy to chat: https://discord.gg/Dc46sYk6e3


> We don't have true E2EE yet because our service needs access to message content

That means you don't have E2EE, period. Implying that there is such a thing as "true E2EE" (as opposed to "E2EE") either indicates that you don't know what E2EE means, or that you're scammily trying to do what Apple does with iMessage and say that something that isn't E2EE is, for marketing purposes.

E2EE means that nobody except the endpoints has keys. There is no such thing as "true E2EE" any more than there is such a thing as "true pregnancy".


Yep, you're right, we don't have E2EE period (and we don't claim to have it anywhere), for the reasons I mention above (our cloud sandbox agent and voice agent need plaintext messages, so we'd need access to the keys, which defeats the purpose of E2EE). Apologies for the incorrect wording!


Hysterical E2EE


https://happy.engineering/ says that they have E2E encryption. Is that true?


Yes, they have E2EE, but it comes with some limitations in the features they're able to provide.


Like what? I like it a lot...


Replying to your latest comment here:

What do you mean by syncing? Happy coder syncs sessions between all my happy coder clients. I can even see in real time how happy coder in my browser's conversations progress as well as on my phone, in parallel.

Omnara also displays realtime conversations between all Omnara clients. What I mean by syncing is syncing your conversation and code changes to a cloud sandbox, which is useful if you're using Omnara on your laptop and you close your computer (as explained in the original post). If you run your agents on a persistent cloud VM, then this is less of a value add.

I can voice chat with Happy coder.

We use https://docs.livekit.io/agents/ which runs the voice agent in the cloud (to enable the above use case, and a better experience when you're using your phone when it's off), whereas I believe happy runs a client-side voice agent.


Thanks for answering my questions! I see that Happy Coder is not far from Omnara. I hope Omnara can be not too far from E2E encryption. The lack of E2E encryption was why I didn't chose Omnara.


Two of the main feature's we're investing heavily into are remote sandboxes + syncing, and voice agent support, wouldn't work with E2EE.


I can voice chat with Happy coder. Also, I run happy coder in a sandbox of mine on my computer. What do you mean by syncing? Happy coder syncs sessions between all my happy coder clients. I can even see in real time how happy coder in my browser's conversations progress as well as on my phone, in parallel.


Happy is an abandonedware unfortunately. It's a great app and dev can capitalize a lot from it but for some reason he hasn't been seen or heard in months since the last release.

There are attempts to create a fork maintained by other developers, but they're yet to be launched.


Just price in the externalities and it probably solves itself


I mostly learned with pen and paper and tracing in my mind. We were 18 though


Pen and paper? Excuse me, but real programmers use butterflies.


This was just standard procedure at university in 2002. Nothing special. It was me and 200 more people. Pretty sure all the exercises were lifted or inspired by The Little Schemer even thought it took me years to learn about that book.


I suppose butterflies would do for volatile storage but you really need long term memory, such as twig and clay tablet.

What was good enough for the Sumerian’s is good enough for me.


N=1, but I learned scheme first. It was great and I'm doing fine. First scheme then C. Back-to-back.


Almost certainly these people know way way more than you and a lot of knowledge is tacit knowledge and cant be explained easily.

Also don't trust anything from college that are not hard provable facts. Just don’t. Trying to learn "best practices" in college is total BS.

For example, I was already quite experienced when I worked with a specific really good older engineer. I knew he was very good but I thought he was wrong about some things and I was right. We had some debates. I kept thinking about those things for years. Now I know he was right about all those things. Yeah, he was right about everything I remember disagreeing with at the time. Took me years to figure it out.

So here is an advice to my younger self: Shut up and put in the thousands and thousands of hours first.


Because the world has already been built for the "human" interface


It has? I don't think every little thing has. Do I want a robot that has to lift the couch to clean under it, or do I want a robot that can get under the couch?


It was never really about typing the code for me, or solving trivial tasks in isolation.

It was always about building the right abstractions, great api surfaces, growing codebases without having them collapse under their own weight, etc.

I still get to do that everyday with claude code and arguably faster. I just have to be on top of it at all times. So I've kept having fun!

What I don't understand is the people that stopped reading and iterating on the code. That's just insanity to me!


If you are an LP a their fund this is what you would expect. Hate the player not the game.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: