Hacker Newsnew | past | comments | ask | show | jobs | submit | tejado's commentslogin

Android phones: https://github.com/tejado/android-usb-gadget

I have unfortunately not yet developed any mouse/keyboard app for this. I only use it for https://github.com/tejado/Authorizer


Thanks so much for that, I ended up making my own app using Android USB Gadget and some code I stole from Authorizer.

https://github.com/askiiart/android-usb-keyboard

It's my first app, and it definitely shows, but it works. Though, it's definitely missing a fair number of keys.


Please describe what your service is for. I had to click on the Google Elevation API on your „What is Open Elevation“ page to finally understand what your service is for.


Likely Grafana K6: “ A modern load testing tool, using Go and JavaScript - https://k6.io


> Being able to set up access rules for the service and having user set limits would also be very helpful.

The documentation is pretty clear on that: https://developers.cloudflare.com/web3/how-to/restrict-gatew...


Thank you this is actually something that appears to solve one of my main issues. I did not see this before, and it's not linked to from their dashboard UI or the ethereum gateway docs [1]. It appears that I could make the DNS record go through another cloudflare product Cloudflare Zero Trust[2] which can do the access management.

While this is good to know, I still would much like visibility into public usage and user set billing limit caps. A large portion of use cases for an ethereum gateway is going to be frontend client side calls, and yes I know I could make another proxy layer on my own servers and set limits there, which if I could do things over I would have.

1. https://developers.cloudflare.com/web3/ethereum-gateway/ 2. https://developers.cloudflare.com/cloudflare-one/


It’s pretty terrible that they even allow public access to these gateways, let alone default to it. At a very bare minimum some sort of origin header checks should be done. Who in their right mind would want to pay an exorbitant rate to put a frontend-specific JSON-RPC API out on the public internet to be abused for free by other sites?


Sure the IP is PII because you are not allowed to publish it as others could relate the IP to the identity.

But as others already said: if you don’t store the IP (eg in logs) it should be fine.


You could store the IPs in logs until the heat death of the universe and it would be fine, as long as you aren't able to translate it to an indentity (or give it to someone who can). The point of my comment is that an IP is only considered PII when possessed by someone who can do the conversion.


Kernel-Mode driver? Why not using Windows Filtering Platform (WFP)?


I developed Authorizer to have a cross-platform solution without any server/cloud-service. It is an offline hardware password manager based on PasswdSafe for Android. The concept is to use an old Android phone as your password manager. It can type the password over USB and Bluetooth on your target device. Supports OTP.

Smartcard and WebAuthn support are on the roadmap. Doing also a lot of modernization on the next weeks. https://github.com/tejado/Authorizer


I think offline hardware password managers are the most secure. Including offline backup.

For this, I developed Authorizer to use your old Android phone as your password manager. It can type the password over USB on your target device. Supports OTP. Smartcard and WebAuthn support are on the roadmap. Doing also a lot of modernization on the next weeks.

https://github.com/tejado/Authorizer


Still planning to add further things like passkeys (when CTAP 2.2 spec is published) and smartcards. But at first, I have to modernize it a little bit.


Thank you! I appreciate your feedback!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: