Feed aggregator
Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life
Every enterprise identity platform—from Okta and Azure AD to self-hosted password managers and privileged access management systems—shares a common architectural assumption: credentials are encrypted at rest in persistent storage. AES-256, PBKDF2 stretching, HSM key management—these are table stakes. But they're also irrelevant the moment an attacker exfiltrates your encrypted database.
The 2022 LastPass breach exposed the fundamental flaw. Attackers didn't need to defeat encryption in real-time. They copied encrypted vault data and moved it to their own infrastructure. At that point, security degraded to a single variable: how long until users' master passwords fell to offline brute-force attacks. For accounts created before 2018 with lower iteration counts, the answer was "not long enough."
The enterprise cost: -$53M+ in regulatory fines and breach remediation -Permanent loss of customer trust -Ongoing credential rotation mandates for affected organizations -Cyber insurance rate increases industry-wide
The industry response has been predictable: increase PBKDF2 iterations, mandate longer passphrases, add MFA. These are defense-in-depth measures that slow attackers down. But in an environment where attackers have unlimited time and computational resources—including emerging AI-assisted cracking and future quantum threats—slowing down offline attacks is a losing strategy.
The architectural question your board should be asking: If encrypted data exists at rest, what's your organization's exposure window before that encryption becomes obsolete?
The answer requires a paradigm shift from storage-based security to execution-based security. In a zero-persistence architecture, decryption keys are never written to disk, never cached in memory pools, never persisted in cloud buckets. They're derived ephemerally from user passphrases—manifested only for the microseconds needed to decrypt specific credentials, then immediately purged from RAM.
An attacker who compromises your infrastructure finds encrypted data with no persistent keys to target. The methodology that generates keys is decoupled from the data itself. You've eliminated the exfiltration-to-offline-cracking pipeline entirely. This isn't incremental improvement. It's rethinking what "breach" means when there's nothing persistent to steal.
Next: How blockchain verification models eliminate the vault entirely, and why your current SSO architecture can't get there from here.
Comments URL: https://news.ycombinator.com/item?id=46931447
Points: 1
# Comments: 0
Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation
Article URL: https://github.com/qrafty-ai/teleop_xr
Comments URL: https://news.ycombinator.com/item?id=46931434
Points: 1
# Comments: 1
The Highest Exam: How the Gaokao Shapes China
Article URL: https://www.lrb.co.uk/the-paper/v48/n02/iza-ding/studying-is-harmful
Comments URL: https://news.ycombinator.com/item?id=46931418
Points: 2
# Comments: 1
Open-source framework for tracking prediction accuracy
Article URL: https://github.com/Creneinc/signal-tracker
Comments URL: https://news.ycombinator.com/item?id=46931411
Points: 1
# Comments: 0
Are Big Tech's Nuclear Construction Deals a Tipping Point for Small Modular Reactors?
The rocky 1960s origins of online dating (2025)
Article URL: https://www.bbc.com/culture/article/20250206-the-rocky-1960s-origins-of-online-dating
Comments URL: https://news.ycombinator.com/item?id=46931366
Points: 1
# Comments: 0
Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents
Built this because giving AI agents raw HTTP access is scary. agent-fetch is a drop-in HTTP client that blocks SSRF, DNS rebinding, private IP access, and redirect tricks — all at the request level.
It uses its own DNS resolver (Hickory DNS), validates all resolved IPs against a blocklist (loopback, RFC 1918, link-local, cloud metadata, etc.), and pins the TCP connection to the validated IP so there's no TOCTOU gap to exploit.
Also supports domain allowlists/blocklists, rate limiting, body size limits, and timeouts.
Available as a Rust crate and npm package (native Node.js bindings via NAPI).
Built for tool-based agent architectures (MCP, LangChain, etc.) where you control what the agent can call. Not a replacement for container isolation but if your agent only talks to the outside world through HTTP, this locks it down.
GitHub: https://github.com/Parassharmaa/agent-fetch
Comments URL: https://news.ycombinator.com/item?id=46931359
Points: 1
# Comments: 0
Why there is no official statement from Substack about the data leak
Article URL: https://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-phone-numbers/
Comments URL: https://news.ycombinator.com/item?id=46931347
Points: 4
# Comments: 1
Effects of Zepbound on Stool Quality
Article URL: https://twitter.com/ScottHickle/status/2020150085296775300
Comments URL: https://news.ycombinator.com/item?id=46931340
Points: 1
# Comments: 0
Show HN: Seedance 2.0 – The Most Powerful AI Video Generator
Experience the power of Seedance 2.0 - the revolutionary AI video generator by ByteDance. Create cinematic 2K videos with multi-shot storytelling, motion tracking, and professional quality in seconds.
Comments URL: https://news.ycombinator.com/item?id=46931334
Points: 1
# Comments: 0
Ask HN: Do we need "metadata in source code" syntax that LLMs will never delete?
Pentagon cutting ties w/ "woke" Harvard, ending military training & fellowships
Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? [pdf]
Article URL: https://cds.cern.ch/record/405662/files/PhysRev.47.777.pdf
Comments URL: https://news.ycombinator.com/item?id=46931302
Points: 1
# Comments: 1
Kessler Syndrome Has Started [video]
Article URL: https://www.tiktok.com/@cjtrowbridge/video/7602634355160206623
Comments URL: https://news.ycombinator.com/item?id=46931285
Points: 1
# Comments: 0
Complex Heterodynes Explained
Article URL: https://tomverbeure.github.io/2026/02/07/Complex-Heterodyne.html
Comments URL: https://news.ycombinator.com/item?id=46931283
Points: 3
# Comments: 0
EVs Are a Failed Experiment
Article URL: https://spectator.org/evs-are-a-failed-experiment/
Comments URL: https://news.ycombinator.com/item?id=46931238
Points: 3
# Comments: 5
MemAlign: Building Better LLM Judges from Human Feedback with Scalable Memory
Article URL: https://www.databricks.com/blog/memalign-building-better-llm-judges-human-feedback-scalable-memory
Comments URL: https://news.ycombinator.com/item?id=46931235
Points: 1
# Comments: 0
CCC (Claude's C Compiler) on Compiler Explorer
Article URL: https://godbolt.org/z/asjc13sa6
Comments URL: https://news.ycombinator.com/item?id=46931225
Points: 2
# Comments: 0
Homeland Security Spying on Reddit Users
Article URL: https://www.kenklippenstein.com/p/homeland-security-spies-on-reddit
Comments URL: https://news.ycombinator.com/item?id=46931213
Points: 3
# Comments: 0
Actors with Tokio (2021)
Article URL: https://ryhl.io/blog/actors-with-tokio/
Comments URL: https://news.ycombinator.com/item?id=46931206
Points: 1
# Comments: 0