Check out Precursor (FPGA device with softcore CPU running on it for trustability).

Xous (microkernel OS for Precursor) has an application called Vault that does FIDO2/U2F as well as password management and USB HID emulation.

https://www.crowdsupply.com/sutajio-kosagi/precursor/updates...

Much more on the dev board side and probably overkill for just this purpose but a really cool device.

Yeah, very cool!

Interestingly, Pinephone is in the almost good intersection of hackable and portable: :)

https://www.crowdsupply.com/sutajio-kosagi/precursor

Doesn't Ardour support VST?

Yes. Reaper does too. The thing that makes plugins incompatible on Linux is just that they aren't compiled for Linux. You can run some plugins through WINE via some tools, but it's more bug-prone than natively compiled Linux LV2 or VST

Yes, but that in and of itself does nothing to make specific 3rd party plugins available in native format for, say, Linux.

Heads up your link is broken, doesn't match any PRs on that repo.

Thanks for letting me know. The link is working for me even in a private window. Not sure why that's happening. As an alternative you can visit https://github.com/internetarchive/openlibrary/pulls and put the search as "is:pr author:RayBB is:merged"

That channel is great, would be great to find repositories of similar hacker/electronics channels, if anyone has some.

https://youtube.com/@mikeselectricstuff/videos Teardowns of biomedical/x-ray/optical machines, as well as deep dives into reverse engineering and clever electrical design.

zeptobars for die shots https://x.com/zeptobars

der8auer is mostly pc hardware focused, but has some interesting videos looking at chips https://www.youtube.com/@der8auer-en

bigclivedotcom for teardowns of random electronics https://www.youtube.com/bigclivedotcom

Anyone tracking signup conversion will realize that phone numbers are autofilled whereas 2FA requires an installation for a greater number of users, leading to drop-off.

2FA apps also require me to do many more actions as opposed to SMS as notification. Would be much better if there was some sort of nudge mechanism for phone to display the proper code.

Microsoft does this. eBay also. And steam. Once you install the app, any time there is a sign in, you get a pop up on your phone. Yes/no button. Very convenient.

Why don't more apps do that?

I disabled my eBay app login pop up because it would never come. My login would sit pending forever. Would much prefer TOTP, even if a little slower.

Most enduring sofware is always those "one-off prototypes" that people cook up over a few days.

I'd buy this (and gift it to everyone I'd think would like it) in an instant. Especially if you somehow included and refined the analysis you have in the blog posts.

You run into ToCToU issues. Even if a chip is "open", how can you be sure the chip you have corresponds to the specification? If that isn't a concern, any FPGA based SoC fits the bill, for example the MNT Reform Kintex-7 module (https://shop.mntre.com/products/mnt-rkx7-fpga-module).

Supply chain attacks can be mitigated with "golden chip analysis", you destructively analyse a known good chip after measuring various power and timing benchmarks across adversarial configurations, and repeat those measurements across all future chips and check they are within margin of error.