WingNews logo WingNews GitHub [2]

_hyn3's comments

_hyn3 | 6 months ago | on: Benchmarks for Golang SQLite Drivers

Excellent evaluation. From reading the code, it appears that the units for the numbers column is usually milliseconds (ms)

It also looks like squinn is the clear leader for most but not all of the benchmarks.

Even though it's "not scientific", is still very useful as a baseline - thanks for taking this effort and publishing your results!

Also taking a look at monibot.io , looks cool

_hyn3 | 9 months ago | on: SMS 2FA is not just insecure, it's also hostile to mountain people

Trying removing consent to receive text messages on that number, or that it's only a land line and only phone calls are accepted.

You might even try to block incoming SMS. In fact, you might also try a forward with Twilio or free Google voice number, since a lot of SMS TOTP refuse to with with those numbers :)

I've even had success removing my phone number entirely from certain types of accounts, but sometimes I had to deliberately break the account (eBay) and then it tries to get you to confirm on each login which you can sometimes bypass by changing the URL or clicking the company logo.

Be sure to have strong security in other ways; strong, non repeated passwords.

But this is truly insane. Large banks don't even offer the option of TOTP but instead require far more insecure SMS. Maybe they'll offer RSA dongles, because they never bothered to remember when they all got completely leaked ten years ago or how they accepted $10M to completely compromise their constants.

What can you say, large enterprises are behind the security eight ball, as always! It's a tale as old as time.

https://www.wired.com/story/the-full-story-of-the-stunning-r...

https://www.theverge.com/2013/12/20/5231006/nsa-paid-10-mill...

_hyn3 | 10 months ago | on: Whistleblower details how DOGE may have taken sensitive NLRB data

> President isn't CEO

The President is literally the Chief Executive officer in the United States.

https://people.howstuffworks.com/president4.htm

> Laws and budgets are set by Congress

That's correct, under Article 1, but the President does not have to spend every dime that was allocated.

> EOs do not have the force of law

"Both executive orders and proclamations have the force of law, much like regulations issued by federal agencies"

https://www.americanbar.org/groups/public_education/publicat...

You seem to underestimate the power that is vested in the office of the President as the Chief Executive.

> have been invalidated by courts

As have many, many legislatively-passed laws; this is simply checks-and-balances and allows the judiciary to act on other laws (which originate from Congress) and regulations (which originate from the Executive Branch).

_hyn3 | 10 months ago | on: Whistleblower details how DOGE may have taken sensitive NLRB data

If the CEO of your company empowers a team to audit your work, would you 'resist'?

And this Chief Executive was elected by the majority of the country, specifically to take these actions that he'd clearly stated he would take.

The resistance is actually the violation of federal law. It's no different from contempt of court; within the President's domain, he has a huge amount of power. The President can also modify existing policy (regulations) at any time and literally make new laws (Executive Orders have the force of law) as long as they don't conflict with current law, as well as overturning previous President's Executive Orders.

Of course, then the shoe will be on the other food someday, too, just as it was when Biden took over from Trump and then they switched places again.

As President Obama said, "I've got a pen, and I've got a phone."

https://www.npr.org/2014/01/20/263766043/wielding-a-pen-and-...

_hyn3 | 10 months ago | on: JSLinux

Willy Tarreau - creator of HA Proxy

_hyn3 | 11 months ago | on: Owning my own data, part 1: Integrating a self-hosted calendar solution

"Would be nice if you use your.. financial stability of a Google job to build an open-source protocol"

Well, sure, it'd be nice if we could all spend our time building things to give away for free, but it's just not always possible. Life happens and people shouldn't have to explain or apologize for it.

_hyn3 | 11 months ago | on: Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH

How does this compare to Userify's plain-jane SSH key technique?

That agent (Python, single-file https://github.com/userify/shim) sticks with decentralized regular keys and only centralizes the control plane, which seems to be more reliable in case your auth server goes offline - you can still login to your servers (obviously no new users or updates to existing keys). It just automates user and sudo configuration using things like adduser and /etc/sudoers.d. (It also actively kills user sessions and removes the user account when they're deleted, which is great for when you're walking someone out in case they have cron-jobs or a long-running tmux session with a revenge script.)

This project looks powerful but with a lot of heavy dependencies, which seem like an increased surface area (like Userify's Active Directory integration, but at least that's optional)

_hyn3 | 1 year ago | on: Teens learn a new conspiracy theory every week on social media

> About 80% of teens who use social media say they see content about conspiracy theories in their online feeds

Where conspiracy theory means what, exactly? Did they define this term for the teens (or even just for the survey)? Why is 'disinformation' (itself undefined) conflated with the hilariously ambiguous 'conspiracy theory'?

It's really just a terribly weak article, and the source "study" doesn't look much better. It really looks like it is a study set forth to push a particular agenda with "numbers".

Too many people confuse data with science, and perhaps that is what schools should actually be teaching; probably when they teach statistics, which all students should take. Pseudo-science like "critical thinking" can't really be taught, but actual science can.

page 1
more