asjfkdlf
|
11 months ago
|
on: Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
It states that it doesn’t require major changes because it all happens under the SSH protocol. A new program is needed on the client to sign in and you can already run a custom program on the server to authorize the key.
asjfkdlf
|
1 year ago
|
on: Ask HN: What are the best programmable holiday lights?
I bought these and they are great. They strike a balance of programmable, but have a kit. Relatively simple for a novice
asjfkdlf
|
1 year ago
|
on: Show HN: Documind – Open-source AI tool to turn documents into structured data
I am looking for a similar service that turns any document (PNG, PDf, DocX) into JSON (preserving the field relationships). I tried with ChatGPT, but hallucinations are common. Does anything exist?
asjfkdlf
|
1 year ago
|
on: How Discord stores trillions of messages (2023)
Aren’t they using a NoSQL store? They migrated from Casandra to Scylla DB
asjfkdlf
|
1 year ago
|
on: MTA Open Data Challenge
The prize is very underwhelming. If they really want people to spend effort on it, they need to make the prize worth it.
asjfkdlf
|
1 year ago
|
on: AES-Gem (AES with Galois Extended Mode)
How does this compare to other GCM alternatives such as AES-SIV and AES GCM-SIV?
asjfkdlf
|
1 year ago
|
on: Sam Bankman-Fried sentenced to 25 years in prison
To be a deterrent, it just needs to curb some percentage of behavior. Not stop it completely. Do you think people are murdering at the same rate as if there was no punishment? It could be, but I would bet the numbers would go up significantly.
asjfkdlf
|
3 years ago
|
on: We Found 28,000 Apps Sending TikTok Data. Banning the App Won't Help
There are some really good findings about TikTok APK used in many apps. In addition I agree that better privacy laws that would affect all companies, even US ones, would be the ideal.
The statement that this ban won't help is completely wrong though. Passing universal privacy laws will take years, if ever. Banning TikTok has bipartisan appeal. Don't let perfect be the enemy of good. Tiktok can still influence people through the feed and collect even more data through the app itself.
Obviously we should work towards a privacy law around this, but this is a reasonable first step to address the most dangerous actor.
asjfkdlf
|
3 years ago
|
on: NY Sabotages Right to Repair Bill [video]
I envy your experiences. I personally have had the opposite experience. It’s important to remember that your personal experience may not be the same as others. As this movement is very popular in the general public, my guess is many others have had bad experiences with trying to repair their device (i.e. $500+ for a simple repair from the manufacturer).
I personally don’t care for Louis and he may be a jerk as you suggested, but I try to look at ideas instead of people. Some really bad people have had good ideas. If you follow ideas instead of people, it’s not an issue if you agree with someone on one topic and disagree with almost everything else they have said.
asjfkdlf
|
3 years ago
|
on: AirTag catches United lying about location of lost suitcase
Don’t attribute to malice what can be equally be explained by stupidity
asjfkdlf
|
3 years ago
|
on: HackerRank (YC S11) DMCA'ed the SymPy Docs [fixed]
This is a horrible abuse of the DMCA. HackerRank does not own the copyright to independent solutions.
asjfkdlf
|
4 years ago
|
on: Exploring the Security Implications of GraphQL
There is some useful information here, but saying docs are more secure than introspection makes no sense. The person can learn about your file upload endpoint through docs. Security through obscurity is not a reasonable security strategy.
asjfkdlf
|
4 years ago
|
on: Postgres, Kafka, and a mysterious 100 GB
Had this exact thing happen in production when we turned off an audit DB replication slot. We got lucky and caught it before our entire app went down. It’s one of the many foot-guns we have found with Postgres.
asjfkdlf
|
6 years ago
|
on: Designing a service for password-less temporary access to resources
I have implemented something similar, but used 12 characters. 6 is way too few for a secure URL
asjfkdlf
|
6 years ago
|
on: Show HN: Microfronts – Front-end solution for running multiple frameworks as one
It looks like the code is running in iframes, so yes it would do hard navigation, but it would not change the domain the user sees.
asjfkdlf
|
7 years ago
|
on: Year 2038 problem
"There is no universal solution for the Year 2038 problem"
asjfkdlf
|
9 years ago
|
on: LastPass autofill exploit
No, that is not possible. Extensions in Chrome run in a different execution context than the website. The website's document.creatElement is different from the extension's.
If the website could override extension functions, attacks would already be possible by overriding Regex functions.
asjfkdlf
|
9 years ago
|
on: Mailhero – a more permanent temporary email
You can do it with google apps too, but it's a little more difficult. Login into an account and setup an alias.
There is a limit to the number of aliases, but you can just create more accounts with aliases that forward to your email.
asjfkdlf
|
10 years ago
|
on: WebUSB API: draft spec to safely expose USB device services to the web
I am not sure what you are getting at. Those don't occur on the web and are not an issue with desktop apps you install. If a desktop app wants to run a bash command, it can do it. It doesn't need to find a bash injection.
There isn't easily exploitable issues like XSS on the desktop. Meaning, if you run a desktop app you generally don't have to worry that some rogue code is injected into the app, unless the developers keys are stolen which is rare.
asjfkdlf
|
10 years ago
|
on: WebUSB API: draft spec to safely expose USB device services to the web
That would be a good first step. It would have to be a subset of CSP. Don't allow inline scripts or eval.. Only on https is another step I see as very important.
