WingNews logo WingNews GitHub [2]

coo1k's comments

coo1k | 7 years ago | on: Show HN: Decentralized WeChat, without data mining, censorship or spying

I find BitMessage protocol truly decentralized. I worked on implementing a java client for it a while ago. It stores encrypted message on your machine, although only the intended receiver can decrypt the message. Although inefficient it's impossible to identify origin of the message. On the downside the p2p message propagation could take time. I wish it was more popular.

Source: https://bitmessage.org/wiki/Protocol_specification

coo1k | 9 years ago | on: Ask HN: Am I obsolete?

I did get some interviews through networking but I couldn't clear those. Till now I couldn't understand why, till my last interviewer told me since I'm from small company operating at small scale I'm not suitable for senior position.

coo1k | 9 years ago | on: Ask HN: Am I obsolete?

10 to 12 phone screens in last 2 years and I was constantly trying to arrange interviews. out of those 3 progressed to onsite interviews, but was rejected in all 3. I'm in bay area, but need to move to seattle soon for personal reasons.

coo1k | 9 years ago | on: Ask HN: Protecting database information?

OR you could encrypt user password with your public key. Then when you login, you can decrypt user password with your private key. Then go on decrypting user information with that password. This way you won't have to make copy of information posted by users and still will be able to view it with admin login.

coo1k | 9 years ago | on: Ask HN: Protecting database information?

There is a way to get around #3 although inefficient. Everytime information is posted by your users you can create 2 copies of encrypted information. One with users password for them to view. The other would be using your key, but you cant simply use password for encrypting your copy, that would be insecure since you need to store your password on server. Instead you can use asymmetric encryption such that you can use your public key to encrypt the information. Then you can use your private key to login to you website and view all information.

coo1k | 9 years ago | on: Ask HN: Protecting database information?

Disclaimer: I am far from a security expert.

If your website is used by authenticated users i.e. requiring username password to login, then you could use their password to encrypt relevant data and decrypt it in runtime when the user logs in. However make sure you destroy the password and decrypted information from memory after user logs out or after a certain timeout, whichever is earlier.

Since now you are not storing keys on your server, attacker wont be able to decrypt sensitive information even if he gains administrative access to your server. Each user will be holding key in form of his password. The attacker will have to get password of each user.

Use https so that the attacker wont be able to sniff out password of the user.

Downside: 1. Forgot password functionality will be hard to implement 2. If users try to login to your application after attacker gains access to it, attacker will come to know of the password and use it to decrypt information pertaining to that user. 3. Even you won't be able to see the information since you won't have the decryption key.

coo1k | 10 years ago | on: How to Legally Own Another Person [pdf]

The problem isn't with finding new job, it's with time. There is no grace period for H1b. If you are laid off without any advance notice, you have to pack up your stuff and leave the country immediately. Not to mention, you have no time to sell off your car or any other property, unless you have friends who can do that after you leave. So unless you are proactively looking to change company, you are always under constant fear. Source: http://www.uscis.gov/tools/ombudsman-liaison/practical-immig... See Q2
page 1
more