heartsucker | 8 years ago | on: Telegram founder: US intelligence tried to bribe us to weaken encryption
Funded by the government != The government has their hands all over it
heartsucker's comments
heartsucker | 8 years ago | on: Ask HN: How can I experience SF and Silicon Valley in two weeks?
Berlin was calling to me. There were somethings about SF I didn't like, but it wasn't so much "I moved out of SF" as "I moved in to a new city."
heartsucker | 8 years ago | on: Ask HN: How can I experience SF and Silicon Valley in two weeks?
Philz and Skeggs are both in SV, and I was contributing what I could because OP said "SF and SV."
_w7am | 8 years ago | on: Ask HN: How can I experience SF and Silicon Valley in two weeks?
Good lord, so much snark in this thread, so here's some actual suggestions if you want to enjoy yourself (note: I moved out 3.5 years ago).
Get coffee at Four Barrel, Ritual, Sightglass, Blue Bottle, Philz
Get tacos in the Missions at Taqueria Vallarta, Taqueria Cancun
Go to Noisebridge, Sudo Room, Hacker Dojo
Hike at Hawk Hill, Skeggs, Muir Woods, Mt. Tam
Look up local concerts at funcheapsf.com. There's so many fantastic gargage bands that should have record deals. $5 can get you an amazing show
Have a picnic at Lake Merrit
Walk around some of the university campuses (I quite like Berkeley)
Look at the street art on Clarion Alley
Go to Nightlife at the California Academy of Sciences
To the Conservatory of Flowers
Drive up Twin Peaks on a foggy day and watch Carl roll over the city
Walk around Haight-Ashbury (possibly buy drugs) and check out the shops and food
Walk around Telegraph Ave in Berkeley (possibly buy drugs) and check out the shops and food
Drive CA-1 to Monterey. Stop in Santa Cruz.
heartsucker | 8 years ago | on: Electric Cars Soon Will Cost Less Than Gas Cars, Research Suggests
Don't let perfect be the enemy of good. Some people can't not own a car and just bike everywhere or take public transit.
heartsucker | 8 years ago | on: GitHub announcements: Marketplace, Apps and GraphQL API
Poor documentation is a bug in itself.
heartsucker | 9 years ago | on: Air carriers are still failing people with disabilities
Slightly off topic, but this is hardly the biggest blunder of the airline industry. A company I worked for last year absolutely tore them apart in a talk at 33c3.
In short, information like your address or passport number is easily accessible, and while it wasn't in the talk (I think), we were able to recover plaintext credit card numbers during the research.
https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carme...
heartsucker | 9 years ago | on: 'Fight Inequality' Is a Poor Rallying Cry
Because the children have no control over who their parents are, and we shouldn't punish with a lifetime of diminished opportunities because their parents aren't as "good" as others.
heartsucker | 9 years ago | on: Ghost in the Shell
> A theatre in New York was showing the 1995 film, so I watched it for first time on big screen on Wednesday, then saw the live action on Friday
> Did you ... even see the '95 movie recently?
Dude...
heartsucker | 9 years ago | on: Ask HN: What are you working on?
I maintain a Debian packager for nodejs [0] & two Rust libs for CSRF protection [1] [2], and contribute to SecureDrop [3].
[0] - https://github.com/heartsucker/node-deb
[1] - https://github.com/heartsucker/rust-csrf
heartsucker | 9 years ago | on: Linus' reply on Git and SHA-1 collision
git checkout 0.1.0
git tag -v 0.1.0heartsucker | 9 years ago | on: Awless: A Mighty CLI for AWS
Sure, and if we imagine a hypothetical entity that has 10 products with security holes and then releases and 11th, it might be worth looking at the 11th more suspiciously. Things don't happen in a vacuum.
heartsucker | 9 years ago | on: Awless: A Mighty CLI for AWS
The tool phones home. Their website doesn't have HTTPS. It's plausible that the tools phones home over an unencrypted channel (I didn't look, so I could be wrong).
My overall impression is that they don't do security very well.
heartsucker | 9 years ago | on: Awless: A Mighty CLI for AWS
Wow, and your website isn't even HTTPS for what appears to be a security company. Get it together.
heartsucker | 9 years ago | on: Awless: A Mighty CLI for AWS
> We also collect a few anonymous data (CLI errors, most frequently used commands and count of resources).
Looks cool, but this is an instant no for me. Sorry guys.
heartsucker | 9 years ago | on: Signal and Giphy
> you can’t compile your own client from source
According to the docs in the git repo, you can do a `./gradlew build` and there you have it.
> you can’t verify anything
They have docs on reproducible builds[0].
Anyway, I'd say Signal does have more security than WhatsApp because I trust OWS more than I trust WhatsApp/Facebook.
[0] https://github.com/WhisperSystems/Signal-Android/wiki/Reprod...
heartsucker | 9 years ago | on: We Got Phished
Yes, but in theory some sort of MAC could stop it from accessing important files, or anti-virus could detect it and stop it too. But once the password leaves the computer, it's going to take a lot more effort to mitigate the damage. Also, your browser is on your side for protecting against malware, so for example if you have Flash disable, that's a whole vector you can just ignore.
heartsucker | 9 years ago | on: We Got Phished
> What makes an attack like this so effective is that you never expect to see something as convincing as this
I've been working on phishing and counter-phishing recently, and if someone is actually putting any effort in, you have to expect something like this. Very legitimate looking email, the correct signature (complete with up to date font/logo), and a virtually perfect copy of the login page to whatever service they're using. All of this, even just to target a single person, is under 8 hours of work, which is to say, it's a simple task for someone who really wants to phish you.
The article mentions having an IDS and disaster recovery plans, and this is the best you can hope for as pretty much everyone is susceptible to this, and AI still can be beaten.
Source: I've done this, beaten Gmail's anti-scam filters, and phished CTOs.
heartsucker | 9 years ago | on: Trove of Stolen Data Is Said to Include Top-Secret U.S. Hacking Tools
> F.B.I. agents on the case, advised by N.S.A. technical experts, do not believe Mr. Martin is fully cooperating, the officials say. He has spoken mainly through his lawyers, James Wyda and Deborah Boardman of the federal public defender’s office in Baltimore.
It sounds like they're just mad that he didn't confess immediately, instead of doing the smart thing of having professional handle everything. Do they really expect someone to cooperate gladly when repercussions could be severe?
heartsucker | 9 years ago | on: The state of the Scala website and documentation
Since this is all about docs, having gone from Java/Scala to Rust, I cannot emphasize enough how much better Rust is at this. With `cargo doc` I get a local set of static files for the exact version of the libraries I'm using. Why can't everything be this easy?
page 1