pt's comments | WingNews

pt | 5 months ago | on: Oh no, not again a meditation on NPM supply chain attacks

When we close and reopen VSCode (and some other IDEs), it updates the NPM packages for the installed plugins. Would these mitigations steps (e.g. pnpm) also take care of that?

pt | 5 years ago | on: Nikon Issues Small Recall for a 16-Year-Old Film Camera

Baby bullet.

pt | 6 years ago | on: Helping organizations do more without collecting more data

From https://github.com/google/private-join-and-compute:

"Our protocol has security against honest-but-curious adversaries. This means that as long as both participants follow the protocol honestly, neither will learn more than the size of the intersection and the intersection-sum. However, if a participant deviates from the protocol, it is possible they could learn more than the prescribed information."

Also: "Disclaimers: This is not an officially supported Google product. The software is provided as-is without any guarantees or warranties, express or implied."

pt | 7 years ago | on: Ask HN: What VPN service are you currently using?

Is there a way to setup an “always on” VPN on my device, such that it disallows any traffic to egress unless connected to the VPN?

pt | 7 years ago | on: I made my own WireGuard VPN server

On the client, is it possible to setup an “always on” VPN? Such that when the client restarts on reboot, there is no internet connection until the VPN is on. Or when either the client or server glitches, the end point computer/mobile does not connect to the internet in the clear?

pt | 8 years ago | on: Marissa Mayer launches Lumi Labs, a new incubator

“Thinking about what's next, I returned to my roots, rented the original Google office where I started my career, and founded a lab with my longtime friend and teammate @eamunozt. A bit of info: lumilabs.com”

https://twitter.com/marissamayer/status/986716678682587136?s...

pt | 8 years ago | on: Show HN: Fanout – Reverse proxy to push real-time data to connected devices

How do you compare it with PubNub?

pt | 9 years ago | on: Frp: A fast reverse proxy to help you expose a local server to the internet

Check out https://www.trustedpassage.com (private beta right now). It's like ngrok but with security as the primary focus.

Disclaimer: I am one of the co-founders.

pt | 9 years ago | on: Why aren’t we using SSH for everything?

I was referring to the browser side certificate that can be generated using the <keygen> tag, and then used for the subsequent HTTPS sessions. Would this be equivalent to ssh-keygen for SSH?

pt | 9 years ago | on: Why aren’t we using SSH for everything?

Do TLS client certificates make HTTPS equivalent to SSH?

pt | 10 years ago | on: Opera VPN behind the curtains is just a proxy

I am actually working on build something similar. So, you could roll out an app-specific VPN like secure tunnel real easy. It is inspired by the work at Google IT called BeyondCorp [1].

The target market is companies whose employees require secure remote access to internal apps, but IT does not want to give a broad network access via VPN. So, marketing/sales like employees who simply want to access internal portals, etc. without the hassle of dialing into a VPN.

[1] http://research.google.com/pubs/archive/43231.pdf

pt | 10 years ago | on: CloudFlare and Google Cloud Platform

Yes, DNS history is one way to leak your IP. There are several other ways that the origin IP may get leaked, so you should be very careful if you use Cloudflare:

* Keep all subdomains on CloudFlare

* Don't use wildcard subdomains if you are not on Pro account

* Don't host mail or other services on the same server as your web server (email headers have origin IP)

* Never initiate an outbound connection based on user action

* Make sure that your web server and web application are patched against all known information disclosure vulnerabilities.

* Change your origin IP once configured for maximum DDoS protection on CloudFlare

Cloudflare documents it here: https://blog.cloudflare.com/ddos-prevention-protecting-the-o...

pt | 10 years ago | on: CloudFlare and Google Cloud Platform

Besides Cloudflare being the biggest man-in-the-middle on the internet, their DDoS mitigation offering is also questionable. If you google "clouflare bypass" [1], you get to websites that can tell you the origin IP address of a cloudflare customer's domain name. So, malicious guys could hit the real IP directly.

[1] https://www.google.com/search?q=cloudflare+bypass

pt | 10 years ago | on: Ask PG: How is Arc coming along?

A dream is a goal without a deadline.

pt | 11 years ago

So Rapportive for XLS?

pt | 11 years ago | on: Apple – Live – September 2014 Special Event

Anyone hearing Chinese commentary?

pt | 11 years ago | on: LocalFlow – Discover your neighborhoods

``It was through the private world of family that the public world of politics came alive.´´

-Sonia Gandhi-

This is a first. Never seen a startup quoting from a politician from India (not related to Mahatma Gandhi) in their landing page :)

pt | 11 years ago | on: The Swift Programming Language

swift-lang.org mentioned at the bottom of the page seems to be down.

pt | 12 years ago | on: Show HN: JS library to make your website instant

Yeah, just tried it. Does not work with angular SPA.

pt | 12 years ago | on: Powerchair: A dad hacks a wheelchair for his disabled 2-year-old son

I would like to contribute money for Alejandro (as I do not have the hacking ability/skills to contribute anything meaningful for the tech). Is there a way to contribute money for Alejandro and his dad?