Hacker News: ArcHound

Encrypted Client Hello: A Big Tech Privacy Fix

ArcHound — Wed, 15 Apr 2026 17:20:48 +0000

Article URL: https://blog.miloslavhomer.cz/encrypted-client-hello/

Comments URL: https://news.ycombinator.com/item?id=47782174

Points: 1

# Comments: 0

New comment by ArcHound in "Sam Vimes 'Boots' Theory of Socio-Economic Unfairness (2022)"

ArcHound — Wed, 15 Apr 2026 14:50:59 +0000

I think you're right on the luxury brands being less durable.

To address the second airplane example, we really have to go through all that you're buying. Namely: more leg space, faster airport queue processing, more luggage, better in-flight service. Do I value these at 3x the cost? Maybe yes.

New comment by ArcHound in "Dependency cooldowns turn you into a free-rider"

ArcHound — Wed, 15 Apr 2026 04:38:56 +0000

The core point is of course solid. By not updating on day 0, maybe somebody else spend the effort to discover this and you didn't. But there are plenty of other benefits for not rolling with the newest and greatest versions enabled.

I'd argue for intentional dependency updates. It just so happens that it's identified in one sprint and planned for the next one, giving the team a delay.

First of all, sometimes you can reject the dependency update. Maybe there is no benefit in updating. Maybe there are no important security fixes brought by an update. Maybe it breaks the app in one way or another (and yes, even minor versions do that).

After you know why you want to update the dependency, you can start testing. In an ideal world, somebody would look at the diff before applying this to production. I know how this works in the real world, don't worry. But you have the option of catching this. If you automatically update to newest you don't have this option.

And again, all these rituals give you time - maybe someone will identify attacks faster. If you perform these rituals, maybe that someone will be you. Of course, it is better for the business to skip this effort because it saves time and money.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Wed, 15 Apr 2026 03:47:49 +0000

I see your point, I do. It seems like all external software is going in the SaaS direction, where the vendor is keeping all of the data, so they are available over an API. So there are genuinely solid cases for Chromebooks.

The issue is how much power this gives to the vendors. I think we should be able to survive a vendor going poof, taking all our data with them. Having a general computing platform capable of mixing files and privileges seems to me like the only way of keeping this capability.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 19:52:21 +0000

I guess I should set up a monitor alerting me if the two backup diffs are larger than 80% of the data size.

But yes, these are the practical problems we need to address.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 17:10:41 +0000

Please don't. It's bad enough that companies running windows have all the data on win premises. Dumbing down what the users can do with their machines seems like the end of personal computing.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 17:08:20 +0000

Well yes, if you get breached, you have problems. At least in good backups scenario you can continue to operate, so you have money incoming to fix this.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 17:07:15 +0000

I don't think this helps anybody. There will always be some poor soul taking the blame for the crimes of the higher ups. And what exactly the crime would be? Using company money to pay an unspecified third party? Also pretty hard to enforce.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 11:25:04 +0000

AFAIK the idea is to have backups so good, that restoring them is just a minor inconvenience. Then you can just discard encrypted/infected data and move on with your business. Of course that's harder to achieve in practice.

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

ArcHound — Tue, 14 Apr 2026 11:23:02 +0000

I don't think you can enforce such a rule. I think it's a good approach too.

Another issue is that not paying up and risking restore from underfunded ops dept. might be more expensive than paying up AND making a selected executive look bad. And we can't have that, can we.

New comment by ArcHound in "Artemis II is competency porn"

ArcHound — Sat, 11 Apr 2026 11:15:28 +0000

Thanks, edited my comment to reflect this reply.

New comment by ArcHound in "Artemis II is competency porn"

ArcHound — Sat, 11 Apr 2026 11:06:46 +0000

I can't believe the comments here.

"I could have done it better, it's not a big deal, oh, they had women and non white people on board, what even is the shareholder value of this mission, oh it was almost done 50 years ago..."

These people went literally to the moon and back. Furthest anyone has ever been. That's an achievement.

I know things suck right now. Even more reasons to appreciate what is possible with technology.

I agree with the premise of this article. This achievement is inspiring and re-assuring that competency brings results. The alternative is way too depressing AND it mostly is our reality right know.

New comment by ArcHound in "Every dependency you add is a supply chain attack waiting to happen"

ArcHound — Thu, 02 Apr 2026 12:24:17 +0000

Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.

New comment by ArcHound in "I Quit. The Clankers Won"

ArcHound — Wed, 01 Apr 2026 13:04:07 +0000

This sounds like a nice principled stance, but you won't get any traffic with this approach. That's demotivating - to me blogging is a tight balance of exploration, learning, improving and feedback. I'm not able to write without considering how this impacts the reader - removing all readers breaks the process for me.

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ArcHound — Tue, 31 Mar 2026 20:16:48 +0000

Actually, yes, they are the prime targets: https://en.wikipedia.org/wiki/Npm_left-pad_incident or seemingly https://en.wikipedia.org/wiki/XZ_Utils_backdoor as well.

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ArcHound — Tue, 31 Mar 2026 20:13:22 +0000

Yes, that's why I recommend intentional updates. Planning at least a sprint later gives you a week or two, hoping the community catches such issues.

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ArcHound — Tue, 31 Mar 2026 20:09:55 +0000

Let me rephrase - manual security verification is a velocity blocker. People won't do manual security verification of changes.

I agree that npm.org requiring MFA is a good idea in general and in this case.

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

ArcHound — Tue, 31 Mar 2026 04:21:56 +0000

Hi, security here. We've tried, but the amount of people you need for this vs the amount of people you have trying to review and click the big button always means that this step will be a bottleneck. Thus this step will be eliminated.

A much better approach would be to pin the versions used and do intentional updates some time after release, say a sprint after.

New comment by ArcHound in "I am definitely missing the pre-AI writing era"

ArcHound — Mon, 30 Mar 2026 16:52:55 +0000

I thought it's quite good. Of course, I'm not taking 100% of output, but it takes care of my grammar blindspots (damn you commas and a/an/the articles!).

Can you please share what and how gets degraded? Sometimes I don't like a phrase it selects, but it's not common

Hacker News: ArcHound

Encrypted Client Hello: A Big Tech Privacy Fix

New comment by ArcHound in "Sam Vimes 'Boots' Theory of Socio-Economic Unfairness (2022)"

New comment by ArcHound in "Dependency cooldowns turn you into a free-rider"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It"

New comment by ArcHound in "Artemis II is competency porn"

New comment by ArcHound in "Artemis II is competency porn"

New comment by ArcHound in "Every dependency you add is a supply chain attack waiting to happen"

New comment by ArcHound in "I Quit. The Clankers Won"

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

New comment by ArcHound in "Axios compromised on NPM – Malicious versions drop remote access trojan"

New comment by ArcHound in "I am definitely missing the pre-AI writing era"

AI AI Newsletter