Hacker News: BaconVonPork

New comment by BaconVonPork in "Security issues with electronic invoices"

BaconVonPork — Sat, 13 Dec 2025 19:15:24 +0000

When I look at JSON related crypto, say JWT or WebAuthn, I am (un)comfortable saying the CVE causing complexities are there but repeating and not consolidated on a standard layer.

New comment by BaconVonPork in "Security issues with electronic invoices"

BaconVonPork — Sat, 13 Dec 2025 18:16:12 +0000

You are saying people shouldn't want what they want and since JSON has no standards for it you assume it won't happen. Not even X509 is interested in working with detached signatures.

> It does not matter whether your serialization is canonical or not if you don't need to parse the document before you've verified the signature on it.

It most certainly does. First or last duplicate key?

New comment by BaconVonPork in "Framework Raises DDR5 Memory Prices by 50% for DIY Laptops"

BaconVonPork — Sat, 13 Dec 2025 17:38:16 +0000

Then if AI were the only consumer of wafers they would fall short of declaring themselves an illegal monopoly.

New comment by BaconVonPork in "The military's new AI says boat strike 'unambiguously illegal'"

BaconVonPork — Sat, 13 Dec 2025 17:24:14 +0000

How is that different than the Nuremberg defense in combination with Hitler declaring Jews subhuman? One can claim Trump knowingly committed an international crime by declaring someone a terrorist when it would result in the US' criminality but the people involved are also guilty.

New comment by BaconVonPork in "Security issues with electronic invoices"

BaconVonPork — Sat, 13 Dec 2025 16:42:37 +0000

This seems like a distinction without meaning. The question is whether JSON serializations intended for canonical signing would be somehow safer than those XML serializations. Obviously people would like all the same features that caused problems before.

New comment by BaconVonPork in "Poor Johnny still won't encrypt"

BaconVonPork — Sat, 13 Dec 2025 16:09:20 +0000

The problem is not a personal hardware security module, as you noted we have them. The problem is that people want redundancy that undermines the point. If you can easily have a copy of your ring just in case, how do you know who has done that process and watches you all the time? Biometrics sounds like a solution yet they are implemented as a cosmetic security layer and this situation is pointless to fix since we leave them everywhere we go.

New comment by BaconVonPork in "US TikTok investors in limbo as deal set to be delayed again"

BaconVonPork — Sat, 13 Dec 2025 15:12:18 +0000

Social conservatism is disgust. They don't want to see through simple explanations that let them feel less disgust for themselves.

New comment by BaconVonPork in "Apple has locked my Apple ID, and I have no recourse. A plea for help"

BaconVonPork — Sat, 13 Dec 2025 09:29:56 +0000

It is probably lazy in the sense that they would need more lawyers and more careful ToS. Defending their ability to shut anyone off completely is a lot easier than dealing with lawsuits from customers denied X, denied Y, denied Z in regions A,B,C..

New comment by BaconVonPork in "Training LLMs for honesty via confessions"

BaconVonPork — Fri, 12 Dec 2025 18:12:59 +0000

That's basically a variant of the halting problem and what you hope to get is a supervisor responding. If people expected this I don't think they would be as confused about the difference between statistical analysis of responses requiring emotions to be convincing and an LLM showing atonement.