Hacker News: Jenda_

New comment by Jenda_ in "New startup sells coffee through SSH"

Jenda_ — Wed, 01 May 2024 22:28:02 +0000

For a cool example (deanonymization), see https://words.filippo.io/dispatches/whoami-updated/ (discussed at time: https://news.ycombinator.com/item?id=34301768). Someone has crawled public keys from GitHub (tbh I was surprised that GitHub publishes them) and set up a database.

New comment by Jenda_ in "Airlines required to refund passengers for canceled, delayed flights"

Jenda_ — Fri, 26 Apr 2024 16:20:32 +0000

+ making you empty your water bottle, and then on some airports there is no option to fill it afterwards (e.g. only hot water available in the toilets and no drinking fountain)

New comment by Jenda_ in "Keep your phone number private with Signal usernames"

Jenda_ — Tue, 20 Feb 2024 23:34:54 +0000

And some others. https://en.wikipedia.org/wiki/Quotation_mark#Summary_table

New comment by Jenda_ in "Alexei Navalny has died"

Jenda_ — Sat, 17 Feb 2024 01:13:30 +0000

Besides an open military invasion (hopefully improbable), I'm afraid of slowly tilting and influencing border states (Slovakia, Hungary) to lean towards Russia, with maybe some future economic extortion, or in the very extreme case, staging an election/referendum to leave EU/NATO.

New comment by Jenda_ in "Over the edge: The use of design tactics to undermine browser choice"

Jenda_ — Sun, 04 Feb 2024 14:51:15 +0000

Oh, OK, I didn't think about lockdown mode, just a regular rootfs encryption.

I still use X, as Wayland does not seem to implement all the features I'm using (but it's improving, so I expect I can go to Wayland in a few years).

New comment by Jenda_ in "Over the edge: The use of design tactics to undermine browser choice"

Jenda_ — Sun, 04 Feb 2024 00:36:40 +0000

Some window managers, such as Fluxbox, support "tabbed windows". You can group windows into one "superwindow" and then switch these in a titlebar. Maybe this is what the GP meant?

Screenshot: https://www.reddit.com/r/UsabilityPorn/comments/bqg9tw/fluxb...

New comment by Jenda_ in "Over the edge: The use of design tactics to undermine browser choice"

Jenda_ — Sun, 04 Feb 2024 00:31:15 +0000

> The lack of hibernation with an encrypted system is an annoying problem, though.

I don't understand. Hibernation to an encrypted swap partition (and even to a swap file on an encrypted rootfs) works normally.

> Not buying hardware from certain vendors (Nvidia) helps improve your chances.

nVidia just works if you accept the proprietary driver. On the other hand, with AMD, you get fun like this: https://www.wezm.net/v2/posts/2020/linux-amdgpu-pixel-format.... Of course, if you don't need high GPU power, use Intel integrated GPU, which works the best.

New comment by Jenda_ in "FDA says 561 deaths tied to recalled Philips sleep apnea machines"

Jenda_ — Fri, 02 Feb 2024 20:02:43 +0000

> They killed at least 561 people

I don't know anything about this case, but "561 deaths have been reported in connection to" does not mean they were all indeed "caused by". They may have reports of anyone who died while using the device, from whatever cause like old age. Now they will investigate and hopefully conclude something.

New comment by Jenda_ in "FDA says 561 deaths tied to recalled Philips sleep apnea machines"

Jenda_ — Fri, 02 Feb 2024 19:42:23 +0000

The GP talked about nose tape (I guess nasal strips), not mouth tape.

I personally use:

- better breath strips from aliexpress

- a 3D print similar to https://noson.eu/

New comment by Jenda_ in "Czech republic sets IPv4 end date"

Jenda_ — Tue, 23 Jan 2024 13:40:31 +0000

> But in czech language word for Bohemia region is "Czechia" (there is no Bohemia).

No. Bohemia is Čechy, Czechia is Česko.

Yes, they are sometimes confused, and maybe people are unhappy with Česko because it's just too similar to Čechy. People from Moravia and Silesia feel underrepresented when someone mistakenly uses "Čechy" (Bohemia) for the entire Česko (Czechia; Bohemia+Moravia+Silesia).

New comment by Jenda_ in "Czech republic sets IPv4 end date"

Jenda_ — Tue, 23 Jan 2024 13:32:05 +0000

"habanero eardrum" is actually less than 4 bytes -- let's say 12 bits for a common word (eardrum) + 16 bits for an uncommon word (habanero).

If it were 16 bytes, the other options from the same 16-bytes space would be, for example, "\xa3\x80W%\xa3\x82\xa1\xea\x10\xf9\x8b\x07'\xf93J" or "\xf0\xef\x9b\x8f[0\xe5\xb9,\x0b\xd4^\xb00\xed\x00" (chosen by a fair /dev/urandom roll).

If you want to convey 16 bytes using similar encoding, you need to use about 10 to 12 human words -- see for example Bitcoin wallet 12-word seed phrases or https://xkcd.com/936/ (xkcd correct horse battery staple).

For IPv6, if your addresses are not SLAAC, but DHCP or manually assigned, you can go with half of it - the "random" part is the 64bit network prefix.

New comment by Jenda_ in "Winding down Google Sync and Less Secure Apps support"

Jenda_ — Fri, 19 Jan 2024 23:44:42 +0000

Why is there AFAIK no tutorial on how to steal the "app token" (sorry, I don't know the proper term) from Thunderbird or other mail clients?

New comment by Jenda_ in "Timeline to remove DSA support in OpenSSH"

Jenda_ — Fri, 12 Jan 2024 12:11:51 +0000

Because the old algorithm only endangers the communication and the remote device (and this may even not be the case, as such an old device should not be exposed to the world), while the old client may compromise security of the local computer. (fortunately, bugs in SSH client are uncommon; with e.g. browsers it's a different story)

Of course a reasonable solutions would be to run it in some sandbox/VM.

Additionally, the old client will be difficult to use in a current OS because of library and general system incompatibility (Debian with openssh-client-ssh1 is a rare exception, and it's just a command-line ssh, not the library mentioned in https://news.ycombinator.com/item?id=38963372).

New comment by Jenda_ in "Timeline to remove DSA support in OpenSSH"

Jenda_ — Fri, 12 Jan 2024 11:56:52 +0000

> That screwdriver? It used to work when it was first invented and it will still work a thousand years from now.

Maybe it did not and will not -- old screwdriver is probably flat blade, now people use Philips or Pozidriv screws and in some time most will be Torx.

> That car? Keep it maintained and it will take you places for at least the better part of a century. That boat? We can keep boats floating forever.

The same: the fuel and oil is changing (maybe you will not even be able to source gasoline in 2050 if everyone migrated to electric vehicles), and specific spare parts are no longer manufactured.

I guess with large old boats also come expensive support contract - similar to paying someone for a super-long-term individual software support.

> Computers are one of the few, if not only, piece of tool that demands it be replaced every few years, and it probably hasn't even broken down yet which would merit a replacement.

Computers are also relatively new and quickly advancing in features, while the other examples you have mentioned were mostly "stable" for 100 years.

New comment by Jenda_ in "Timeline to remove DSA support in OpenSSH"

Jenda_ — Fri, 12 Jan 2024 11:49:06 +0000

> That kind of attitude is why Windows continues to dominate the desktop market.

On the other hand, macOS is also pretty common on desktops and they don't honor backwards compatibility very much.

New comment by Jenda_ in "The Curious Case of MD5"

Jenda_ — Fri, 05 Jan 2024 02:19:40 +0000

Maybe try to have a look at it as permutations: the mapping "hex of the hash" → "its actual hash" is a (presumably random) permutation. And it's quite probable that such permutation has a fixed point: http://laurentmazare.github.io/2014/09/27/fixed-points-of-ra...

The problem is that we currently don't know how find it more efficiently than with exhaustive search, AFAIK.

Edit: previously on HN: https://news.ycombinator.com/item?id=614079

New comment by Jenda_ in "Power over fiber"

Jenda_ — Fri, 05 Jan 2024 01:57:22 +0000

> because optical attenuation rises exponentially with length

I believe the attenuation is stated in dB/km, therefore rises linearly (or even logarithmically if you look at it from the uncommon energy-wise point of view) with distance. Why should exponential be the case?

New comment by Jenda_ in "The Curious Case of MD5"

Jenda_ — Fri, 05 Jan 2024 01:55:22 +0000

If I understand this correctly, the paper only shows a particular attack of complexity 2^102. Someone may find a different attack with much lower complexity. That's the usual way how cryptography gets broken -- people find better and better attacks, and suddenly the latest attack has low enough complexity to be practical.

New comment by Jenda_ in "Stealthy Linux rootkit found in the wild after going undetected for 2 years"

Jenda_ — Mon, 11 Dec 2023 02:36:39 +0000

I think Ubuntu has some kind of notifier in "tray". For me, I am subscribed to debian-security mailing list and update when something that is running on systems that I manage seems to be affected.

> versus the more automated update systems MacOS or Windows

I'm not sure -- it is better with Microsoft Store, but other apps solve updates on their own, with various success. I have little experience with Windows and no with mac OS, so I cannot comment.

New comment by Jenda_ in "Stealthy Linux rootkit found in the wild after going undetected for 2 years"

Jenda_ — Mon, 11 Dec 2023 02:09:05 +0000

> Syscall hooking kernel root kits largely only vary in how exactly they hook the syscalls

I don't understand how this survives major kernel upgrades. I have problems keeping out-of-tree modules working, intentionally. Do rootkits ship with fancy DKMS these days? Do the authors test with upcoming versions of major distros and push an upgrade to support the new release?