Hacker News: _hyn3

New comment by _hyn3 in "It's hard to justify buying a Framework 12"

_hyn3 — Fri, 29 May 2026 18:53:45 +0000

Yeah, or a Macbook Neo! No need to disparage other people's use cases.

New comment by _hyn3 in "It's hard to justify buying a Framework 12"

_hyn3 — Fri, 29 May 2026 18:52:38 +0000

Only if you are solely an Apple user, because it's literally not a problem anywhere else. I've taken tons of photos of movies with my Pixels.

New comment by _hyn3 in "2026 HIPAA Security Rule Update"

_hyn3 — Mon, 25 May 2026 20:20:27 +0000

If SOC2 relies on competent auditors (and you're right, it does), than it is an ineffective standard (and it mostly is).

New comment by _hyn3 in "SSH certificates: the better SSH experience"

_hyn3 — Fri, 03 Apr 2026 16:06:02 +0000

Touche.. actually a good point, but actually those are two different situations. With one, I'm accessing a website and trusting that the certificate is signed by someone I trust; so the trust in my browser certificates (which include certificates from hundreds of certificate authorities all over the world, any one of which could be compromised, robbed, or controlled by an adversarial person or even government) is extended to the site that I'm visiting. To say this is weak sauce rather understates how bad this actually is. (To paraphrase Churchill, this is the worst possible design, except for all the rest.)

With the other, I'm logging into a server for the first time (and I could simply deploy the same trusted host key to all my ssh servers via an autoscaling configuration or whatever). I think it's debatable if TOFU is worse or better than your (granted clever) metaphor.

(to those who'd recommend userify, yes - great for the client login issue and definitely increases security, but to parent's point, TOFU is still needed unless you want to distribute host pubkeys)

New comment by _hyn3 in "Benchmarks for Golang SQLite Drivers"

_hyn3 — Mon, 18 Aug 2025 17:00:34 +0000

Excellent evaluation. From reading the code, it appears that the units for the numbers column is usually milliseconds (ms)

It also looks like squinn is the clear leader for most but not all of the benchmarks.

Even though it's "not scientific", is still very useful as a baseline - thanks for taking this effort and publishing your results!

Also taking a look at monibot.io , looks cool

New comment by _hyn3 in "Building Bluesky comments for my blog"

_hyn3 — Thu, 07 Aug 2025 16:33:00 +0000

How is this different from any other self hosted solution; you've still got to manage spam yourself. Might as well go self hosted.

New comment by _hyn3 in "US reportedly forcing TSMC to buy 49% stake in Intel to secure tariff relief"

_hyn3 — Tue, 05 Aug 2025 20:52:28 +0000

What would TSMC do if they couldn't sell chips to the USA? It cuts both ways, like most trade negotiations.

New comment by _hyn3 in "Why I no longer have an old-school cert on my HTTPS site"

_hyn3 — Sat, 24 May 2025 17:39:46 +0000

"We now have another confirmation on Twitter that remote code is executed and a glimpse into what the script is... it appears to be benign."

https://github.com/acmesh-official/acme.sh/issues/4659

It was not. Don't use acme.sh.

New comment by _hyn3 in "SMS 2FA is not just insecure, it's also hostile to mountain people"

_hyn3 — Wed, 14 May 2025 15:12:22 +0000

Trying removing consent to receive text messages on that number, or that it's only a land line and only phone calls are accepted.

You might even try to block incoming SMS. In fact, you might also try a forward with Twilio or free Google voice number, since a lot of SMS TOTP refuse to with with those numbers :)

I've even had success removing my phone number entirely from certain types of accounts, but sometimes I had to deliberately break the account (eBay) and then it tries to get you to confirm on each login which you can sometimes bypass by changing the URL or clicking the company logo.

Be sure to have strong security in other ways; strong, non repeated passwords.

But this is truly insane. Large banks don't even offer the option of TOTP but instead require far more insecure SMS. Maybe they'll offer RSA dongles, because they never bothered to remember when they all got completely leaked ten years ago or how they accepted $10M to completely compromise their constants.

What can you say, large enterprises are behind the security eight ball, as always! It's a tale as old as time.

https://www.wired.com/story/the-full-story-of-the-stunning-r...

https://www.theverge.com/2013/12/20/5231006/nsa-paid-10-mill...

New comment by _hyn3 in "Whistleblower details how DOGE may have taken sensitive NLRB data"

_hyn3 — Wed, 16 Apr 2025 15:47:35 +0000

> President isn't CEO

The President is literally the Chief Executive officer in the United States.

https://people.howstuffworks.com/president4.htm

> Laws and budgets are set by Congress

That's correct, under Article 1, but the President does not have to spend every dime that was allocated.

> EOs do not have the force of law

"Both executive orders and proclamations have the force of law, much like regulations issued by federal agencies"

https://www.americanbar.org/groups/public_education/publicat...

You seem to underestimate the power that is vested in the office of the President as the Chief Executive.

> have been invalidated by courts

As have many, many legislatively-passed laws; this is simply checks-and-balances and allows the judiciary to act on other laws (which originate from Congress) and regulations (which originate from the Executive Branch).

New comment by _hyn3 in "Whistleblower details how DOGE may have taken sensitive NLRB data"

_hyn3 — Wed, 16 Apr 2025 00:54:25 +0000

Those darn hackers. They probably hang out and get their news... someplace.

New comment by _hyn3 in "Whistleblower details how DOGE may have taken sensitive NLRB data"

_hyn3 — Wed, 16 Apr 2025 00:53:31 +0000

If the CEO of your company empowers a team to audit your work, would you 'resist'?

And this Chief Executive was elected by the majority of the country, specifically to take these actions that he'd clearly stated he would take.

The resistance is actually the violation of federal law. It's no different from contempt of court; within the President's domain, he has a huge amount of power. The President can also modify existing policy (regulations) at any time and literally make new laws (Executive Orders have the force of law) as long as they don't conflict with current law, as well as overturning previous President's Executive Orders.

Of course, then the shoe will be on the other food someday, too, just as it was when Biden took over from Trump and then they switched places again.

As President Obama said, "I've got a pen, and I've got a phone."

https://www.npr.org/2014/01/20/263766043/wielding-a-pen-and-...

New comment by _hyn3 in "JSLinux"

_hyn3 — Tue, 15 Apr 2025 14:56:26 +0000

Willy Tarreau - creator of HA Proxy

New comment by _hyn3 in "Owning my own data, part 1: Integrating a self-hosted calendar solution"

_hyn3 — Fri, 11 Apr 2025 14:58:09 +0000

"Would be nice if you use your.. financial stability of a Google job to build an open-source protocol"

Well, sure, it'd be nice if we could all spend our time building things to give away for free, but it's just not always possible. Life happens and people shouldn't have to explain or apologize for it.

New comment by _hyn3 in "Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH"

_hyn3 — Tue, 25 Mar 2025 21:42:05 +0000

How does this compare to Userify's plain-jane SSH key technique?

That agent (Python, single-file https://github.com/userify/shim) sticks with decentralized regular keys and only centralizes the control plane, which seems to be more reliable in case your auth server goes offline - you can still login to your servers (obviously no new users or updates to existing keys). It just automates user and sudo configuration using things like adduser and /etc/sudoers.d. (It also actively kills user sessions and removes the user account when they're deleted, which is great for when you're walking someone out in case they have cron-jobs or a long-running tmux session with a revenge script.)

This project looks powerful but with a lot of heavy dependencies, which seem like an increased surface area (like Userify's Active Directory integration, but at least that's optional)

New comment by _hyn3 in "The Future Is Niri"

_hyn3 — Thu, 13 Mar 2025 15:13:07 +0000

# for floating windows

default_floating_border none

# make sure pavucontrol is floated; use xprop (cli) to get window title/class/etc

for_window [class="Pavucontrol"] floating enable, resize set height 512, opacity 0.3

# https://faq.i3wm.org/question/61/forcing-windows-as-always-f...

New comment by _hyn3 in "Microsoft begins turning off uBlock Origin and other extensions in Edge"

_hyn3 — Fri, 28 Feb 2025 15:58:10 +0000

Also Brave.. just not sure when or if someone will breaking fork chromium.

New comment by _hyn3 in "Trapped in the dark for 35 hours – Red Sea dive-boat survivors tell of escapes"

_hyn3 — Sat, 18 Jan 2025 05:21:31 +0000

Not at 1atm. The air was pressurized.

New comment by _hyn3 in "Australia: Kids under 16 to be banned from social media after Senate passes laws"

_hyn3 — Thu, 28 Nov 2024 16:06:09 +0000

Runs smack into the Rule of Lenity.

New comment by _hyn3 in "Australia: Kids under 16 to be banned from social media after Senate passes laws"

_hyn3 — Thu, 28 Nov 2024 16:03:49 +0000

What is the acceptance criteria for this test case?