Hacker News: arsome

New comment by arsome in "LittleSnitch for Linux"

arsome — Thu, 09 Apr 2026 13:29:22 +0000

This gets even more involved when you consider things like loading libraries, there's also the impact of calls like OpenProcess/WriteProcessMemory/CreateRemoteThread (Windows-land versions, though I'm sure similar exists elsewhere).

The "good" Windows firewalls like Outpost and Zone Alarm used to have features to catch this, they'd detect when a process tried to invoke or open a running process which had internet access. They'd also do things like detect when a process tried to write a startup item. This went by names like "Leak Control" but it was basically providing near-complete HIDS features with local control.

New comment by arsome in "OpenBSD: PF queues break the 4 Gbps barrier"

arsome — Thu, 19 Mar 2026 14:34:26 +0000

If you're moving those kind of speeds you're probably not doing packet filtering in software.

New comment by arsome in "Tailscale Peer Relays is now generally available"

arsome — Wed, 18 Feb 2026 18:15:59 +0000

Headscale also offers a relay server of its own.

New comment by arsome in "Cloudflare Global Network experiencing issues"

arsome — Tue, 18 Nov 2025 16:36:01 +0000

Very quickly you'll find this doesn't work. Your DC will just null your IP. You'll switch to a new one and the attackers will too, the DC will null that one. You won't win at this game unless you're a very sizeable organization or are just willing to wait the attackers out, they will get bored eventually.

New comment by arsome in "Tell HN: Azure outage"

arsome — Wed, 29 Oct 2025 22:24:27 +0000

One of these things is much easier to burn or otherwise tamper with.

New comment by arsome in "Gemini 2.5 Flash Image"

arsome — Wed, 27 Aug 2025 15:19:43 +0000

This seems absolutely silly, it's not hard to take a photo of a photo and there's both analog (building a lightbox) and digital (modifying the sensor input) means which would make this entirely trivial to spoof.

New comment by arsome in "Tailscale Is Pretty Useful"

arsome — Wed, 05 Mar 2025 21:24:06 +0000

It's largely equivalent here - you're just exposing something via a tunnel rather than directly via your home IP.

That could have benefits, for example, if you're concerned about a DDoS attack on that service taking your home internet out, you may be able to work around it like this. But it won't mitigate a gaping hole in the underlying service which you're still exposing.

It could also have drawbacks, like limited bandwidth and higher latency, which would make it highly unsuitable for something like a game server.

New comment by arsome in "Liberux: The Linux Phone You Have Been Waiting For"

arsome — Thu, 23 Jan 2025 13:44:56 +0000

Site has now turned into a wordpress installer?

New comment by arsome in "Right to root access"

arsome — Mon, 13 Jan 2025 17:40:52 +0000

There are indeed software firewalls on Android that use the VPN functionality to implement something like this so they don't even require root, I believe Glasswire offers one.

New comment by arsome in "Charset="WTF-8""

arsome — Sun, 24 Nov 2024 14:48:32 +0000

name.Length > 0

is probably pretty safe.

New comment by arsome in "CrowdStrike's impact on aviation"

arsome — Mon, 29 Jul 2024 20:30:50 +0000

You can basically run Windows 3.1 in dosbox on a potato now, so the hardware really isn't even a problem. If any of this was actually true...

New comment by arsome in "Intent to end OCSP service"

arsome — Tue, 23 Jul 2024 15:49:32 +0000

Disappointing to hear considering the limitations of CRLs - is there any intention to go forward with OCSP stapling or is that completely abandoned at this point?

New comment by arsome in "Jellyfin: We're Good, Seriously"

arsome — Mon, 22 Jul 2024 10:29:28 +0000

I used to feel the same way about Plex til they started flooding my less savvy family with ads for their own content and useless features unrelated to what they want to do. Really not impressed by that one. I realized how bad it was when I got a call about a broken movie I didn't even have.

Plex still seems slicker than Jellyfin in some ways but after that experience I'd certainly consider a switch. Offline is the only reason I still use plex, but their offline setup is pretty buggy too.

New comment by arsome in "Daylight eInk Computer"

arsome — Tue, 09 Jul 2024 22:28:29 +0000

eink display strapped to a cheap android tablet and a pile of marketing hype.

Once people realize how the display randomly leaves old junk on the screen and requires a manual refresh to fix and the software is a barely modified from stock AOSP let alone has sufficient modifications to make use with this screen possible, this will be right behind the Rabbit R1 and that stupid AI pin as worst product of the year.

New comment by arsome in "Linksys Velop routers send Wi-Fi passwords in plaintext to US servers"

arsome — Tue, 09 Jul 2024 17:42:08 +0000

The level of effort and obviousness of an email reset is nothing compared to helping someone figure out how to reconfigure every smart device ever made.

New comment by arsome in "PySkyWiFi: Free stupid wi-fi on long-haul flights"

arsome — Tue, 09 Jul 2024 14:48:07 +0000

> And here I am, avoiding downloading things on cell service because it might negatively impact other people around me.

You paid for that service, they should be able to provide it to you. If it negatively impacts other users, that's the provider's fault.

New comment by arsome in "Should this be a map or 500 maps?"

arsome — Thu, 04 Jul 2024 11:47:26 +0000

Even when driving the best Google maps can do is avoid highways. OsmAnd is great but it doesn't solve the routing issue to my knowledge. If you know of something that solves that one please let me know.

New comment by arsome in "[dead]"

arsome — Tue, 02 Jul 2024 05:03:52 +0000

How do you properly investigate a performance, stability or security issue in your production environment in that scenario? Perhaps logs are enough for some things, but unless you have massive replay infrastructure and a complete duplicate of all data running live, you'll have some serious challenges there, and investigating a security issue with that sort of setup sounds like a nightmare to me. "DB got dumped last week and we just wiped all the evidence with this mornings deployment".

New comment by arsome in "The weirdest QNX bug I've encountered (2021)"

arsome — Sun, 30 Jun 2024 19:24:44 +0000

I actually ran across this issue myself, SIGQUIT'd the process, loaded it into a debugger and found the exact same problem. I can confirm the problem still exists on QNX 7.1. Fortunately we were moving off it, so I didn't think much more about it, but glad someone wrote it up.

New comment by arsome in "TeamViewer Security Breach"

arsome — Thu, 27 Jun 2024 22:10:40 +0000

RustDesk has been pretty good for something that's 1:1 comparable, but for most cases ssh or rdp is preferable.