Hacker News: bburky

New comment by bburky in "AirSnitch: Demystifying and breaking client isolation in Wi-Fi networks [pdf]"

bburky — Thu, 26 Feb 2026 20:16:16 +0000

Is that the same feature as vlanid= in openwrt's wpa_psk_file? https://openwrt.org/docs/guide-user/network/wifi/basic#wpa_p...

I was leaning towards using this configuration for splitting devices into VLANs while using one SSID. Yeah, dynamic VLAN+per device PSK would be best, but I'm probably happy enough with a shared PSK per VLAN to isolate a guest or IoT network. Would this VLAN isolation have prevented this attack? At least to prevent an attacker from jumping between VLANs? (I assume shared PSK per VLAN might be vulnerable to attacking client isolation within the VLAN?)

New comment by bburky in "Kaitai Struct: declarative binary format parsing language"

bburky — Fri, 24 Oct 2025 00:18:50 +0000

Kaitai is pretty nice. Hex editors with structure parsing support used to be more rare than they are now, so I've used https://ide.kaitai.io/ instead a few times.

Also, the newest Kaitai release added (long awaited) serialization support! I haven't had a chance to try it out.

https://kaitai.io/news/2025/09/07/kaitai-struct-v0.11-releas...

New comment by bburky in "Deviations from Chromium (features we disable or remove)"

bburky — Tue, 06 Sep 2022 20:10:09 +0000

https://xsleaks.dev/docs/attacks/experiments/scroll-to-text-... may be a better description about the security impact, and has more context about this and similar cross site leaks possible with browsers.

New comment by bburky in "Show HN: Curl modified to impersonate Firefox and mimic its TLS handshake"

bburky — Fri, 18 Feb 2022 07:51:32 +0000

There was a conversation on their mailing list contemplating dropping NSS support. https://curl.se/mail/lib-2022-01/0120.html If you have a use case for NSS in curl, you may want to speak up. Perhaps "I want curl to look exactly like a browser" is a significant use case?

New comment by bburky in "Building a home NAS on a shoestring budget with the Rock64 SBC (2018)"

bburky — Tue, 21 May 2019 16:38:15 +0000

When I built an ARM based NAS, I chose to use the Banana Pi BPI-R2 because it was one of the very few boards with 2x SATA ports using PCI-E. It worked fine and got good speeds. It's difficult to run a current kernel on the BPI-R2 though (it is slowly creeping towards mainline). If I built another NAS again I'd just use an x86_64 or aarch64 SBC with a PCI-E port and connect a good SATA controller.

Full build log: https://bburky.com/NAS/

New comment by bburky in "How I gained commit access to Homebrew in 30 minutes"

bburky — Tue, 07 Aug 2018 23:44:02 +0000

Technically `git push --signed` also exists which could fix the issue of rolling back commits. It would verify that the person doing the push also holds the GPG key at least. But as far as I can tell you have to manually do something with it in the post-receive hook and GitHub doesn't support it at all.

New comment by bburky in "USDZ File Format Specification [pdf]"

bburky — Mon, 04 Jun 2018 22:54:54 +0000

Or many of the other issues that plague archive formats: duplicate files in the archive at the same path, symlinks in the archive or relative links enabling directory traversal.

New comment by bburky in "Critical security updates for Git, Subversion and Mercurial"

bburky — Fri, 11 Aug 2017 12:27:44 +0000

Wow, git's url bugs always seem to become easily exploitable due to .gitmodules.

I found CVE-2015-7545 a few years ago, a malicious URL using the ext:: scheme could cause code execution. It was only easily exploitable because you can ask the client to fetch any URL you want via git submodules. (This vulneriblity was fixed, and since then the entire ext url scheme was disabled by default.)

New comment by bburky in "MacOS FileVault2 Password Retrieval"

bburky — Sat, 17 Dec 2016 01:11:11 +0000

I prefer YoNTMA: https://github.com/iSECPartners/yontma-mac

If the laptop is disconnected from AC, it hibernates. It will switch to hibernate if power is removed while already sleeping. If I want to force a hibernate manually, I just pull the power before closing the lid.

New comment by bburky in "Cryptomancer RPG"

bburky — Sat, 10 Dec 2016 22:59:09 +0000

This reminds me of the time my party argued about how much modern information theory we were allowed to use in D&D. We wanted to maximize the amount of information to communicate using Sending which states that it sends "twenty-five words or less". Can I use a form of encoding and a compression algorithm? Or can we make up words and can they be arbitrarily long?

New comment by bburky in "On the fly SSL registration and renewal inside Nginx with Let's Encrypt"

bburky — Thu, 21 Jul 2016 01:41:33 +0000

> The LE HTTP challenge gives no guarantee which A record it will use.

That almost changed[0], but the current consensus[1] seems to be that you should be using dns-01 for validation behind a load balancer instead.

[0] https://github.com/ietf-wg-acme/acme/pull/138

[1] https://mailarchive.ietf.org/arch/msg/acme/6RSxtvpkcQNPmKs9f...

New comment by bburky in "Coursera shuts access to old platform courses"

bburky — Sat, 11 Jun 2016 20:39:12 +0000

Done.

New comment by bburky in "Coursera shuts access to old platform courses"

bburky — Sat, 11 Jun 2016 18:48:29 +0000

If anyone wants these steps fully automated you can use this script:

https://gist.github.com/bburky/40317e6375b1262b1a1fc31072acf...

Just use it as a User Data file on DigitalOcean or elsewhere.

Edit: After doing this, I realized coursera-dl has a Docker script already. You may prefer it: https://github.com/coursera-dl/coursera-dl/tree/master/deplo...

New comment by bburky in "Show HN: Flexbox Defense – learn CSS flexbox by playing a tower defense game"

bburky — Thu, 03 Mar 2016 00:28:36 +0000

Even better: allow using CSS transitions to make moving turrets.

New comment by bburky in "Rich’s sh (Posix shell) tricks"

bburky — Fri, 18 Dec 2015 13:47:43 +0000

Nice trick. It looks like this is actually a POSIX shell feature too, so feel free to use this in portable shell scripts even.

Here's the rest of the parameter expansion options. I usually only remember half of them.

http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3...

New comment by bburky in "Using strace to figure out how Git push over SSH works"

bburky — Sun, 22 Nov 2015 23:03:46 +0000

While strace is awesome in general, git has some very useful debug environment variables: GIT_TRACE, GIT_TRACE_PACKET, GIT_CURL_VERBOSE and a few more[1].

Try:

    GIT_TRACE_PACKET=1 GIT_TRACE=1 git push

[1] https://git-scm.com/book/en/v2/Git-Internals-Environment-Var...

New comment by bburky in "Two.js"

bburky — Sat, 18 Jul 2015 03:01:29 +0000

I have this bookmarked for some reason, it may help: http://stackoverflow.com/questions/3205819/bezier-path-widen...

Half the links are dead now. This is the openjdk Stroker.java code: http://grepcode.com/file/repository.grepcode.com/java/root/j...

New comment by bburky in "Paris Metro lines on a Git graph"

bburky — Sun, 07 Jun 2015 21:39:41 +0000

Yep, that's mine.

Actually, it was you Christian, who was describing the git graphs as train tracks and prompted me to do this.

vbarbaresi, you should include the script or whatever method you used to generate the metro. I noticed you also used --allow-empty.

New comment by bburky in "Race conditions on Facebook, DigitalOcean and others (fixed)"

bburky — Mon, 27 Apr 2015 05:22:02 +0000

Also, curl gained a --next command line option somewhat recently. It lets you send off multiple requests in the same curl invocation. These requests will all be pipelined in the same HTTP connection, which might trigger slightly different behavior in the website.

I have considered writing a program that will let me send of a bunch of HTTP requests at once, but wait to close all the connections at the exact same time. That would probably be the most effective way to trigger race conditions.

New comment by bburky in "Announcing Git Large File Storage"

bburky — Wed, 08 Apr 2015 22:05:26 +0000

Also, is there any reason Git LFS can't be used as a special remote for git-annex?

It would provide an easy way for people to host their git-annex repos entirely on GitHub.