Hacker News: bqe

New comment by bqe in "Someone is pretending to be me"

bqe — Tue, 27 Sep 2022 19:50:32 +0000

I remember being asked this during my interview at Google. It was the first time I heard it and I gave an answer that iterated over the list twice. The interviewer said that it wasn't good enough and I am only allowed to iterate over it once. He didn't let me write my O(2n) solution down so he returned a strong no as feedback.

New comment by bqe in "Phishing with an in-browser remote desktop"

bqe — Wed, 23 Feb 2022 18:42:29 +0000

Why this is interesting: a major defense against mass account takeovers (ATOs) at large scale companies has been fingerprinting browsers. You as a normal user see this most when you use something like reCaptcha, but it's actually happening on nearly every login flow for major websites. By blocking automation like evilginx, you stop a lot of phishing and credential stuffing attacks against your users.

Using VNC here is super clever. This means that the "automation" part of the phishing attack is actually a browser just like the user is using, so you can't fingerprint it. In fact, the victim is really typing in their password into a real Google login page, but the attacker is logging everything through VNC. It's going to be very hard for Google (or anyone else) to detect this.

The solution to this (like all phishing attacks), is still WebAuthn. However, many of us in security were hoping we could get by with bandaids like fingerprinting until WebAuthn was more widespread.

New comment by bqe in "How I took my SaaS from idea to sold in 14 months"

bqe — Thu, 06 Jan 2022 00:53:10 +0000

I haven't tried it yet, but if it does what you say it does, I honestly think you underpriced this.

New comment by bqe in "How percentile approximation works and why it's more useful than averages"

bqe — Tue, 14 Sep 2021 16:39:10 +0000

Awhile ago I wrote a Python library called LiveStats[1] that computed any percentile for any amount of data using a fixed amount of memory per percentile. It uses an algorithm I found in an old paper[2] called P^2. It uses a polynomial to find good approximations.

The reason I made this was an old Amazon interview question. The question was basically, "Find the median of a huge data set without sorting it," and the "correct" answer was to have a fixed size sorted buffer and randomly evict items from it and then use the median of the buffer. However, a candidate I was interviewing had a really brilliant insight: if we estimate the median and move it a small amount for each new data point, it would be pretty close. I ended up doing some research on this and found P^2, which is a more sophisticated version of that insight.

[1]: https://github.com/cxxr/LiveStats

[2]: https://www.cs.wustl.edu/~jain/papers/ftp/psqr.pdf

New comment by bqe in "Goodbye, Fleets"

bqe — Wed, 14 Jul 2021 22:16:00 +0000

I think the simplest solution to this would be to simply hide comment/retweet/like counts. It will be possible to sort of figure this out from the engagement, but it won't be easy to figure out if a tweet is popular or wildly popular.

New comment by bqe in "Alcohol-free beer is fizzing"

bqe — Fri, 09 Jul 2021 16:46:58 +0000

Spiritless Kentucky 74: https://spiritless.com/products/kentucky-74

It's pretty good!

LOL just got kicked out of @ycombinator

bqe — Fri, 04 Jun 2021 22:01:55 +0000

Article URL: https://twitter.com/paulbiggar/status/1400904600421535744

Comments URL: https://news.ycombinator.com/item?id=27399581

Points: 1041

# Comments: 588

New comment by bqe in "Letters from House members to cable providers [pdf]"

bqe — Tue, 23 Feb 2021 18:52:24 +0000

That website is not a quality source of information. Media Bias/Fact Check rates it as questionable, low quality, and far to the right: https://mediabiasfactcheck.com/here-is-the-evidence/

New comment by bqe in "Amazon launches Amazon Pharmacy for prescription medicine delivery"

bqe — Wed, 18 Nov 2020 00:03:47 +0000

> They pay for expensive ($$$$$$) cloud anti-bot/anti-scraping, captcha you after a few requests if you run adblock, they pay for extensive browser/device (attempting to reidentify a user across multiple devices/multiple browsers) fingerprinting services and Fastly.

This sounds like a great anti-account takeover program. I imagine with all of the various compliance programs they have to deal with and the legal risk, these are prudent measures.

New comment by bqe in "Q2 2020 Update"

bqe — Wed, 22 Jul 2020 20:50:12 +0000

The parent commenter was discussing revenue and not profit. If they were aggressively expanding, I would expect that profits to remain small or negative, but I'd expect revenue to grow as a result.

Wiggle the mouse to fix the test (2013)

bqe — Fri, 17 Jul 2020 22:24:43 +0000

Article URL: https://www.seancassidy.me/wiggle-the-mouse-to-fix-the-test.html

Comments URL: https://news.ycombinator.com/item?id=23876688

Points: 2

# Comments: 0

Phishing Simulations Considered Harmful

bqe — Wed, 27 May 2020 02:08:45 +0000

Article URL: https://www.seancassidy.me/phishing-simulations-considered-harmful.html

Comments URL: https://news.ycombinator.com/item?id=23318680

Points: 4

# Comments: 2

New comment by bqe in "How to Win a Currency War"

bqe — Fri, 10 Apr 2020 22:55:16 +0000

It's important to know the limits of your knowledge and reasoning capabilities and defer to relevant experts, which is known as epistemic learned helplessness[1]. This is also much faster, as a lot of bullshit sounds like truth if you're unfamiliar with the field.

[1]: https://web.archive.org/web/20180416171148/http://squid314.l...

New comment by bqe in "82nd Airborne unit told to use Signal or Wickr on government cell phones"

bqe — Thu, 23 Jan 2020 21:03:19 +0000

Yes! https://github.com/signalapp/Signal-Server

New comment by bqe in "Dangerous Web Security Features"

bqe — Sat, 20 Apr 2019 19:42:45 +0000

NIST 800-63b actually recommends against character class requirements[1] in favor of minimum length requirement and blacklists of breached passwords and other obvious passwords. Sites that require special characters are not following the current best practice.

[1]: https://pages.nist.gov/800-63-3/sp800-63b.html

New comment by bqe in "How to Be Successful"

bqe — Fri, 25 Jan 2019 01:02:45 +0000

The thing is running a marathon isn't that hard and there's little to no luck involved. By following a rigid plan most people can do it in about a year. Millions of people do it every year.

However if you followed all of Sam's advice to the letter you could remain relatively unsuccessful despite all that advice. That's what survivorship bias is about: there's a significant luck component to success.

New comment by bqe in "Anxiety and burnout: why kids are consumed with worry"

bqe — Thu, 10 Jan 2019 21:03:30 +0000

This phenomenon is called cost disease and it's really hard to figure out why exactly it's happening.

https://slatestarcodex.com/2017/02/09/considerations-on-cost...

Self-Driving Cars Will Always Be Limited

bqe — Mon, 07 Jan 2019 17:26:06 +0000

Article URL: https://medium.com/radical-urbanist/self-driving-cars-will-always-be-limited-even-the-industry-leader-admits-it-c5fe5aa01699

Comments URL: https://news.ycombinator.com/item?id=18847365

Points: 6

# Comments: 0

New comment by bqe in "String tokenization in C"

bqe — Sat, 15 Dec 2018 18:01:00 +0000

I think you underestimate how many people blindly copy examples without understanding them. Safe example code results in more correct programs.

New comment by bqe in "Recaptcha v3: new way to stop bots"

bqe — Mon, 29 Oct 2018 21:27:38 +0000

Websites that want to prevent automated bots from attacking them benefit immensely.