Hacker News: cyber

What you need to know about the DockerHub penetration

cyber — Mon, 29 Apr 2019 17:04:29 +0000

Article URL: https://link.medium.com/R4jlliSPhW

Comments URL: https://news.ycombinator.com/item?id=19780207

Points: 3

# Comments: 0

What can we learn from the matrix.org compromise?

cyber — Mon, 22 Apr 2019 20:55:28 +0000

Article URL: https://medium.com/@tomsparks/what-can-we-learn-from-the-matrix-org-compromise-c6ae06dcaab

Comments URL: https://news.ycombinator.com/item?id=19722894

Points: 84

# Comments: 73

New comment by cyber in "U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In"

cyber — Fri, 25 May 2018 14:49:24 +0000

Careful which countries you go to with that VPN. You don’t want to intentionally circumvent an access control restriction. ;)

New comment by cyber in "Amazon sellers say that the company is losing millions to scammers"

cyber — Mon, 17 Apr 2017 22:02:33 +0000

I wouldn't be surprised to if this was largely accounted for in supply side contamination issues. It appears that Amazon treats all SKUs identically, sourcing the closest one to fulfill and order, regardless of how that SKU arrived at Amazon.

A concrete example: No Starch Press customers are receiving counterfeit books when ordered from No Starch Press' Amazon store.

Even if this scam is caught, it's still cost Amazon money in dealing with the issue. (And cost legitimate vendors no end of frustration with legitimate customers receiving fake books.)

New comment by cyber in "Biomedical companies bleed 500k horseshoe crabs a year"

cyber — Mon, 17 Apr 2017 21:49:23 +0000

Both of these require active threats.

"Stand your ground" laws just mean there is no duty(law) to seek retreat above all else before actively defending yourself.

"Castle", in California, simply means that if an intruder has bypassed a control (picked a lock, broke a window, etc) to gain entry then one can proceed on the assumption that they are there to do grave bodily harm. (And thus act accordingly.)

New comment by cyber in "Researcher: 4K passwords leaked from porn site, including US Govt credentials"

cyber — Mon, 01 Aug 2016 22:25:57 +0000

I've for a while said that a _unique_ password is better than an _awesome_ password.

_Bad_ passwords are still bad, however.

(And for $DIETY's sake, don't use your work email address for non-work sites!)

New comment by cyber in "Clever reforms can reduce the power of NIMBYs and cut housing costs"

cyber — Tue, 19 Apr 2016 19:33:02 +0000

Excepting that in SF the "everyone" does not want the land owners to make productive use of it: they want the status quo. (Well, the status quo of what the remember as being the "high point".)

Having witnessed protests that occurred midway through the reconstruction of offramps, (meaning an existing ramp was torn down, and they were half done rebuilding it), it's not so much NIMBY, but NBAA: Never Build Anything, Anywhere.

The only way that higher taxes would be beneficial is if SF landowners were actually allowed the freedom to upgrade their properties. Zoning, especially height restrictions (40' max over most of SF), as well as endless red tape, make it really hard to make productive use of prime land. Regardless if it's the original owner or new buyer.

( A new buyer is granted some slight advantage, but not enough to be meaningful.)

New comment by cyber in "Gone in Six Characters: Short URLs Considered Harmful for Cloud Services"

cyber — Sat, 16 Apr 2016 01:27:41 +0000

One also needs to take into account how these larger companies' internal groups function.

"Brian" probably looked into it, knowing that obscurity != security, but got a response back from the group responsible that was the way they intended it to work, and that group's management wasn't going to do anything about it. "Brian" may have even put messages in the right ear up the management chain such that it would actually effect the outcome.

The fact that the email exchange lasted 2 months before "Brian" said "Sorry, not a case." probably means that "Brian" was trying to make it happen and had actually done an analysis.

* Note: I'm NOT Brian. I've never worked for Microsoft.

New comment by cyber in "The Untouchables – Why it’s getting harder to stop multinational corporations"

cyber — Wed, 13 Apr 2016 20:41:08 +0000

If only there was a way to allow a people to hold power over their government.

New comment by cyber in "Show HN: Micro – a microservice toolkit"

cyber — Mon, 21 Mar 2016 22:25:44 +0000

"""Micro was a way of creating a foundation for writing and running distributed systems. It's a pluggable architecture so that the underlying systems can be swapped out based on preference."""

At what point do we just admit that we've re-invented the large co-ordination frameworks of years past? Like CORBA? Is it the point where we add a JSON schema validator? or switch to Protocol Buffers or some variant?

New comment by cyber in "Report on Paris Attacks Shows No Encryption Evidence, NY Times Invents Them"

cyber — Mon, 21 Mar 2016 22:13:44 +0000

"""One of the terrorists pulled out a laptop, propping it open against the wall, said the 40-year-old woman. When the laptop powered on, she saw a line of gibberish across the screen: “It was bizarre — he was looking at a bunch of lines, like lines of code. There was no image, no Internet,” she said. Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks. """

Possible explanations: 1. POST 2. Linux 3. Elm/Pine/Mutt

There are enough hints in her description that the woman they talked to would be 100% content with an OS that booted directly to the browser, and furthermore, she wouldn't know the difference.

New comment by cyber in "This is why we have Stuxnet"

cyber — Mon, 21 Mar 2016 22:05:56 +0000

The issue is that it needs to be explained in terms that they can understand: ... or part of your line will fail, randomly, and may take over a day to repair, IF your maintenance procedures are current, if not, you'll lose 4-5 days of line time.

Note: not one mention of "security", or good neighbor, or infection, only cutting to the point.

New comment by cyber in "Atom 1.6 Released with Pending Pane Items, Async Git and Top and Bottom Bar API"

cyber — Sat, 19 Mar 2016 04:05:14 +0000

For the people complaining that it's slow: what plugins are you running?

My contribution: Community packages used most often: api-workbench, fonts, language-sql-mysql, term3, vim-mode Others: dash, export-html, language-docker, linter, markdown-pdf, markdown-preview-plus, markdown-preview-plus-opener, markdown-scroll-sync, markdown-writer, stash-tabs

New comment by cyber in "How to Build an Electronic Bee Counter"

cyber — Tue, 26 Jan 2016 00:22:12 +0000

I was really hoping they would tackle the harder problem of dealing with a production hive. Temperature and weight are fairly easy to monitor, but knowing activity would be useful in tracking hive health.

Oh, well, maybe a project for this summer.

New comment by cyber in "NetBSD support for psutil"

cyber — Fri, 15 Jan 2016 20:03:19 +0000

Odd that it won't boot. What hardware are you running and which kernels have you tried? Any way for you to capture a trace?

This probably isn't the best forum to give you a hand. Can you hit one of the IRC channels or mailing lists?

New comment by cyber in "YC Updates and Additions"

cyber — Fri, 08 Jan 2016 20:46:10 +0000

> In my opinion, companies like Google build one hit after another

Wait, what? Do you have any idea how many ideas they've churned through to get the relatively few hits they've had? Wave didn't do all that well. Orkut had a decent run before they dissolved it (almost 11 years) G+ is still in question.

Yes, they've had some success with some products. And made some excellent purchase decisions (you didn't think they wrote everything they released, did you? Urchin? Writely?).

They've also killed software instead of fully developing it: notebook, reader.

And that is to say nothing of the large numbers of 20% projects. I've personally heard engineers (as a whole) at Google being chastised because the success rate of 20% projects was too high.

New comment by cyber in "The WTO rules against “dolphin-safe” labels on tuna"

cyber — Thu, 26 Nov 2015 01:44:05 +0000

You have it backwards. The farmed has been found to have higher mercury content.

New comment by cyber in "Google self-driving car pulled over for driving too slowly"

cyber — Fri, 13 Nov 2015 17:04:10 +0000

Road speeds need to be re-evaluated every 5 years. They take into account the speeds of traffic that are currently flowing on the road.

New comment by cyber in "Google self-driving car pulled over for driving too slowly"

cyber — Fri, 13 Nov 2015 16:55:20 +0000

Yes, it was: http://www.leginfo.ca.gov/cgi-bin/displaycode?section=veh&gr... states:

"360. "Highway" is a way or place of whatever nature, publicly maintained and open to the use of the public for purposes of vehicular travel. Highway includes street."

https://www.dmv.ca.gov/portal/dmv/detail/pubs/vctop/vc/d11/c...

"22400. (a) No person shall drive upon a highway at such a slow speed as to impede or block the normal and reasonable movement of traffic, unless the reduced speed is necessary for safe operation, because of a grade, or in compliance with law."

Yes, shocking. (Also, El Camino is a State Route, I'll let you look that one up.)

New comment by cyber in "Google self-driving car pulled over for driving too slowly"

cyber — Fri, 13 Nov 2015 16:52:53 +0000

See CVC 360

"360. "Highway" is a way or place of whatever nature, publicly maintained and open to the use of the public for purposes of vehicular travel. Highway includes street."

http://www.leginfo.ca.gov/cgi-bin/displaycode?section=veh&gr...