Hacker News: er4hn

New comment by er4hn in "Quantum Key Distribution (QKD) and Quantum Cryptography (QC)"

er4hn — Tue, 05 May 2026 19:24:02 +0000

This page came about because of how long it took PQC to get standardized. This was a slow enough process that a whole slew of QKD vendors arose and sold a lot of products promising this as a solution to dealing with quantum computers and harvest now decrypt later attacks. Many of those products did not do a great job at actually preventing listening in on their lines since QKD is an ongoing field of research where new issues are routinely being discovered.

New comment by er4hn in "Introducing the Developer Knowledge API and MCP Server"

er4hn — Sat, 07 Feb 2026 03:29:43 +0000

This must be what gwern meant when he said to write for AI.

New comment by er4hn in "The coming industrialisation of exploit generation with LLMs"

er4hn — Tue, 20 Jan 2026 01:34:47 +0000

Right, that's the same situation as fuzz testing today, which is why I compared it. I feel like you're gesturing towards "Attackers only need to get lucky once, defenders need to do a good job everytime" but a lot of the times when you apply techniques like fuzz testing it doesn't take a lot of effort to get good coverage. I suspect a similar situation will play out with LLM assisted attack generation. For higher value targets based on OSS, there's projects like Google Big Sleep to bring enhanced resources.

New comment by er4hn in "The coming industrialisation of exploit generation with LLMs"

er4hn — Mon, 19 Jan 2026 22:17:43 +0000

I think the author makes some interesting points, but I'm not that worried about this. These tools feel symmetric for defenders to use as well. There's an easy to see path that involves running "LLM Red Teams" in CI before merging code or major releases. The fact that it's a somewhat time expensive (I'm ignoring cost here on purpose) test makes it feel similar to fuzzing for where it would fit in a pipeline. New tools, new threats, new solutions.

New comment by er4hn in "The gift card accountability sink"

er4hn — Mon, 22 Dec 2025 01:54:52 +0000

It's clear, from watching Russia fail to be completely sanctioned that this is not watertight. The question I have is: have these sanctions added a money laundering tax to doing business? How much? What is the cost of enforcing the sanctions vs the added cost and is that worth it?

I don't know if this has been explored, bit I think it's an interesting follow on to "all or nothing" watertight sanctions.

New comment by er4hn in "Go Proposal: Secret Mode"

er4hn — Sat, 13 Dec 2025 17:07:15 +0000

In theory it prevents failures of the allocator that would allow reading uninitialized memory, which isn't really a thing in Go.

In practice it provides a straightforward path to complying with government crypto certification requirements like FIPS 140 that were written with languages in mind where this is an issue.

New comment by er4hn in "As many as 2M Cisco devices affected by actively exploited 0-day"

er4hn — Thu, 25 Sep 2025 15:30:39 +0000

Speaking (unofficially) as someone who works at one of the "other brands" that reeks of journalists having a bias.

New comment by er4hn in "Tinycolor supply chain attack post-mortem"

er4hn — Wed, 17 Sep 2025 18:25:43 +0000

Well the idea behind tokens is that they should be time and authZ limited. In most cases they are not so they degrade to a glorified static password.

Solutions like generating them live with a short lifetime, using solutions like oauth w/ proper scopes, biscuits that limit what they can do in detail, etc, all exist and are rarely used.

New comment by er4hn in "A computer upgrade shut down BART"

er4hn — Fri, 05 Sep 2025 17:26:57 +0000

Not having redundant rails in case of breakdowns is something BART is well known for

New comment by er4hn in "Obsidian Bases"

er4hn — Tue, 19 Aug 2025 15:56:33 +0000

How many files do you have? At what scale did you see this being a problem?

I'm a fan of Obsidian, not affiliated with them, but my experience with basic file syncing like syncthing or git is that you should be able to easily get up into the ten's of thousands of files without an issue.

New comment by er4hn in "Bullfrog in the Dungeon"

er4hn — Fri, 15 Aug 2025 22:47:16 +0000

Wandering around my dungeon, doing things, in the first person was such a fun experience as well. It felt like such a novel way to explore what I was doing and look at my creatures "in the face" so to say. In some ways it feels like a precursor to things like minecraft, where you could do some tasks as an imp in the dungeon.

New comment by er4hn in "NautilusTrader: Open-source algorithmic trading platform"

er4hn — Wed, 06 Aug 2025 17:27:52 +0000

Is this the financial version of the 3-body problem?

New comment by er4hn in "DrawAFish.com Postmortem"

er4hn — Mon, 04 Aug 2025 21:55:05 +0000

There's a long history of this. A defense against the Morris worm made use of this as well.

New comment by er4hn in "Fintech dystopia"

er4hn — Tue, 29 Jul 2025 04:22:15 +0000

> Why would we want a digital currency? For similar reasons to all the other stuff above. It's more convenient. When you "transfer money" from your bank account to another, your bank has to physically move the associated cash from it's vault to the other banks vault, by hiring secure trucks, people, and so on. If the money has to cross a border, that's even more of a hassle, now you have to physically cross a border with a truck full of cash. When a bank "holds onto your money", they need a big vault full of cash, they have to count it, account for every dollar, physically safeguard it, etc.

> This is a huge cost, inefficiency, and a big challenge of banking, and it's one reason transaction fees and banking fees are so high.

That's absolutely not how this works though. Banks perform electronic transfers and most of the money is accounted for in databases. The problems are slow, antiquated, technology, which is made worse by the amount of regulation surrounding it that makes it hard for new contenders to enter and drive down prices via competition.

Cryptocurrency is trustless, but there is an interesting tangent about if you _do not_ want a government to control monetary policy.

New comment by er4hn in "EU commissioner shocked by dangers of some goods sold by Shein and Temu"

er4hn — Sun, 20 Jul 2025 21:16:45 +0000

No, it's so much worse than anyone could have imagined. For example: "kids’ shorts with drawstrings longer than regulation length, which cause a trip hazard."

New comment by er4hn in "How secure is your Bitcoin wallet's mnemonic seed phrase?"

er4hn — Mon, 14 Jul 2025 04:31:54 +0000

This is really fun, thanks for putting it together. I appreciated the checksum and entropy visualizers quite a bit, they made how it works "click" for me.

New comment by er4hn in "Analyzing a Critique of the AI 2027 Timeline Forecasts"

er4hn — Tue, 24 Jun 2025 23:36:58 +0000

That was something I struggled to understand for AI-2027. They have China nationalize DeepCent so there's only one Chinese lab. I don't understand why OpenBrain doesn't form multiple competing labs because that seems to be what happened IRL before this was written.

New comment by er4hn in "Excalidraw+ Is Now SoC 2 Certified"

er4hn — Tue, 24 Jun 2025 04:09:34 +0000

It is, but the collaboration portion is a CYOA part you need to implement yourself. There are OSS versions of that as well but they are not officially supported.

New comment by er4hn in "Excalidraw+ Is Now SoC 2 Certified"

er4hn — Tue, 24 Jun 2025 04:08:55 +0000

I've always viewed SOC-2 as a certification for business continuity, not security. Once you view it as making sure that the service can continue running, even with disaster or heavy turnover, it makes more sense.

New comment by er4hn in "The Polymarket users betting on when Jesus will return"

er4hn — Thu, 29 May 2025 17:58:50 +0000

Only if you can also take the worldwide network and infrastructure that make it possible. Though a room full of human computers processing math out loud to send wealth around seems more associated with another part of the afterlife ;)