Hacker News: kenniskrag

New comment by kenniskrag in "DNSSEC disruption affecting .de domains – Resolved"

kenniskrag — Wed, 06 May 2026 09:15:54 +0000

acme.sh supports multiple CAs there is even a RFC for CAs that describe the api.

New comment by kenniskrag in "DNSSEC disruption affecting .de domains – Resolved"

kenniskrag — Wed, 06 May 2026 09:14:08 +0000

I would define high as "double time needed to fix a dns issue" and account for weekends

New comment by kenniskrag in "Microsoft Edge stores all passwords in memory in clear text, even when unused"

kenniskrag — Tue, 05 May 2026 05:45:52 +0000

What's the threat model. Where do you store the decryption key?

E.g. if my app needs a db connection I can ask a vault service but I need creds for that. The vault service can rotate the creds very fast but is it addition security.

New comment by kenniskrag in "Microsoft Edge stores all passwords in memory in clear text, even when unused"

kenniskrag — Tue, 05 May 2026 05:42:57 +0000

Edit:

Banking has no selfservice password reset. A lot of work for customer support due to identification. Nobody wants to do that for free and if the accounts are freenyou may get DOSed by bots which trigger passwort resets.

New comment by kenniskrag in "Microsoft Edge stores all passwords in memory in clear text, even when unused"

kenniskrag — Tue, 05 May 2026 05:40:22 +0000

> But then your hardware dies

A lot of services have password reset email features. If the email account has passkey you're screwed. But restore by snail mail can be possible but slow (for paid services). More secure? Don't know but same category of problems already known due to sim swapping attacks in mobile sector. But for sure the Mail account is a high value target.

Storing passkeys in a database may be possible but complex to do it right e.g. backup verification, avoiding to leak while backup etc.

New comment by kenniskrag in "Mastodon: Don't use "Mastodon" or "mstdn" in domain names"

kenniskrag — Thu, 16 Apr 2026 17:25:47 +0000

Pull request to notify on setup (2 weeks old): https://github.com/mastodon/mastodon/pull/38548

Mastodon: Don't use "Mastodon" or "mstdn" in domain names

kenniskrag — Thu, 16 Apr 2026 17:05:28 +0000

Article URL: https://github.com/mastodon/mastodon/discussions/22785

Comments URL: https://news.ycombinator.com/item?id=47796358

Points: 4

# Comments: 8

New comment by kenniskrag in "State of Homelab 2026"

kenniskrag — Mon, 13 Apr 2026 05:23:32 +0000

Is that legal? Do you avoid uploading somehow?

New comment by kenniskrag in "Password managers less secure than promised"

kenniskrag — Sat, 21 Feb 2026 22:59:36 +0000

Not if the advertise zero knowledge encryption. As far as I understand the password sharing / collaboration feature is often the problem.

Second: The provider can get the passwords with a simple server change.

New comment by kenniskrag in "Password managers less secure than promised"

kenniskrag — Sat, 21 Feb 2026 22:54:51 +0000

> Much like the other products we analyse, 1Password lacks authentication of public keys. This trivially enables sharing attacks similar to BW09, LP07 and DL02, something that the 1Password whitepaper...

> IMPACT. Complete compromise of vault confidentiality and integrity. The adversary can read and decrypt all vault con- tents encrypted after the attack, including passwords, credit card information, secure notes, and other sensitive data stored in the vault. Similarly, they can inject new items into the vault after the attack. REQUIREMENTS. The client fetches key material from the server, for example due to the user logging in on a new device. If executed on a non-empty vault, the attack results in the client losing access to all items already in their vault, while leaking any new items added to the vault after the attack took place. If the attack is executed at the time of vault creation, the attack is effectively undetectable by the client, since it cannot distinguish between a ciphertext it created and the ciphertext created by the server during the attack. PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key. Ideally, two different key pairs would be used for...

from the paper: https://eprint.iacr.org/2026/058.pdf

New comment by kenniskrag in "Discord Alternatives, Ranked"

kenniskrag — Tue, 10 Feb 2026 11:04:55 +0000

In europe you need identification to buy a sim or esim.

https://www.reddit.com/r/europe/comments/9ziqfi/european_cou...

New comment by kenniskrag in "Supreme Court wants US input on whether ISPs should be liable for users' piracy"

kenniskrag — Tue, 26 Nov 2024 10:56:57 +0000

> online access is as necessary as water We have paper money and also can work and buy stuff offline.

I would say online access is as necessary as a car. Possible without but less flexible.

New comment by kenniskrag in "Supreme Court wants US input on whether ISPs should be liable for users' piracy"

kenniskrag — Tue, 26 Nov 2024 10:53:31 +0000

Driving licence is a bad argument because there is public transportation service. If you're reckless or have other issues the licence is revoked.

New comment by kenniskrag in "We are shutting down Ondsel"

kenniskrag — Mon, 18 Nov 2024 12:15:53 +0000

One reason was, that the security model wasn't enough anymore. E.g. every application was trusted and can listen to key inputs e.g. steal passwords and credit card infos. Btw there was an issue that screenshotting in wayland was not possible. But easy in X11 because everything was visible.

Don't know much about the architecture about wayland but I think grahic driver handling changed in wayland too.

New comment by kenniskrag in "Andrew S. Tanenbaum Receives ACM Software System Award"

kenniskrag — Sat, 22 Jun 2024 19:23:08 +0000

One of these: https://media.pearsoncmg.com/bc/abp/cs-resources/products/se...

New comment by kenniskrag in "Please support "skip to main content" on your docs site"

kenniskrag — Tue, 04 Jun 2024 03:33:03 +0000

qutebrowser does that.

https://en.m.wikipedia.org/wiki/Qutebrowser

New comment by kenniskrag in "Claude is now available in Europe"

kenniskrag — Tue, 14 May 2024 11:03:27 +0000

Which ones? I try to learn how these systems work

New comment by kenniskrag in "Looo.lol – a binary math site"

kenniskrag — Sat, 06 Jan 2024 00:48:17 +0000

You can edit the url to use any number. :)

New comment by kenniskrag in "We don't have official RSS feed support for now, but we're working on a solution"

kenniskrag — Mon, 11 Dec 2023 13:03:21 +0000

which rss reader do you use?

New comment by kenniskrag in "Untrusted Device Encryption"

kenniskrag — Thu, 07 Dec 2023 10:21:00 +0000

Generally it depends on the threat vector.

* Do you trust the hardware

* Do you trust the OS

* Do you trust the user

* Do you trust the software

On a rootkit you don't trust the OS anymore. So a safe location inside the OS space isn't an option anymore. But often you are not a root user (e.g. android, windows in a corporate environment)

If you have OS backups there is a risk it is readable by others (e.g. cloud, different IT department). There is also a risk a user uploads the config somewhere.

If you want to rotate keys you would have to search all keys compared to a centralized location.