Hacker News: kenniskrag

New comment by kenniskrag in "State of Homelab 2026"

kenniskrag — Mon, 13 Apr 2026 05:23:32 +0000

Is that legal? Do you avoid uploading somehow?

New comment by kenniskrag in "Password managers less secure than promised"

kenniskrag — Sat, 21 Feb 2026 22:59:36 +0000

Not if the advertise zero knowledge encryption. As far as I understand the password sharing / collaboration feature is often the problem.

Second: The provider can get the passwords with a simple server change.

New comment by kenniskrag in "Password managers less secure than promised"

kenniskrag — Sat, 21 Feb 2026 22:54:51 +0000

> Much like the other products we analyse, 1Password lacks authentication of public keys. This trivially enables sharing attacks similar to BW09, LP07 and DL02, something that the 1Password whitepaper...

> IMPACT. Complete compromise of vault confidentiality and integrity. The adversary can read and decrypt all vault con- tents encrypted after the attack, including passwords, credit card information, secure notes, and other sensitive data stored in the vault. Similarly, they can inject new items into the vault after the attack. REQUIREMENTS. The client fetches key material from the server, for example due to the user logging in on a new device. If executed on a non-empty vault, the attack results in the client losing access to all items already in their vault, while leaking any new items added to the vault after the attack took place. If the attack is executed at the time of vault creation, the attack is effectively undetectable by the client, since it cannot distinguish between a ciphertext it created and the ciphertext created by the server during the attack. PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key. Ideally, two different key pairs would be used for...

from the paper: https://eprint.iacr.org/2026/058.pdf

New comment by kenniskrag in "Discord Alternatives, Ranked"

kenniskrag — Tue, 10 Feb 2026 11:04:55 +0000

In europe you need identification to buy a sim or esim.

https://www.reddit.com/r/europe/comments/9ziqfi/european_cou...

New comment by kenniskrag in "Supreme Court wants US input on whether ISPs should be liable for users' piracy"

kenniskrag — Tue, 26 Nov 2024 10:56:57 +0000

> online access is as necessary as water We have paper money and also can work and buy stuff offline.

I would say online access is as necessary as a car. Possible without but less flexible.

New comment by kenniskrag in "Supreme Court wants US input on whether ISPs should be liable for users' piracy"

kenniskrag — Tue, 26 Nov 2024 10:53:31 +0000

Driving licence is a bad argument because there is public transportation service. If you're reckless or have other issues the licence is revoked.

New comment by kenniskrag in "We are shutting down Ondsel"

kenniskrag — Mon, 18 Nov 2024 12:15:53 +0000

One reason was, that the security model wasn't enough anymore. E.g. every application was trusted and can listen to key inputs e.g. steal passwords and credit card infos. Btw there was an issue that screenshotting in wayland was not possible. But easy in X11 because everything was visible.

Don't know much about the architecture about wayland but I think grahic driver handling changed in wayland too.

New comment by kenniskrag in "Andrew S. Tanenbaum Receives ACM Software System Award"

kenniskrag — Sat, 22 Jun 2024 19:23:08 +0000

One of these: https://media.pearsoncmg.com/bc/abp/cs-resources/products/se...

New comment by kenniskrag in "Please support "skip to main content" on your docs site"

kenniskrag — Tue, 04 Jun 2024 03:33:03 +0000

qutebrowser does that.

https://en.m.wikipedia.org/wiki/Qutebrowser

New comment by kenniskrag in "Claude is now available in Europe"

kenniskrag — Tue, 14 May 2024 11:03:27 +0000

Which ones? I try to learn how these systems work

New comment by kenniskrag in "Looo.lol – a binary math site"

kenniskrag — Sat, 06 Jan 2024 00:48:17 +0000

You can edit the url to use any number. :)

New comment by kenniskrag in "We don't have official RSS feed support for now, but we're working on a solution"

kenniskrag — Mon, 11 Dec 2023 13:03:21 +0000

which rss reader do you use?

New comment by kenniskrag in "Untrusted Device Encryption"

kenniskrag — Thu, 07 Dec 2023 10:21:00 +0000

Generally it depends on the threat vector.

* Do you trust the hardware

* Do you trust the OS

* Do you trust the user

* Do you trust the software

On a rootkit you don't trust the OS anymore. So a safe location inside the OS space isn't an option anymore. But often you are not a root user (e.g. android, windows in a corporate environment)

If you have OS backups there is a risk it is readable by others (e.g. cloud, different IT department). There is also a risk a user uploads the config somewhere.

If you want to rotate keys you would have to search all keys compared to a centralized location.

New comment by kenniskrag in "Untrusted Device Encryption"

kenniskrag — Thu, 07 Dec 2023 09:17:40 +0000

yes because more than one process can access the file.

A "password manager" provides a defined api and schields the password away from everything. It can also ask the user if process x can access the key y.

Android Permission Bypass: Unauthorized Access Through Read_external_storage

kenniskrag — Fri, 11 Aug 2023 14:58:57 +0000

Article URL: https://medium.com/@yuva.phalle/android-permission-bypass-5d4f307600f

Comments URL: https://news.ycombinator.com/item?id=37089441

Points: 2

# Comments: 0

New comment by kenniskrag in "Firefox has surpassed Chrome on Speedometer"

kenniskrag — Tue, 18 Jul 2023 14:24:03 +0000

TL;DR: Windows Defender had a bug that made certain system calls expensive on CPU cycles when Defender's Real-time Protection feature is enabled. After discovery, Mozilla reported this issue to Microsoft. Microsoft is releasing a patch that should result in lower CPU usage when using Firefox on sites like YouTube (a ~75% CPU usage reduction was noted when browsing YouTube in Firefox with the fixed version of Defender).

https://news.ycombinator.com/item?id=35458746

New comment by kenniskrag in "Pricing Money: A beginner's guide to money, bonds, futures and swaps"

kenniskrag — Sat, 17 Jun 2023 06:17:24 +0000

Is https://www.portvintages.com/ the book?

New comment by kenniskrag in "Intravenous Caffeine"

kenniskrag — Thu, 08 Jun 2023 16:07:13 +0000

chocolate

New comment by kenniskrag in "France legalizes remote camera and microphone activation in smartphones"

kenniskrag — Thu, 08 Jun 2023 13:02:13 +0000

I recently saw a green dot on the right corner during camera usage on android. Probably a (new) feature of android.

New comment by kenniskrag in "Brute.Fail: Watch brute force attacks fail in real time"

kenniskrag — Fri, 02 Jun 2023 20:59:34 +0000

Nice idea. From the docs:

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

https://github.com/skeeto/endlessh