Hacker News: moviuro

New comment by moviuro in "SSH certificates: the better SSH experience"

moviuro — Fri, 03 Apr 2026 16:51:07 +0000

That sounds like a lot of extra steps. How do I validate the authenticity of a signing request? Should my signing machine be able to challenge the requester? (This means that the CA key is on a machine with network access!!)

Replacing the distribution of a revocation list with short-lived certificates just creates other problems that are not easier to solve. (Also, 1h is bonkers, even letsencrypt doesn't do it)

New comment by moviuro in "SSH certificates: the better SSH experience"

moviuro — Fri, 03 Apr 2026 15:40:44 +0000

All those articles about SSH certificates fall short of explaining how the revocation list can/should be published.

Is that yet another problem that I need to solve with syncthing?

https://man.openbsd.org/ssh-keygen.1#KEY_REVOCATION_LISTS

A Shared Vision of Software Bill of Materials (SBoM) for Cybersecurity [pdf]

moviuro — Thu, 04 Sep 2025 13:51:15 +0000

Article URL: https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf

Comments URL: https://news.ycombinator.com/item?id=45127281

Points: 2

# Comments: 0

Remote code execution in CentOS Web Panel – CVE-2025-48703

moviuro — Tue, 24 Jun 2025 15:05:51 +0000

Article URL: https://fenrisk.com/rce-centos-webpanel

Comments URL: https://news.ycombinator.com/item?id=44367046

Points: 1

# Comments: 0

New comment by moviuro in "Some Fritz!Box modems might have been hijacked"

moviuro — Sun, 21 Apr 2024 16:02:40 +0000

Search forums local to your country and write documentation on how to use Linux or BSD as a modem.

For OpenBSD on Orange France FTTH: https://lafibre.info/remplacer-livebox/remplacer-sa-livebox-... or https://try.popho.be/securing-home2.html

New comment by moviuro in "Sudo for Windows"

moviuro — Fri, 09 Feb 2024 08:43:28 +0000

OpenBSD's team has already reacted and added Word to OpenBSD

* https://marc.info/?l=openbsd-tech&m=170742832804260&w=2

* https://news.ycombinator.com/item?id=39309638

New comment by moviuro in "AdGuard Home: Network-wide ad- and tracker-blocking DNS server"

moviuro — Tue, 06 Feb 2024 18:03:23 +0000

Unbound with tags?

* https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering...

* https://try.popho.be/securing-home3.html

* https://git.sr.ht/~moviuro/moviuro.bin/tree/master/item/lie-...

The Performance Inequality Gap, 2024

moviuro — Wed, 31 Jan 2024 09:09:25 +0000

Article URL: https://infrequently.org/2024/01/performance-inequality-gap-2024/

Comments URL: https://news.ycombinator.com/item?id=39201648

Points: 39

# Comments: 14

New comment by moviuro in "A data corruption bug in OpenZFS?"

moviuro — Tue, 26 Dec 2023 10:13:57 +0000

It's a very rare race condition, odds are very low that you were impacted. If you were, you would have noticed (heavy builds with files being moved around where suddenly files are zero).

[0] https://bugs.gentoo.org/917224

[1] https://github.com/openzfs/zfs/issues/15526 (referenced in the article)

A data corruption bug in OpenZFS?

moviuro — Tue, 26 Dec 2023 09:21:11 +0000

Article URL: https://despairlabs.com/blog/posts/2023-12-25-openzfs-data-corruption-bug/

Comments URL: https://news.ycombinator.com/item?id=38770168

Points: 220

# Comments: 111

New comment by moviuro in "Using Goatse to Stop App Theft"

moviuro — Tue, 17 Oct 2023 20:50:11 +0000

See the explanation on the blog itself [0]

[0] https://joshcsimmons.com/post/H4sIAAAAAAAA%2F3xV227cRgx911cQ...

Pixel 8 and Pixel 8 Pro

moviuro — Wed, 04 Oct 2023 16:16:05 +0000

Article URL: https://blog.google/products/pixel/google-pixel-8-pro/

Comments URL: https://news.ycombinator.com/item?id=37767340

Points: 25

# Comments: 4

Mashing Enter to bypass [FDE] with TPM, Clevis, dracut and systemd

moviuro — Fri, 01 Sep 2023 06:08:41 +0000

Article URL: https://pulsesecurity.co.nz/advisories/tpm-luks-bypass

Comments URL: https://news.ycombinator.com/item?id=37347392

Points: 3

# Comments: 0

New comment by moviuro in "Factorio: Space Age"

moviuro — Fri, 25 Aug 2023 13:58:13 +0000

> The signals required a lot of patience to learn and I'm not entirely sure I still understand them.

Chain signals before an intersection; regular signals after those, and on the track to split the track for multiple trains simultaneously.

See: https://wiki.factorio.com/Tutorial:Train_signals if you haven't already.

New comment by moviuro in "Google will add E2E encryption to Authenticator backups"

moviuro — Thu, 27 Apr 2023 16:24:56 +0000

> they lose the master password

The threat model for every lambda user having a password manager does not cover breaking and entering[0]: they should write down their master password and keep it at home in their bedroom drawer.

Use biometrics where possible (e.g. bitwarden on Android has that option)

[0] maybe it does for you, working on some DoD-confidential docs, but your computer-illiterate aunt doesn't.

Usable systemd Timers for Mortals

moviuro — Mon, 13 Mar 2023 10:00:45 +0000

Article URL: https://try.popho.be/systemd-timers.html

Comments URL: https://news.ycombinator.com/item?id=35133483

Points: 4

# Comments: 0

New comment by moviuro in "Initial support for guided disk encryption in OpenBSD installer"

moviuro — Wed, 08 Mar 2023 08:43:35 +0000

It's only now added as an interactive step in the install script. It has ~always been possible to create a crypto device with the install medium by dropping to a shell: https://www.openbsd.org/faq/faq14.html#softraidFDE

New comment by moviuro in "Pure Storage Teases 300 TB Ultra-Large NVMe SSD with Tentative 2026 Launch"

moviuro — Tue, 07 Mar 2023 17:45:09 +0000

> You can stack storage to your heart's content

Unless you actually hit the maximum your building can sustain (heat, volume). Building datacenters is incredibly expensive, so reusing existing infrastructure and packing it with more is actually important.

New comment by moviuro in "Ask HN: How do you start over with 2FA after losing your phone?"

moviuro — Tue, 07 Mar 2023 13:39:20 +0000

As specified when activating MFA, did you download (and print) your backup codes? If so, use them to re-enroll a new device into MFA.

If not, you can try reaching out to customer service after you get a new SIM card.

For banking and everything else IRL, you can just walk up to the teller with your ID.

New comment by moviuro in "ssh whoami.filippo.io"

moviuro — Mon, 09 Jan 2023 09:08:48 +0000

To make use of one different key per host, you can use some ssh_config(5) magic[0]:

    IdentityFile ~/.ssh/keys/%h

[0] https://man.openbsd.org/ssh_config.5