Hacker News: mstrem

Lattice Crypto Primer

mstrem — Fri, 21 Mar 2025 14:44:44 +0000

Article URL: https://blog.cloudflare.com/lattice-crypto-primer/

Comments URL: https://news.ycombinator.com/item?id=43436319

Points: 4

# Comments: 0

New comment by mstrem in "Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking"

mstrem — Sun, 16 Mar 2025 22:57:49 +0000

There is no such intent from us to throw around our weight. The team is challenged with a very hard task of balancing protecting web assets VS ensuring that those same assets remain accessible to everyone. It's not an easy problem.

The features you refer to are not bleeding edge, and not only that, they are security features. We are still discussing internally but I hope we can publish soon the details so that point can be addressed.

Final but not last, this only affects our challenge system, which is never issued by us as a blanket action across Internet traffic. It's normally a configuration a Cloudflare user implements in response to an ongoing issue they have (like a bot problem). We do report challenge pass rates and error rates but we can certainly always improve that feedback loop.

New comment by mstrem in "Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking"

mstrem — Sun, 16 Mar 2025 17:32:31 +0000

We expect the user agent string to be present, that yes. We don't have any logic based on it's contents though (except blocking known bad ones) and we don't have any exceptions for the major browsers.

No commercial uses around this.

New comment by mstrem in "Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking"

mstrem — Sun, 16 Mar 2025 16:52:56 +0000

Michael Tremante here. I'd like to address some points openly as I'm personally mentioned in the forum. I reached out to the Pale Moon community on behalf of the team to try and resolve the issue with the Pale Moon browser.

- We sent our standard NDA to speed things up. I explicitly said in the message that it may not be required, but in the interest of moving fast we sent it to them so they could review it just in case

- We are committed to making our challenge system work on all browsers by clearly documenting what APIs need to be supported. For example, part of the issue with Pale Moon, is that it does not support CSPs correctly

- Notwithstanding the above, to resolve the issue quickly we are willing to lower some of our checks if and only if, we find the right approach. Of course this would introduce some security issues that bot developers may quickly leverage

- Contrary to what many have said in this forum, our challenge has no logic that relies on the user agent strings. We rely on browser APIs. We don't have any special checks for any specific browser

- To address this longer term, we are discussing internally a program for browser developers to have a direct channel with our team and we hope to have something to share soon with the browser developer community

I am happy to answer any constructive questions.

Application security Internet trends in 2023

mstrem — Tue, 14 Mar 2023 23:15:05 +0000

Article URL: https://blog.cloudflare.com/application-security-2023/

Comments URL: https://news.ycombinator.com/item?id=35160790

Points: 1

# Comments: 0

New comment by mstrem in "Down the Cloudflare / Stripe / OWASP Rabbit Hole"

mstrem — Mon, 20 Feb 2023 13:23:20 +0000

Our DDoS mitigation is separate yes and will still work.

The Knowledge of London

mstrem — Thu, 26 May 2022 22:53:35 +0000

Article URL: https://tfl.gov.uk/info-for/taxis-and-private-hire/licensing/learn-the-knowledge-of-london

Comments URL: https://news.ycombinator.com/item?id=31524257

Points: 1

# Comments: 0

Application Security: Cloudflare's View

mstrem — Tue, 22 Mar 2022 17:13:40 +0000

Article URL: https://blog.cloudflare.com/application-security/

Comments URL: https://news.ycombinator.com/item?id=30768764

Points: 3

# Comments: 0

New comment by mstrem in "I got pwned by my cloud costs"

mstrem — Mon, 24 Jan 2022 11:25:55 +0000

No. Cloudflare is configured as a reverse proxy in front of the site. So traffic reaches the Cloudflare edge first, then it is proxied to the origin on Azure unless the file is served directly from the Cloudflare cache.

New comment by mstrem in "Why don't I have a blog?"

mstrem — Wed, 12 Jan 2022 21:38:09 +0000

I also don't have many interesting things to say. I also don't think I'm a particularly good programmer.

But yet I have a blog. Mostly to improve my writing. And to give me an additional reason to explore a new topic once in a while. It's also a nice notebook.

If I get a reader that's good. But building a high profile blog does not have to be the main goal.

New comment by mstrem in "Ask HN: Who is hiring? (July 2020)"

mstrem — Wed, 01 Jul 2020 16:15:44 +0000

I feel this is a generalisation. A lot of coding assignments are unrelated to the actual work and have no value to the potential employer besides assessing skills.

New comment by mstrem in "Home Is Where the Parking Lot Is [video]"

mstrem — Thu, 08 Sep 2016 17:45:31 +0000

With my dad being an airline pilot and having grown up in the "pilot community" I must say that this style of living is probably by far the exception rather than the norm.

My family, and all my parent's friends (most of which were pilots or air attendants), all had what you could call normal a house with normal lives etc. etc.

By most means life was pretty much the same as anyone else.

New comment by mstrem in "I tried to fly to London on a fake passport [video]"

mstrem — Fri, 15 Jul 2016 16:11:41 +0000

what is he fleeing from in France? => nothing. France is a great place.

However, I have lived both in the UK and in France. If I had a choice, and if I was looking for asylum, I would choose the UK every time. In another video from him he says his two friends made it to the UK before him. The best country to get into Europe (as an asylum seeker) is the UK. It is also a reason why there is such a big fuss about immigration. The benefits are great, it is a very safe country, wealthy, lots of opportunity... etc etc. I might be very biast but the UK is quite a bit ahead of the other European countries in my opinion (with a few exceptions). If the UK was on mainland Europe it would have waayyy more immigration problems.

Edit: I am happy he made it. I am pro immigration.

New comment by mstrem in "Google CDN Beta is already one of the fastest CDNs"

mstrem — Tue, 19 Apr 2016 00:44:13 +0000

I think the OP just added CloudFlare when the site was overloaded earlier...

New comment by mstrem in "For anyone who has been turned down by 38 companies"

mstrem — Wed, 30 Mar 2016 23:31:10 +0000

Right, I personally literally change my resume based on each application focusing on the experience which I think would be most relevant for each position. I also change the introduction sentence and when I respond to open ended questions (in the quizzes) I always refer back to the company and relevant examples. Cover letter, when requested, also takes me a lot of time to write up.

New comment by mstrem in "For anyone who has been turned down by 38 companies"

mstrem — Wed, 30 Mar 2016 23:09:14 +0000

I somewhat agree with your statement. Mainly because I personally put a LOT of effort into each job application and I would not be able to apply to more than 2-3 jobs a week. Takes time to find the right company, do research, make a perfect personalized application etc.

As a result to that pretty much all applications I have ever made have at the very least gotten back to me. I would never be able to apply to 38 jobs in 2 months. I feel like a lot of copy paste went on and that sets you to a negative start.

Uber blocked in Italy

mstrem — Tue, 26 May 2015 11:11:07 +0000

Article URL: http://www.ilsole24ore.com/art/notizie/2015-05-26/il-tribunale-milano-blocca-servizio-uber-pop-tutta-italia-113200.shtml

Comments URL: https://news.ycombinator.com/item?id=9603948

Points: 1

# Comments: 1

New comment by mstrem in "Mail-in-a-box: easy to set up modern SMTP/SMTPS server stack"

mstrem — Wed, 23 Apr 2014 20:35:34 +0000

This is typical, I have just done the whole process myself a few weeks ago from scratch (fresh CentOS install) and now this comes up.

However I do not regret it at all. I had Linux experience and it took me one day and a half work to get it all working very nicely.

I am happy with my config: Postifx, Dovecot, RoundCube, SpamAssassin, ClamAV

Server supports unlimited domains and user accounts - SSL is required for all connections, I only allow IMAP and I have configured it with two valid free StartSSL certificates:

    One under mail.domain.com (for email clients)
    One under webmail.domain.com (for the webmail)

And both of course do not show warnings and green padlock is always nice.

The thing that scared me the most was outgoing emails being dropped - however to date I have delivered fine to all main email provider - followed a few simple rules:

    Ensure you have both SPF and TXT correct DNS records
    Ensure you have IPv6 configured properly (Google was  rejecting due to this) 
    Set your reverse DNS
    Set your machine hostname etc. in postfix

New comment by mstrem in "The Cloud Service I have been using just dissappeared"

mstrem — Fri, 18 Apr 2014 08:12:41 +0000

For some context - I hope they just have forgotten to renew their domain (which is still very bad). The client software does not connect either though - and they do no answer the phone.

The Cloud Service I have been using just dissappeared

mstrem — Fri, 18 Apr 2014 08:11:39 +0000

Article URL: http://livedrive.com/

Comments URL: https://news.ycombinator.com/item?id=7608404

Points: 2

# Comments: 3