Hacker News: packetizedhttps://news.ycombinator.com/user?id=packetizedHacker News RSShttps://hnrss.org/hnrss v2.1.1Fri, 01 May 2026 20:05:43 +0000<![CDATA[New comment by packetized in "Kubernetes reinvented virtual machines in a good sense"]]>I dare say that it’s annoying you as a result of cognitive dissonance about your employer paying six figures to migrate to it.

If you’re being paid well, obviously you’ll be annoyed by concepts contrary to your work.

e: edits are hated, but the downvotes prove out: Kubernetes is simply OpenStack for hipsters.

]]>Sun, 31 Jul 2022 22:21:39 +0000https://news.ycombinator.com/item?id=32299410packetizedhttps://news.ycombinator.com/item?id=32299410https://news.ycombinator.com/item?id=32299410<![CDATA[New comment by packetized in "Third-Party Audit of Rustls"]]>The finding in TLS-01-003 is surprising to me, mostly because it presupposes a lack of sophistication among users of this library who are also using X.509 NameConstraints. From RFC5280:

  For example, a name constraint for "class C" subnet 192.0.2.0 is represented as the octets C0 00 02 00 FF FF FF 00, representing the CIDR notation 192.0.2.0/24 (mask 255.255.255.0).
As they mention in the findings:

  Typically, subnet masks should be contiguous and the presence of a non-contiguous mask might indicate a typo (such as 225.255.255.0 vs. 255.255.255.0), or potentially an attempt to bypass an access control scheme. Therefore, it is recommended to treat certificates containing non-contiguous subnet masks in their name constraints as invalid.
This seems to run counter to the intent in the RFC. By allowing for a four-octet subnet mask, instead of simply an int to represent the a contiguous CIDR mask, the RFC authors may have intended that more complex IP-based NameConstraints could be constructed. This certainly would make a huge difference for something like an intermediate (CA:TRUE), where it becomes much more economical to specify a sparse mask for a highly templated network. Think certs for network equipment or VoIP phones with regular, repeatable IP addressing across many locations/networks. E.g., a VoIP provisioning system that has an intermediate issuing CA with the following NameConstraints: IP:172.16.0.0/255.255.1.239.

If any change comes from this specific finding, I would hope that it's simply a flag to allow or disallow the use of discontiguous masks. I do understand that this is specific to WebPKI; having said that, if a client is implemented using rustls (with these recommendations enabled) and it happens across a perfectly valid certificate issued by an intermediate with a discontiguous mask in the NameConstraints, presumably it would fail or otherwise break. And yes, I have previously configured precisely this in an intermediate CA.

]]>Sun, 14 Jun 2020 22:29:08 +0000https://news.ycombinator.com/item?id=23521924packetizedhttps://news.ycombinator.com/item?id=23521924https://news.ycombinator.com/item?id=23521924<![CDATA[New comment by packetized in "An app can be a home-cooked meal"]]>This is absolutely a false dichotomy. A home-cooked meal is not one conventionally thought of as being from items hyperlocally sourced. At least, not in the last 70-100 years. We’ve had Sears Roebuck and the like for quite some time.

]]>Mon, 17 Feb 2020 04:56:08 +0000https://news.ycombinator.com/item?id=22345697packetizedhttps://news.ycombinator.com/item?id=22345697https://news.ycombinator.com/item?id=22345697<![CDATA[New comment by packetized in "Stripe's 210 Day Hold Practices"]]>The fact that the OP had to resort to unofficial channels to get satisfaction is the problem, full stop.

]]>Tue, 24 Dec 2019 06:19:11 +0000https://news.ycombinator.com/item?id=21870270packetizedhttps://news.ycombinator.com/item?id=21870270https://news.ycombinator.com/item?id=21870270<![CDATA[New comment by packetized in "Stripe's 210 Day Hold Practices"]]>I would say that is much more damning of their state of customer interest.

]]>Tue, 24 Dec 2019 06:18:09 +0000https://news.ycombinator.com/item?id=21870263packetizedhttps://news.ycombinator.com/item?id=21870263https://news.ycombinator.com/item?id=21870263<![CDATA[New comment by packetized in "Stripe's 210 Day Hold Practices"]]>That you would have to communicate this to a customer via HN is pretty damning.

]]>Tue, 24 Dec 2019 06:06:50 +0000https://news.ycombinator.com/item?id=21870214packetizedhttps://news.ycombinator.com/item?id=21870214https://news.ycombinator.com/item?id=21870214<![CDATA[New comment by packetized in "Vault 1.3"]]>Vault is a phenomenal tool, full stop.

]]>Fri, 15 Nov 2019 06:00:16 +0000https://news.ycombinator.com/item?id=21542605packetizedhttps://news.ycombinator.com/item?id=21542605https://news.ycombinator.com/item?id=21542605<![CDATA[New comment by packetized in "Never Use White Text on Black: Astygmatism and Conference Slides (2017)"]]>Agreed, I just found the juxtaposition of the two confusing at first.

]]>Sun, 27 Oct 2019 05:53:26 +0000https://news.ycombinator.com/item?id=21368077packetizedhttps://news.ycombinator.com/item?id=21368077https://news.ycombinator.com/item?id=21368077<![CDATA[New comment by packetized in "Never Use White Text on Black: Astygmatism and Conference Slides (2017)"]]>On mobile, this site has a “toggle high contrast” widget on the left side that seems to directly contravene the points made in the article.

]]>Sun, 27 Oct 2019 04:48:53 +0000https://news.ycombinator.com/item?id=21367928packetizedhttps://news.ycombinator.com/item?id=21367928https://news.ycombinator.com/item?id=21367928<![CDATA[New comment by packetized in "Issue 914451: Autofill does not respect autocomplete="off""]]>This position seems at odds with a recently opened WHATWG issue.

https://github.com/whatwg/html/issues/4986

]]>Sun, 13 Oct 2019 07:49:49 +0000https://news.ycombinator.com/item?id=21239078packetizedhttps://news.ycombinator.com/item?id=21239078https://news.ycombinator.com/item?id=21239078<![CDATA[New comment by packetized in "The Linux kernel's inability to gracefully handle low memory pressure"]]>The first two nota benes explicitly describe this document being outdated and not what most people expect when it comes to “memory controller”. I am not certain that citing this is a great example.

]]>Tue, 06 Aug 2019 06:51:44 +0000https://news.ycombinator.com/item?id=20622805packetizedhttps://news.ycombinator.com/item?id=20622805https://news.ycombinator.com/item?id=20622805<![CDATA[New comment by packetized in "U.S. Telcos Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls"]]>https://en.m.wikipedia.org/wiki/Enhanced_GPS

]]>Sat, 09 Feb 2019 04:43:54 +0000https://news.ycombinator.com/item?id=19120793packetizedhttps://news.ycombinator.com/item?id=19120793https://news.ycombinator.com/item?id=19120793<![CDATA[New comment by packetized in "Two-factor auth with public-key cryptography"]]>Arguably, private keys should not ever leave the device on which they were generated.

]]>Mon, 04 Feb 2019 00:09:11 +0000https://news.ycombinator.com/item?id=19073036packetizedhttps://news.ycombinator.com/item?id=19073036https://news.ycombinator.com/item?id=19073036<![CDATA[New comment by packetized in "Two-factor auth with public-key cryptography"]]>I’m curious to know what benefits accrue from sending the user’s private key over the wire (even encrypted). It seems a strange concept, at odds with ephemeral key usage.

]]>Sun, 03 Feb 2019 23:13:07 +0000https://news.ycombinator.com/item?id=19072841packetizedhttps://news.ycombinator.com/item?id=19072841https://news.ycombinator.com/item?id=19072841<![CDATA[New comment by packetized in "[dead]"]]>This whole post smacks of a half-hearted attempt to memorialize Terry, while slyly smearing him.

n.b. I am not defending Terry’s outlook nor besmirching his efforts, simply calling out this post as a not great eulogy.

]]>Fri, 25 Jan 2019 06:19:50 +0000https://news.ycombinator.com/item?id=18995960packetizedhttps://news.ycombinator.com/item?id=18995960https://news.ycombinator.com/item?id=18995960<![CDATA[New comment by packetized in "Man says CES lidar’s laser was so powerful it wrecked his camera"]]>Your cellphone camera lens likely doesn’t have the requisite light-gathering capacity to burn out the CMOS image sensor in your phone. CCDs (commonly used in DSLR/M43 cameras) are far more sensitive, as I understand it.

]]>Fri, 11 Jan 2019 21:33:37 +0000https://news.ycombinator.com/item?id=18887313packetizedhttps://news.ycombinator.com/item?id=18887313https://news.ycombinator.com/item?id=18887313<![CDATA[New comment by packetized in "I need to copy 2000+ DVDs in 3 days. What are my options?"]]>Factual information isn’t always useful in another context.

]]>Tue, 18 Dec 2018 05:15:38 +0000https://news.ycombinator.com/item?id=18704684packetizedhttps://news.ycombinator.com/item?id=18704684https://news.ycombinator.com/item?id=18704684<![CDATA[New comment by packetized in "I was a senior VP of tech at Starwood: here’s my take on the guest data breach"]]>This is an exceptionally self-serving take on the matter at hand. So much so that it’s frankly breathtaking that it’s been upvoted to #1.

Dear Israel del Rio,

As a Mariott and SPG member since history, kindly focus on not disclaiming responsibility in a public forum, since you almost assuredly aren’t as innocent as you claim.

]]>Wed, 12 Dec 2018 05:03:21 +0000https://news.ycombinator.com/item?id=18661529packetizedhttps://news.ycombinator.com/item?id=18661529https://news.ycombinator.com/item?id=18661529<![CDATA[New comment by packetized in "GM’s data mining is just the beginning of the in-car advertising blitz"]]>This is a profoundly unhelpful comment.

]]>Tue, 23 Oct 2018 06:31:41 +0000https://news.ycombinator.com/item?id=18281175packetizedhttps://news.ycombinator.com/item?id=18281175https://news.ycombinator.com/item?id=18281175<![CDATA[New comment by packetized in "iPhones are hard to use"]]>The term “Windows autism” is pretty repugnant.

]]>Tue, 23 Oct 2018 06:00:03 +0000https://news.ycombinator.com/item?id=18281039packetizedhttps://news.ycombinator.com/item?id=18281039https://news.ycombinator.com/item?id=18281039