Hacker News: pzb

New comment by pzb in "Email could have been X.400 times better"

pzb — Sat, 25 Apr 2026 03:07:13 +0000

X.509 absolutely lives on -- https://www.itu.int/rec/t-rec-x.509 last update was October 2024. However WebPKI uses PKIX which is fairly stubbornly stuck on RFC5280.

On the ITU side, they have made improvements including allowing a plain fully qualified domain name as the subject of a certificate, as an alternative to sequence of set of attributes.

New comment by pzb in "How did .agakhan, .ismaili and .imamat get their own TLDs?"

pzb — Sat, 30 Aug 2025 01:30:42 +0000

From the ICANN site, 154 gTLD agreements have been terminated. I'm not sure how many due to non-payment, but https://domainincite.com/30105-icann-to-terminate-five-new-g... indicates that at least some have been due to non-payment.

https://www.icann.org/en/registry-agreements?sort-column=top...

New comment by pzb in "SSDs have become fast, except in the cloud"

pzb — Wed, 21 Feb 2024 04:40:19 +0000

AWS has stated that there is a "Nitro Card for Instance Storage"[0][1] which is a NVMe PCIe controller that implements transparent encryption[2].

I don't have access to an EC2 instance to check, but you should be able to see the PCIe topology to determine how many physical cards are likely in i4i and im4gn and their PCIe connections. i4i claims to have 8 x 3,750 AWS Nitro SSD, but it isn't clear how many PCIe lanes are used.

Also, AWS claims "Traditionally, SSDs maximize the peak read and write I/O performance. AWS Nitro SSDs are architected to minimize latency and latency variability of I/O intensive workloads [...] which continuously read and write from the SSDs in a sustained manner, for fast and more predictable performance. AWS Nitro SSDs deliver up to 60% lower storage I/O latency and up to 75% reduced storage I/O latency variability [...]"

This could explain the findings in the article - they only meared peak r/w, not predictability.

[0] https://perspectives.mvdirona.com/2019/02/aws-nitro-system/ [1] https://aws.amazon.com/ec2/nitro/ [2] https://d1.awsstatic.com/events/reinvent/2019/REPEAT_2_Power...

Fun Fact: I own porn I can't watch

pzb — Thu, 02 Feb 2023 16:37:41 +0000

Article URL: https://foone.tumblr.com/post/705446706461949953/fun-fact-i-own-porn-i-cant-watch

Comments URL: https://news.ycombinator.com/item?id=34628996

Points: 449

# Comments: 218

New comment by pzb in "WeWork’s once robust cash reserves have dwindled, raising chances of default"

pzb — Fri, 16 Dec 2022 17:43:14 +0000

https://archive.ph/sVNVU

New comment by pzb in "IPv4 Transfer Pricing"

pzb — Sun, 03 Jul 2022 15:21:31 +0000

The data in this post seems behind. https://auctions.ipv4.global/prior-sales shows that the prices have spiked to more than $50 per IP

New comment by pzb in "The specs behind the specs – a deep-dive on ASN.1"

pzb — Fri, 14 Jan 2022 02:02:15 +0000

A couple of years ago I ran into the same confusion of the "TeletexString"/"T61String" data type in ASN.1. After going down the rabbit hole of what is T.61 and trying to map it to Unicode, I reread the ASN.1 (X.690) spec and realized that the authors never actually referenced T.61. Ever since the first edition of ASN.1 in 1988, those strings have not used T.61. They use a character set that is easily mapped to Unicode - https://www.itscj-ipsj.jp/ir/102.pdf, a subset of US ASCII.

Not to say the rest of the spec is notably better. If fully implemented, it requires supporting escape codes in strings to change character sets. I've never seen valid escape codes in real world data, but it probably exists.

As the original article shows, ASN.1 has lots of other challenges and complexity. Trying to write a code generator that supports all the complexity is no trivial task and the only open source one I've seen only generates C code. Protobuf has the advantage of having modern language support (including multiple type safe and memory safe languages).

New comment by pzb in "TLD Graveyard"

pzb — Sun, 28 Feb 2021 16:53:08 +0000

I put together a historical list of TLDs that had been removed in 2017: https://github.com/pzb/TLDs/blob/master/removed/rmtlds.csv . It overlaps with the early part of this list.

.cs was the first removed TLD as far as I was able to find.

New comment by pzb in "Show HN: I built a website to better compare USB-C hubs found on Amazon"

pzb — Mon, 27 Jan 2020 01:07:05 +0000

http://www.simulatechnology.com/Product/Detail/uid/5de9347e-... exists, at least to some extent. It uses the aforementioned chip.

New comment by pzb in "Show HN: I built a website to better compare USB-C hubs found on Amazon"

pzb — Mon, 27 Jan 2020 00:59:04 +0000

Cypress has a chip out for this: https://www.cypress.com/products/ez-usb-hx3pd-usb-31-gen-2-h...

It has one USB Type-C in with 3 USB Type-C out plus 4 USB Standard-A out. One of the C outputs supports downstream charging. Should just be a matter of time until hubs using this chip are widely available.

New comment by pzb in "Show HN: I built a website to better compare USB-C hubs found on Amazon"

pzb — Mon, 27 Jan 2020 00:56:16 +0000

You can do 3840x2160@60Hz (and 24bpp/8bpc) over USB Type-C on newer displays. DisplayPort Alt Mode over USB-C using DisplayPort 1.3/1.4 can support 4K + USB 3 Gen2 on one cable.

https://www.amazon.com/UPTab-10Gbps-60hz-Power-Delivery/dp/B... is an example

New comment by pzb in "Say Yes to Markdown, No to MS Word"

pzb — Thu, 15 Mar 2018 14:39:10 +0000

I've been working on a similar system that is in the process of being adopted by at least one standards group (https://github.com/cabforum/documents ).

I would strongly recommend looking at weasyprint (http://weasyprint.org/ ) for HTML to PDF. It gives much better PDF output and offers CSS print support, so you get page control.

New comment by pzb in "Announcing Caddy Commercial Licenses"

pzb — Wed, 13 Sep 2017 15:24:10 +0000

Unfortunately the "distributing a modified version of an open source project under that project's name" can be problematic from a trademark perspective. This has come up many times before in other projects and led Debian to not use trademarked project names for software. If you are not familiar with the discussions, just search for "IceWeasel".

New comment by pzb in "There are very few suitable use cases for DynamoDB"

pzb — Sat, 08 Jul 2017 22:31:16 +0000

It is important to note that "Dynamo" and "DynamoDB" are two very different things that happen to share many of the same letters. DynamoDB is not Dynamo.

New comment by pzb in "'Single domain' and 'multi domain' HTTPS certificates are the same thing"

pzb — Fri, 06 Jan 2017 12:33:49 +0000

I think that many newer vendors of certificates are following this model. Let's Encrypt and AWS Certificate Manager both simply have certificates with names. One name, two names, 50 names, still just a "certificate".

(Disclosure, I work with AWS)

New comment by pzb in "Why I don't like smartcards, HSMs, YubiKeys, etc."

pzb — Thu, 24 Nov 2016 19:34:24 +0000

Both Smart Cards and HSMs can (and frequently do) contain FIPS validated cryptographic modules and can be USB devices. What seems to set them apart is content capacity and speed. A "HSM" can usually store dozens, hundreds, or even tens of thousands of keys and can do numerous cryptographic operations per second. Most "smart cards" can only store a few keys and frequently 1-2 operations per second.

Many HSMs also add advanced authentication capabilities, such as M-of-N access control and/or hardware authenticators (e.g. you need 3 of 5 smart cards to use the HSM). The other key feature usually found in HSMs but not smart cards is backup/cloning without exporting the key (in PKCS#11 terms). This means that the key can be moved between HSMs with all the protections in place. I've yet to see a smart card that does this.

New comment by pzb in "Why I don't like smartcards, HSMs, YubiKeys, etc."

pzb — Thu, 24 Nov 2016 17:16:48 +0000

The author brings up many reasonable points but seems to mix issues of HSMs & Smart Cards not providing a generic open hardware platform with possible security problems of a platform.

There is no question that there would be value in having a hardware platform that has certain security features, but that alone doesn't meet the requirements of most users of HSMs and Smart cards. The primary use cases I've seen are allowing a third party to have assurance of protection of data stored in the device and assurance of the rules for accessing the data. In most cases this assurance comes from a combination of the hardware itself and the software/firmware running on the hardware. A hardware platform only solves half the problem that most purchasers of HSMs and smart cards are asking vendors to solve.

New comment by pzb in "Apple Abandons Development of Wireless Routers"

pzb — Mon, 21 Nov 2016 14:38:42 +0000

I agree 100%, but they don't have an AP + CloudKey + Security Gateway in one unit. That is what many people effectively want for home use.

LinkedIn accesses Gmail contacts via ‘auto-authorization’

pzb — Sat, 22 Oct 2016 17:09:35 +0000

Article URL: https://thestack.com/security/2016/10/06/linkedin-accesses-gmail-contacts-via-auto-authorization/

Comments URL: https://news.ycombinator.com/item?id=12769494

Points: 112

# Comments: 47

New comment by pzb in "Code Page 437 Refuses to Die"

pzb — Sun, 08 May 2016 19:48:05 +0000

When encoding those characters in UTF-8, you will never end up with 0x2F as a byte. On of the properties of UTF-8 is that bytes with the high bit not set (e.g. 0x0 to 0x7e) never appear unless the are representing the 0 - 127 codepoints.