Hacker News: qyi

New comment by qyi in "Introducing Windows 11"

qyi — Thu, 24 Jun 2021 17:16:56 +0000

There was a 10?

New comment by qyi in "Widescreen Gaming in the 90s"

qyi — Fri, 18 Jun 2021 23:27:07 +0000

> it's worth it to purchase tools that have long term benefits.

Good luck finding an LCD with any concrete health benefits beyond any other. The industry literally just adds a bunch of gimmicks each year to see if people bite. All I can say for sure is IPS prevents you from needing to fix your head in one angle (especially for low contrast images), and most LCDs are too bright.

This reminds me of another issue: If you have a monitor with overdrive and use a color temperature adjuster like redshift, the overdrive smearing is often super bright while the rest of the screen is mellow.

New comment by qyi in "80% of orgs that paid the ransom were hit again"

qyi — Fri, 18 Jun 2021 23:11:53 +0000

The essential point is that he's 40 and still doesn't know what he's doing (a common problem in any technical field).

New comment by qyi in "Lua-RTOS: a real-time operating system for ESP32"

qyi — Fri, 18 Jun 2021 23:09:03 +0000

This is true until you realize all general purpose languages are the same and redundant. There is no reason to have more than one on a given system.

New comment by qyi in "80% of orgs that paid the ransom were hit again"

qyi — Fri, 18 Jun 2021 23:02:21 +0000

Ah yes, we should outlaw the ability for people to send money to each other and have civilization take the burden of incompetent corporations that can't be bothered to follow basic infosec practices (let alone whatever product they are selling in the first place is probably garbage and has no value beyond monopoly).

New comment by qyi in "80% of orgs that paid the ransom were hit again"

qyi — Fri, 18 Jun 2021 22:59:57 +0000

You sure some ransomware crooks don't provide contracts to their clients?

New comment by qyi in "80% of orgs that paid the ransom were hit again"

qyi — Fri, 18 Jun 2021 22:58:03 +0000

The standard business solution to solve security issues - for example like having all your database in a public folder - is to get a guy to implement "security" (whatever that means) who is 40 years old and is really confident he knows what he is doing. He will go configure some firewalls and stuff that has absolutely nothing to do with preventing any real risk aside from automated attacks. Every time someone still gets the files from some 90's vuln, everyone is surprised that some sooper dooper hacker wizard was able to own their fortune 500 company.

> The least deployed solutions post-attack included web scanning (40%), endpoint detection and response (EDR) and extended detection and response (XDR) technologies (38%), antivirus software (38%), mobile and SMS security solutions (36%), and managed security services provider (MSSP) or managed detection and response (MDR) provider (34%). Only 3% of respondents said they did not make any new security investments after a ransomware attack.

uh huh. uh huh. uh huh. uh huh.

Meanwhile, for example, earlier today: a web search for "cat /etc/passwd" blocks my IP. What even is the point of this article? _Of course_ if you don't patch they will just hack you again. _Of course_ if your company follows terrible 90's practices, it will get owned again.

New comment by qyi in "Interfaces and Protocols in Python"

qyi — Tue, 27 Apr 2021 20:23:52 +0000

I was saying that it's a red herring to go "oh people don't used typed languages because Java programs start up slow".

New comment by qyi in "Interfaces and Protocols in Python"

qyi — Tue, 27 Apr 2021 20:22:20 +0000

I know you're trying to pin me as being rude, but no. Your answer is bad and ad-hoc. Just because a language is not Java does not make it magically untested and obscure. Just use Go tbh.

Edit: Okay I see the original guy stated Java. It is what it is. The real useful answer is to just use any other typed language, and not use Python.

New comment by qyi in "Google have declared Droidscript is malware"

qyi — Tue, 27 Apr 2021 19:58:26 +0000

We live in a world where people unironically put comments on top of every file in their projects (but only the ones they can easily insert a meaningless string into) like "you cannot disclose this file blah blah blah" and call themselves "grown ups". What's this Android nonsense, can't it just run programs like a normal computer? At the very least if it purports to not be a general purpose computer, then there should be no excuse for security vulnerabilities.

New comment by qyi in "Tool can make photos undetectable to facial recognition without ruining them"

qyi — Tue, 27 Apr 2021 17:47:51 +0000

After all the snakeoil that depends on facial recognition is bypassed, that will still before it's retrained.

New comment by qyi in "Interfaces and Protocols in Python"

qyi — Mon, 26 Apr 2021 19:23:26 +0000

Zope was pretty popular a decade ago, never got into it though.

New comment by qyi in "Interfaces and Protocols in Python"

qyi — Mon, 26 Apr 2021 19:22:15 +0000

The idea of an interface is fundamental to computing. No matter what you do, at the end of the day data exchanged between two systems has to be structed _some how_. E.g., machine code submitted to the CPU, register configurations, C ABI, Python structures, JSON. You _could_ be hand wavy about it, maybe even use machine learning, but then it will just be ambiguous and lead to vulns. IMO the constant insistence to try and find ways around this is a huge setback. I used Python heavily in 2008 and always was annoyed when trying to figure out the essence of an API (which is what you get when there is no concrete interface). Whenever I read a Python codebase, unsurprisingly, it's full of handwaving and the resultant bugs (some people know what they're doing, but the problem is there more than in a typed language).

New comment by qyi in "Interfaces and Protocols in Python"

qyi — Mon, 26 Apr 2021 19:17:47 +0000

Replace Java with literally anything else (including whatever Java implementation does not have the issue) and the "startup time" red herring is gone.

New comment by qyi in "Hedy is a gradual programming language that helps kids to learn Python"

qyi — Mon, 26 Apr 2021 19:16:05 +0000

Python is just for playing with strings, which is a contrived problem brought about by UNIX-style OS. And other confusing non-fundamental, stuff that just leads to months of cognitive dissonance when one inevitably philosophizes over it: objects, classes, exceptions, the ability to modify global variables from other modules, metaclasses, etc.

> There are very good reasons for all of this, but it's a lot to try to explain and absorb at once.

The reason is because you're embedding strings into the program, which is just a string. There's no reason languages have to be like this. The ironic part is that developers are just like children and do not understand the significance of this either, which is why string injection vulns still exist today.

New comment by qyi in "Dan Kaminsky has died"

qyi — Mon, 26 Apr 2021 18:17:01 +0000

No, you were correct. Some people are helping here and there but overall every aspect of the software industry is an absolute mess. Most infosec pros will not point this out, either because they are tunnel visioned on their niche, are trying to sound politically correct, or just trying to not start shit (but nothing will be solved ever if people keep pretending everything's all and well).

New comment by qyi in "Get better at Googling"

qyi — Mon, 26 Apr 2021 16:39:46 +0000

Give me access to a machine that isn't blocked from Google, and I will.

New comment by qyi in "Get better at Googling"

qyi — Mon, 26 Apr 2021 16:38:16 +0000

It's been happening since before 2010, but sure.

New comment by qyi in "Convicted Post Office workers have names cleared"

qyi — Mon, 26 Apr 2021 16:35:33 +0000

Sorry, I thought hackers do not have nationalism.

New comment by qyi in "Convicted Post Office workers have names cleared"

qyi — Sat, 24 Apr 2021 18:59:05 +0000

They had the death penalty for using the royalty's name in vein until the 90s or so, jailing someone because he was drunk and made a "death threat" (with zero likelihood of it being real) on Facebook, arresting someone for camping alone without a mask, CCTV everywhere, being illegal to raise the middle finger, etc. And yes, then once tech is involved it is accordingly used as stupidly. The UK somehow has a whole different brand of legal stupidity than America.