Hacker News: raron

New comment by raron in "French government agency confirms breach as hacker offers to sell data"

raron — Fri, 24 Apr 2026 00:25:11 +0000

You could just jail the CEO or who was responsible for the security at that agency / company.

New comment by raron in "An update on recent Claude Code quality reports"

raron — Thu, 23 Apr 2026 20:29:59 +0000

How big this cached data is? Wouldn't it be possible to download it after idling a few minutes "to suspend the session", and upload and restore it when the user starts their next interaction?

New comment by raron in "A cryptography engineer's perspective on quantum computing timelines"

raron — Mon, 06 Apr 2026 23:18:06 +0000

AFAIK they did a lot of illegal things in the Snowden-era, too.

New comment by raron in "A cryptography engineer's perspective on quantum computing timelines"

raron — Mon, 06 Apr 2026 23:05:16 +0000

> Thus succeeding at making the telecommunications vendors used for Top Secret US national security data less secure, the obvious goal of the US National Security Agency

NSA still has the secret Suite A system for their most sensitive information. If they think that is better than the current public algorithms and their goal is to make telecommunications vendors to have better encryption, then why doesn't they publish those so telco could use it?

> Truly, truly can't understand why anyone finds this line of reasoning plausible. (Before anyone yells Dual_EC_DRBG, that was a NOBUS backdoor, which is an argument against the NSA promoting mathematically broken cryptography, if anything.)

The NSA weakened DES against brute-force attack by reducing the key size (while making it stronger against differential cryptanalysis, though).

https://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA's...

Also NSA put a broken cipher in the Clipper Chip (beside all the other vulnerabilities).

New comment by raron in "A cryptography engineer's perspective on quantum computing timelines"

raron — Mon, 06 Apr 2026 22:25:22 +0000

> Since then, public cryptographic research has been ahead or even with state work.

How can we know that?

> Who knows what is happening inside the NSA or military facilities?

Couldn't have NSA found an issue with ML-KEM and try to convince people to use it exclusively (not in hybrid scheme with ECC)?

New comment by raron in "Case study: recovery of a corrupted 12 TB multi-device pool"

raron — Mon, 06 Apr 2026 17:21:07 +0000

I think you could use dm-integrity over the raw disks to have checksums and protect against bitrot then you can use mdraid to make a RAID1/5/6 of the virtual blockdevs presented by dm-integrity.

I suspect this is still vulnerable to the write hole problem.

You can add LVM to get snapshots, but this still not an end-to-end copy-on-write solution that btrfs and ZFS should provide.

New comment by raron in "Is BGP safe yet?"

raron — Wed, 01 Apr 2026 22:25:26 +0000

Why does a routing protocol matter for the banking sector? With proper encryption the route the packets of transaction data takes should not matter at all.

New comment by raron in "End of "Chat Control": EU parliament stops mass surveillance"

raron — Fri, 27 Mar 2026 02:48:46 +0000

Based on EU's public consultation it is not even true (but the number of responses is very small)

https://ec.europa.eu/info/law/better-regulation/have-your-sa...

New comment by raron in "Wayland set the Linux Desktop back by 10 years?"

raron — Fri, 20 Mar 2026 03:09:45 +0000

The next SteamOS release will use Wayland by default for desktop mode, too:

https://steamcommunity.com/games/1675200/announcements/detai...

New comment by raron in "What makes Intel Optane stand out (2023)"

raron — Mon, 16 Mar 2026 01:42:49 +0000

> I'm not seeing a lot of regrets from folks who moved to TLC and QLC NAND, and those products are more popular than ever.

That's interesting. Even TLC has huge limitations, but QLC is basically useless unless you use it as write-once-read-many memory.

I wish I have bought a lot of SSDs when you could still buy MLC ones.

New comment by raron in "Swiss e-voting pilot can't count 2,048 ballots after decryption failure"

raron — Thu, 12 Mar 2026 22:59:07 +0000

It doesn't provide anonymity, which is a critical requirement for any (public) election system. It also doesn't provide security, as someone who can control the servers behind vote.com, can change anyone's vote.

New comment by raron in "Swiss e-voting pilot can't count 2,048 ballots after decryption failure"

raron — Wed, 11 Mar 2026 20:54:46 +0000

This. A voting system and it security must be understandable to the average people. You can not do that with electronic voting. (Even if electronic voting can be done securely.)

New comment by raron in "Mullvad VPN: Banned TV Ad in the Streets of London [video]"

raron — Sat, 07 Mar 2026 16:26:44 +0000

Those exceptions are so vague that you can interpret anything into them.

How "free" is your freedom of speech or expression if everything can be an exception?

New comment by raron in "I'm reluctant to verify my identity or age for any online services"

raron — Wed, 04 Mar 2026 15:01:44 +0000

It's a proposal, so you can check out how it would work.

Anonymous age verification is technically possible, but it is as pointless as any other age verification system, it could easily be circumvented if someone older willing to help.

Probably there is a reason why nobody uses it.

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...

New comment by raron in "I'm reluctant to verify my identity or age for any online services"

raron — Tue, 03 Mar 2026 15:53:22 +0000

The age verification proposal of the EU tries to do that, the government knows you used age verification (and I think the rough number of times you used it), but they don't know when or where you used it.

https://ageverification.dev/av-doc-technical-specification/d...

New comment by raron in "PayPal discloses data breach that exposed user info for 6 months"

raron — Fri, 27 Feb 2026 02:58:09 +0000

This is true for the official SEPA Instant Transfer and the standard EPC QR code format, too.

https://en.wikipedia.org/wiki/EPC_QR_code

New comment by raron in "PayPal discloses data breach that exposed user info for 6 months"

raron — Fri, 20 Feb 2026 20:27:41 +0000

Wero doesn't add any value over standard SEPA transfers, I don't see why does it even exists. PayPal at least has some customer protection scheme.

New comment by raron in "GrapheneOS – Break Free from Google and Apple"

raron — Tue, 17 Feb 2026 20:26:24 +0000

Jolla mishandled the funds they got for the tablets, it went bankrupt and bought up by a company connected to the Russian state. Jolla lied a lot during these events and tried to hide what happened, and I don't think that's an acceptable thing to do when the main selling point of your product is privacy and trust. AFAIK they recently got bankrupted again and bought by the original owners, but it's hard to rebuild trust.

New comment by raron in "GrapheneOS – Break Free from Google and Apple"

raron — Tue, 17 Feb 2026 19:50:27 +0000

> well, a concerted attack could easily subvert the baseband

In theory Pixel phones have IOMMU and GrapheneOS is using them, so even a compromised baseband doesn't result unrestricted access to the system.

New comment by raron in "GrapheneOS – Break Free from Google and Apple"

raron — Tue, 17 Feb 2026 19:32:43 +0000

I don't think this is about the current situation in the US.

Big US tech companies are infamous for not following the EU's data protection rules, and they wouldn't even able to, because some US regulations (I think PRISM, FISA and others) are incompatible with the requirements of EU GDPR. This dates back at lest to Snowden leaks and the invalidation of EU-US data protection agreements by Schrems judgments.

https://en.wikipedia.org/wiki/Max_Schrems#Complaints_with_th...