Hacker News: sexmonad

New comment by sexmonad in "George Orwell's review of Mein Kampf (1940)"

sexmonad — Sun, 17 Aug 2014 02:26:50 +0000

I don't see the parallel as intended to put Napoleon down, but instead to attribute the same force of personality to Hitler. As someone who never met either man (perhaps that's obvious :), I'm not sure the connection works with me.

New comment by sexmonad in "Lattice's $24.99 FPGA Evaluation Kit"

sexmonad — Tue, 17 Jun 2014 02:50:27 +0000

Can you list some of the boards that are both cheaper and more capable?

New comment by sexmonad in "It's Time For a Hard Bitcoin Fork"

sexmonad — Sat, 14 Jun 2014 00:02:31 +0000

Why do BitFury and Petamine use a pool at all? At their scale, wouldn't they have low enough variance through solo mining? Or perhaps P2Pool?

New comment by sexmonad in "5 Tiles Keyboard"

sexmonad — Sun, 25 May 2014 15:49:45 +0000

That video is just auto-complete after the first letter...

New comment by sexmonad in "Poll: What OS do you use on your primary computer?"

sexmonad — Mon, 19 May 2014 23:26:03 +0000

I use Linux basically everywhere - Arch Linux on development machines, Ubuntu or Debian on servers. I use Windows for gaming maybe 5-10 hours a week.

New comment by sexmonad in "US files criminal complaint against Credit Suisse"

sexmonad — Mon, 19 May 2014 21:42:26 +0000

Can someone explain to me how the US has jurisdiction over Credit Suisse? I see how they could have gone after the individual tax fraudsters (American citizens), but how can they police foreign banks?

New comment by sexmonad in "The pre-play vulnerability in Chip and PIN"

sexmonad — Mon, 19 May 2014 18:58:47 +0000

We really ought to completely skip over Chip and PIN to something like Google Wallet or another NFC system...

New comment by sexmonad in "The NSA Is Recording Every Cell Phone Call in the Bahamas"

sexmonad — Mon, 19 May 2014 17:43:22 +0000

Yes, this is the NSA's job - foreign SIGINT. If you don't like this, you need to use encrypted communications.

New comment by sexmonad in "The shock of playing the Ouya, one year later"

sexmonad — Sat, 17 May 2014 20:07:27 +0000

I take this sentiment a bit further - unless it's throwaway-cheap, the reviews and word of mouth are stellar (they're usually not for any but the biggest hits), or the concept immediately clicks for me, I will pirate the game to try it out. If I like the pirated version, I _usually_ purchase the full game (but not always). Not having reasonable demos just increases game piracy.

New comment by sexmonad in "The shock of playing the Ouya, one year later"

sexmonad — Sat, 17 May 2014 20:02:38 +0000

No. If I shut down my laptop, my hard drive is encrypted and keys are no longer in RAM (modulo a cold-boot attack, but that is only really useful for <30 minutes after shutdown without preparation).

New comment by sexmonad in "Quantum Random Number Generator Created Using A Smartphone Camera"

sexmonad — Sun, 11 May 2014 19:58:46 +0000

The obvious solution for this would be for Android to expose "derive random numbers from image frame" as a permission. But this is unnecessary, because they can just seed /dev/random from this source at boot (or if the device is unseeded).

That said, mobile devices really aren't lacking in entropy sources. With all the radios and sensors in a modern smartphone, why do they need additional methods to generate random numbers?

For information security purposes, a cryptographically secure PRNG is typically at least as secure as the encryption algorithms that it protects.

New comment by sexmonad in "Quantum Random Number Generator Created Using A Smartphone Camera"

sexmonad — Sun, 11 May 2014 19:56:17 +0000

https://www.tindie.com/products/ubldit/truerng-hardware-rand...

But I'll give two cautions:

1. This device has received less auditing than linux's software crypto. And some HWRNGs are quite bad: https://news.ycombinator.com/item?id=6060636

2. You don't really need that much randomness. After your machine has been on for a while and has seeded correctly, /dev/urandom is just as secure as /dev/random. Entropy is not gasoline - it does not disappear as you use it.

New comment by sexmonad in "Using Dnsmasq for local development on OS X"

sexmonad — Tue, 22 Apr 2014 15:35:32 +0000

I use "lvh.me" - it has a wildcard DNS record to redirect any subdomain to localhost. So I'll use something like "example.com.lvh.me" to test.

New comment by sexmonad in "Distrusting StartSSL"

sexmonad — Sat, 12 Apr 2014 21:01:58 +0000

StartSSL's default usage mode is to generate private keys on their website. Yet another horribly insecure system.

I'd much rather that people used self-signed certs (and browsers had certificate pinning) by default, and could then step up to real CA certificates. Self-signed certs provide almost the same amount of trust that StartCom does.

New comment by sexmonad in ""OpenSSL has exploit mitigation countermeasures to make sure it's exploitable""

sexmonad — Wed, 09 Apr 2014 18:43:05 +0000

That bug affected OpenSSL as well. Admittedly, it was caused by the Debian maintainer, but still, OpenSSL's poor design is partially to blame.

New comment by sexmonad in "The Heartbleed Bug"

sexmonad — Mon, 07 Apr 2014 21:18:51 +0000

Update to 1.0.1g, redo all crypto. That is, revoke certs and keys and regenerate.

New comment by sexmonad in "Note the commit hash"

sexmonad — Sun, 06 Apr 2014 22:44:48 +0000

Each hex character represents 4 bits. That means that a 7 character string is 28 bits. That's about 268 million possibilities. On average, it would take around 134 million commits to get one that started with "badc0de".

New comment by sexmonad in "How I Hacked a Router"

sexmonad — Sun, 06 Apr 2014 16:51:58 +0000

>sha1sum putty.exe

>google "44ac2504a02af84ee142adaa3ea70b868185906f"

>see results are mostly "putty.exe"

Three steps, all relatively painless.

New comment by sexmonad in "What I Would Do If I Ran Tarsnap"

sexmonad — Thu, 03 Apr 2014 18:36:06 +0000

My favorite thing about tarsnap is how damn reliable and trustworthy Colin is. If I see tarsnap start to move towards whatever fad all the other SaaS platforms are following today, I'll probably assume that they're trying to be the next Dropbox. That might be the right decision for tarsnap, but I'd move my backups.

New comment by sexmonad in "What I Would Do If I Ran Tarsnap"

sexmonad — Thu, 03 Apr 2014 18:24:13 +0000

Deduplication. And like any other SaaS or cloud model, not hosting it yourself.