<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: sil3ntmac</title><link>https://news.ycombinator.com/user?id=sil3ntmac</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 17 Jul 2026 01:08:27 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=sil3ntmac" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by sil3ntmac in "Your Android phone, now with NSA-grade security"]]></title><description><![CDATA[
<p>I assumed it was asymmetric like pgp, but you're right they dont mention it anywhere. That is rather puzzling. wtf.</p>
]]></description><pubDate>Thu, 05 Jun 2014 23:48:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=7855360</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=7855360</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=7855360</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Chrome Bugs Allow Sites to Listen to Your Private Conversations"]]></title><description><![CDATA[
<p>I would say yes. Pop-unders should be blocked, and modern browsers work pretty hard to, but it is often viewed as a "low priority" sec issue, and so workarounds are found, ignored, used in the wild, and patched. Here is one implementation, I have seen working versions up to Chrome ~30:<p><a href="https://github.com/tuki/js-popunder" rel="nofollow">https://github.com/tuki/js-popunder</a><p>Another serious security issue is when the popunder waits for a while as the parent frame navigates itself to e.g. "java.com", then the child navigates the parent to a malicious drive-by download. This can make it appear to "spoof" a drive-by download. This attack vector has been known and ignored forever (I think Zalewski published about this years back). IE9 and 10 actually do a good job preventing this, but I know it works in most modern browsers.</p>
]]></description><pubDate>Thu, 23 Jan 2014 01:10:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=7106451</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=7106451</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=7106451</guid></item><item><title><![CDATA[New comment by sil3ntmac in "TCP backdoor 32764 – how we could patch the Internet (or part of it)"]]></title><description><![CDATA[
<p>Check your internal IP as well, some models are only vulnerable on the LAN.<p>Metasploit has a check module for this, and will also get you a shell:<p><a href="https://community.rapid7.com/community/metasploit/blog/2014/01/17/news-on-the-embedded-systems-land" rel="nofollow">https://community.rapid7.com/community/metasploit/blog/2014/...</a></p>
]]></description><pubDate>Wed, 22 Jan 2014 17:32:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=7104052</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=7104052</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=7104052</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Auth with JSON Web Tokens"]]></title><description><![CDATA[
<p>It depends what you mean by the term "associated browser security." The method they are describing stops CSRF attacks dead in their tracks (e.g. if dev set up a GET endpoint that should have been POST/PUT), prevents plaintext cookies from being stored in a nicely organized sqlite db on disk, and limits the scope of xss (xss on a 404 page would get you nothing).<p>> Aren't cookies restricted for a reason? Can't anyone who can execute JS on that domain can swipe the JWT token out of storage and then impersonate the user?<p>HTTP-only cookies prevent attacker from swiping yes, but if you have the ability to execute JS on an arbitrary domain, you can just do your XSS attacks there, the browser will attach the cookie, and attacker has already won.<p>Of course it is not a perfect solution. Just more depth. XSS into a page that inlines auth details = instant pwn, but that was already true anyways. Inlining cred info into my javascript gives be a bad feeling too.</p>
]]></description><pubDate>Sun, 19 Jan 2014 17:15:34 +0000</pubDate><link>https://news.ycombinator.com/item?id=7085017</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=7085017</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=7085017</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Angular JS Gotcha: HTML5 Mode Routing"]]></title><description><![CDATA[
<p>Yep. and the simple solution is a server-side wildcard route.</p>
]]></description><pubDate>Tue, 14 Jan 2014 16:18:55 +0000</pubDate><link>https://news.ycombinator.com/item?id=7057798</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=7057798</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=7057798</guid></item><item><title><![CDATA[New comment by sil3ntmac in "PeerServer: A Server in a Browser with WebRTC"]]></title><description><![CDATA[
<p>there are a few workarounds you have to use. there is a compatibility shim floating around somewhere (i think from mozilla).</p>
]]></description><pubDate>Fri, 15 Nov 2013 19:03:52 +0000</pubDate><link>https://news.ycombinator.com/item?id=6741405</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6741405</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6741405</guid></item><item><title><![CDATA[New comment by sil3ntmac in "PeerServer: A Server in a Browser with WebRTC"]]></title><description><![CDATA[
<p>Erm, you guys did disable TURN right? (because otherwise the security value here is fairly decreased)</p>
]]></description><pubDate>Fri, 15 Nov 2013 19:00:33 +0000</pubDate><link>https://news.ycombinator.com/item?id=6741386</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6741386</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6741386</guid></item><item><title><![CDATA[New comment by sil3ntmac in "PeerServer: A Server in a Browser with WebRTC"]]></title><description><![CDATA[
<p>Congrats, I have been waiting to see someone build something like this for a while. This is truly a glimpse into the future :)<p>Edit: I should have vetted this a little harder before commenting. I recognized the idea immediately, but the implementation here is rather lacking. Still, props for pushing the envelop.</p>
]]></description><pubDate>Fri, 15 Nov 2013 19:00:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=6741384</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6741384</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6741384</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Node.js is Cancer (2011)"]]></title><description><![CDATA[
<p>Not really anything useful in this article. To make fibonacci "non-blocking", you use process.nextTick callbacks to "interweave" the computations, just like real threads!</p>
]]></description><pubDate>Thu, 14 Nov 2013 17:51:08 +0000</pubDate><link>https://news.ycombinator.com/item?id=6733894</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6733894</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6733894</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Xfinity WiFi Home Hotspot FAQs"]]></title><description><![CDATA[
<p>It's a public wifi network that is broadcast from a device that is (probably) on your LAN. Attacker connects, finds some vulnerability, and has unrestricted access to the LAN. That is just one attack vector.<p>;tdlr it degrades your security, and is generally annoying.</p>
]]></description><pubDate>Mon, 28 Oct 2013 00:50:38 +0000</pubDate><link>https://news.ycombinator.com/item?id=6624430</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6624430</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6624430</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Lavabit gets new crypto key, gives users 72 hours to recover e-mails"]]></title><description><![CDATA[
<p>Hopefully liberty.lavabit.com uses a new uncompromised cert?</p>
]]></description><pubDate>Tue, 15 Oct 2013 23:50:43 +0000</pubDate><link>https://news.ycombinator.com/item?id=6557143</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6557143</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6557143</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Google yanks sketchy iMessage clone for Android from app store"]]></title><description><![CDATA[
<p>The impression I got was that actual requests and responses are still made by the client.</p>
]]></description><pubDate>Sun, 29 Sep 2013 16:53:26 +0000</pubDate><link>https://news.ycombinator.com/item?id=6465691</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6465691</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6465691</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Taking PHP Seriously [pdf]"]]></title><description><![CDATA[
<p>Sorry. I got bitter there at the end, it was uncalled for. I spent 3+ years as a PHP programmer, there's <i>certainly nothing wrong with being a PHP programmer</i>, but it's hard to argue that in 2013 it is still a good and productive platform to learn. It pains me to see newcomers starting out by learning PHP, they are essentially shooting themselves in the foot for at least a year of their life (if they are going to be a professional web dev). I was pretty productive at PHP, but only because I cut my teeth for years writing shitty cgi-style PHP scripts, learning the abortion they call their stdlib, then using PHP's OOP crap and finally using frameworks like CI. Imagine if I had spent that time writing ruby. By the time you get the whole way through, you realize that your "high-level language" <i>should do work for you</i>, not the other way around. I think what it comes down to is that PHP does not mandate good design patterns because it cannot even decide on one itself. Once I understood this, the language was forever tainted.<p>I think the only reason PHP is still relevant is because it's so damn accessible (kinda like w3schools), every shared hosting provider under the sun gives you apache+php, and when you're starting learning web programming shared providing is the way to go.<p>Why do you say php and Javascript suffer from the same ailments? They suffer from <i>a few</i> of the same ailments, like a crappy/confusing stdlib (although you don't see mysql_real_escape_string in javascript's API) and funky invisible type coercions. Lack of true OOP in javascript, though confusing to beginners, is a design feature as far as I'm concerned, prototyping gives you the tools to implement OOP however you like. But javascript has had a known design pattern from the beginning, which is very powerful and useful once you learn it. I strongly doubt a (another?) phplint at this point would change anything.<p>As for the "anecdotally" slide, I read the last statement as a conclusion of the previous stats, which didn't make any sense to me. Either I am completely misreading it or you are taking the phrase "anecdotally" far too literally.</p>
]]></description><pubDate>Sat, 28 Sep 2013 20:26:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=6463040</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6463040</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6463040</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Taking PHP Seriously [pdf]"]]></title><description><![CDATA[
<p><p><pre><code>    > Facebook’s PHP Codebase
    >  x * 105 files
    > y*107 LoC
    >  10 releases per week
    >  Anecdotally, good engineers are astonishingly productive in PHP
</code></pre>
Erm... are you kidding me? LoC != productivity, not even close. And it goes downhill from there :( I really, really don't want to rail on PHP (people do that enough, it gets old, yada yada), but you're kinda asking for it here. The only useful point made is about state, although that's a double edged sword.<p>...Fuck it, I'll rail. It's 2013. Do yourself a favor. Use something better than a horribly inconsistent glorified cgi script.</p>
]]></description><pubDate>Sat, 28 Sep 2013 09:22:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=6461400</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6461400</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6461400</guid></item><item><title><![CDATA[New comment by sil3ntmac in "how should I chain function call in coffeescript"]]></title><description><![CDATA[
<p>I like coffeescript. Lots of web devs that write ruby all day like coffeescript. tbh I think coffeescript is worth it just to never have to write "function(){..." or "this." again. It's also worth it for its free OOP features. It will have quirks, like what you see here, but I have hit these pain points and still love it.</p>
]]></description><pubDate>Sun, 25 Aug 2013 18:18:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=6273004</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6273004</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6273004</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Android saves wifi passwords in plaintext to the cloud"]]></title><description><![CDATA[
<p>Reference: <a href="http://www.engadget.com/2013/04/22/google-street-view-fine-germany/" rel="nofollow">http://www.engadget.com/2013/04/22/google-street-view-fine-g...</a><p>(for others like myself who had not heard of this)</p>
]]></description><pubDate>Wed, 17 Jul 2013 14:24:50 +0000</pubDate><link>https://news.ycombinator.com/item?id=6057778</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6057778</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6057778</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Microsoft helped the NSA bypass encryption, new Snowden leak reveals"]]></title><description><![CDATA[
<p>FileVault 2 is supposed to be secure against this* when the machine is powered on and locked or sleeping.<p>* Source <a href="http://security.stackexchange.com/questions/18720/how-secure-is-filevault-2-while-the-computer-is-in-sleep-mode" rel="nofollow">http://security.stackexchange.com/questions/18720/how-secure...</a></p>
]]></description><pubDate>Fri, 12 Jul 2013 14:50:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=6032881</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=6032881</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=6032881</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Mac Pro"]]></title><description><![CDATA[
<p>Unless you're actively thrashing through all 32GB (maybe you are), wouldn't installing a large SSD for swap space will help you out just as much?</p>
]]></description><pubDate>Mon, 10 Jun 2013 22:16:53 +0000</pubDate><link>https://news.ycombinator.com/item?id=5857792</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=5857792</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=5857792</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Mac Pro"]]></title><description><![CDATA[
<p>My first reaction was, oh wow looks just like the NeXT cube, that's kinda a cool tribute to Jobs.<p>Then my second reaction was, oh man, it will sorta look like I have a trash bin on my desk. I wish they had made the dimensions a little different. I think this will be the "flop" model where they work out hardware kinks and the next one will be prettier/sleeker, so I'll hold out til then.</p>
]]></description><pubDate>Mon, 10 Jun 2013 22:09:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=5857696</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=5857696</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=5857696</guid></item><item><title><![CDATA[New comment by sil3ntmac in "Most popular JVM memory configurations"]]></title><description><![CDATA[
<p>Sorry for my naivety, but when does Java use the stack? Only for primitive operations?</p>
]]></description><pubDate>Tue, 26 Mar 2013 13:41:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=5443143</link><dc:creator>sil3ntmac</dc:creator><comments>https://news.ycombinator.com/item?id=5443143</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=5443143</guid></item></channel></rss>