HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tennysont

no profile record

Submissions

"The Last Airbender" movie leaked 9 months before release date

nofilmschool.com
2 points·by tennysont·hace 3 meses·3 comments

comments

tennysont
·hace 3 meses·discuss
I think that tech people presume too much overlap between their own domain knowledge and war. The analysis isn't particularly bad, it's just wildly overconfident. Replacing F-35s with drones is like replacing cell towers with bluetooth mesh networks. You can hate the F-35 and love drone swarms, but they aren't in the same niche.

Cheap (~1k USD) drones are easy to intercept, vulnerable to EM/GPS jamming, require nearby operators, break easily, and can't carry enough payload to make a difference. Try to fix any one or two of these and the price will go up. As the price goes, reliability becomes more important. Try to fix them all and you're going to reinvent the missile.

One comment in this thread argued that drone factors can be protected from F-35s by burring them underground, misunderstand that such logistical hurdles are what causes military hardware to be more expensive than civilian equivalents in the first place.
tennysont
·hace 3 meses·discuss
"Air supremacy" would be dominance of the air such that enemy cannot effectively interfere. "Air superiority" is the lesser level (enemy interference is not prohibitive).

At least in NATO lingo https://en.wikipedia.org/wiki/Air_supremacy

I can't tell if this comment chain is a factual disagreement (ability to interference) or a linguistic one (supremacy vs superiority).
tennysont
·hace 3 meses·discuss
ign story from two days ago: https://www.ign.com/articles/avatar-aang-movie-footage-seems...
tennysont
·hace 3 meses·discuss
$1 for testing, not for rubber stamping/approval.
tennysont
·hace 3 meses·discuss
> without needing to modify your message

Careful. I argue this is even worse. In this convention, you need to change the behavior of others. If I send a message to Alice with contents "Hey, I can't meet today" using your sign-encrypt-sign scheme, then Alice can take the inner most layer and use it to impersonate me. Alice can send "Hey, I can't meet today" to Bob at any time. I must rely on Bob demanding proof that he was, in fact, the intended recipient.

From the first link:

> Note though that an effective security standard should require not only that the author must provide one of these five proofs, but also that the recipient must demand some such proof as well.

If your convention was upgraded into a protocol with automatic verification, then that would be different.
tennysont
·hace 3 meses·discuss
I think the question is: where should the information barrier exist? A web browser puts a barrier between your OS and the company, while an app (potentially) puts a barrier between the client and the server.

For security minded and source-available apps like Signal, the latter is the right choice. For low trust companies with no expectation of app/server separation, the former seems right.
tennysont
·hace 3 meses·discuss
Hmmm. I am more sympathetic to the author, since they might expect familiarity with their previous post on the topic. Still, am glad that I stopped reading after that quote because I personally misunderstood their meaning.

I understood their claim to be about a bug in PGP. I did not interpret it as a reference to Efail, which was (IIRC) a misuse of PGP by certain email viewer. From the Efail paper:

  > However, both
  > S/MIME and PGP predate these developments and use
  > no authentication at all (S/MIME) or do not strictly com-
  > mit to the requirements of an AE, which makes them eas-
  > ier to misuse (PGP).
IIRC, properly configured senders & receivers should fail the MAC check and should not attempt to display tampered HTML. This has been the default behavior in PGP for some time, but I am still sympathetic to PGP haters. It's a papercut machine.
tennysont
·hace 3 meses·discuss
A huge part of that, for me, was this from Scott Aaronson:

> Once you understand quantum fault-tolerance, asking “so when are you going to factor 35 with Shor’s algorithm?” becomes sort of like asking the Manhattan Project physicists in 1943, “so when are you going to produce at least a small nuclear explosion?”

That quote, alone, removed a lot of assumptions I had been carrying around.
tennysont
·hace 3 meses·discuss
They use a magic number, rather than a digest derived from the schema[1], but otherwise they do as you suggest. The magic number is given to the signing function (sender side) and the validation function (receiver side) but does not increase the size of the transmitted message.

[1]

I think that's what you mean by digest, but maybe you just mean `type` = `magic number`
tennysont
·hace 3 meses·discuss
I asked about this on the PGP mailing list at one point, and I think I was told that the best solution is to start emails with "Hi <recipient>," which seems like a funny low-tech solution to a (sad) problem.
tennysont
·hace 3 meses·discuss
You are, of course, right. And this distinction is important for this chain of comments.

Though, in fairness, that is /kind of/ like transmitting it---in the sense that it impacts the message that is returned. It's more akin to sending a checksum of the magic number, rather than the magic number itself. But conceptually, that is just an optimization. The desire is for the client to ensure the server is using the same magic number, we just so happen to be able to overload the signature to encode this data without increasing the message size.
tennysont
·hace 3 meses·discuss
Hmmmm. I agree that an ad-hoc implementation with protobufs can go wrong. But presumably, 1 canonical encoding for the private key constitutes the Horton principle?

It seems like Horton Principle just says "all messages have ≤1 meaning". If a message signed by key X must be parsed using the canonical encoding, then aren't we done?

There is still room for danger. e.g., You send `GetUserPermissionLevel(user:"Alice")` and server responds with `UserNicknameIs(user:"Alice", value:"admin")`. If you fail to check the message type, you might get tricked.

Maybe it's nice if it was mathematically impossible to validate the signature without first providing your assumptions. e.g., The subroutine to validate message `UserNicknameIs(user:"Alice", value:"admin")` requires `ServerKey × ExpectedMessageType`. But "ExpectedMessageType" isn't the only assumption being made, is it?

You might get back `UserPermissionLevel(user:"Bob", value:"admin")` or `UserPermissionLevel(user:"Alice", value:"admin", timestamp:"<3d old>")`. Will we expect the MAC to somehow accept a "user" value? And then what do we do about "timestamp"?

Maybe we implement `ClientMessage(msgUuid: UUID, requestData:...)` and `ServerResponse(clientMsgUuid: UUID, responseData:...)`, but now the UUID is a secret, vulnerable to MITM attack unless data is encrypted.

It seems like you simply must write validation code to ensure that you don't misinterpret the message that is signed. There simply isn't any magic bullet. Having multiple interpretations for a sequence of bytes is a non-starter (addressed in the post). But once you have a single interpretation for a sequence of bytes, isn't it up to the developer to define a schema + validation logic that supports their use case? Maybe there are good off-the-shelf patterns, but--again--no magic bullets?
tennysont
·hace 3 meses·discuss
Despite my prior bias to agree with article, it includes this extraordinary line:

> So, for example, it recently turned out to be possible for eavesdroppers to decrypt messages without a key, simply by tampering with encrypted messages. Most technologists who work with PGP don’t understand it at a low enough level to see what’s wrong with it.

without citation. Such a writing choice makes me pause.
tennysont
·hace 3 meses·discuss
While I appreciate independent bloggers, I think that the HackerNews community should expect big claims, like a NASA cover up:

> NASA’s initial instinct was to cover up the problem.

to at least warrant a link.
tennysont
·hace 3 meses·discuss
He invested in one company that fights cancer. That company later helped him fight his cancer. Afterwards, he founded new companies that fight cancer. The headline refers to the new companies (but most of the comments here are about his cancer battle).

It makes sense after you understand, but I had to read the headline several times before it parsed.
tennysont
·hace 3 meses·discuss
Love how you approached and presented this. The data vis on https://osteosarc.com/ is outstanding; such good explorability (is this some open source framework?)

I do have concerns regarding the proposals for scaling personalized medicine. They mostly boil down to "how do you scale the skill set required to operate in high-noise-low-signal domains". In my experience, these are places where poor data/incentives/critical-thinking can easily overshadow the signal; e.g., compelling stories outnumber correct stories.

There seems to be a trade-off: you can walk a bit further than others by keeping the probability distributions for low-quality results in your head, but go too far and everything starts getting overwhelmed by noise. It seems like the FDA's heavy gatekeeping is one way to solve this problem. If you forgo that gatekeeping, then you probably need to deal with the cascading quality issues that result.

Personalized treatments will probably be much harder to evaluate. At least a black-box algorithm that maps `situation → suggested treatment` can have statistics applied to it. But how do you evaluate "individuals made their own decision; here's the list of `situation × outcome`"? Or is the idea that there's currently a wealth of good-solutions, and that we should be relaxing regulations for a while?

Or perhaps we just want to push the regulator burden from "before small trials" to "before medium trials"? Then, these will be treated as case studies: good for experts to pull ideas from, but not high quality evidence for proving anything the third parties? I notice that your diagnostics were numerous, but the treatments were sparse and more sequential than parallel. If that's the norm, then maybe fairly usable data will emerge.

Or do people just have a moral right to seek out their own treatment, regardless of footguns that may be lying in wait? For myself and my loved ones battling cancer, I deeply agree with these:

> Maximize survival instead of the current practice of minimizing liability to the practitioner

> Parallel treatments wherever reasonable, we don't need to know what cured you

But I'm also glad that daily medical decisions are highly standardized and quality-controlled. It makes it easier to trust my doctor (or my loved ones' doctors) without independently investigating each recommendation.
tennysont
·hace 5 meses·discuss
In university, a team member on a final project swore he fixed an input injection issue. I playfully typed `rm -rf /` on his machine and challenged him to press `RET` if he was confident. He hit enter, but protested that "I just don't believe those characters should ever be typed into a computer on principle."

I'm a fan of PR #2 "be less evil"

> If we were using this in some kind of automation, the last thing I want is it to blow everything away by accident. Probably should fixup the sql injection one too...

  -  "/dev/null; rm -rf /\*; echo",
  +  "/dev/null; touch /tmp/blns.fail ; echo",
tennysont
·hace 6 meses·discuss
So, purely for example:

When you run VS Code, it spins up a local language server that is capable of making code changes. That is how refactoring python works in many editors (including VS Code).

A website that you're browsing could potentially send requests to this server asking for code to be inserted that fully compromises your device. What keeps us safe?

- maybe the website is only allowed to send GET requests, not PUT requests, and maybe the language servers that you're using are all "hardened" so that they will never permit mutations via any get requests, and never have a misconfigured CORS header

- the website has to guess the correct port and the correct language server with a known vulnerability

- any website doing this on a large scale would likely get the language server patched and the website on a block list

- there might be other safeguards that I'm not familiar with. For example, I believe that Chrome disallows this by default

So now, here's my frustration: these two statements seem hugely at odds with each other:

> I'm ok getting pwned every few decades if the tradeoff is never worrying about this shit.

> (i will say putting a device not running open source software/firmware or something very locked down like a phone on your LAN is insanity, i could never)

I'm ok with a person who makes either statement. I'm also ok with a person who makes the first statement, and also wants their LAN locked down. However, I do not feel as though the a LAN ever needs to be locked down unless a person in running a server on the LAN network. Personal devices (like laptops and phones) are plenty capable of resisting malicious networks by default (coffee shops, university wifi, etc). What else is on a LAN?

> mind virus it's the paranoia all security people get

I generally agree with you, but I feel as though I am the one who has accepted that personal laptops need to handle malicious networks, and I'm generally comfortable with that. I don't worry too much about putting IoT devices on the same network as my personal laptop, nor about connecting to coffee shop wifis.
tennysont
·hace 6 meses·discuss
Based on the :/ emoticon, I now understand that you were asking this question for yourself. In that case, I will express anger at the article. I believe that it was vague and leaned into fear mongering. This explains the vagueness of your question (emphasis mind):

> I know this may seem trivial for many here but how can regular people easily check and debug their network for stuff like this?

"Stuff like this" is very vague.

- If there is a device on your network that is occasionally sending requests to the internet, then it generally isn't hurting you. That's why security is weak here, because the person buying the device is not harmed.

- If you're worried about the device sniffing your local network, then "normal people" are typically safe. Computers that you use are typically safe from malicious devices on the network, and you're in no more danger than working at a coffee shop, hotel, or university network.

- If you're knowledgeable enough to be a danger to yourself, and need the local network to be safe to protect yourself, then there is definitely a longer conversation to be had.

Responding point by point (before I realized that you were asking for yourself, and not the average person):

> Regular people download shit all the time though?

This is fair, though on macOS, most people download apps from the App Store (macOS makes it difficult to run apps downloaded from the internet and not signed by a registered developer).

> Especially now with GPT, everyone is a programmer pasting code into command line.

I am trying to reference a group of "regular people" who definitely do not fit this description---something like "the average citizen in the developed world". My parents definitely are not writing code with AI and pasting it into the command line. Although this was not crystal clear in this comment chain.

> And how many people have IoT devices that they have to connect to WiFi? That’s total blind trust.

My point was these devices do not endanger things that regular people care about. Their computers are still just as secure as when they visit a coffee shop or connect to their university wifi.

> Every time I ask this question nobody is able to give me a solid answer :/

for stuff like this?
tennysont
·hace 6 meses·discuss
This data is mandated by NYC law: https://intro.nyc/local-laws/2015-99

I've heard that releasing these sorts of data sets help competitors do market research, and thus mitigates "winner takes all" forces. NYC also tends to be fairly pro-public-datasets: https://data.cityofnewyork.us/browse?%3BsortBy=most_accessed...