HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tsujamin

1,300 karmajoined 11 lat temu
software and infosec

Submissions

What Makes a Vulnerability Report Excellent

blog.disclose.io
1 points·by tsujamin·11 dni temu·0 comments

Do Excellent Vulnerability Reports

daniel.haxx.se
4 points·by tsujamin·11 dni temu·0 comments

lookup.disclose.io: One Tool to Find All Security Contacts

blog.disclose.io
1 points·by tsujamin·3 miesiące temu·0 comments

Azul 9.0 is Open Sourced (Australian Cyber Security Centre)

australiancybersecuritycentre.github.io
1 points·by tsujamin·6 miesięcy temu·0 comments

Simple trick to increase coverage: Lying to users about signal strength

nickvsnetworking.com
439 points·by tsujamin·8 miesięcy temu·181 comments

comments

tsujamin
·5 dni temu·discuss
I ended up migrating to ebooks.com and importing them into Calibre (after some work to get Adobe Digital Editions to import nicely) and using that to manage my Kindle. Did the same with my old Amazon library too when they were talking about stopping you exporting the azw3's
tsujamin
·5 dni temu·discuss
> not who made it

I’m not going to get the wow of “how did they perform that phrase/melody/rhythm” the same way from music that wasn’t actually performed (ack this doesn’t apply to all genres obviously)
tsujamin
·2 miesiące temu·discuss
That warning also doesn’t render right on my iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
tsujamin
·3 miesiące temu·discuss
And this is a comment, about a comment, about a book review, about a book, about a book reviewer who reviewed books.
tsujamin
·3 miesiące temu·discuss
For what it’s worth, Trusted Signing verification has been a moving target over the last 12 months. It was open for individuals, then it was closed to anyone except (iirc) US businesses with DUNS numbers, then it opened again to US based individuals (and a few other countries perhaps).

My completely uninformed guess was that someone had done something naughty with Trusted Signing-issued code signing certificates.

Anyway, when I first saw the VeraCrypt thing this morning my initial reaction was “I wonder if this is them pushing developers onto trusted signing the hard way?”
tsujamin
·3 miesiące temu·discuss
They did, just further into the article:

> According to a post on Hacker News, the popular VPN client WireGuard is facing the same issue.
tsujamin
·5 miesięcy temu·discuss
It could be a flag in the per-network CarrierConfig bundle. I imagine that would help with jurisdictions that might require this protocol for legislative reasons
tsujamin
·5 miesięcy temu·discuss
That the original post to HN linked in the blog was done on a throwaway kind of implies a level of awareness (on the part of the dev) that the code/claims were rubbish :)

https://news.ycombinator.com/item?id=46780837
tsujamin
·6 miesięcy temu·discuss
To name a few (presumably): drivers, proprietary protocols, vendor warranties/support, licensing/relicensing, paying you to do the work, waiting for the work to be done/tested, paying for workforce re-training, justifying this to management etc.

All these reasons suck, but they’re all reality in one industry or another sadly.
tsujamin
·6 miesięcy temu·discuss
There’s also API Sets: where DLLs like api-win-blah-1.dll acts as a proxy for another DLL both literally, with forwarder exports, and figuratively, with a system-wide in-memory hashmap between api set and actual DLL.

Iirc this is both for versioning, but also so some software can target windows and Xbox OS’s whilst “importing” the same api-set DLL? Caused me a lot of grief writing a PE dynamic linker once.

https://bookkity.com/article/api-sets
tsujamin
·7 miesięcy temu·discuss
Strong recommendation for Alistair Reynold’s Century Rain if you want another of his. It’s part 20th century alternate history, part hard boiled crime noir, and part hard space opera.
tsujamin
·7 miesięcy temu·discuss
Cutting a long list short, the _best_ thing I read this year was W. Somerset Maugham’s Of Human Bondage.

It’s not a book where the world changes greatly or great things are done, but honestly that’s kind of nice: It’s a compelling story of a life, the characters were engrossing (one in particular stands out for how strongly _dislikeable_ they are) and the I loved the prose.

Also shoutout to Standard EBook’s excellent, public domain edition (and all their volunteers other work!): https://standardebooks.org/ebooks/w-somerset-maugham/of-huma...
tsujamin
·7 miesięcy temu·discuss
I thought I was going crazy, but it started feeling materially worse sometime in last few weeks.
tsujamin
·7 miesięcy temu·discuss
> Great Dead Bars of New York:

> 1. SIBERIA in any of its iterations. The one on the subway being the best.

Timely, as the latest reincarnation of SIBERIA just re-opened in 59th Street/Columbus Circle station
tsujamin
·w zeszłym roku·discuss
The standard I arrived at is roughly "would I be sad if, in 15 years, I forgot about this book/piece of music?". If it's something that I enjoyed so much today that I'd be afraid to lose it amongst 10,000's of eBooks or songs on a streaming platform, I physically buy it.
tsujamin
·2 lata temu·discuss
Having a mobile phone is necessary to securing employment, shelter and sustenance in many cases, yet somehow it’s an individuals fault for choosing to have a phone account when a pair of multibillion dollar companies breach that data through lax security practices?
tsujamin
·2 lata temu·discuss
It’s probably not an all or nothing prospect. Raise the costs enough/mitigate the threat in atleast some of them etc
tsujamin
·4 lata temu·discuss
+1 for systemd-networkd too: it let me declaratively describe some netns/ipvlan interfacing the other day that netplan et al simply couldn't.

It could use with some more netns awareness but its pretty great at the current stage