HackerTrans
TopNewTrendsCommentsPastAskShowJobs

eamann

no profile record

Submissions

Show HN: Ext-Infer – Native LLM Inference and Embeddings for PHP

infer.displace.tech
2 points·by eamann·в прошлом месяце·0 comments

Canton vs. Public Crypto: A Technical Comparison

eric.mann.blog
3 points·by eamann·3 месяца назад·0 comments

What is Canton Network (and why should you care)?

eric.mann.blog
2 points·by eamann·3 месяца назад·0 comments

The 0.25% Background: Building a Rarity System into a Portfolio Site

eric.mann.blog
2 points·by eamann·3 месяца назад·0 comments

Buy Them the Tools

eric.mann.blog
4 points·by eamann·4 месяца назад·0 comments

The Agentic Harness Problem: AI Agents Need Better Guardrails

eric.mann.blog
2 points·by eamann·4 месяца назад·1 comments

Watch Cryptography Happen: A Terminal Animation for Threshold Signatures

eric.mann.blog
2 points·by eamann·4 месяца назад·0 comments

Why One Key Shouldn't Rule Them All: Threshold Signatures for the Rest of Us

eric.mann.blog
17 points·by eamann·4 месяца назад·22 comments

Show HN: DKLS23 2-of-2 threshold ECDSA signature ceremony visualized

github.com
1 points·by eamann·4 месяца назад·0 comments

The Upfront Investment That Saves 10k Hours

eric.mann.blog
1 points·by eamann·4 месяца назад·0 comments

From Defense AI Drift to Policy Enforcement: Why I Built Firebreak

eric.mann.blog
2 points·by eamann·4 месяца назад·0 comments

The Gravity Problem: Why Defense AI Companies Drift Toward Offense

eric.mann.blog
1 points·by eamann·4 месяца назад·0 comments

Split – The Coin of Fate

split.displace.tech
2 points·by eamann·5 месяцев назад·0 comments

I built a Kubernetes deployment tool

eric.mann.blog
2 points·by eamann·6 месяцев назад·0 comments

Short Stints, Real Experience: Rethinking Career Tenure

eric.mann.blog
3 points·by eamann·6 месяцев назад·1 comments

When It Rains Planning for AWS/Cloud Outages

eric.mann.blog
2 points·by eamann·9 месяцев назад·0 comments

Your Return-to-Office Policy Is Killing Your AI Strategy

eric.mann.blog
2 points·by eamann·10 месяцев назад·0 comments

comments

eamann
·в прошлом месяце·discuss
[flagged]
eamann
·4 месяца назад·discuss
It's to protect against the whims of a small set of people.

If one person holds the signing key to do something critical in your system, they're both a single point of failure and a huge security risk all in one. If you distribute that key to, say, 5 different people you've mitigated the single point of failure. But now you have 5 folks who can act potentially unilaterally.

Using a 3 of 5 TSS setup, you've still mitigated the single point of failure (any one or even two folks can go offline and you can still operate) while also protecting against unilateral action. It's a mathematically-enforced version of the "two-man rule." Similar to the way Cloudflare's Red October tool used to work by splitting things between parties: https://blog.cloudflare.com/red-october-cloudflares-open-sou...
eamann
·4 месяца назад·discuss
Oblivious transfer - party A creates two random values (x_0 and x_1) and sends them _both_ to party B.

Party B picks one and uses that to compute future values that are sent back to party A _but without telling party A which of the two values they picked_.

In this example I'm hand-wavey because the production math is complicated and confusing - I took a vastly simplified approach that still works functionally for the demonstration without fully implementing the OT protocol.

> what happens if an owner drops out or you want to introduce a new one? what happens if you want to change the quorum?

In either of those scenarios, assuming you still have quorum, you can regenerate keyshares for the new group for the same public key (and underlying yet unknown private key) by re-running the ceremony with the new participants. Production implementations of the protocol fully flesh this out.

> traditional authentication ...

I wouldn't use TSS in that setup. Traditional auth + MFA is more than adequate. The better use case would be where you have a group that needs to demonstrate consensus (like governance for a programming language, multiple parties involved in signing an application release, or even an HOA that needs to vote on policies). In all of these, you'd take an M of N approach (rather than the simplified 2 of 2) for achieving quorum.
eamann
·4 месяца назад·discuss
You're correct there that proper use means even the owner can't access it. But in a single key scenario they can still act unilaterally. The advantage of TSS is the removal of that level of unilateral action.
eamann
·6 месяцев назад·discuss
I like this take-home approach. Usually, I've been against that kind of outside work but in rare cases (i.e. leadership positions) have assigned take-home case study style presentation work to gauge communication skills. For engineers, though, I've taken a different approach.

If they've passed the basic screening with the TA folks and I've validated they didn't just regurgitate buzzwords to get in the door, I'll bring them in for an on-site (or do a virtual onsite). This consists of culture fit interviews with their direct team as well as with key stakeholders from elsewhere in the org. And a coding test. Directly with me.

But the coding test isn't LeetCode. It's an intentionally incomplete and ambiguous task related to the work they'll be doing in the job gauged less at evaluating their technical skills (though that is in fact a part) and more validating whether or not they ask questions and can engage with stakeholders.

For example - "Here's a dump of time-series data from one of our APIs. The key consumers of this data don't understand JSON feeds so they need you to build a visualization atop the data."

That's it. That's the task. Anyone who dives in and just starts hacking away is probably not a fit (they might be coachable ... but that's something we feel out through this and later followup conversations). Someone who stops and asks "ok, what does this data actually represent" or "who are the key consumers and what will they need to accomplish with this data" _before_ they dive into the code are the folks I want on the team.

In other words - am I looking at a great communicator with excellent collaboration skills, or is this someone who just wants to be told what to do and will take no ownership over the product direction? The most successful teams I've built bias heavily towards the former.