HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tsujamin

1,300 karmajoined 11 лет назад
software and infosec

Submissions

What Makes a Vulnerability Report Excellent

blog.disclose.io
1 points·by tsujamin·11 дней назад·0 comments

Do Excellent Vulnerability Reports

daniel.haxx.se
4 points·by tsujamin·11 дней назад·0 comments

lookup.disclose.io: One Tool to Find All Security Contacts

blog.disclose.io
1 points·by tsujamin·3 месяца назад·0 comments

Azul 9.0 is Open Sourced (Australian Cyber Security Centre)

australiancybersecuritycentre.github.io
1 points·by tsujamin·6 месяцев назад·0 comments

Simple trick to increase coverage: Lying to users about signal strength

nickvsnetworking.com
439 points·by tsujamin·8 месяцев назад·181 comments

comments

tsujamin
·5 дней назад·discuss
I ended up migrating to ebooks.com and importing them into Calibre (after some work to get Adobe Digital Editions to import nicely) and using that to manage my Kindle. Did the same with my old Amazon library too when they were talking about stopping you exporting the azw3's
tsujamin
·5 дней назад·discuss
> not who made it

I’m not going to get the wow of “how did they perform that phrase/melody/rhythm” the same way from music that wasn’t actually performed (ack this doesn’t apply to all genres obviously)
tsujamin
·2 месяца назад·discuss
That warning also doesn’t render right on my iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
tsujamin
·3 месяца назад·discuss
And this is a comment, about a comment, about a book review, about a book, about a book reviewer who reviewed books.
tsujamin
·3 месяца назад·discuss
For what it’s worth, Trusted Signing verification has been a moving target over the last 12 months. It was open for individuals, then it was closed to anyone except (iirc) US businesses with DUNS numbers, then it opened again to US based individuals (and a few other countries perhaps).

My completely uninformed guess was that someone had done something naughty with Trusted Signing-issued code signing certificates.

Anyway, when I first saw the VeraCrypt thing this morning my initial reaction was “I wonder if this is them pushing developers onto trusted signing the hard way?”
tsujamin
·3 месяца назад·discuss
They did, just further into the article:

> According to a post on Hacker News, the popular VPN client WireGuard is facing the same issue.
tsujamin
·5 месяцев назад·discuss
It could be a flag in the per-network CarrierConfig bundle. I imagine that would help with jurisdictions that might require this protocol for legislative reasons
tsujamin
·5 месяцев назад·discuss
That the original post to HN linked in the blog was done on a throwaway kind of implies a level of awareness (on the part of the dev) that the code/claims were rubbish :)

https://news.ycombinator.com/item?id=46780837
tsujamin
·6 месяцев назад·discuss
To name a few (presumably): drivers, proprietary protocols, vendor warranties/support, licensing/relicensing, paying you to do the work, waiting for the work to be done/tested, paying for workforce re-training, justifying this to management etc.

All these reasons suck, but they’re all reality in one industry or another sadly.
tsujamin
·6 месяцев назад·discuss
There’s also API Sets: where DLLs like api-win-blah-1.dll acts as a proxy for another DLL both literally, with forwarder exports, and figuratively, with a system-wide in-memory hashmap between api set and actual DLL.

Iirc this is both for versioning, but also so some software can target windows and Xbox OS’s whilst “importing” the same api-set DLL? Caused me a lot of grief writing a PE dynamic linker once.

https://bookkity.com/article/api-sets
tsujamin
·7 месяцев назад·discuss
Strong recommendation for Alistair Reynold’s Century Rain if you want another of his. It’s part 20th century alternate history, part hard boiled crime noir, and part hard space opera.
tsujamin
·7 месяцев назад·discuss
Cutting a long list short, the _best_ thing I read this year was W. Somerset Maugham’s Of Human Bondage.

It’s not a book where the world changes greatly or great things are done, but honestly that’s kind of nice: It’s a compelling story of a life, the characters were engrossing (one in particular stands out for how strongly _dislikeable_ they are) and the I loved the prose.

Also shoutout to Standard EBook’s excellent, public domain edition (and all their volunteers other work!): https://standardebooks.org/ebooks/w-somerset-maugham/of-huma...
tsujamin
·7 месяцев назад·discuss
I thought I was going crazy, but it started feeling materially worse sometime in last few weeks.
tsujamin
·7 месяцев назад·discuss
> Great Dead Bars of New York:

> 1. SIBERIA in any of its iterations. The one on the subway being the best.

Timely, as the latest reincarnation of SIBERIA just re-opened in 59th Street/Columbus Circle station
tsujamin
·в прошлом году·discuss
The standard I arrived at is roughly "would I be sad if, in 15 years, I forgot about this book/piece of music?". If it's something that I enjoyed so much today that I'd be afraid to lose it amongst 10,000's of eBooks or songs on a streaming platform, I physically buy it.
tsujamin
·2 года назад·discuss
Having a mobile phone is necessary to securing employment, shelter and sustenance in many cases, yet somehow it’s an individuals fault for choosing to have a phone account when a pair of multibillion dollar companies breach that data through lax security practices?
tsujamin
·2 года назад·discuss
It’s probably not an all or nothing prospect. Raise the costs enough/mitigate the threat in atleast some of them etc
tsujamin
·4 года назад·discuss
+1 for systemd-networkd too: it let me declaratively describe some netns/ipvlan interfacing the other day that netplan et al simply couldn't.

It could use with some more netns awareness but its pretty great at the current stage