HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nonrandomstring

no profile record

comments

nonrandomstring
·geçen yıl·discuss
As someone who loves to cook I think kitchen advances are somewhat overlooked, from pressure cookers to microwaves to air-fryers, IR ovens and all sorts of amazing combos, hand blenders and whatnot Time to make good home food got much shorter and more energy efficient.

Edit: showing my age, cos that's 80s, not 90s. In fact I think pressure cookers got popular in the mid 70s.
nonrandomstring
·geçen yıl·discuss
Didn't rachelbytheebay post recently that her blog was being swamped? I've heard that from a few self-hosting bloggers now. And Wikipedia has recently said more than half of traffic is noe bots. ARe you claiming this isn't a real problem?
nonrandomstring
·geçen yıl·discuss
Absolutely, yes! A protocol should not be tied to client details. Where did "User Agent" strings even come from?
nonrandomstring
·geçen yıl·discuss
> blame here are solely the ones employing these fingerprinting techniques,

Sure. And it's a tragedy. But when you look at the bot situation and the sheer magnitude of resource abuse out there, you have to see it from the other side.

FWIW the conversation mentioned above, we acknowledged that and moved on to talk about behavioural fingerprinting and why it makes sense not to focus on the browser/agent alone but what gets done with it.
nonrandomstring
·geçen yıl·discuss
When I spoke to these guys [0] we touched on those quirks and foibles that make a signature (including TCP stack stuff beyond control of any userspace app).

I love this curl, but I worry that if a component takes on the role of deception in order to "keep up" it accumulates a legacy of hard to maintain "compatibility" baggage.

Ideally it should just say... "hey I'm curl, let me in"

The problem of course lies with a server that is picky about dress codes, and that problem in turn is caused by crooks sneaking in disguise, so it's rather a circular chicken and egg thing.

[0] https://cybershow.uk/episodes.php?id=39
nonrandomstring
·2 yıl önce·discuss
A good list of concepts and resources. I'll just mention Andrew Tanenbaum's "Distributed Operating Systems" (Prentice-Hall 1995) which was my entry point.
nonrandomstring
·3 yıl önce·discuss
You're definitely doing the fun stuff, good luck with it.
nonrandomstring
·3 yıl önce·discuss
Seems the title is a little modest.

There is a white noise generator, which "cat /dev/urandom | /dev/audio" or a couple of lines of C code will accomplish. With just a few controls you can tailor the spectrum easily.

Then there is an "ambient music generator" which you can knock together in a few hours with Csound, Supercollider, Pd, Chuck/Faust and the like.

Then there's an "ambient music application" which in addition to inbuilt generators works with with online libraries of generators, seeds, patterns, sample loops, and a package/element manager for getting and adding "songs". Last time I built one of those it was a few weeks of effort.

Then there's getting all that to run on smartphone, on multiple platforms, getting around all the quirks, permissions and general madness that is phone dev ecosystem.

Well done on that last point. Seems the last of these is what the author has created and I kinda think it deserves a better name than "white noise generator".

I didn't realise there is still quite a culture of "noise generators" for people wanting to sleep, read or meditate.
nonrandomstring
·4 yıl önce·discuss
> Private Facebook group, free tier Slack, a Zoom meeting, free Google Drive. I fail to see the difference.

You didn't fail. Because there isn't one.

> All of these are reputable, popular SaaS applications, widely used to collaborate at work.

As you admit yourself;

  "these are equally trustworthy (read: not that much)"
If you fail, it is to believe that careful reputation management and widespread use of substandard tools makes them acceptable.
nonrandomstring
·4 yıl önce·discuss
> A contractor posts some of these photos to a private Facebook group used by other contractors on the project.

That's where it went wrong. Everything else seems reasonable for a visual AI training project, well signalled to the participating users and the data securely communicated.

Thereafter, the data was mismanaged.

There is clearly no such things as a "private" Facebook group. So called "contractors" [1] using a disservice like Facebook to communicate beggars belief.

[1] people with the unremarkable skill of being able to spot ordinary household objects and label them - so someone probably had the bright idea of creating a CAPTCHA "Find all the women on toilets".
nonrandomstring
·4 yıl önce·discuss
Perhaps it is to computing what the Fountainhead is to architecture. The feeling from the inside of a great moment or historical period that encapsulates an idea(l) can't be told factually. The space race. The Manhattan project. Cracking Enigma at Bletchley Park. We all read those boks and watch the movies, and wish we had been inside those moments. Reality was probably heat, dust, coffee, burned fingers with soldering irons, paperwork, money arguments, getting cranky working late hours... much the same as your ordinary workday.
nonrandomstring
·4 yıl önce·discuss
I read;

> If the words GeoCities, Excite or Alta Vista mean anything to you, then chances are that the word ‘webring’ triggers a sudden pang of nostalgia.

but cannot help hear a voice from 2032, saying;

  "If the words Like, Follow, and Tweet mean anything to you, then
   chances are that the words "Social Media" triggers a sudden pang of
   nostalgia."
If nostalgia is a permanent feature of the Internet, so is the paroch...{EDIT} ear-shredding squee of fanbois.
nonrandomstring
·4 yıl önce·discuss
Good thoughts.

Trust is such a complex subject.

For example, I see a fault in current cybersecurity thinking caused by misunderstanding "zero trust". In the right place zero-trust is precisely what we need, and the US government has recently made a huge policy leap in defaulting systems to zero-trust.

But oddly (not paradoxically) the place to deploy zero-trust is internally. And the place to design systems which leverage trustability is on external facing ones.

People who don't get it throw up their hands and say "that's crazy, it's the people outside we cannot trust". Surely our internal systems are trustworthy, so no need. On the contrary, it's precisely because internal trust already exists that security and low friction benefits accrue from going full zero-trust. For public facing systems the benefit comes from a more trusting stance, backed by high system security and resilience.

It's pretty much the opposite from what we've been doing.
nonrandomstring
·4 yıl önce·discuss
I loved the understated humour of:

  "Some social scientists believe teaching kids that literally
   everyone in the world they hadn't met is dangerous may have been
   actively harmful."
Harms take many guises. Mutual distrust drives people to mediate and avoid others through technology as a psychological shield.

That breeds bad technology which divides and dehumanises, and feeds the loop.

Here on HN some people have argued for using cashless and automatic systems, not because they are "more efficient" but as a way to avoid smalltalk with a cashier or waiter. Having a map/GPS smartphone is handy, but it stops casual interaction for directions or local advice.
nonrandomstring
·4 yıl önce·discuss
> I'm not clear from the article how having an onion address helps website operators who receive abusive traffic through Tor.

No, it's not clear. Also "abusive traffic" is vague. Are you mainly concerned with shitposters, trolls, DOS attacks?

> What am I missing?

Maybe you're not missing it, but essentially it's a behavioural/social rather than technical challenge. Most abusers, ones that technical changes can address, operate at scale over HTTP/S and use Tor simply as a free VPN via regular exit nodes to hide their IP. The author calls this the "Wheat/chaff problem". Viewed this way, it's easiest for a site owner to just block all of Tor and kill all legitimate users too.

Most of those bulk abusers cannot be bothered to deal with marginal cases like using an overlay network with .onion addresses whereas those who _need_ Tor are highly motivated.

Other kinds of abusers, like persistent troll posters, are better dealt with by other means even if you're using HTTP/S.
nonrandomstring
·4 yıl önce·discuss
I think some comments here are misunderstanding the intent of the article. For those saying TLS already solves... it is not advocating Tor as a replacement for transport layer security, indeed most Tor users also use TLS (and site certs) with little overhead.

No, the article is asking how you could, as a website owner, make things easier on Tor users and yourself! It starts with the assumption that you care, and want to help users who require better privacy.

It answers, though not in detail, the many HN readers who invariably post replies concerning Tor that "All my abuse comes through Tor".

Creating an .onion address mitigates that significantly.