HackerTrans
TopNewTrendsCommentsPastAskShowJobs

saintfire

496 karmajoined 3 yıl önce

comments

saintfire
·3 gün önce·discuss
I read that exact preface on his site before learning and adopting it (the secure knot, specifically, but the preface is on both).

https://www.fieggen.com/shoelace/ianknottech.htm
saintfire
·7 gün önce·discuss
I mean his device was pwnd completely. Its not a stretch that attempts to warn are suppressed.

That or he didn't notice or could have assumed the notice itself was one of many phishing attempts against large orgs.

If I saw a notification that my account was compromised by Pegasus I'd personally assume phishing.
saintfire
·8 gün önce·discuss
Maybe I'm missing something but the linked discussion has a link to a closed issue that links a PR that added the feature you say is missing.
saintfire
·11 gün önce·discuss
You presumably need to convict the conspirator on evidence that doesn't consist of having published documents on your person.
saintfire
·14 gün önce·discuss
Limited by material. They store electric charge by using thin layers of insulating material and pooling negative charge on one side and positive on the other. You can puncture the material and release energy as a typical conductor, it's not stored chemically.
saintfire
·17 gün önce·discuss
The nags that you could just click "I bought a license" to remove without actually buying one?

Or you know, also buy the license and click it honestly.
saintfire
·22 gün önce·discuss
It chooses the challenge weight based on signals. If your phone looks like a phone from a residential IP you get a simple challenge.

If you then spam requests you might get another, harder, hallenge appear.

If you have a data center IP and look like bot traffic you get a hard challenge out the gate.

AFAIU after looking at their docs several months ago.
saintfire
·23 gün önce·discuss
[flagged]
saintfire
·23 gün önce·discuss
Push based, sure. Allowing SMS, I still hold, undermines all of this.

They "secure" this behind password which you entered to trigger the SMS push in the first place.

Offering an "out" to a more secure flow means your secure flow may as well not exist.

Additionally, phishing a pushed OTP is not really much harder since you can trigger the push and then just have the user finish off the flow for you, provided they don't read the IP or whatever you display them (they won't, they think they're signing in), effectively the same as a TOTP.
saintfire
·23 gün önce·discuss
I can't tell if this is satire.

DeepSeek did the same thing the american companies did on a much smaller scale.

They took the output of one company and trained a model.

American companies took the output of all IP they could illegally* acquire and trained a model.

The world does need protection from abusers, you're right.

EDIT: illegal in some cases (see 82TB of torrented ebooks), immoral in most.
saintfire
·24 gün önce·discuss
Anecdotally, I don't know anyone who picks up random tools, unrelated to AI, because AI is advertised.

Usually when I see people see a pop-off for Try our AI assistant I hear "Fuck off" or "leave me alone" while they close it. It's like everything has a modern Clippy.

Personally I do see it as a VC signal, as if they gave up on making a good tool and started working on slopifying it.

60% is lower than I imagined, tbh. Most people aren't doing agentic workflows and AI is likely not a selling point.
saintfire
·24 gün önce·discuss
I use a basic OTP password instead of Microsoft's ironically less secure (see SMS as 2FA) with my work MS account. Perhaps your org disabled it but it is definitely something a Microsoft account can do.
saintfire
·28 gün önce·discuss
And yet, I incessantly get spoofed numbers calling me from the same "central office code". Also resulting in people with the same code "returning my calls" and then getting angry that I say I didn't call them.

Preventing number spoofing would help significantly with spam calling. At least the ones from local numbers.
saintfire
·29 gün önce·discuss
I see everyone coming up with an arbitrary date of when Google lost their moral compass that aligns with their own moral compass. In that vein, I feel like when Brin and Page released a paper stating how PageRank could never be beneficial to a consumer with ads and then launched an ad company powered by page rank is when Google became evil.
saintfire
·geçen ay·discuss
Nor have they been keen on letting users OR devs customize the ui.
saintfire
·geçen ay·discuss
The unused variable error drives me insane

If they wanted the release build to be an error I wouldn't care. Having the current solution be "have the editor automatically change code to include or remove the underscore" is so wrong to me. Just invented a problem that needs tooling to modify source code to fix.
saintfire
·geçen ay·discuss
Maybe they already did and the answer was in some way lacking so they asked a peer.

Being mentored is infinitely better than a text box spitting out subtly wrong answers.
saintfire
·2 ay önce·discuss
I'm confused what else you think they are?

Its fundamentally how LLMs work.
saintfire
·2 ay önce·discuss
> If I ever start using any query strings, I’ll allow only known parameters.

They aren't saying the concept of query strings are bad, They're saying unsolicited query strings during referal are the issue.
saintfire
·2 ay önce·discuss
Doesn't look like that has been or will ever be (generally) learned.