Not a lie: I have never encountered the name Lexi before. I would have assumed it to be a made-up pseudonym. Or a reference to a post-modern sci-fi / futuristic book. If it's short for "Alexis," which is a claim you…
It doesn't scale, as the above spec points out. Pinning could be used to eliminate CAs (as most people initially expect) but this isn't viable at the moment. The specification, which proposes a method to validate the…
Public key pinning seems to be heading in a direction that relies on the current CA model. For example, see https://tools.ietf.org/html/draft-ietf-websec-key-pinning-20, or…
This error is caused by a bug[1] present on outdated versions of Linux (typically exhibited by DD-WRT and Tomato routers) and can also be fixed by upgrading to OpenWRT. Or, if that is not an option, by creating an…
Full instructions for reference. Run: wget http://us.archive.ubuntu.com/ubuntu/pool/main/n/nss/libnss3{_3.16.3-1ubuntu1_amd64,-1d_3.16.3-1ubuntu1_amd64,-nssdb_3.16.3-1ubuntu1_all}.deb sudo dpkg -i libnss3*.deb Create a…
> the passwords themselves would still be gpg encrypted, thus safe, but the repository will leak names of all websites and userIDs. Consider encrypting the filenames with Fuse+EncFS. This flaw is pretty huge elsewise;…
The problem with in-browser password management is that the attacker does not need to escape the browser. Code injection (via XSS or a browser exploit) into a running extension is likely easier than defeating the…
No: Note: The Strict-Transport-Security header is ignored by the browser when your site is accessed using HTTP; this is because an attacker may intercept HTTP connections and inject the header or remove it. When your…
I'm quite stumped why there aren't more good password tools. Pass, vim-gnupg, and SublimeGPG are all I've found. The application managers are atrocious -- not only the UIs but data format interoperability as well.…
Yeah. It could be problematic. Then again, 6to4/6in4 tunneling is fairly straightforward: https://en.wikipedia.org/wiki/List_of_IPv6_tunnelbrokers. Binding to a backup IPv4 port is another option.
I connect to many SSH servers that aren't under my control. It's pretty annoying to remember an arbitrary SSH port for my own. Binding to IPv6-only is more effective at reducing log spam: IP scanning 2^128 addresses is…
That was an unfortunate example. The widen() in this case is absolutely unnecessary. The author even recommends using the L prefix for UTF-16 string literals inside of Windows API calls (but not on other platforms,…
The parent poster is talking about static linking against a third-party LGPL library, not your own library. In such a case, failing to provide the complete source code, or the original compilation dependencies (.o, .a,…
The main security benefit of click-to-play plugin schemes is not to question the user about the security of an object, which is unknown in most cases anyway, but to prevent accidental drive-by loading and other annoying…
At a minimum you'll need gstreamer1.0 and gst-plugins-ugly[1]. Perhaps gst-libav[2] would be an alternative to plugins-ugly. OT: Check out http://mpv.io/. It's a forked mplayer2 with native support for libva: mpv…
I was under the impression that banal grammar corrections are frowned upon here on HN, because they do nothing to further the topic or encourage interesting discussion. It's one of the reasons why Reddit is so tedious.
Is the gender of said author supposed to be curious or worthy of attention? I'm not intending to be impolite, but this is the third time in several days that HN posters have brusquely corrected a gender pronoun in…
Not a lie: I have never encountered the name Lexi before. I would have assumed it to be a made-up pseudonym. Or a reference to a post-modern sci-fi / futuristic book. If it's short for "Alexis," which is a claim you…
It doesn't scale, as the above spec points out. Pinning could be used to eliminate CAs (as most people initially expect) but this isn't viable at the moment. The specification, which proposes a method to validate the…
Public key pinning seems to be heading in a direction that relies on the current CA model. For example, see https://tools.ietf.org/html/draft-ietf-websec-key-pinning-20, or…
This error is caused by a bug[1] present on outdated versions of Linux (typically exhibited by DD-WRT and Tomato routers) and can also be fixed by upgrading to OpenWRT. Or, if that is not an option, by creating an…
Full instructions for reference. Run: wget http://us.archive.ubuntu.com/ubuntu/pool/main/n/nss/libnss3{_3.16.3-1ubuntu1_amd64,-1d_3.16.3-1ubuntu1_amd64,-nssdb_3.16.3-1ubuntu1_all}.deb sudo dpkg -i libnss3*.deb Create a…
> the passwords themselves would still be gpg encrypted, thus safe, but the repository will leak names of all websites and userIDs. Consider encrypting the filenames with Fuse+EncFS. This flaw is pretty huge elsewise;…
The problem with in-browser password management is that the attacker does not need to escape the browser. Code injection (via XSS or a browser exploit) into a running extension is likely easier than defeating the…
No: Note: The Strict-Transport-Security header is ignored by the browser when your site is accessed using HTTP; this is because an attacker may intercept HTTP connections and inject the header or remove it. When your…
I'm quite stumped why there aren't more good password tools. Pass, vim-gnupg, and SublimeGPG are all I've found. The application managers are atrocious -- not only the UIs but data format interoperability as well.…
Yeah. It could be problematic. Then again, 6to4/6in4 tunneling is fairly straightforward: https://en.wikipedia.org/wiki/List_of_IPv6_tunnelbrokers. Binding to a backup IPv4 port is another option.
I connect to many SSH servers that aren't under my control. It's pretty annoying to remember an arbitrary SSH port for my own. Binding to IPv6-only is more effective at reducing log spam: IP scanning 2^128 addresses is…
That was an unfortunate example. The widen() in this case is absolutely unnecessary. The author even recommends using the L prefix for UTF-16 string literals inside of Windows API calls (but not on other platforms,…
The parent poster is talking about static linking against a third-party LGPL library, not your own library. In such a case, failing to provide the complete source code, or the original compilation dependencies (.o, .a,…
The main security benefit of click-to-play plugin schemes is not to question the user about the security of an object, which is unknown in most cases anyway, but to prevent accidental drive-by loading and other annoying…
At a minimum you'll need gstreamer1.0 and gst-plugins-ugly[1]. Perhaps gst-libav[2] would be an alternative to plugins-ugly. OT: Check out http://mpv.io/. It's a forked mplayer2 with native support for libva: mpv…
I was under the impression that banal grammar corrections are frowned upon here on HN, because they do nothing to further the topic or encourage interesting discussion. It's one of the reasons why Reddit is so tedious.
Is the gender of said author supposed to be curious or worthy of attention? I'm not intending to be impolite, but this is the third time in several days that HN posters have brusquely corrected a gender pronoun in…