Hacker News new | past | comments | ask | show | jobs | submit | GTP's comments login

You're posing a good question but, if you look at things from this perspective, then every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.

While you pose a valid concern, I think most people don't have to worry about this. The reason is that printing private keys isn't a common practice, so I think it's unlikely that nation-states mandate backdoors in printer firmware to collect private keys, and most people don't have to worry about targeted attacks.

EDIT: On a second thought, your comment reminded me of that creepy time many years ago when a printer randomly regurgitated a partial print of a document I printed some time before (read: days or even weeks before), clearly showing that the printer kept it somewhere in memory. So it still possible that some printers memorize what you print. IIRC it was a Brother printer. At the end of the day, you can't account for every possible attack vector. Pick a reasonable threat model and act accordingly.


This certainly applies to office printers. Printers that accept new jobs while printing have to store them somewhere. There have been many incidents of finding old documents on disposed printers because it doesn’t occur to anyone to wipe them first. This especially applies to “copiers”, because a copier is just a printer in the same box as a scanner.

But that wasn't an office printer. Yes, printers do have some memory to store what they need to print, but surely I didn't expect a document to linger there for weeks. Anyway, you're right: we may have to look at printers differently.

There was a conspiracy theory that China was buying old office printers/scanners hoping to recover secret documents remaining in the cache. Plausible, but seems like a lot of effort hoping for a diamond in the rough when I expect 99% of prints are boring day-to-day information.

> every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.

Yes, I believe you should. On OSes without sandboxing and protections against exfiltration, this is a substantial concern. And you’d be foolish to e.g. keep a bitcoin private key lying around in your home dir. For this same reason, I think the common practice of leaving non-password-protected SSH keys in ~/.ssh is terrible.


Sure it's a bad idea to not encrypt your private keys, but the point here was that, even if you encrypt them, they will be unencrypted when you need to use them.

Is that list publicly available? I would be curious to have a look.

In this situation you would have someone with actual knowledge of the mechanics involved do the computation using the actual data (e.g., what's the mass of the train? Which kind of breaks does it have?) instead of asking an LLM and trusting it to give the correct answer without checking.


Assuming you could find an expert like that in time, and that they will then be able to understand and solve the problem fast enough to still be helpful.

If you need the answer within a couple hours, you can probably get it for an expert; if you need to get an actionable answer within minutes, based on some back-of-the-envelope calculations, then a SOTA LLM is a much safer bet than flagging whoever seems the smartest in the room and asking them for help.


I assumed we already did such calculations in advance, as it's needed to have proper safety measures.

Judging from your comment, it seems that your statistical sample is heavily biased as well, as you are interacting with people that can't afford a laptop. That's not representative of the average person.


The link to the write-up seems broken, can you write the correct one?


Apologies but its not letting me edit post any longer (I'm new to HN), here's the link though: https://brig90.substack.com/p/modeling-the-voynich-manuscrip...


Not an expert in this area, but I think that that "just" is hiding a lot of complexity. Plus you also need some remotely operated robots to mount the replacement.


What's this?


I think the idea would be to prepare beforehand and have your own copy, alongside your own Wikipedia dump.


I think that having an "almost" C compiler is a trick they use to minimize the size of the codebase.


Yes, this is it. A C compiler in 50 kilobytes of code is pretty innovative.

It's also doesn't lie about the "almost". It's really almost C. It's just that C's stdlib is POSIX centric and doesn't fit Forth well, so it's not implemented as is.


TCC is 100 kB, already exists, and is a real C compiler (+preprocessor+assembler+linker). It can build Linux too!

https://bellard.org/tcc/


100kb binary. I'm talking about source code size. TinyCC's source is 1400kb in size.


It is also interesting in the fact that it is extremely tiny in terms of lines of code, and the approach they took to minimize its codebase is original.


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: