Hacker Newsnew | comments | show | ask | jobs | submit | jimktrains2's commentslogin

I worked at a place that had recursive ACLs. We used CTEs and it was pretty darn quick. We only had on the order of a million records, though, so ymmv.

reply


> There are installations which don't support ECC, usually due to hardware limitations

Isn't RSA much more computationally expensive than ECC? What hardware can do RSA but not ECC?

/me sits down to be schooled

reply


Since I can't edit:

EDIT: Unless you're referring to embedded systems that can't be updated?

reply


Bingo :)

Actually, not just embedded systems. There's HSMs (hardware security modules) which also can't be updated to support new functions. Often this is because the underlying primitives have been implemented in fixed-function hardware to prevent timing, power and even RF analysis.

reply


One of the biggest problems with GPG is keyex. Sure, we have key servers, but that's not really a secure way of doing things.

Secure communication is as much a cultural change as a technological one.

reply


GPG at least has the web of trust, with all its privacy problems. Most technologies just use "trust on first use".

reply


That doesn't actually solve the problem though. It helps in theory, but it requires the user to understand what they're doing to a level most won't.

There is also the cultural issue of just exchanging fingerprints. Only techies put them on business cards, and even then only some. It needs to be common action.

reply


Well, at least they try to solve it.

Another approach for verification is employed by Threema [1]: The server verifies email addresses and phone numbers, so if the address or number is in your contacts you can have more confidence, represented by an orange dot next to the contact. If you verify the fingerprint by scanning QR codes, you get a green dot.

About fingerprints for the masses: I really like the visual fingerprints Peerio is using (basically bigger Github-style generated avatar icons).

[1] https://threema.ch/en/faq

reply


No mention of Pittsburgh! We have a fairly low cost-of-living and decent salaries for tech.

reply


I'm from there originally, and I agree, but the weather really is a problem. It's terrible. I live in Portland now, an area renowned for its gray rainy days and lack of sunlight. And yet, it has been 50º-60º and sunny for nearly a month now. Whenever I check Pittsburgh it's hovering around 0º. It's really a shame because I love Pittsburgh.

reply


Pittsburgh's weather isn't that bad, having gone through 4 winters there in college. This year has been an outlier, with the Western US generally experiencing record heat and drought while the Eastern US has experienced record cold: http://www.slate.com/blogs/the_slatest/2015/02/19/freezing_c... http://www.latimes.com/local/california/la-me-east-west-weat...

reply


Don't get used to it. This winter has been historically dry and warm in PDX. Snowpack in the Cascades is ~11% of normal this year.

reply


I was kind of looking for that too. Cost of living in this area is pretty low and the tech scene is growing. The only downside is you have to live in Pittsburgh and I actually like sunshine so I've been thinking of moving.

reply


Our city isn't that bad! Though it does rain a good deal, and is cloudy a lot.

That said there are a lot of amenities (museums, shows, groups, &c) and things-to-do, so we're not as isolated and dull as a lot of people I've met feel we are.

reply


I live in Ohio but work in Squirrel Hill. The city has transformed over the years and is a really nice place. The only downside is the weather. This time of year it's easier to complain about weather but we literally get some of the lowest amount of direct sunlight in the country. We basically have 2 seasons: 4 months of summer, 8 months of winter/grey. Other than that the area is ok. Where I live it's pretty depressing old industry towns with nothing left, but like I said I don't live in Pittsburgh.

reply


Because this comment is nonsensical for not including the text:

Jeffrey Paul ‏@sneakatdatavibe

A first for the #oscars: being surprised the winner was willing to enter the country to accept the award. #landofthefree

reply


Was that what he said? I didn't hear the "t". Without the "t" it's much more amusing, with it's sad because it plays on a line of thought that is sad, small, and wrong.

reply


The closed caption that I saw printed "treason" and that's what I heard. But then, they also mangled Ed Catmull's name into something like "at maul", so I don't consider it definitive.

reply


Brief reminder that what you hear is being reinterpreted by your brain to match the things that you see.

https://www.youtube.com/watch?v=G-lN8vWm3m0

reply


I guess I don't understand this comment. Someone wrote about it, so obviously they care. Moreover, firmware is normally considered safe, if it's not then that is a significant shift in paradigm for the security conscious.

reply


But why would someone create a new account to make that comment?

reply


Because it's a passive-aggressive comment that translates to something like "Who would care, except for those who want the terrists to win?" ;)

reply


And this matters because even if you uninstall the program, it leaves the certificate behind, right? So you have to manually remove the cert to shield yourself against future attacks, in addition to removing the program

reply


Not that this excuses Lenovo in any regard whatsoever, the removal instructions[1] Lenovo link to in their press release[2][3] includes the removal of a certificate.

[1] http://support.lenovo.com/us/en/product_security/superfish_u...

[2] http://news.lenovo.com/article_display.cfm?article_id=1929

[3] http://support.lenovo.com/us/en/product_security/superfish

reply


Good, though TBH, it didn't include removal of a certificate just few hours ago. I guess they're breaking under the pressure of PR shitstorm.

reply


I'm assuming this only affects you if you're running windows? (Honest question, it's not some firmware based thing from what I've read, but just checking).

reply


Of course... It's just a certificate and proxy that comes by default with the OS as it comes from their factory. You can uninstall the certificate, reinstall Windows, install Linux, etc. and the problem will disappear.

reply


I've seen tons of computer-generated terrible xml. It's in use in so many custom API's I can't even describe to you. Poor escaping, nesting, &c.

reply

More

Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: