Hacker News new | past | comments | ask | show | jobs | submit | rmholt's comments login


Tried to do some online research (heh) and it would appear that satire of public figures is just straight up protected by the first amendment. https://en.m.wikipedia.org/wiki/Hustler_Magazine_v._Falwell

I don’t think linking directly to real companies and referring to them as partners while using their logos is all that similar to the Falwell example.

I haven’t visited the site from this story, but had they clearly marked the site as parody?


Has he ever worked on pagers by a chance


Would generation of SELinux policies be a good use case for LLMs?

"Generate a SELinux policy for daemon X. This daemon accesses it's config file in /etc and it's runtime data in /var/x. It listens on network. All other activities should be disabled"


Only if you’re knowledgeable enough to double-check the resulting configuration and correct any mistakes or omissions.


While I agree the syntax of the policy is a big part of the difficulty, I think it's equally difficult for many apps/services to find out what activities it needs.


> We furthermore propose that pages on websites that have information that might be useful for LLMs to read provide a clean markdown version of those pages at the same URL as the original page, but with .md appended.

Not happening, that's like asking websites to provide an ad-free, brand identity free version for free. And we can't have that now can we


I didn't hear about the Zuckerberg part, do you have a link to the article? I can't find it


Here including the whole "debunking" of it... Judge for yourself if this type of info would be removed from FB if it was posted by users:

https://www.snopes.com/news/2023/02/06/zuckerberg-vaccines-v...


While author said that C's mmap suffers the same issue, I would argue C's mmap is fine, because C doesn't have async. The issue arises from the mmap crate not having an async read and the confusion around how does async work.


I feel like author used a lot of words to say "mmaped reads are IO (obvious) but critically, they are usually not awaitable like IO (bad)"


No, that misses the point. Async doesn't require an async keyword. Evented programming (which as the same issues) has been common in C for decades.


Seems really cool! It seems pertinent to remember however that it isn't security as much it is obfuscation.


Sending encrypted messages is obfuscation? Can you elaborate?


I think what rmholt means is that ruroco does not improve security in the sense, that it has stronger and safer encryption/algorithms/... but that it merely "hides" existing services.

I would argue that it does improve security in the way that it reduces the attack surface of potential vulnerable services, because they are simply not accessible for adversaries.

On the other hand, having another tool running increases the attack surface, but imho that's very small.


Yup that's what I meant! And I am worried that a replay attack would be able to bypass ruroco. Thus ruruco is not a replacement for good SSH security, which you have to do anyway.

But like I wanna stress that I like ruroco and I might end up using it to decrease the internet noise on my home lab, but I'm just worried that someone might end up relying on ruroco instead of proper SSH security


a replay attack won't work, because every UDP packet data has deadline in nanoseconds.

Once this UDP packet reaches the server the deadline will be added to the blocklist.

If an attacker sends the same packet again, the server will check its blocklist for the deadline. It does not matter if the deadline has been reached or not. once the packet reaches the server, the deadline of that packet will be added to the blocklist.


I see i see good to know, thanks!


I believe the author is comparing their method against just the naive port knocking approach


yes thats correct. Should have stated that in the headline


Afaik it doesn't. The only useful thing there is, is a deadline on each packet so the retransmission would have to be fast, but it seems doable.

https://github.com/beac0n/ruroco/blob/ce766751b51c8ff6246a2b...

The encrypted information is current time, command and random data. So the server could feasibly detect that a retransmission has occurred but that's about it.


The deadline for YC's W25 batch is 8pm PT tonight. Go for it!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: