Hacker News

...

_hyn3

1840

Karma

2012-03-15

Created

Recent Activity

  • Commented: "Benchmarks for Golang SQLite Drivers"

    Excellent evaluation. From reading the code, it appears that the units for the numbers column is usually milliseconds (ms)

    It also looks like squinn is the clear leader for most but not all of the benchmarks.

    Even though it's "not scientific", is still very useful as a baseline - thanks for taking this effort and publishing your results!

    Also taking a look at monibot.io , looks cool

  • Commented: "Building Bluesky comments for my blog"

    How is this different from any other self hosted solution; you've still got to manage spam yourself. Might as well go self hosted.

  • Commented: "US reportedly forcing TSMC to buy 49% stake in Intel to secure tariff relief"

    What would TSMC do if they couldn't sell chips to the USA? It cuts both ways, like most trade negotiations.

  • Commented: "Why I no longer have an old-school cert on my HTTPS site"

    "We now have another confirmation on Twitter that remote code is executed and a glimpse into what the script is... it appears to be benign."

    https://github.com/acmesh-official/acme.sh/issues/4659

    It was not. Don't use acme.sh.

  • Commented: "SMS 2FA is not just insecure, it's also hostile to mountain people"

    Trying removing consent to receive text messages on that number, or that it's only a land line and only phone calls are accepted.

    You might even try to block incoming SMS. In fact, you might also try a forward with Twilio or free Google voice number, since a lot of SMS TOTP refuse to with with those numbers :)

    I've even had success removing my phone number entirely from certain types of accounts, but sometimes I had to deliberately break the account (eBay) and then it tries to get you to confirm on each login which you can sometimes bypass by changing the URL or clicking the company logo.

    Be sure to have strong security in other ways; strong, non repeated passwords.

    But this is truly insane. Large banks don't even offer the option of TOTP but instead require far more insecure SMS. Maybe they'll offer RSA dongles, because they never bothered to remember when they all got completely leaked ten years ago or how they accepted $10M to completely compromise their constants.

    What can you say, large enterprises are behind the security eight ball, as always! It's a tale as old as time.

    https://www.wired.com/story/the-full-story-of-the-stunning-r...

    https://www.theverge.com/2013/12/20/5231006/nsa-paid-10-mill...

HackerNews

About