I think scoffing at plaintext protocols is silly. Contemporary security architecture is a nightmare. It’s like scoffing at keyboards for sending key codes in the open to the HID controller because you’ve failed to secure your machine so badly you have adversaries in your HID controller.

If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS. If there’s anything that should be scoffed at its us now with our bloated opaque corporate controlled OSes.

> If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS

I've had this conversation recently with a "Cyber Architect" who was losing his shit over SNMPv1 on our network passing community strings as plaintext.

Yes. If you sniff the traffic you can see the read-only password, which is left as default, and from that you can deduce that the ODU temperature for the microwave link is 32°C at the moment (pretty toasty for 3° outside air temperature). Big Fucking Whoop.

Concentrate on not having "bad actors" sniffing traffic on our network.

If the burglar is in your kitchen eating your sandwich out of the fridge, the problem is that the burglar is in your kitchen, not that he's eating your sandwich.

Tangentially, I saw an ad the other day for software which purports to encrypt your keystrokes: https://www.keystrokelock.com/ I have no idea what that means.

Me neither.

I looked into their Support documentation and it explains how to run the app, not how it works.

I read a 2-slide "Whitepaper" and it describes the many advantages and sort of tells you how it starts in "Ring 0" and the TPM and uses public-key cryptography, but not how it works.

They have trademarked KTLS™, but Kernel TLS is also an extension of actual TLS into the Linux kernel, so good luck differentiating that. Isn't it fun how you can trademark your trade secrets, but if you attempt to patent them, that means public disclosure.

If I had to hypothesize about it, I'd say that there is a Ring 0 hardware driver that takes the USB data, encrypts it, and the encrypted data is tunneled to each application, where it is somehow decrypted transparently without modifying any of the user's applications.

I would research this more in-depth but gnomes have already stolen my underpants. UUU~~U~~~U+++ATH0+++ NO CARRIER

"Award-winning journalist on Fox News" and the padlock with an American flag really sells it for me.

Maybe I should get in on this grift. Curl American Patriot Gold Marine Corps Never Forget 9/11 Edition for only $200. Loads _any_ URL.

> "Award-winning journalist on Fox News" and the padlock with an American flag really sells it for me.

About 20 years ago I worked on backend stuff for the sales site for a well-known UK retailer that advertised their spiffy new web store on TV.

Part of the TV ad had a couple of smiley young people with Techie Girl typing on a computer, and a big animated padlock swooping in and clicking shut and Mumsy Middle-Aged Manager smiling happily, and cut to Hacker Guy typing furiously in a darkened room as a big padlock pops up on the screen and "SECURITY LOCKED" popping up, as he scowls at the screen. The VO was something like "and it's safe to buy online - our site has Security Built In" <fx: heavy padlock clunks shut>

This sequence - the animation and filming this part right their in our own web dev office - cost over five grand of mid-2000s money to make, most of which being the padlock animations. The clunk was my bike lock.

£5000. Five Thousand Pounds.

I can tell you they spent well under 1/20th of that in developer time to actually write the security code for the site. It didn't even use HTTPS, which was kind of a requirement even in 2006.

> If you have a well secured LAN where trust is social SSH gets you nothing.

Unless you're doing automatic and mandatory SSH key rotation (which almost nobody ever does) then SSH is just "password on a sticker next to the monitor" with a long password.

I built this exact solution months ago, digging up Slack’s local storage but it failed because they had encryption on the db and the keys weren’t my account keys. Curious to see how they did it

Do tell about all your greenfield yet large scale persistence needs where this discussion even applies

My take away from mobile first G was “sites need to be fast right guys for mobile?” -> amp -> actually let’s hostile take over the web, oh actually well rework chrome auto sign in, oh actually … just a long string of user hostility

You need a super efficient and integrated empowered model private and offline. The whole architecture hardware distribution supply chain has to be rewritten to make this work the way people want.

Taxpayers haven’t agreed to fund theater they agreed to fund safer travel. The failed audits of TSA are totally unacceptable

The purpose of the system is what it does.

If enough people actually cared about the failed audits, we’d invest in making sure they didn’t fail.

As it is, it’s settled in this funky middle ground that seems to maximize cost/incompetence/hassle which is generally the picture of America overall.

Taxpayers don't universally agree it's ONLY theater, HN is biased echo chamber just like any other group.

Ugly over complex app for what it does. never saw the appeal

Yeah, it’s so tiresome that other people have a philosophy different from mine which seems to have prevailed for now. Like ok so sorry. Systemd on linux is the worst of both worlds imho which apparently according to GP to which I’m progressively less entitled. I like NetBSD and its rc init and config system. Oh no systemd sore winners incoming!

> We have good research showing we think in language.

Source? From my knowledge, we do not "think in language", but we learn to finetune our thinking to be expressed in the form of words. Unless you consider pictures as language, after all "A picture is worth a thousand words"..

Look up research on deaf cognition and language acquisition.

I think what you mean is Language shapes our thinking, but it is not a requirement of it.

That implies that nonverbal people are unable to think, no?

Seems like they just want to promote their product, sadly.

No sadly you have everyone and their mother talking about when we will get AGI and what it means, have no original thoughts, have no model, and the 1% who do think they have a model or concept thats buildable. everything I’ve read is essentially just an LLM.

Everyone is like you, projecting their own limitations until you dazzle them with glittery demos thats fine.

Well, we'll see if you make it then.

Seriously, what's a good alternative to HN these days, Refetch.io? This site seems to have turned too LinkedIn-like.

https://refetch.io/

I like https://tildes.net, reminds me of reddit back in the day where conversations were actually good. I'm not sure though if it also turned into AI slop.

Thank you for sharing.

If there’s anything I’ve learned from IBM, Red Hat, and CentOS, it’s that bleeding edge is actually what I’m supposed to want.