Hacker Newsnew | past | comments | ask | show | jobs | submit | more slowbdotro's commentslogin

Technically it's not a proxy. As every device (apparently) connects directly to Apple's servers.


Beeper Mini talks directly to Apple servers from your device.

Beeper the company also has Beeper (Cloud) which bridges a whole lot of chat apps via Matrix to their other client app, including iMessage via a Mac relay.


I agree. Self hosted my email for over a decade and as long as you do the recommended SPF, DKIM and DMARC you have basically no problems.

Occasionally I turn up in spam when I email someone I haven't before, but that's usually due to the .ro in my domain and the forced text mode rather than html.

I've found problems only start occuring when you send transactional email. User signups, notifications, etc. Anything really automated.

I think people like to joke on self hosting email because there are a lot of moving parts and it was hard to diagnose why something went wrong. Until the last decade and early 2010s there were no all in one self hosted solutions that made it easy & available for most to do it.


> Occasionally I turn up in spam when I email someone I haven't before

Just proved my point.


Google puts random things in Spam, including ones marked 'not spam' or from otherwise reputable senders (like Github, despite receiving their emails for a decade). My monthly credit card bills occasionally are dumped in spam.

Its not really proof of much unless one is constantly getting junked


Back when I used GMail, Google would sometimes mark correspondence e-mails from Google staff as spam. Heck, I even had instances of responses to e-mails I had sent to Google staff marked as spam. Spam filtering is complex and clearly Google has (and continue) to tread a very fine line here.


Last week I saw the same behavior sending email from my work's Google Workspace account to my personal Gmail account. The email stays within Google, I'm logged into both accounts on the same computer, does Google think I am I spamming myself...?


Google's expense reimbursement emails were systematically considered to be SPAM by gmail.

Google knew this because they even issued warnings.

Still, using your own domain and machine is different.

Unless you've had an interaction with that email address it will be considered SPAM.


One of the best self hosted mail services I've even used. Automated setup for caldav/carddav adds the cherry on top


You are running X11. So it won't affect you.


Thanks.


I use compare as part of our deploy pipelines with puppeteer as a driver. Works great as a way to ensure a simple and fast way to confirm we're "still up".


Technically yes, but from memory, your U2F public key would be leaked. Thus depending on your threat model you may still want to rotate U2F keys.


I thought ‘public’ means it can be shared widely without there being a risk to the private key. What threat model would consider it a risk to have a public key exposed?


Identity/privacy: de-anonymizing accounts reusing the same public key.


U2F generates a new keypair for each origin. Public keys are not re-used.


If you want, come mirror it on my gitea instance: gitea.slowb.ro. I'd be happy to take the load ^-^


2016 database, someone needs to update it. And how does one even get all the magnet links like this?


One way is querying the dht


Duplicate: https://news.ycombinator.com/item?id=31297680


Nothing really substantial in the comment section there it seems.


It's normal for multiple threads to occur until one takes over or a mod intervenes to merge or elevate one.


Technically the HN rule is "original source" which the tweet in the linked submission is.

However HN's rules about tweet submissions are inconsistent and outdated.


Not OP, but I prefer memorable passwords, thus, correct-battery-horse-staple style passwords in bash: (Install cracklib, or any dict file)

  #!/bin/bash
  pickaword() {
        WORDFREQFILE=/usr/share/dict/cracklib-small;
        WORDLENGTH=$1;
        awk -v wordlength="$WORDLENGTH" 'length($1) == wordlength {print $1}' "$WORDFREQFILE"|shuf|head -n 1;

    }
  [[ ! -z $1 ]] && numWords=$1 || numWords=4
  separator="-"
  count=0
  currentWord=""
  while [[ $count -lt $numWords ]]; do 
    [[ $count != 0 ]] && echo -n $separator
    num=$((3 + RANDOM % 10))
    word=$(pickaword $num)
    echo -n "$word"
    count=$(($count + 1));
  done
  echo ""
Edit: code formatting is hard. Source is: https://gitea.slowb.ro/ticoombs/dotfiles/src/branch/main/bin...


Please don't use $RANDOM or $((RANDOM)) or standard `shuf` for password generation. These RNGs are not cryptographically secure. Use input from /dev/urandom instead.

Modulo operations like these are another thing to avoid. To get equal chances for each word, the simplest thing to do is e.g.

    do
      wordlistlength = 10e3
      randomnumber = os.urandom(1) * 256 + os.urandom(1)
    while randomnumber > wordlistlength
    return wordlist[randomnumber]
(Adjust if your list length is greater than 255×256+256, of course.)

Further, I see that cracklib-small is 52k words. That's not good or bad, but it makes the default 4-word phrase 52e3⁴ ~ 63 bits of entropy, which isn't terrible but in my opinion on the short side as a default. It will be perfectly fine if you only ever want to defend against online attacks, but in some cases (think disk encryption or password manager) offline cracking should be kept in mind and for the rest you should usually use a password manager anyhow (so then memorability doesn't matter).

Or perhaps more succinctly: please don't roll your own crypto.

I understand that this is of course very unlikely to be abused if it's just for yourself and nobody knows of this weakness in your credentials (security through obscurity works... until it doesn't), but one day someone will use this as inspiration or it will spread somehow, say through an HN comment... just use good password generators or at least keep insecure ones secret.

Btw: many standard Debian(-based) installations have /usr/share/dict/words available so you don't need an extra install; I haven't seen cracklib used before but that might just be me.


I'm curious. What kind of attacks do you open yourself up to if you use $RANDOM in this situation?

Also, why do we avoid modulo operations?


$RANDOM has low entropy, a predictable sequence and it's even more predictable if you use modulus.

$RANDOM provides 15 bits of randomness (32768 possible values) from an LCG[1] - https://en.wikipedia.org/wiki/Linear_congruential_generator

LCGs are multiply followed by add followed by modulus, which is usually implied by a mask or a native word bit length rolling over. You should observe that multiplies have patterns in the lower digits which an add will only offset, and the modulus will only throw away high bits rather than mix them back in to the low bits. Consider the low digit in multiples of 7 (what you'd get picking a number between 0 and 9 inclusive via modulus):

    7 -> 7
   14 -> 4
   21 -> 1
   28 -> 8
   35 -> 5
   42 -> 2
   49 -> 9
   56 -> 6
   63 -> 3
   70 -> 0
   77 -> 7
   84 -> 4
   91 -> 1
   98 -> 8
  105 -> 5
  112 -> 2
  119 -> 9
  126 -> 6
  133 -> 3
  140 -> 0
The lowest digit has the sequence 7418529630 repeating, which isn't very random. Modulus preserves low order bits and throws away the magnitude of the number. The result is that if you want to get half-decent low-valued random numbers from an LCG, you should take x/range * limit rather than %. You can do this with integer arithmetic via multiply and shift if you have an integer twice the size of your LCG.

But again, don't use an LCG for generating your password.

[1] I looked at the source. Bash looks like it tries to use random(3) if it's available, otherwise it seems to use this, which doesn't have an add:

  x(n+1) = 16807 * x(n) mod (m)


Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: