a thoughtful web.
commentspostsbadges
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by mk
mk  ·  4245 days ago  ·  link  ·    ·  parent  ·  post: "unknown or expired link"

    Hoping that's not a security hole if I spoof a random fnid that belongs to someone else...

https://news.ycombinator.com/item?id=639976

    Wouldn't it make more sense to couple the storage time of the functions to a specified timeout?

Some of the fnids do have timeouts, and that's one of a number of ways to alleviate this. We are currently "in The Cloud", on a Ubuntu server at Digital Ocean. We used to be on Linode, which has great service, but DO has SSD, and that has huge advantages with Hubski's unusual architecture.



markup tips  ·  0


thundara  ·  4245 days ago  ·  link  ·  

Both awesome and worrisome. No post from pg on there, did they patch HN (Slash how did they) to fix the security hole? Does hubski have the same fix applied? Dunno if increasing the length of the fnid / cookie would help if your PRNG has been compromised...

+discuss+discuss
mk  ·  4245 days ago  ·  link  ·  

Yeah, really impressive. Not sure about HN, but we use the Arc3 rand-string.

pg did respond.

I'm still looking into what else might have been a part of it.

+discuss+discuss
about
tutorial
faq
rss
tmi
random
privacy & terms
weather
donate
login