Hacker Newsnew | past | comments | ask | show | jobs | submit | Perixoog's commentslogin

Desks with wheels (like valve).


    Code ??? WYSIWYG
    Could there be something unexplored in the middle?
WYSIWYM - What You See Is What You Mean.

Most famously used by the LaTeX powered document processor, LyX.

https://en.wikipedia.org/wiki/WYSIWYM


If you speak to a large group of people anonymously it's not private.

If it's not private, what you say, how you say it and when you say it can be analyzed to identify you.

It's a people problem not a technical one.


Would it not be trivial to algorithmically obfuscate this identifying information? As I write this, Im thinking of Ender's siblings finding their voice under the pseudonyms Desmothenes and Locke


where does timing fit in?


If you can control the timing, I'd say execution. Otherwise, luck.


The game of life meets the Dunning Kruger effect.


The FBI.


Are you serious? Do they handle these kinds of things?

In any case the only operate in USA.


Yes, the FBI handles criminal investigations.


The protesters didn't have cell phones? Just correlating their locations would tell you something was up.


It's not about what companies financial incentives are, but what type of behavior they reward their staff for.

"Noone ever got fired for buying IBM"


Alternatively - pam_ssh_agent_auth


I was complaining more about the sudo part. Probably should have just had that in the quote.


I think you misunderstood Perixoog's comment. Sudo uses PAM to ask for the password. pam_ssh_agent_auth is a PAM module that uses ssh-agent authentication instead of a password. Perixoog is saying that instead of setting NOPASSWORD, you could configure pam_ssh_agent in /etc/pam.d/sudo, and have it use the pre-existing SSH authentication as the "password", instead of having it prompt for a password.

But the part I'm concerned about is that they seem to think that having password-less sudo is a security win.


Yes, and yes.

The pam module requires you to forward a remote connection to your ssh agent - when you connect to a compromised server your attacker can authenticate to other machines as you.

An ssh key for root is simpler and safer.


But the part I'm concerned about is that they seem to think that having password-less sudo is a security win.

I thought they were saying they don't want people's passwords. People reuse them, naive people giving up an actual root password, etc.

Not sure they mean always using NOPASSWORD is good for security.


Sure, giving the password to an application is a mess. Because if the application is compromised, the attacker now has the application's sudo password (ie, the vuls user's password, not the root password), and that's a bad deal. But just having it NOPASSWORD wide open is strictly worse. A knee-jerk reaction is to avoid passwords because it's another attack surface that can be broken open, but in this case just getting rid of it is strictly worse. With SSH, disabling password auth is turning the locked door into a solid brick wall. With this, NOPASSWORD is taking the door off the hinges because you are afraid of someone picking it.


>... Google Cloud customer...

That's pretty misleading - I believe Google's parent company still own part of Niantic. So other customers shouldn't expect the (implied) same access to Google resources.


Google is just one of many series A investors in Niantic:

Alsop Louie Partners

Cyan Banister

Google

Lucas Nealan

Nintendo

Pokémon

Scott Banister

You & Mr Jones Brandtech Ventures


Yes, but being a spin-off from Google I imagine most of their employees are ex-Googlers and as such have a good network inside Google.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: