Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
smellf
on Aug 3, 2016
|
parent
|
context
|
favorite
| on:
Why aren’t we using SSH for everything?
Jerks are also piping /dev/random into it, looks like that may be crashing it.
verroq
on Aug 3, 2016
[–]
I guess we can't use ssh for everything.
Cpoll
on Aug 3, 2016
|
parent
|
next
[–]
That's not ssh's fault; you can pipe /dev/random into just about anything and get the same result. Rate-limiting isn't the job of the protocol, in this case - it's the job of the chat server application.
dvanduzer
on Aug 3, 2016
|
parent
|
prev
[–]
The lesson is that you can't authorize indiscriminate access to public services on the internet for single-factor authenticated users.
edit: Ugh, Wordy. Shorter: Identity is more than a public key.
mikeash
on Aug 3, 2016
|
root
|
parent
[–]
Also, security is more than identity. You still need to be robust against malicious input even if you know exactly who all your users are.
dvanduzer
on Aug 3, 2016
|
root
|
parent
[–]
Indeed. The third leg that solves this problem is known to the industry as Accounting.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
