Hacker News new | past | comments | ask | show | jobs | submit login

> Visible to visitors

Right, so they've gone to all this effort to generate input as close as possible to random, then they undermine it by opening it up to the public?

Would be interesting to see what the camera placement is like and if that's at least secure, otherwise someone's is just going to stick a still picture on the end of it...

If you're going to go to all this effort to create randomness, at least secure it from physical interference...

Sorry, I know I'm being a cynical here. This just feels like a marketing gimmick.




This is only one source of randomness in a pool of other sources

https://blog.cloudflare.com/lavarand-in-production-the-nitty...

Even if you managed to 100% compromise this source, there's still a pool of other sources involved.


The whole point is that it's chaotic. Knowing the the approximate current state cannot be used to predict future states. https://en.wikipedia.org/wiki/Chaos_theory


> Knowing the the approximate current state cannot be used to predict future states

The reason these entropy sources are used is because there's no such thing as a perfectly random algorithm. If there's a way to remove the entropy from the system then the whole thing becomes pointless, and you may as well go back to using a pseudorandom algorithm. That's my point.

If you care this much about ensuring true randomness then I'd argue the security of the system should be a primary consideration – perhaps the primary consideration. If you can't guarantee that you're entropy source is random, then you can't be confident of the randomness of the system generally.

I'm not an expert on this though so if someone wants to explain why I'm wrong then please do so.


The cameras themselves aren't accessible to visitors.


>at least secure it from physical interference...

I'm assuming if you start screwing around with shit the security guards will show up and point guns at you...


Despite what you've heard about America, most private security at tech companies don't carry guns. :)


And definitely not in London.


> most

Ha, which ones do you know of?


You're getting downvoted for your cynicism, but your threat assessment is correct. It's possible for someone to put a still photo in front of the lens.

That being said, the randomness on the sensor alone would probably defeat that, but also you could just check to make sure the previous image and the current image don't have the same hash, which I suspect Cloudflare does just as a basic error check.


Or to get a copy of the signal from the camera, as I assume it is less secure than cloudflare's datacentres.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: