“In roughly two hours, 1647 devices are about to be wiped”
552 by terom | 293 comments on Hacker News.
552 by terom | 293 comments on Hacker News.
Tuesday, January 31, 2023
New best story on Hacker News: Ask HN: What's the best lecture series you've seen?
Ask HN: What's the best lecture series you've seen?
471 by cauliflower99 | 204 comments on Hacker News.
It could be tech related or otherwise. What made it so special?
471 by cauliflower99 | 204 comments on Hacker News.
It could be tech related or otherwise. What made it so special?
Monday, January 30, 2023
New best story on Hacker News: Ask HN: Why Is Everything Declining?
Ask HN: Why Is Everything Declining?
445 by maerF0x0 | 769 comments on Hacker News.
Is anyone else noticing that for several 5 year blocks (pentad) the world just seems to get markedly worse? It's like no body seems to give a shit about anyone except themselves anymore. Whats the cause of this? What's the solution? A bunch of things I've noticed: * Landlords seem extremely greedy and do terrible rent seeking tactics like fees upon fees (250 admin fee to rent here, $75 to apply, $300 non refundable pet deposit, $25 a month pet rent, $12.50 community fee, $15 trash valet, $5 online payment fee, $100 a month community internet (for the $50 a month package), going Month to month after a lease ends is 2x the annual price. And then they use RealPage to collude to make prices higher[1] * People are noisy as fuck and dont seem to give a shit. Seems like every night there's someone with loud as exhaust on "sportish" car ripping around the neihborhood. For months this guy would start up his loud car at 7am and no one care when I complained. * General worker apathy is endemic everywhere I go people seem aggravated I would dare to check my order and point out they didn't put in the ketchup i asked for, or the napkins, or whatever. Or when I dine in the tables are dirty. Or the gym is filthy, the cleaner just drags the mop around looking busy but accomplishing nothing. But in many instances they keep asking for more tips. * Software seems to be overrun by a mentality that any future cost is worth it to save even 1 minute of development time today. And this one I think I've observed the root, it seems that people get promoted away from their problems so they're not the ones to solve them. And those who do write good software (albeit slightly slower) are not promotable beacuse they're "under performing" their peers. Why does it seem management (and many thusly incentivized engineers) have abandoned decades of experience showing how to create reliable, robust, reusable code that is both great the customer, fast to iterate on, and only a tiny tiny bit slower to write. * Seems like everything is subscription model and you have to pay N times to access something thats only worth 1-3x . Eg: I Netflix for a couple hours a month. At the price for 4k access I can almost go out to a theatre. Video games are all trending to subscription models. I just learned the other day that the PS4 games I got with my subcription to PSN all are locked because I stopped subscribing (nearly 50 games) . So I paid them like $125 for access to these games for 24 months, and now I cannot play any of them? At least I still own NES/SNES/N64 Game cartridges that will never lock me out. * Police seem to not give a shit anymore. I've noticed what seems to be total lawlessness going on in my world. Folks stealing shit. People driving absurdly dangerously in cars that are not designed to travel like that. (tailgating, lane switch, accelerating at the fastest I've ever seen a beat up Sentra do...) . I never see cops hit lights and sirens at them. And every year our taxes (their paycheck) and our insurance goes up (a consequence of poor driving habits). And at the same time, we get these cases where a dude like Tyre, at least as I see the body cam, seems to be basically complying and the police freak out on him, he basically complies, and they taze and pepper spay him, no wonder he ran away -- what is someone supposed to think when they say "on the ground" and you get on the ground and then just keep getting more and more aggressive. Like are you gonna just lay on your face while they potentially pull their gun and just shoot you in the back of the head? How do you know what's going on unless you can face and see them? How can you trust they wont, cause even if it's 99.999999% they wont, you only get 1 one chance and if you get it wrong you're dead without any coming back. * Over and over again we keep hearing stories of fake people becoming the top paid, respected, or otherwise status people in society. Elizabeth Holmes, Frank/JP Morgan scam for $175M[2], fraudulent crypto schemes * And there's a ton of little things too like the water is poison, the air is poison, the food system is poison or crashing etc. I'm aware of pinker's general argument that many numbers are getting better. But it seems like people just treat eachother like shit these days. Anyone else have other examples? I am I way off base here? [1]: https://ift.tt/m9z6DKA [2]: https://ift.tt/1TuSjH2
445 by maerF0x0 | 769 comments on Hacker News.
Is anyone else noticing that for several 5 year blocks (pentad) the world just seems to get markedly worse? It's like no body seems to give a shit about anyone except themselves anymore. Whats the cause of this? What's the solution? A bunch of things I've noticed: * Landlords seem extremely greedy and do terrible rent seeking tactics like fees upon fees (250 admin fee to rent here, $75 to apply, $300 non refundable pet deposit, $25 a month pet rent, $12.50 community fee, $15 trash valet, $5 online payment fee, $100 a month community internet (for the $50 a month package), going Month to month after a lease ends is 2x the annual price. And then they use RealPage to collude to make prices higher[1] * People are noisy as fuck and dont seem to give a shit. Seems like every night there's someone with loud as exhaust on "sportish" car ripping around the neihborhood. For months this guy would start up his loud car at 7am and no one care when I complained. * General worker apathy is endemic everywhere I go people seem aggravated I would dare to check my order and point out they didn't put in the ketchup i asked for, or the napkins, or whatever. Or when I dine in the tables are dirty. Or the gym is filthy, the cleaner just drags the mop around looking busy but accomplishing nothing. But in many instances they keep asking for more tips. * Software seems to be overrun by a mentality that any future cost is worth it to save even 1 minute of development time today. And this one I think I've observed the root, it seems that people get promoted away from their problems so they're not the ones to solve them. And those who do write good software (albeit slightly slower) are not promotable beacuse they're "under performing" their peers. Why does it seem management (and many thusly incentivized engineers) have abandoned decades of experience showing how to create reliable, robust, reusable code that is both great the customer, fast to iterate on, and only a tiny tiny bit slower to write. * Seems like everything is subscription model and you have to pay N times to access something thats only worth 1-3x . Eg: I Netflix for a couple hours a month. At the price for 4k access I can almost go out to a theatre. Video games are all trending to subscription models. I just learned the other day that the PS4 games I got with my subcription to PSN all are locked because I stopped subscribing (nearly 50 games) . So I paid them like $125 for access to these games for 24 months, and now I cannot play any of them? At least I still own NES/SNES/N64 Game cartridges that will never lock me out. * Police seem to not give a shit anymore. I've noticed what seems to be total lawlessness going on in my world. Folks stealing shit. People driving absurdly dangerously in cars that are not designed to travel like that. (tailgating, lane switch, accelerating at the fastest I've ever seen a beat up Sentra do...) . I never see cops hit lights and sirens at them. And every year our taxes (their paycheck) and our insurance goes up (a consequence of poor driving habits). And at the same time, we get these cases where a dude like Tyre, at least as I see the body cam, seems to be basically complying and the police freak out on him, he basically complies, and they taze and pepper spay him, no wonder he ran away -- what is someone supposed to think when they say "on the ground" and you get on the ground and then just keep getting more and more aggressive. Like are you gonna just lay on your face while they potentially pull their gun and just shoot you in the back of the head? How do you know what's going on unless you can face and see them? How can you trust they wont, cause even if it's 99.999999% they wont, you only get 1 one chance and if you get it wrong you're dead without any coming back. * Over and over again we keep hearing stories of fake people becoming the top paid, respected, or otherwise status people in society. Elizabeth Holmes, Frank/JP Morgan scam for $175M[2], fraudulent crypto schemes * And there's a ton of little things too like the water is poison, the air is poison, the food system is poison or crashing etc. I'm aware of pinker's general argument that many numbers are getting better. But it seems like people just treat eachother like shit these days. Anyone else have other examples? I am I way off base here? [1]: https://ift.tt/m9z6DKA [2]: https://ift.tt/1TuSjH2
Sunday, January 29, 2023
Saturday, January 28, 2023
Friday, January 27, 2023
Thursday, January 26, 2023
New best story on Hacker News: Tell HN: Whole Yandex Git repository leaked
Tell HN: Whole Yandex Git repository leaked
562 by coolspot | 318 comments on Hacker News.
Someone just published 40Gb+ of leaked Yandex GIT repository. Won’t provide magnet here, but it is top google result for “yandex leak” when filtered by last 24h. Affected services: aapi.tar.bz2 admins.tar.bz2 ads.tar.bz2 alice.tar.bz2 analytics.tar.bz2 antiadblock.tar.bz2 antirobot.tar.bz2 autocheck.tar.bz2 balancer.tar.bz2 billing.tar.bz2 bindings.tar.bz2 captcha.tar.bz2 cdn.tar.bz2 certs.tar.bz2 ci.tar.bz2 classifieds.tar.bz2 client_analytics.tar.bz2 client_method.tar.bz2 cloud.tar.bz2 commerce.tar.bz2 connect.tar.bz2 crm.tar.bz2 crypta.tar.bz2 customer_service.tar.bz2 datacloud.tar.bz2 delivery.tar.bz2 direct.tar.bz2 disk.tar.bz2 docs.tar.bz2 drive.tar.bz2 extsearch.tar.bz2 fuzzing.tar.bz2 gencfg.tar.bz2 groups.tar.bz2 helpdesk.tar.bz2 infra.tar.bz2 intranet.tar.bz2 investors.tar.bz2 it-office.tar.bz2 jupytercloud.tar.bz2 kernel.tar.bz2 library.tar.bz2 load.tar.bz2 mail.tar.bz2 maps.tar.bz2 maps_2.tar.bz2 maps_adv.tar.bz2 market.tar.bz2 metrika.tar.bz2 mobile-WARNING-notfull.tar.bz2 nginx.tar.bz2 noc.tar.bz2 partner.tar.bz2 passport.tar.bz2 pay.tar.bz2 payplatform.tar.bz2 paysys.tar.bz2 portal.tar.bz2 robot.tar.bz2 rt-research.tar.bz2 saas.tar.bz2 sandbox.tar.bz2 search.tar.bz2 security.tar.bz2 skynet.tar.bz2 smart_devices.tar.bz2 smarttv.tar.bz2 solomon.tar.bz2 stocks.tar.bz2 tasklet.tar.bz2 taxi.tar.bz2 tools.tar.bz2 travel.tar.bz2 wmconsole.tar.bz2 yandex_io.tar.bz2 yandex360.tar.bz2 yaphone.tar.bz2 yawe.tar.bz2 frontend.tar.bz2
562 by coolspot | 318 comments on Hacker News.
Someone just published 40Gb+ of leaked Yandex GIT repository. Won’t provide magnet here, but it is top google result for “yandex leak” when filtered by last 24h. Affected services: aapi.tar.bz2 admins.tar.bz2 ads.tar.bz2 alice.tar.bz2 analytics.tar.bz2 antiadblock.tar.bz2 antirobot.tar.bz2 autocheck.tar.bz2 balancer.tar.bz2 billing.tar.bz2 bindings.tar.bz2 captcha.tar.bz2 cdn.tar.bz2 certs.tar.bz2 ci.tar.bz2 classifieds.tar.bz2 client_analytics.tar.bz2 client_method.tar.bz2 cloud.tar.bz2 commerce.tar.bz2 connect.tar.bz2 crm.tar.bz2 crypta.tar.bz2 customer_service.tar.bz2 datacloud.tar.bz2 delivery.tar.bz2 direct.tar.bz2 disk.tar.bz2 docs.tar.bz2 drive.tar.bz2 extsearch.tar.bz2 fuzzing.tar.bz2 gencfg.tar.bz2 groups.tar.bz2 helpdesk.tar.bz2 infra.tar.bz2 intranet.tar.bz2 investors.tar.bz2 it-office.tar.bz2 jupytercloud.tar.bz2 kernel.tar.bz2 library.tar.bz2 load.tar.bz2 mail.tar.bz2 maps.tar.bz2 maps_2.tar.bz2 maps_adv.tar.bz2 market.tar.bz2 metrika.tar.bz2 mobile-WARNING-notfull.tar.bz2 nginx.tar.bz2 noc.tar.bz2 partner.tar.bz2 passport.tar.bz2 pay.tar.bz2 payplatform.tar.bz2 paysys.tar.bz2 portal.tar.bz2 robot.tar.bz2 rt-research.tar.bz2 saas.tar.bz2 sandbox.tar.bz2 search.tar.bz2 security.tar.bz2 skynet.tar.bz2 smart_devices.tar.bz2 smarttv.tar.bz2 solomon.tar.bz2 stocks.tar.bz2 tasklet.tar.bz2 taxi.tar.bz2 tools.tar.bz2 travel.tar.bz2 wmconsole.tar.bz2 yandex_io.tar.bz2 yandex360.tar.bz2 yaphone.tar.bz2 yawe.tar.bz2 frontend.tar.bz2
Wednesday, January 25, 2023
New best story on Hacker News: Show HN: I've built a C# IDE, Runtime, and AppStore inside Excel
Show HN: I've built a C# IDE, Runtime, and AppStore inside Excel
473 by anakic | 110 comments on Hacker News.
The project is called QueryStorm. It uses Roslyn to offer C# (and VB.NET) support in Excel, as an alternative to VBA. I've posted about it before, but a lot has changed since then so figured I'd share an update. The current version includes a host of new features, namely a C# debugger, support for NuGet packages, and the ability to publish Excel extensions to an "AppStore" (which is essentially a NuGet repository). The AppStore can be used by anyone with the (free) runtime component. Another great addition is the community license, which is a free license for individuals and small companies to use. It unlocks most features, but it isn't intended for companies with more than 5 employees or over $1M in annual revenue. I would love to hear your feedback and am happy to answer any technical questions about how QueryStorm is implemented.
473 by anakic | 110 comments on Hacker News.
The project is called QueryStorm. It uses Roslyn to offer C# (and VB.NET) support in Excel, as an alternative to VBA. I've posted about it before, but a lot has changed since then so figured I'd share an update. The current version includes a host of new features, namely a C# debugger, support for NuGet packages, and the ability to publish Excel extensions to an "AppStore" (which is essentially a NuGet repository). The AppStore can be used by anyone with the (free) runtime component. Another great addition is the community license, which is a free license for individuals and small companies to use. It unlocks most features, but it isn't intended for companies with more than 5 employees or over $1M in annual revenue. I would love to hear your feedback and am happy to answer any technical questions about how QueryStorm is implemented.
Tuesday, January 24, 2023
Sunday, January 22, 2023
New best story on Hacker News: Show HN: New AI edits images based on text instructions
Show HN: New AI edits images based on text instructions
737 by bryced | 167 comments on Hacker News.
This works suprisingly well. Just give it instructions like "make it winter" or "remove the cars" and the photo is altered. Here are some examples of transformations it can make: Golden gate bridge: https://ift.tt/RwGTgi8... Girl with a pearl earring: https://ift.tt/RwGTgi8... I integrated this new InstructPix2Pix model into imaginAIry (python library) so it's easy to use for python developers.
737 by bryced | 167 comments on Hacker News.
This works suprisingly well. Just give it instructions like "make it winter" or "remove the cars" and the photo is altered. Here are some examples of transformations it can make: Golden gate bridge: https://ift.tt/RwGTgi8... Girl with a pearl earring: https://ift.tt/RwGTgi8... I integrated this new InstructPix2Pix model into imaginAIry (python library) so it's easy to use for python developers.
Saturday, January 21, 2023
Friday, January 20, 2023
New best story on Hacker News: Tell HN: Sometimes you don't realise how bad something is until you leave
Tell HN: Sometimes you don't realise how bad something is until you leave
677 by Goleniewski | 197 comments on Hacker News.
I was in two minds about writing this but in the end the thought of preventing someone going through what I went through is enough to tip the scales. As per title, sometimes in life you don't realise how toxic something can be until you leave it behind, no matter that be a bad habit, a relationship or even work. Sometimes it can be so toxic that you'd consider ending it all (as i did) because there is no visible way out and keeping the money flowing in at the same time when people depend on you. I am here to say thats not the case. Good stuff can happen. Under another name on here I wrote about my previous job and I felt stuck because if I left I walked away on a large chunk of stock options. That and my age made me feel really depressed and unwanted. I was driven to actively contemplate suicide due to my boss and his shitty attitudes and issues but no one actually seemed to care. Even then I convinced myself with "aww, it's not so bad" when in reality it was absolutely horrific. Getting out of bed became a real battle. People bitch about people being too lazy to get out of bed but some of those people will not be able to get out of bed because they are so depressed they see no point in it because "it's still gonna suck". I was so sidelined that I could literally disappear for an entire day/days and no-one would notice. I had a "top 10 dick of the year" award boss who didn't like me at all and proactively sidelined me so much it left me nothing to do on a daily basis. That said, in a large company you can cruise for years and that's what I did. The previous boss was a good guy but he left to pursue better options. Things where quite good back then actually. Just doing nothing sounds awesome. It's not. It's crap. Imagine having to sit at a workstation for months and years, having to be "present" with nothing to actually do but make some some BS stuff to appear busy. Even doing training courses and such becomes boring after a while. It was a kind of mental prison and my boss truly didn't give a flying you-know-what. Imagine having nothing in your week to justify the normal desire to do something useful. I even wrote scripts to make life better but my boss wouldn't consider them because I wrote them. Anyhow, it all came to a head and I ended up moving on... (cant go into that too much) and my new job pays much better money and is 500% more interesting and I get to play with cool new technologies. It makes you realise what crap you will really put up with and how from an impartial viewpoint you should have just "nope'd" out of it years ago but the status-quo is just easier to maintain. Looking back at it I knew my time was up a long time ago but I didn't have the courage to jump. It caused me so much misery and anguish. Looking back on the experience, I wasted several years of my life working for someone who didn't nurture or appreciate talent with his sociopathic tendencies. It's only after all these things have happened that you realise the effects it had. As an example, my faith in myself is utterly crushed. My new boss has recognised a lot of the mental snot has been virtually beat out of me and is understanding and I am grateful for that and is very helpful. Recovery will take time but at least I know I wont get verbally berated every time something isn't perfect. For those that this resonates with, I am not saying jump out right now but plan to just get out, even if a new job pays less or means going into a less demanding job. You can always make more money later but you can't get your time back. I suspect it will take years to get my confidence back but I am so glad to be out of a terrible situation. It's only when you leave you realise how truly terrible it was. I am however still resentful over the lost years.
677 by Goleniewski | 197 comments on Hacker News.
I was in two minds about writing this but in the end the thought of preventing someone going through what I went through is enough to tip the scales. As per title, sometimes in life you don't realise how toxic something can be until you leave it behind, no matter that be a bad habit, a relationship or even work. Sometimes it can be so toxic that you'd consider ending it all (as i did) because there is no visible way out and keeping the money flowing in at the same time when people depend on you. I am here to say thats not the case. Good stuff can happen. Under another name on here I wrote about my previous job and I felt stuck because if I left I walked away on a large chunk of stock options. That and my age made me feel really depressed and unwanted. I was driven to actively contemplate suicide due to my boss and his shitty attitudes and issues but no one actually seemed to care. Even then I convinced myself with "aww, it's not so bad" when in reality it was absolutely horrific. Getting out of bed became a real battle. People bitch about people being too lazy to get out of bed but some of those people will not be able to get out of bed because they are so depressed they see no point in it because "it's still gonna suck". I was so sidelined that I could literally disappear for an entire day/days and no-one would notice. I had a "top 10 dick of the year" award boss who didn't like me at all and proactively sidelined me so much it left me nothing to do on a daily basis. That said, in a large company you can cruise for years and that's what I did. The previous boss was a good guy but he left to pursue better options. Things where quite good back then actually. Just doing nothing sounds awesome. It's not. It's crap. Imagine having to sit at a workstation for months and years, having to be "present" with nothing to actually do but make some some BS stuff to appear busy. Even doing training courses and such becomes boring after a while. It was a kind of mental prison and my boss truly didn't give a flying you-know-what. Imagine having nothing in your week to justify the normal desire to do something useful. I even wrote scripts to make life better but my boss wouldn't consider them because I wrote them. Anyhow, it all came to a head and I ended up moving on... (cant go into that too much) and my new job pays much better money and is 500% more interesting and I get to play with cool new technologies. It makes you realise what crap you will really put up with and how from an impartial viewpoint you should have just "nope'd" out of it years ago but the status-quo is just easier to maintain. Looking back at it I knew my time was up a long time ago but I didn't have the courage to jump. It caused me so much misery and anguish. Looking back on the experience, I wasted several years of my life working for someone who didn't nurture or appreciate talent with his sociopathic tendencies. It's only after all these things have happened that you realise the effects it had. As an example, my faith in myself is utterly crushed. My new boss has recognised a lot of the mental snot has been virtually beat out of me and is understanding and I am grateful for that and is very helpful. Recovery will take time but at least I know I wont get verbally berated every time something isn't perfect. For those that this resonates with, I am not saying jump out right now but plan to just get out, even if a new job pays less or means going into a less demanding job. You can always make more money later but you can't get your time back. I suspect it will take years to get my confidence back but I am so glad to be out of a terrible situation. It's only when you leave you realise how truly terrible it was. I am however still resentful over the lost years.
Thursday, January 19, 2023
New best story on Hacker News: Tell HN: It is impossible to disable Google 2FA using backup codes
Tell HN: It is impossible to disable Google 2FA using backup codes
597 by gravitronic | 307 comments on Hacker News.
I would like to inform the HN community, if your plan to recover your Google account in the event of losing your phone is to use a 2FA backup code, or SMS recovery, to remove the old 2FA setup and set up a new 2FA code, that that may not be possible. My situation: I had 2FA set up with my Google Account through Google Authenticator. I lost my Google Authenticator settings when I broke my phone. I have 2FA backup codes. These successfully log me into my Google Account. In order to disable 2FA, or generate new 2FA backup codes, I need to access the 2FA settings page under the Security tab. When I try to load the Two-factor authentication page, I am forced to re-authenticate with Google. When re-authenticating to access the 2FA page, there is no option to enter a 2FA backup code or SMS verification to pass the 2FA challenge. The only option under "Choose a way to verify" is to enter a 2FA code. Entering a backup code instead of a 2FA code returns an error. What am I supposed to do in this situation? Yes this is a classic "maybe I can get support through public shaming" attempt. Thanks in advance.
597 by gravitronic | 307 comments on Hacker News.
I would like to inform the HN community, if your plan to recover your Google account in the event of losing your phone is to use a 2FA backup code, or SMS recovery, to remove the old 2FA setup and set up a new 2FA code, that that may not be possible. My situation: I had 2FA set up with my Google Account through Google Authenticator. I lost my Google Authenticator settings when I broke my phone. I have 2FA backup codes. These successfully log me into my Google Account. In order to disable 2FA, or generate new 2FA backup codes, I need to access the 2FA settings page under the Security tab. When I try to load the Two-factor authentication page, I am forced to re-authenticate with Google. When re-authenticating to access the 2FA page, there is no option to enter a 2FA backup code or SMS verification to pass the 2FA challenge. The only option under "Choose a way to verify" is to enter a 2FA code. Entering a backup code instead of a 2FA code returns an error. What am I supposed to do in this situation? Yes this is a classic "maybe I can get support through public shaming" attempt. Thanks in advance.
Tuesday, January 17, 2023
Monday, January 16, 2023
Sunday, January 15, 2023
Saturday, January 14, 2023
New best story on Hacker News: Ask HN: Strategies for working with engineers that are too smart?
Ask HN: Strategies for working with engineers that are too smart?
481 by throwitawaaay | 460 comments on Hacker News.
There are a couple of engineers on my current team that I can only describe as being a little too smart for their own good, and I'm struggling a bit with how to work with them. I've worked with this sort of engineer on previous teams as well, and they all share a few traits: - They're brilliant, I mean very smart people (in an almost academic way?) - They have a big appetite for adding complexity to systems - They also have a big appetite for adding work to their own plates - Their code has no consistent style I work in embedded systems, so I'm generally writing C for resource-constrained systems. This sort of environment is rife with footguns, and I spend most of my time just trying to avoid those. A big part of that is keeping the things that my team controls as simple as possible, and while we are resource constrained, it's a balance. The tension comes when someone's more than happy to, for example, implement a complex caching scheme from scratch to save a few hundred bytes here, a handful of microwatts there. To me, adding that type of complexity for those sorts of performance improvements is missing the forest for the trees. When an engineer like this proposes something that adds unnecessary complexity, it's usually hard to argue with. The proposed change typically does indeed make the system objectively better, and they're the one taking responsibility for doing the work and ensuring its correctness. But the overall system becomes a little more brittle, and a little harder to reason about, two things that are much more difficult to measure than memory and power. Here's an example: an engineer on my current team recently proposed adding a significant feature to a module I wrote to make something dynamic that's currently statically defined at compile time. I pointed out that we could just change a couple entries in a static table to accomplish his goals, and we were able to avoid the extra work. What was notable, though, was his immediate willingness to write that feature. Maybe I'm lazy, but I'd sit there and think of half a dozen other ways to do it before settling on changing the module itself. But because he's smart enough to easily reason about a complicated solution, and he's willing to take on the extra work, he stopped there without weighing it against the larger system. Have you worked with engineers like this? Do you have any thoughts on how to work with them in a productive and friendly way? -- One more example if you feel like reading more: In a past role, I got into a debate about code style with the smartest person I've ever worked with. It boiled down to me advocating for more whitespace in his code and him arguing that adding whitespace made the code harder to read. It took a bit, but eventually I came to understand that he is so good at reading code that he just wants it all laid out in front of him as densely as possible. He can effectively run it in his head, as long as he can see it. That was baffling to me, I walked away thinking that I must be pretty bad at reading code. I use a very consistent style with long variable and function names, I keep my solutions as simple as I can, and I use whitespace generously to provide visual cues about the code's structure. All of this is to minimize the amount of brainpower I needed to understand my code, so I can put that energy toward thinking about the problem itself.
481 by throwitawaaay | 460 comments on Hacker News.
There are a couple of engineers on my current team that I can only describe as being a little too smart for their own good, and I'm struggling a bit with how to work with them. I've worked with this sort of engineer on previous teams as well, and they all share a few traits: - They're brilliant, I mean very smart people (in an almost academic way?) - They have a big appetite for adding complexity to systems - They also have a big appetite for adding work to their own plates - Their code has no consistent style I work in embedded systems, so I'm generally writing C for resource-constrained systems. This sort of environment is rife with footguns, and I spend most of my time just trying to avoid those. A big part of that is keeping the things that my team controls as simple as possible, and while we are resource constrained, it's a balance. The tension comes when someone's more than happy to, for example, implement a complex caching scheme from scratch to save a few hundred bytes here, a handful of microwatts there. To me, adding that type of complexity for those sorts of performance improvements is missing the forest for the trees. When an engineer like this proposes something that adds unnecessary complexity, it's usually hard to argue with. The proposed change typically does indeed make the system objectively better, and they're the one taking responsibility for doing the work and ensuring its correctness. But the overall system becomes a little more brittle, and a little harder to reason about, two things that are much more difficult to measure than memory and power. Here's an example: an engineer on my current team recently proposed adding a significant feature to a module I wrote to make something dynamic that's currently statically defined at compile time. I pointed out that we could just change a couple entries in a static table to accomplish his goals, and we were able to avoid the extra work. What was notable, though, was his immediate willingness to write that feature. Maybe I'm lazy, but I'd sit there and think of half a dozen other ways to do it before settling on changing the module itself. But because he's smart enough to easily reason about a complicated solution, and he's willing to take on the extra work, he stopped there without weighing it against the larger system. Have you worked with engineers like this? Do you have any thoughts on how to work with them in a productive and friendly way? -- One more example if you feel like reading more: In a past role, I got into a debate about code style with the smartest person I've ever worked with. It boiled down to me advocating for more whitespace in his code and him arguing that adding whitespace made the code harder to read. It took a bit, but eventually I came to understand that he is so good at reading code that he just wants it all laid out in front of him as densely as possible. He can effectively run it in his head, as long as he can see it. That was baffling to me, I walked away thinking that I must be pretty bad at reading code. I use a very consistent style with long variable and function names, I keep my solutions as simple as I can, and I use whitespace generously to provide visual cues about the code's structure. All of this is to minimize the amount of brainpower I needed to understand my code, so I can put that energy toward thinking about the problem itself.
Friday, January 13, 2023
New best story on Hacker News: Ask HN: Do you hate software engineering but love programming?
Ask HN: Do you hate software engineering but love programming?
539 by throwwwwaway | 498 comments on Hacker News.
I have come to a realization that I don't really enjoy Software Engineering(& the processes that it comes with) but I do love programming & solving problems. Finding and fixing bugs is a lot of fun. Incidence response is a lot of fun. Hacking on new projects is a lot of fun. Writing unit tests is fun too. Refactoring, rewriting, sprint, agile, rearchitecting things etc aren't that fun. I like a few languages and I am not too keen on learning new paradigms or languages unless I have to. I'd rather get to value now by making something that just works(and is adequately tested) than engineer something thats future proof but takes longer to get out. What are some good jobs for a person like this?
539 by throwwwwaway | 498 comments on Hacker News.
I have come to a realization that I don't really enjoy Software Engineering(& the processes that it comes with) but I do love programming & solving problems. Finding and fixing bugs is a lot of fun. Incidence response is a lot of fun. Hacking on new projects is a lot of fun. Writing unit tests is fun too. Refactoring, rewriting, sprint, agile, rearchitecting things etc aren't that fun. I like a few languages and I am not too keen on learning new paradigms or languages unless I have to. I'd rather get to value now by making something that just works(and is adequately tested) than engineer something thats future proof but takes longer to get out. What are some good jobs for a person like this?
Thursday, January 12, 2023
Wednesday, January 11, 2023
Tuesday, January 10, 2023
Monday, January 9, 2023
Sunday, January 8, 2023
New best story on Hacker News: Ask HN: What sub $200 product improved your 2022
Ask HN: What sub $200 product improved your 2022
479 by Dicey84 | 1487 comments on Hacker News.
Curious to know what thing / product / service improved your 2022? For me it was an Elgato stream deck. Initially bought it on a whim (probably more as a gimmick) but now find myself using multiple times a day in the office (sales) environment.
479 by Dicey84 | 1487 comments on Hacker News.
Curious to know what thing / product / service improved your 2022? For me it was an Elgato stream deck. Initially bought it on a whim (probably more as a gimmick) but now find myself using multiple times a day in the office (sales) environment.
Saturday, January 7, 2023
New best story on Hacker News: Tell HN: Vim users, `:x` is like `:wq` but writes only when changes are made
Tell HN: Vim users, `:x` is like `:wq` but writes only when changes are made
480 by manaskarekar | 233 comments on Hacker News.
`:x` leaves the modification time of files untouched if nothing was changed. :help :x Like ":wq", but write only when changes have been made.
480 by manaskarekar | 233 comments on Hacker News.
`:x` leaves the modification time of files untouched if nothing was changed. :help :x Like ":wq", but write only when changes have been made.
Friday, January 6, 2023
Thursday, January 5, 2023
Wednesday, January 4, 2023
What is Anonymous? How the infamous ‘hacktivist’ group went from 4chan trolling to launching cyberattacks on Russia
A person standing outside the White House wearing a Guy Fawkes mask as part of a 2013 protest featuring supporters of the hacking group Anonymous.
Saul Loeb | AFP | Getty Images
Anonymous is a loosely-organized international group of hackers that is known for its high-profile cyber attacks against governments, corporations, and other organizations. The group has been active since the early 2000s, and it is known for its use of the tagline "we are Anonymous, we are legion, we do not forgive, we do not forget, expect us."
One of the key characteristics of Anonymous is its decentralized structure and lack of formal leadership. The group is made up of individuals who share a common ideology and come together for specific campaigns or operations. These operations are often coordinated through online forums, chat rooms, and social media, and they often involve the use of distributed denial of service (DDoS) attacks and other tactics to disrupt the websites and systems of targeted organizations.
Anonymous has been involved in a number of high-profile operations over the years, including attacks on the websites of government agencies, law enforcement agencies, and large corporations. Some of the group's most notable campaigns have included:
Operation Payback: This campaign, which was launched in 2010, targeted companies and organizations that had taken action against the file-sharing website WikiLeaks. Anonymous launched DDoS attacks against the websites of credit card companies, law firms, and other organizations that had cut off services to WikiLeaks.
Operation Darknet: This operation, which took place in 2011, targeted websites that were associated with child pornography and other illegal activities. Anonymous claimed to have taken down more than 40 child pornography sites as part of the campaign.
Operation KKK: In 2015, Anonymous launched a campaign against the Ku Klux Klan (KKK) in response to the group's threats against protestors in Ferguson, Missouri. The campaign involved the release of personal information about KKK members, as well as DDoS attacks against KKK-affiliated websites.
While Anonymous has been involved in a number of high-profile and controversial operations, the group's actions have also been met with criticism. Some have accused the group of engaging in vigilante justice, and there have been instances where individuals claiming to be part of Anonymous have taken credit for attacks that were later found to be the work of other individuals or groups.
Despite these criticisms, Anonymous continues to be a significant presence in the world of cyber attacks and activism. The group's decentralized structure and lack of formal leadership make it difficult to track and disrupt, and it has shown a willingness to take on a wide range of targets. It is likely that Anonymous will continue to be a significant player in the world of cyber attacks in the coming years.
For nearly two decades, one of the world’s most infamous hacker groups has operated under the name “Anonymous.” And the mysterious online community is making headlines once again.
After Russia invaded Ukraine at the end of February, a Twitter account with 7.9 million followers named “Anonymous” declared a “cyber war” against Russia and its president, Vladimir Putin. Since then, the group has claimed responsibility for various cyberattacks that disabled websites and leaked data from Russian government agencies, as well as state-run news outlets and corporations.
Often called “hacktivists,” Anonymous employs coordinated cyberattacks against various world governments, corporations or other groups, often in the name of social or political causes. In a Feb. 24 tweet, the “Anonymous” account — which says it “cannot claim to speak for the whole of the Anonymous collective” — called on hackers around the world, including in Russia, to “say ‘NO’ to Vladimir Putin’s war.”
Over the years, actions linked to Anonymous have inspired both Hollywood filmmakers and other hacker groups around the world. Here’s a look at the murky group’s origins, some of its most notable cyberattacks and the philosophy that allegedly steers its decisions:
Anonymous origins
Anonymous’ origin story begins in the online message forums of 4chan, the anonymous social community website founded in 2003. Even today, posts on 4chan from users who don’t specify a username are labeled as written by “Anonymous.”
In the website’s early days, users often organized group pranks called “raids,” flooding chat rooms in games and other online communities to cause disruptions. 4chan began cracking down on the raids after critics accused participants of cyberbullying and posting offensive content.
Those raids formed the basis of Anonymous’ operations: a decentralized movement of like-minded online users who would communicate in encrypted chat rooms to plan online disruptions. At first, those plans were largely about cheap entertainment. Eventually, they began to revolve around social or political aims.
The group’s most prominent early instance of “hacktivism” came in 2008, when 4chan users led by early Anonymous hacker Gregg Housh launched a coordinated effort against the Church of Scientology, using tactics like denial-of-service (DDoS) attacks on the church’s websites, prank phone calls and faxing the church black pages to waste their printer in
The cyberattacks, which Anonymous labeled “Project Chanology,” were retaliation for what the hackers deemed as attempted censorship: The church had legally threatened Gawker after the media outlet published a leaked video of actor Tom Cruise speaking enthusiastically about Scientology.
A series of worldwide protests against Scientology soon followed, with many Anonymous-supporting protesters wearing white-and-black Guy Fawkes masks, depicting the 17th century British insurrectionist. Those masks have since become closely associated with hacking group.
Philosophy and targets
Generally, Anonymous opposes governments and corporations that it views as participating in censorship or promoting inequality. Since the group is decentralized, it has no real structure or hierarchy — so there’s often much internal debate about which ideas or causes to support.
A pinned 2019 tweet on the @YourAnonNews Twitter account – which, again, claims not to speak for the collective as a whole – describes Anonymous members as “working class people seeking a better future for humanity.” It lists Anonymous’ guiding principles as “freedom of information, freedom of speech, accountability for companies and governments, privacy and anonymity for private citizens.”
Since “Project Chanology,” Anonymous members have targeted a long list of parties, including:
- the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA), after those organizations worked to stop pirating websites from sharing copyrighted music and movies.
- the U.S. Department of Justice and FBI, after federal authorities shut down file-sharing website Megaupload.com in 2012.
- PayPal, after the online payments platform stopped allowing donations to WikiLeaks and its controversial founder, Julian Assange.
- government websites in Tunisia, Egypt and other countries in the Middle East and Africa as part of the 2011 Arab Spring pro-democracy protests.
- ISIS, following the 2015 Paris terrorist attacks.
Authorities around the world have arrested dozens of hackers with alleged ties to Anonymous, including at least 14 people charged with hacking PayPal in 2011. Barrett Brown, a journalist and self-professed Anonymous spokesperson, served more than four years in prison after a 2012 arrest on charges related to cyberattacks and threatening a federal officer.
The collective’s activities trailed off after some of those arrests, but resurfaced last year when Anonymous claimed responsibility for hacks targeting the Republican Party in Texas, in protest of the state’s controversial abortion law. Anonymous also claimed responsibility for a September hack of web-hosting company Epik, which leaked more than 150 gigabytes of data on far-right groups like QAnon and the Proud Boys.
Supporters and critics
In 2012, Time magazine named Anonymous one of the world’s 100 Most Influential People. Today, millions of people follow Anonymous-affiliated social media accounts.
Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, told CNBC last week that Anonymous’ supporters likely view the group as somewhat of a “cyber Robin Hood,” targeting powerful governments and corporations in the name of popular causes.
“You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction,” Fowler said.
But Anonymous definitely has critics. Many believe the group’s vigilante tactics are extreme and potentially dangerous. In 2012, the National Security Agency deemed Anonymous a threat to national security.
Parmy Olson, a journalist who wrote a 415-page book on Anonymous in 2012, stated at the time that even the group’s supporters should consider its legacy a mixed bag.
“Has Anonymous done good for the world? In some cases, yes,” Olson told Radio Free Europe/Radio Liberty, citing Anonymous’ support of pro-democracy demonstrators in the Middle East. “Unnecessarily harassing people? I would class that as a bad thing. DDOSing the CIA website, stealing customer data and posting it online just for sh-ts and giggles is not a good thing.”
The FBI's Perspective on Ransomware
Ransomware: contemporary threats, how to prevent them and how the FBI can help#
Ransomware attacks are a type of cybercrime that have gained significant attention in recent years. These attacks involve the encryption of a victim's computer or network by an attacker, who then demands payment in exchange for the decryption key. The consequences of a ransomware attack can be severe, including the loss of sensitive or personal information, disruption of operations, and financial loss. The FBI, as a federal law enforcement agency, has a vested interest in combating ransomware and other cyber threats. In this article, we will explore the FBI's perspective on ransomware, including how it investigates and responds to these attacks and the measures it takes to prevent them.
The FBI considers ransomware to be a serious and growing threat that affects both individuals and businesses. In response to this threat, the FBI has a number of tools and resources at its disposal. One of these is the Internet Crime Complaint Center (IC3), which is a centralized repository for cybercrime complaints. Through the IC3, individuals and organizations can report a ransomware attack and help the FBI gather intelligence and build cases against those responsible.
In addition to its work through the IC3, the FBI also conducts proactive investigations into ransomware and other cyber threats. This includes working with other government agencies, such as the Department of Homeland Security and the National Cybersecurity and Communications Integration Center, as well as international partners and the private sector. The FBI's National Cyber Investigative Joint Task Force (NCIJTF) brings together more than 20 federal agencies to share information and resources in the fight against cybercrime, while the Cyber Action Team (CAT) is a rapid-response unit that can deploy to the scene of a cyber incident to provide on-the-ground support.
One of the challenges that the FBI faces in combating ransomware is the constantly evolving nature of the threat. Cybercriminals are constantly developing new ways to carry out attacks and evade detection, which can make it difficult for law enforcement and other organizations to keep up. To address this challenge, the FBI has a number of programs and initiatives in place to improve its ability to respond to ransomware and other cyber threats. This includes partnering with industry experts and academics to stay up-to-date on the latest trends and techniques used by attackers.
Prevention is also a key aspect of the FBI's approach to ransomware. While it is not always possible to prevent a ransomware attack, there are steps that individuals and organizations can take to reduce their risk. The FBI recommends a number of best practices, such as keeping software and systems up-to-date, implementing strong passwords and two-factor authentication, and regularly backing up important data. The FBI also works with industry partners to promote the adoption of industry-standard security practices and technologies, such as network segmentation and threat-hunting software.
In conclusion, the FBI views ransomware as a serious and growing threat that requires a multifaceted response. Through its investigations, partnerships, and prevention efforts, the FBI is working to protect individuals and organizations from this type of cybercrime and bring those responsible to justice.
In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis.
The Ransomware Landscape#
Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars.
Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The second threat has an indirect impact, yet it is just as serious (if not more). Publication could trigger regulatory and compliance issues, as well as negative long-term brand effects.
Here are some examples of real ransomware notes:
Ransomware as a Service (RaaS) has become the most widespread type of ransomware. In RaaS attacks, the ransomware infrastructure is developed by cyber criminals and then licensed out to other attackers for their use. The customer attackers can pay for the use of software or they can split the loot with the creators. Etay maor, Senior Director Security Strategy at Cato Networks commented, "There are other forms of RaaS. After receiving the ransomware payment some Ransomware groups sell all the data about the victim's network to other gangs. This means the next attack is much simpler and can be fully automated as it does not require weeks of discovery and network analysis by the attackers."
Some of the major RaaS players, who are notorious for turning the RaaS landscape into what it is today, are CryptoLocker, who infected over a quarter million systems in the 2000s and profited more than $3 million in less than four months, CryptoWall, who made over $18 million and prompted an FBI advisory, and finally Petya, NotPetya and WannaCry who used various types of exploits, ransomware included.
How the FBI Helps Combat Ransomware#
An organization under attack is bound to experience frustration and confusion. One of the first recommended courses of action is to contact an Incident Response team. The IR team can assist with investigation, recuperation and negotiations. Then, the FBI can also help.
Part of the FBI's mission is to raise awareness about ransomware. Thanks to a wide local and global network, they have access to valuable intelligence. This information can help victims with negotiations and with operationalization. For example, the FBI might be able to provide profiler information about a threat actor based on its Bitcoin wallet.
To help ransomware victims and to prevent ransomware, the FBI has set up 56 Cyber Task Forces across its field offices. These Task Forces work closely with the IRS, the Department of Education, the Office of Inspector General, the Federal Protective Service and the State Police. They're also in close contact with the Secret Service and have access to regional forensics labs. For National Security cyber crimes, the FBI has a designated Squad.
Alongside the Cyber Task Force, the FBI operates a 24/7 CyWatch, which is a Watch Center for coordinating the field offices, the private sector and other federal and intelligence agencies. There is also an Internet Crime Complaint Center, ic3.gov, for registering complaints and identifying trends.
Preventing Ransomware Attacks On Time#
Many ransomware attacks don't have to reach the point where the FBI is needed. Rather, they can be avoided beforehand. Ransomware is not a single-shot attack. Instead, a series of tactics and techniques all contribute to its execution. By identifying the network and security vulnerabilities in advance that enables the attack, organizations can block or limit threat actors' ability to perform ransomware. Etay Maor added "We need to rethink the concept that "the attackers need to be right just once, the defenders need to be right all the time". A cyber attack is a combination of multiple tactics and techniques. As such, it can only be countered with a holistic approach, with multiple converged security systems that all share context in real time. This is exactly what a SASE architecture, and no other, offers the defenders".
For example, here are all the steps in a REvil attack on a well-known manufacturer, mapped out to the MITRE ATT&CK framework. As you can see, there are numerous phases that took place before the actual ransom and were essential to its "success". By mitigating those risks, the attack might have been prevented.
Here is a similar mapping of a Sodinokobi attack:
Maze attack mapping to the MITRE framework:
Another way to map ransomware attacks is through heat maps, which show how often different tactics and techniques are used. Here is a heat map of Maze attacks:
One way to use these mappings is for network analysis and systems testing. By testing a system's resilience to these tactics and techniques and implementing controls that can mitigate any risks, organizations reduce the risk of a ransomware attack by a certain actor on their critical resources.
How to Avoid Attacks - From the Horse's Mouth#
But don't take our word for it. Some ransomware attackers are "kind" enough to provide organizations with best practices for securing themselves from future ransomware attacks. Recommendations include:
- Turning off local passwords
- Using secure passwords
- Forcing the end of admin sessions
- Configuring group policies
- Checking privileged users' access
- Ensuring only necessary applications are running
- Limiting the reliance of Anti-Virus
- Installing EDRs
- 24 hour system admins
- Securing vulnerable ports
- Watching for misconfigured firewalls
- And more
Etay Maor of Cato Networks highlights "Nothing in what several Ransomware groups say organizations need to do is new. These best practices have been discussed for years. The reason they still work is that we try to apply them using disjoint, point solutions. That didn't work and will not work. A SASE, cloud native, architecture, where all security solutions share context and have the capability to see every networks flow and get a holistic view of the attack lifecycle can level the playing field against cyber attacks".
Ransomware Prevention: An Ongoing Activity#
Just like brushing your teeth or exercising, security hygiene is an ongoing, methodical practice. Ransomware attackers have been known to revisit the crime scene and demand a second ransom, if issues haven't been resolved. By employing security controls that can effectively mitigate security threats and having a proper incident response plan in place, the risks can be minimized, as well as the attackers' pay day. The FBI is here to help and provide information that can assist, let's hope that assistance won't be needed.
