Hacker News: tptacek threads

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sun, 14 Jun 2026 02:53:08 +0000

The Houthis are literally Nazis. They run a race cult. They use child soldiers. As with Hezbollah in Lebanon, they're a religious minority that nonetheless exercises de facto control over security in their country. Iran trained and armed them; the Houthis are explicitly Khomeinists.

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sun, 14 Jun 2026 02:23:30 +0000

It's fine that we disagree, it's fine for us to present different cases to the thread, we can do that respectfully, but just to be very clear: my case is that Hezbollah is (or was immediately prior to the "decapitation") an IRGC asset, commanded at least at a high level --- "which fights to pick, which fights to join" --- by the Quds Force commanders. Several QF elites were injured during the pager strike!

I'd be happy to see Netanyahu in prison. But the horrific death toll in Gaza is a small fraction of what the IRGC has wrought in Syria, Iraq, and especially Yemen. When the IRGC orchestrates starvation sieges, as they did at Madaya in Syria and Taiz in Yemen, they brag about it. They film videos for the besieged residents jokingly eating off banquets.

Winding back to the top of the thread, all this is just to say, Israel is not necessarily wrong about the adversaries they face outside of their borders. (They're definitely not wrong about Hamas and PIJ, but they're seemingly wrong about just about everything else that happens inside their borders.)

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sun, 14 Jun 2026 01:48:14 +0000

None of this explains why the Quds Force was able to command Hezbollah into Syria to besiege Sunni towns and suburbs of Damascus. It's very easy to find credible sources saying that Hezbollah is an Iranian asset, and the balance of clear evidence supports that. Like Iran itself, Hezbollah uses Israel as a political foil, but their real enemies are Sunni Arabs.

None of these observations make me a supporter of the Netanyahu government; my opinions of Likud have nothing to do with my opinions of Iran and their IRGC militias.

New comment by tptacek in "Twenty One Zero-Days in FFmpeg"

tptacek — Sun, 14 Jun 2026 01:23:02 +0000

I have no idea what you mean by a "proper" vulnerability researcher and I find the concept faintly offensive. But what do I know?

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sun, 14 Jun 2026 01:22:22 +0000

Over the last 10 years Hezbollah has spent more manpower fighting in Syria for Iran than it has confronting Israel. I don't know how to take seriously the idea that Hezbollah is anything but an appendage of the IRGC.

As a reminder: Shia are a minority in Lebanon; it's not even close.

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sat, 13 Jun 2026 14:07:33 +0000

Well that and the fact that Iran is (was) the other peer military adversary in the region, with forces deployed on Israel's border, and with a longstanding declared intent of eradicating Israel.

New comment by tptacek in "Israeli firm BlackCore suspected of meddling in New York and Scotland votes"

tptacek — Sat, 13 Jun 2026 14:04:41 +0000

There are dozens of firms around the world, including several in the US, doing exactly the same thing.

New comment by tptacek in "Twenty One Zero-Days in FFmpeg"

tptacek — Sat, 13 Jun 2026 14:03:27 +0000

No there isn't. The vulnerability is either real or it isn't. How you feel about the researchers doesn't enter into it. People angry about vulnerability research have been making this argument since 1992.

New comment by tptacek in "Twenty One Zero-Days in FFmpeg"

tptacek — Sat, 13 Jun 2026 03:18:22 +0000

Vulnerability researchers don't create the vulnerabilities they report. The vulnerabilities exist whether or not they're reported by "clout chasers".

New comment by tptacek in "Twenty One Zero-Days in FFmpeg"

tptacek — Sat, 13 Jun 2026 03:16:59 +0000

One thing has nothing to do with the other.

New comment by tptacek in "AMD Stiffs Researcher $10k Bug Bounty"

tptacek — Sat, 13 Jun 2026 02:32:20 +0000

Nobody is buying this vulnerability. If you're unhappy with how a bug bounty program is structured, you should absolutely just post the vulnerability. That's a longstanding norm.

New comment by tptacek in "Policy on the AI Exponential"

tptacek — Sat, 13 Jun 2026 02:03:10 +0000

Yeah, you and the Youngstown tool and die workers, it's hard to believe the class solidarity wasn't more obvious to me.

New comment by tptacek in "Aws.com and google.com don't have DNSSEC enabled"

tptacek — Sat, 13 Jun 2026 02:01:49 +0000

People have been trying to make DNSSEC a thing since 1995. Even when "most websites" didn't use TLS, basically all of ecommerce did: TLS has been load-bearing since the 1990s. Meanwhile, here in 2026, it is literally true that if the root keys landed on Pastebin tonight, almost nobody would need to be paged.

New comment by tptacek in "Aws.com and google.com don't have DNSSEC enabled"

tptacek — Sat, 13 Jun 2026 02:00:35 +0000

I built the IPv6 private network system at Fly.io.

New comment by tptacek in "The RCE that AMD wouldn't fix"

tptacek — Sat, 13 Jun 2026 00:55:18 +0000

Nobody is selling this dumb mitm bug.

New comment by tptacek in "Policy on the AI Exponential"

tptacek — Fri, 12 Jun 2026 21:15:25 +0000

You've axiomatically derived a definition of "working class" that includes software developers in the top 0.7% of regional income. Gorgeous.

New comment by tptacek in "Tailwind and slop apps"

tptacek — Fri, 12 Jun 2026 14:50:04 +0000

I think it would be extremely funny to have a DJ site that uses a Tailwind SAAS product template.

New comment by tptacek in "The RCE that AMD wouldn't fix"

tptacek — Fri, 12 Jun 2026 05:11:34 +0000

Absolutely.

New comment by tptacek in "The RCE that AMD wouldn't fix"

tptacek — Fri, 12 Jun 2026 04:37:17 +0000

This is not the VW emissions scandal.

New comment by tptacek in "Tailwind and slop apps"

tptacek — Fri, 12 Jun 2026 03:29:58 +0000

It's not my argument that competent web design is a reliable signal, only that nobody is looking for incompetent design when they're shopping for a used Camry or a new rotary sander.

When Stripe or Braintree or Paypal deliberately mess up their designs so they can signal their humanity to customers, I'll check back in with this idea. Maybe companies will start introducing dumb bugs into their code, too, because if it's too perfect everybody will know a robot wrote it.