<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: CommitSyn</title><link>https://news.ycombinator.com/user?id=CommitSyn</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sun, 12 Jul 2026 08:04:27 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=CommitSyn" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by CommitSyn in "I found a 1-click exploit in South Korea's biggest mobile chat app"]]></title><description><![CDATA[
<p>I feel I would have been purged as a child. I was almost pathologically unable to bullshit or lie, although its become easier in my later years.</p>
]]></description><pubDate>Tue, 25 Jun 2024 18:55:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=40792146</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40792146</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40792146</guid></item><item><title><![CDATA[New comment by CommitSyn in "Quake 1 potential original font"]]></title><description><![CDATA[
<p>The Q is obviously custom (Q for "Quake") the question is where the starting point for the font was. I agree about the cherry picking, but the font is going to have been modified for the game (as evidenced by the "Q".)</p>
]]></description><pubDate>Mon, 17 Jun 2024 17:24:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=40708315</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40708315</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40708315</guid></item><item><title><![CDATA[New comment by CommitSyn in "MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says"]]></title><description><![CDATA[
<p>It's your type of black/white thinking, and making the association that everyone in support of a specific idea shares an identical set of ALL values with everyone else interested in that idea, that enables fascism to rise to power.<p>Someone is interested in privacy? They must be a criminal, better watch closely and prosecute on whatever we can before they get too dangerous.<p>Someone is interested in crypto? They must be fully anarchist. Better lump them in with the anti-government crowd and make sure they are denied police protection.<p>These were multimillion dollar trades being done by white collar investors with the trading bots, I don't think they mind the police help one bit, and I think you'd be hard-pressed to find anti-state messages from any of them. They are just rich people taking advantage of a system to get richer. Nothing more nothing less. It is not possible to extrapolate political views based solely on participation in part of a capitalistic system.</p>
]]></description><pubDate>Sat, 18 May 2024 15:22:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=40399753</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40399753</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40399753</guid></item><item><title><![CDATA[New comment by CommitSyn in "The UK will block online porn from April. Here's what we know"]]></title><description><![CDATA[
<p>> which will also affect the other big internet-censorship tool from the UK government: silent DNS blocking<p>Can you expand on this?</p>
]]></description><pubDate>Tue, 14 May 2024 13:55:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=40355267</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40355267</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40355267</guid></item><item><title><![CDATA[New comment by CommitSyn in "Attackers can decloak routing-based VPNs"]]></title><description><![CDATA[
<p>Is there a simple DIY? Is it as simple as running a custom router firmware or software on a small mini PC? Last I looked into this a couple years ago, it basically wasn't possible to chain multiple VPN providers on the same machine, even using VPNs, but maybe I'm misremembering. You could of course just use the built-in VPN connection of your router, but that lacks all the benefits of updated software/firewall, and I want my family to be able to watch Netflix, browse the web without running a CAPTCHAthon, etc.</p>
]]></description><pubDate>Mon, 06 May 2024 22:52:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=40280406</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40280406</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40280406</guid></item><item><title><![CDATA[New comment by CommitSyn in "Attackers can decloak routing-based VPNs"]]></title><description><![CDATA[
<p>FTA: Importantly, the VPN control channel is maintained so features such as kill switches are never tripped, and users continue to show as connected to a VPN in all the cases we’ve observed.</p>
]]></description><pubDate>Mon, 06 May 2024 22:44:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=40280351</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40280351</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40280351</guid></item><item><title><![CDATA[New comment by CommitSyn in "DNS traffic can leak outside the VPN tunnel on Android"]]></title><description><![CDATA[
<p>The only 'banking' app I've had not work on GrapheneOS is Cash App, but then I just go to the website and use the web UI.</p>
]]></description><pubDate>Sat, 04 May 2024 03:03:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=40254484</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40254484</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40254484</guid></item><item><title><![CDATA[New comment by CommitSyn in "DNS traffic can leak outside the VPN tunnel on Android"]]></title><description><![CDATA[
<p>Speaking of, did FairPhone get the whole "making a phone call" thing figured out yet?</p>
]]></description><pubDate>Sat, 04 May 2024 03:00:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=40254470</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40254470</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40254470</guid></item><item><title><![CDATA[New comment by CommitSyn in "CB1 Receptor Negative Allosteric Modulators to Reverse Cannabinoid Toxicity"]]></title><description><![CDATA[
<p>This article is about synthetic cannabinoids, not phytocannabinoids or other naturally-occuring noids (Delta8/9/10, THCA, THCV, COOH, THC-O, HHC, THC-P, etc).<p>They are similar in that there's a race to find and synthesize them and get them to market, but synthetics do not occur in nature.</p>
]]></description><pubDate>Mon, 29 Apr 2024 15:11:42 +0000</pubDate><link>https://news.ycombinator.com/item?id=40199356</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40199356</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40199356</guid></item><item><title><![CDATA[New comment by CommitSyn in "CB1 Receptor Negative Allosteric Modulators to Reverse Cannabinoid Toxicity"]]></title><description><![CDATA[
<p>JWH-018 was a very popular synthetic but of course it got banned so the supply dried up. It's more of a problem in younger lower class urban areas where the newly created not-yet-banned synthetics are sold as research chemicals or legal highs in head shops and gas stations. It's quite widespread, just not talked about often, because when media runs stories, things get banned.<p>Here's a video from one research chemist (Dr Zee) talking about his work <a href="https://www.youtube.com/watch?v=X0NRsaPmVX8" rel="nofollow">https://www.youtube.com/watch?v=X0NRsaPmVX8</a><p>While a very small list compared to the number of available chemicals, there are commercially available EMIT kits for the screening of the synthetic cannabinoids JWH-018, JWH-073, JWH-398, JWH-200, JWH-019, JWH-122, JWH-081, JWH-250, JWH-203, CP-47,497, CP-47,497-C8, HU-210, HU-211, AM-2201, AM-694, RCS-4, and RCS-8 through companies like NMS Labs, Cayman Chemical, and Immunoanalysis Corporation. <a href="https://www.sciencedirect.com/science/article/abs/pii/S0003267015000057?via%3Dihub" rel="nofollow">https://www.sciencedirect.com/science/article/abs/pii/S00032...</a></p>
]]></description><pubDate>Mon, 29 Apr 2024 15:02:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=40199223</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40199223</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40199223</guid></item><item><title><![CDATA[New comment by CommitSyn in "Tor: From the Dark Web to the Future of Privacy"]]></title><description><![CDATA[
<p>If you have a suspected target and you can shape traffic on the internet (state actor) there's a much easier way to gain access to the websites visited by your target than by controlling a large number of nodes. It's still noisy, but doesn't generate any scary warnings in tor browser (unless you look at the logs, or pay attention to your connected nodes like with the Onion Circuit GUI in Whonix).<p>Use a DoS attack against nodes, like the 2-3 years ongoing attack which has lately progressed to a 100% CPU usage DoS against any targeted node. You still have to control a decent number of nodes, but you simply DoS (or DDoS, much noisier) the nodes that your target is connecting to. Once you have them connected to your guard, relay, and exit nodes, you continue the DoS on other nodes until you get the data you need - shorter time is better. I believe this method is being used currently, as I read a post from someone about it recently and noticed something similar happening when I started paying attention to nodes, although it seems it may have stopped for now.<p>I'm sure there are many vulnerability chains being exploited in tor. Here's an interesting tidbit from the Snowden leaks, which most people took that screenshot of "tor stinks :(" to mean it's safe. At least with JavaScript completely disabled, right?<p>> Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.<p>> According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.
The Quantum system<p>> To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.<p>> In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.<p>> They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.<p>> The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".<p>From <a href="https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity" rel="nofollow">https://www.theguardian.com/world/2013/oct/04/tor-attacks-ns...</a><p>Let's not forget about the NSA backdooring internet backbone routers and slurping data from undersea cables <a href="https://en.m.wikipedia.org/wiki/ANT_catalog" rel="nofollow">https://en.m.wikipedia.org/wiki/ANT_catalog</a><p>It's quite clear to me the US (and the other major Western players) are preparing for a large-scale war and know a great deal of spies are already living in the country. Warrantless wiretaps for any connections outside of the USA, and mandatory KYC for any cloud providers (VPS etc) within the US. In other words, the surveillance dragnet is now operating at a complete and full scale. Privacy is dead. If you would like to be an activist or give valid criticisms of the government, just know that your devices are likely going to be hacked and your communications decrypted. Airgapped computers may for now be safe with a faraday cage and components stripped out. Mesh networks like Briar are only useful as long as your phone is secure.<p>I wish I was simply being overly paranoid.<p><a href="https://www.brennancenter.org/our-work/research-reports/reforming-intelligence-and-securing-america-act-would-dramatically-expand" rel="nofollow">https://www.brennancenter.org/our-work/research-reports/refo...</a><p><a href="https://torrentfreak.com/u-s-know-your-customer-proposal-will-put-an-end-to-anonymous-cloud-users-240425/" rel="nofollow">https://torrentfreak.com/u-s-know-your-customer-proposal-wil...</a><p><a href="https://www.ic3.gov/Media/Y2024/PSA240425" rel="nofollow">https://www.ic3.gov/Media/Y2024/PSA240425</a><p><a href="https://www.gov.uk/government/news/new-powers-to-seize-cryptoassets-used-by-criminals-go-live" rel="nofollow">https://www.gov.uk/government/news/new-powers-to-seize-crypt...</a></p>
]]></description><pubDate>Fri, 26 Apr 2024 20:28:22 +0000</pubDate><link>https://news.ycombinator.com/item?id=40173864</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40173864</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40173864</guid></item><item><title><![CDATA[New comment by CommitSyn in "Krazam OS"]]></title><description><![CDATA[
<p>Okay I clicked on an ad. It gave me a discount code, but that's not the first puzzle solution.</p>
]]></description><pubDate>Wed, 24 Apr 2024 21:11:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=40149711</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40149711</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40149711</guid></item><item><title><![CDATA[New comment by CommitSyn in "Android 15 may make it harder for sideloaded apps to get sensitive permissions"]]></title><description><![CDATA[
<p>> So far I've, for example, found my banking app running something called a telemetry service, in the background, even if I set its battery profile to restricted. No way to stop that other than to uninstall the app.<p>Have you considered creating a new 'banking' user account that you only log in to when you need to access that app? Its incredibly easy with Graphene.</p>
]]></description><pubDate>Wed, 24 Apr 2024 20:50:25 +0000</pubDate><link>https://news.ycombinator.com/item?id=40149452</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40149452</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40149452</guid></item><item><title><![CDATA[New comment by CommitSyn in "Elon Musk plans to charge new X users to enable posting"]]></title><description><![CDATA[
<p>It was all browser based and not a miner for a usable coin, just a proof of work mechanism.</p>
]]></description><pubDate>Tue, 16 Apr 2024 19:26:38 +0000</pubDate><link>https://news.ycombinator.com/item?id=40056143</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40056143</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40056143</guid></item><item><title><![CDATA[New comment by CommitSyn in "Elon Musk plans to charge new X users to enable posting"]]></title><description><![CDATA[
<p>> what about paying a small fee OR having someone run a cryptocurrency proof of work check?<p>Musk: That is much harder than paying a small fee.<p>Cock.li, a hobbyist-run email/VPS provider, has implemented that exact thing for the ability to send emails (receiving is free). Took about 7 minutes on my laptop. My laptop sat there, did all the work, I paid nothing and became verified. I could even pause it and come back later.<p>It's clear this is about squeezing money out of every last user even if if means killing the platform.</p>
]]></description><pubDate>Mon, 15 Apr 2024 22:59:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=40046638</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=40046638</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40046638</guid></item><item><title><![CDATA[New comment by CommitSyn in "Total eclipse of the Internet: traffic impacts in Mexico, the US, and Canada"]]></title><description><![CDATA[
<p>Many more people taking photos and videos than usual, and sharing those photos and videos, as well as iCloud automated backup?<p>I assume friends/family calling/Facetiming to see or share the experience as well. Many traveled there and didn't have WiFi.</p>
]]></description><pubDate>Tue, 09 Apr 2024 14:12:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=39979634</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=39979634</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39979634</guid></item><item><title><![CDATA[New comment by CommitSyn in "'My eyes hurt' searches spike on Google following solar eclipse"]]></title><description><![CDATA[
<p>We are a very compassionate society. There are dating and matchmaking services for people with virtually every kind of disability, including those who absolutely can not care for themselves, and modern health infrastructure affords the mentally disabled and other selective pressures (narrow birth canal and many other issues) to carry to term.<p>The same evolutionary pressures don't apply to humans at the moment with regard to sex. Not while civilization is a thing, anyway.</p>
]]></description><pubDate>Tue, 09 Apr 2024 13:58:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=39979497</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=39979497</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39979497</guid></item><item><title><![CDATA[New comment by CommitSyn in "Xzbot: Notes, honeypot, and exploit demo for the xz backdoor"]]></title><description><![CDATA[
<p>Cookie guy?</p>
]]></description><pubDate>Tue, 02 Apr 2024 06:20:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=39902875</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=39902875</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39902875</guid></item><item><title><![CDATA[New comment by CommitSyn in "Xzbot: Notes, honeypot, and exploit demo for the xz backdoor"]]></title><description><![CDATA[
<p>That would only fit "If (!) the NSA regards ssh keys as secure >for everyone but them<</p>
]]></description><pubDate>Tue, 02 Apr 2024 06:15:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=39902860</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=39902860</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39902860</guid></item><item><title><![CDATA[New comment by CommitSyn in "Xzbot: Notes, honeypot, and exploit demo for the xz backdoor"]]></title><description><![CDATA[
<p>Is it possible it was part of a planned or current exploit chain, some other way it could have been utilized?</p>
]]></description><pubDate>Tue, 02 Apr 2024 03:38:04 +0000</pubDate><link>https://news.ycombinator.com/item?id=39902150</link><dc:creator>CommitSyn</dc:creator><comments>https://news.ycombinator.com/item?id=39902150</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39902150</guid></item></channel></rss>