Hacker News: MattSteelblade

New comment by MattSteelblade in "Malicious npm packages detected across Red Hat Cloud Services"

MattSteelblade — Mon, 01 Jun 2026 16:11:33 +0000

In this case, the rm -rf before that does. The rmdir is the Windows command in this example and with /s /q, it will quietly delete everything.

New comment by MattSteelblade in "Canvas is down as ShinyHunters threatens to leak schools’ data"

MattSteelblade — Fri, 08 May 2026 03:48:55 +0000

Not at all; standard IR procedure is scope -> containment -> eradication -> recovery. There is a fog right now; we don't know all the details. It seems to me that it's just as likely they weren't fully kicked out before or that the initial vulnerability wasn't remediated. You can't recover until the threat actor has been removed.

New comment by MattSteelblade in "Modern Board Games: and why you should play them (2022)"

MattSteelblade — Thu, 23 Apr 2026 14:44:47 +0000

There is a lot of love in my group from years of MtG for drafting games, so 7 Wonders and Dune Imperium are consistent favorites. When we have the time, we'll do Twilight Imperium. We've enjoyed all three Nemesis games. We are currently also really enjoying Spirit Island. We've completed Gloomhaven: Jaws of the Lion and put in some serious time with regular Gloomhave as well. As LotR fans, we've also enjoyed the LotR LCG and War of the Ring.

New comment by MattSteelblade in "Maine is about to become the first state to ban major new data centers"

MattSteelblade — Thu, 09 Apr 2026 21:04:51 +0000

A Technology Connections video recently changed my opinion on this. The land required to power the entire U.S. would be less than the farmland we currently use for ethanol production.

New comment by MattSteelblade in "Vermont EV buses prove unreliable for transportation this winter"

MattSteelblade — Wed, 18 Feb 2026 19:01:36 +0000

Per the article, the issue is with recalled batteries that are going to take 18-24 months to be replaced that won't allow the bus to charge pas 75% or below 41 degrees and because of the risk of fire and lack of suitable fire mitigation equipment, can no longer be charged in garages. Not seeing any mention of an issue with the underlying technology.

New comment by MattSteelblade in "Wisconsin communities signed secrecy deals for billion-dollar data centers"

MattSteelblade — Fri, 30 Jan 2026 18:07:12 +0000

It sounds like you're describing Google's proposal, which I believe is at least feasible (though likely uneconomic) unlike, say, Starcloud's. I don't think you are correct about the orbit, though; Google's proposal lists the satellites at 650 km, which would give them approximately 20 years in orbit without boosts. They list estimated life at 5 years given radiation concerns, so they almost certainly would purposely deorbit them earlier.

New comment by MattSteelblade in "Wisconsin communities signed secrecy deals for billion-dollar data centers"

MattSteelblade — Fri, 30 Jan 2026 16:11:23 +0000

I never said Google wasn't serious; I said they are hardly betting on it relative to their other capital expenditures. Google rightfully describes this as a "moonshot." To date, the only public hardware commitment is two prototype satellites in 2027 for a feasibility study. Compared to the billions pouring into Waymo, DeepMind, and terrestrial data centers, this doesn't yet qualify as an "enormous" financial bet, even if the engineering intent is serious.

New comment by MattSteelblade in "Wisconsin communities signed secrecy deals for billion-dollar data centers"

MattSteelblade — Fri, 30 Jan 2026 14:49:35 +0000

Google is hardly betting on it; they are exploring the feasibility of it and are frank about the engineering challenges: > significant engineering challenges remain, such as thermal management, high-bandwidth ground communications, and on-orbit system reliability.[1]

[1] https://research.google/blog/exploring-a-space-based-scalabl...

New comment by MattSteelblade in "Wisconsin communities signed secrecy deals for billion-dollar data centers"

MattSteelblade — Fri, 30 Jan 2026 14:34:56 +0000

Not even a little; doesn’t pass napkin math. It doesn’t solve any problems while adding a litany of new ones: massive radiators for heat rejection, radiation hardening, and enormous launch + repair costs (assuming repairs are even possible). The idea exists to separate investors from their money; the product is the funding round.

New comment by MattSteelblade in "Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops"

MattSteelblade — Fri, 23 Jan 2026 19:14:12 +0000

Based on the comments in the thread, I sense I will be in the minority, but for most consumers this is a reasonable default. Broadly speaking, the threat model most users are concerned with doesn't account for their government. The previous default is no encryption at rest, which doesn't protect from the most common threats, like theft or tampering. With BitLocker on, a new risk for users is created: loss of access to their data because they don't have their recovery key. You are never forced to keep your recovery keys in Microsoft's servers and it's not a default for corporate users.

New comment by MattSteelblade in "Two billion email addresses were exposed"

MattSteelblade — Thu, 06 Nov 2025 23:52:46 +0000

Several open source tools can be found on GitHub, but here’s the “official” one https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader

New comment by MattSteelblade in "Two billion email addresses were exposed"

MattSteelblade — Thu, 06 Nov 2025 22:14:51 +0000

For password hashing, only short-output or broken hash functions have practical collision concerns. The odds of any random collision with a 256-bit hash, and not with a specific hash, is 50% at 2^128 inputs. Salting is a defense against precomputation attacks like rainbow tables and masking password reuse. Attackers crack password dumps by trying known password combinations, previously compromised passwords, brute force up to a certain length, etc. and using the hashing algorithm to compare the output.

New comment by MattSteelblade in "Two billion email addresses were exposed"

MattSteelblade — Thu, 06 Nov 2025 21:34:40 +0000

You can check against the API with just the first characters of your hashed password (SHA-1 or NTLM), for example: https://api.pwnedpasswords.com/range/21BD1 or you can download the entire dataset.

New comment by MattSteelblade in "[dead]"

MattSteelblade — Tue, 30 Sep 2025 14:54:38 +0000

(2020)

New comment by MattSteelblade in "NT OS Kernel Information Disclosure Vulnerability"

MattSteelblade — Thu, 11 Sep 2025 17:47:13 +0000

This type of exploit is useful as part of a chain of exploits; it defeats a defense-in-depth protection.

New comment by MattSteelblade in "Optician Sans – A free font based on historical eye charts and optotypes"

MattSteelblade — Wed, 30 Jul 2025 17:20:19 +0000

Doesn't look like it. https://github.com/anewtypeofinterference/Optician-Sans/issu...

New comment by MattSteelblade in "Microsoft Edit"

MattSteelblade — Wed, 25 Jun 2025 12:37:37 +0000

I believe this was the original announcement https://azure.microsoft.com/en-us/blog/powershell-is-open-so.... I have used it on Linux and it is included by default in Kali and ParrotOS.

New comment by MattSteelblade in "Have I Been Pwned 2.0"

MattSteelblade — Tue, 20 May 2025 19:09:18 +0000

Bitwarden is also a zero knowledge architecture built on E2EE; I would presume that is the standard in the industry.

New comment by MattSteelblade in "Have I Been Pwned 2.0"

MattSteelblade — Tue, 20 May 2025 13:02:05 +0000

Open-source versus proprietary and the option to self-host are the two that immediately come to mind.

New comment by MattSteelblade in "Starcloud"

MattSteelblade — Tue, 13 May 2025 21:50:14 +0000

This doesn't pass the sniff test. Please, show me the napkin math where this remotely adds up.