Hacker News: Tangurena2

New comment by Tangurena2 in "Malware developers added nuclear and biological weapons text to to their spyware"

Tangurena2 — Fri, 12 Jun 2026 21:04:56 +0000

I'd be careful with TAC. They leave out some important steps in chemical synthesis. As a stupidly curious "mad scientist" growing up, I'm frequently surprised that I still have both eyes and all 10 fingers.

New comment by Tangurena2 in "Malware developers added nuclear and biological weapons text to to their spyware"

Tangurena2 — Fri, 12 Jun 2026 21:02:30 +0000

The only hard thing about nuclear weapons is getting the radioactive material. By the time you get your bachelors degree, every nuclear engineering or physics student knows enough of how and why nukes work. Every nation that built a gun-type device successfully made theirs on their first attempt. Implosion takes some engineering, trial & error.

New comment by Tangurena2 in "Malware developers added nuclear and biological weapons text to to their spyware"

Tangurena2 — Fri, 12 Jun 2026 20:58:42 +0000

I strongly recommend you read the book Amerithrax [0]. The book gives some historical examples of malicious groups [1][2] trying to use biological agents. Also, it is far harder to weaponize biological weapons than people think.

Notes:

0 - https://www.amazon.com/Amerithrax-Anthrax-Killer-Robert-Gray... . Amerithrax was the name of the FBI investigation. https://www.fbi.gov/history/cases-and-criminals/amerithrax-o...

1 - https://en.wikipedia.org/wiki/1984_Rajneeshee_bioterror_atta...

> In 1984, 751 people suffered food poisoning in The Dalles, Oregon, United States, due to the deliberate contamination of salad bars at ten local restaurants with Salmonella. A group of prominent followers of Rajneesh (also known as Osho) led by Ma Anand Sheela had hoped to incapacitate the voting population of the city so that their own candidates would win the 1984 Wasco County elections.[2] The incident was the first and largest bioterrorist attack in U.S. history.

Tried to take over a town by making all the voters too sick to vote on election day. This event is why all buffets & salad bars in the US now have sneeze shields.

2 - https://en.wikipedia.org/wiki/Aum_Shinrikyo_and_weapons_of_m...

> Aum Shinrikyo operated the most extensive biological weapons program by a non-state actor ever discovered. Aum considered a range of agents, but only seriously attempted to obtain and disperse Bacillus anthracis and botulinum toxin, the causative agents of anthrax and botulism. With the 2001 anthrax attacks, it comprises the only attempts to use anthrax as a weapon not attributed to a state program.

Tried multiple times to weaponize anthrax and failed. This was a group that made an automated factory to build AK-47s. Eventually, they spread sarin nerve agent in the Tokyo subway.

New comment by Tangurena2 in "Malware developers added nuclear and biological weapons text to to their spyware"

Tangurena2 — Fri, 12 Jun 2026 20:43:31 +0000

Not really. I used to work at one of the national engineering labs (NREL - which only dealt with renewable energy like solar panels and windmills at that time). There was an open source project we wanted to use when converting a VB6 project to .NET. One of the license conditions was "no weapons of mass destruction". DOE builds and owns all of America's nuclear weapons, which are leased to the Department of Defense. Needless to say, the developer was unwilling to offer an alternative license which meant that we could not use the project.

It was an awesome thing that generated IL code on the fly. And I got to mention it in job interviews for years. When the tech lead asked "can you write 2 functions with the same signature, that only differ in return type in .NET?" I would say "do you want the interview answer or do you really want to do this?" which would pretty much stun the interviewer. The answer is pretty much "no, you cannot do it in any high level language, but if you write IL code, you can, and here's an open source project that demonstrates it".

New comment by Tangurena2 in "A dumpster arrived behind my university's library"

Tangurena2 — Fri, 12 Jun 2026 20:32:42 +0000

Whenever I am attending university, or live near one, I try to walk every aisle and every shelf at least once per year. Maybe things are much better these days, but all too often I would find books that were not in the card catalog (or cataloged incorrectly). The "adjacent shelf" method of research was one secret that grad students tended to learn.

New comment by Tangurena2 in "FCC wants to kill burner phones by forcing telecoms to get all customers' IDs"

Tangurena2 — Wed, 10 Jun 2026 13:42:55 +0000

That will be a feature and not considered a bug.

New comment by Tangurena2 in "FCC wants to kill burner phones by forcing telecoms to get all customers' IDs"

Tangurena2 — Wed, 10 Jun 2026 13:39:45 +0000

Some states allow homeless people to get IDs. Some do not. My state outlawed homelessness in last year's Crime Bill - the charge is now called "unlawful camping" and it outlawed cities from having zones where people are allowed to camp unless they basically create something like a KOA campground (and outlawed using tax money to do so).

New comment by Tangurena2 in "FCC wants to kill burner phones by forcing telecoms to get all customers' IDs"

Tangurena2 — Wed, 10 Jun 2026 13:08:19 +0000

There is a book titled Three Felonies A Day that explains this. US Federal laws/regulations are so obtuse, over-reaching, arcane and complicated that the average innocent person violates 3 felonies per day. And your point about enforce the laws on the people they don't like is one that the author makes as well.

https://www.amazon.com/Three-Felonies-Day-Target-Innocent/dp...

A previous job of mine was software developer for a state motor vehicle agency. I had to read far too many state & federal laws/regulations to make the boat/vehicle registration system compliant.

New comment by Tangurena2 in "FCC wants to kill burner phones by forcing telecoms to get all customers' IDs"

Tangurena2 — Wed, 10 Jun 2026 12:56:16 +0000

The latest Miasma/Shai-Hulud worm will not run if your development system has KOI8-R (Russian) as the primary language.

https://en.wikipedia.org/wiki/KOI8-R

> Kill switch, as always with APT28 malware, is setting the host language to ru_RU.KOI8-R (LANG environment variable). That disables the spread mechanism.

https://news.ycombinator.com/item?id=48460507

Note: KOI8-U is Ukrainian and would still trigger the worm/trojan/malware.

New comment by Tangurena2 in "FCC wants to kill burner phones by forcing telecoms to get all customers' IDs"

Tangurena2 — Wed, 10 Jun 2026 12:48:39 +0000

As kooky as I thought he was, Stallman seems to be more prophetic each year. His essay The Right to Read seems to be a vision of how knowledge gets locked down. Every American college/university student has been trapped into renting textbooks. Elsevier and Pearson seem to have used that essay as a roadmap.

https://web.cs.ucdavis.edu/~rogaway/classes/188/materials/st...

I think he's wrong that DRM violates the 4th Amendment, I contend that it is - first and foremost - a violation of the 3rd Amendment.

New comment by Tangurena2 in "Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]"

Tangurena2 — Tue, 09 Jun 2026 22:22:40 +0000

This is part of why the EU is looking to move away from US-based infrastructure. The CLOUD Act basically lets Washington have an off-switch on your computing infrastructure as well as giving Washington unlimited access to any data on your computers (or that passes through them).

New comment by Tangurena2 in "Albania Is Not for Sale: Kushner's $4B Resort Triggers'Flamingo Revolution'"

Tangurena2 — Tue, 09 Jun 2026 15:41:56 +0000

"Big money" tends to extort the same sort of tax deals that American sports stadiums get: they get huge tax breaks and while the registers at the stadium look like they're charging sales tax, that money goes directly to the stadium owners, not the government. Sometimes these deals are called "special economic zone".

New comment by Tangurena2 in "Microsoft's open source tools were hacked to steal passwords of AI developers"

Tangurena2 — Tue, 09 Jun 2026 13:11:22 +0000

Many of the malicious commits show as an author `github-actions `. Which means that they are authenticating as internal github CI/CD stuff and that there are so many of those that no possible automated tool can find the poison in the mountain of chaff.

So this is related to the Sept 2025 security breach of Github.

> The five repos carry 1,459 GitHub stars between them, mantine-datatable alone accounting for 1,225. Stars are a rough proxy for how many developers have the source checked out locally, which is the population this attack targets.

> Every commit: unsigned, github-actions identity, chore: update dependencies [skip ci], the same six-file footprint. A 49-second sweep across five repos is automation, not a human committing. This matches Shai-Hulud self-propagation: harvest a GitHub token with write access from a prior infection, then push the persistence payload into every repo the token can reach.

https://safedep.io/miasma-worm-ai-coding-agent-config-inject...

What it is doing: https://safedep.io/config-files-that-run-code/

I'm not related to those guys. That's the simplest detailed explanation of what is happening that I've found.

New comment by Tangurena2 in "Sam Bankman-Fried applies for a pardon from Trump"

Tangurena2 — Mon, 08 Jun 2026 18:50:06 +0000

Staff working for Giuliani reported that pardons cost $2,000,000.

New comment by Tangurena2 in "GitHub nukes 70 Microsoft repos, breaks pipelines, suspected worm infections"

Tangurena2 — Mon, 08 Jun 2026 14:36:58 +0000

A related discussion: https://news.ycombinator.com/item?id=48443135

The linked story includes some details on how this sort of attack works when a developer opens an infected project. This could be very important if you use a lot of open source projects in your project.

New comment by Tangurena2 in "Anti-social: It's fads, not friends, which now dominate social media feeds"

Tangurena2 — Mon, 08 Jun 2026 14:27:42 +0000

Social media was first (that I know of) weaponized in 2016 by Cambridge Analytica to manipulate Facebook users to vote for Brexit & Trump. I'm surprised that the article left those totally out.

0 - https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...

New comment by Tangurena2 in "Config Files That Run Code: Supply Chain Security Blindspot"

Tangurena2 — Mon, 08 Jun 2026 14:22:10 +0000

I've heard about these attacks but never really had the time to understood what was happening. Some of our junior devs use VS Code, so now we have something to point them at.

New comment by Tangurena2 in "OneDrive data now has an expiry date"

Tangurena2 — Mon, 08 Jun 2026 14:11:45 +0000

> or a licence gets removed as part of

Or, as is more common in large enterprise licensing schemes - the vendor changes the terms and the customer never notices. And the .gov side of Microsoft licensing changes as often and as inscrutably as the commercial side of Microsoft licensing.

We've had more than a few discussions where conference calls with Microsoft end with the "oh, that used to be part of your license, but now it isn't" with the only solution being to bend over and open up the agency's wallet.

New comment by Tangurena2 in "OneDrive data now has an expiry date"

Tangurena2 — Mon, 08 Jun 2026 14:06:44 +0000

This is why we had to add some group policy changes to ban One Drive throughout our agency. Additionally, some of our work is "confidential" and non-public which also got the legislature to ban the use of One Drive for most stuff (they specifically stated "cloud").

New comment by Tangurena2 in "OneDrive data now has an expiry date"

Tangurena2 — Mon, 08 Jun 2026 14:03:39 +0000

Win64 lacks the problem with 255 characters [0]. However, stuff like File Explorer, which the vast majority of my users actually use, can only pass the first 255 characters to the registered application [1], so will Explorer will display stuff with huge long paths, double-clicking that file, or right clicking and "Compress to..." will cause an error.

0 - 32 bit windows will always have this problem.

1 - This is because File Explorer uses a hodgepodge of Win32 and Win64 stuff behind the scenes when running 64 bit windows.