Hacker News: aj3

New comment by aj3 in "Crypto brothers front-ran the front-runners"

aj3 — Thu, 16 May 2024 23:12:07 +0000

The strategy that MEV bots use is not a law. It is not even defined or endorsed by Ethereum standards, and arguably is not an intended feature of the network.

You could alternatively claim that the guys defined their own protocol which addressed market inefficiency (which MEV is). Imo it's insane to claim that a trading technique you invented should have zero risk, and any losses you take are an indication of theft.

New comment by aj3 in "Crypto brothers front-ran the front-runners"

aj3 — Thu, 16 May 2024 23:05:09 +0000

> Tokens are property.

What law says this? Technically, tokens are smart contracts, basically OOP classes with both data and behavior. They also by design have public methods which are meant to be triggered by anyone on the chain. It's not at all obvious that triggering these methods in an unexpected order or with unexpected data is breaking any laws whatsoever. It's bytecode anyway, so there's no human readable EULA's or explanations on what you're allowed to do with the token.

New comment by aj3 in "Crypto brothers front-ran the front-runners"

aj3 — Thu, 16 May 2024 22:52:58 +0000

I bet this indictment will be used as a case study to justify the need for government oversight and taxation.

New comment by aj3 in "Crypto brothers front-ran the front-runners"

aj3 — Thu, 16 May 2024 22:50:23 +0000

But you're not signing EULA's in order to participate in the network. Moreover, there are no real "laws / regulations" within the network either, specifying what you are or are not allowed to do. Ethereum standards merely determine how the software is supposed to work, but even then I'm sure Ethereum devs would oppose treating their docs as an agreement (because they don't offer any warranty, licensing or attestation). Moreover, there is an express goal to have a diverse set of software clients, so even developing your own software to be interoperable with existing standards can't be constructed as "an attack".

All this to say, I just fail to say how this can be constructed as "changing the terms of the transaction". There was no legal agreement between parties and no existing precedent to treat this as a malicious attack at all.

All I see is a Wall Street establishment pulling strings in order to protect their investment, by asking for a sudden government oversight in the system that was built with the express goal of not requiring any government oversight.

New comment by aj3 in "Ask HN: Help, any US-based companies that allow you to work from Europe?"

aj3 — Tue, 20 Feb 2024 17:12:17 +0000

It's weird to consider paying taxes as a tradeoff. "Digital nomad" isn't a code for tax avoidance, is it?

Thinking Obliquely: Robert T. Jones, the Oblique Wing, NASA's Ad-1 Demonstrator

aj3 — Tue, 16 Jan 2024 12:22:24 +0000

Article URL: https://www.nasa.gov/aeronautics/thinking-obliquely-robert-t-jones-the-oblique-wing-nasas-ad-1-demonstrator-and-its-legacy/

Comments URL: https://news.ycombinator.com/item?id=39012504

Points: 1

# Comments: 0

Web Highlights

aj3 — Mon, 20 Mar 2023 17:21:42 +0000

Article URL: https://web-highlights.com/

Comments URL: https://news.ycombinator.com/item?id=35235072

Points: 1

# Comments: 0

New comment by aj3 in "My Pinephone Setup"

aj3 — Mon, 14 Mar 2022 09:34:39 +0000

Android has different security guarantees compared to desktop/server Linux. E.g. people should expect that none of the installed software can hijack the phone completely and that most damage from malware should be mitigateable by uninstalling malicious app.

Network Infrastructure Security Guidance (NSA) [pdf]

aj3 — Fri, 04 Mar 2022 14:49:15 +0000

Article URL: https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

Comments URL: https://news.ycombinator.com/item?id=30555553

Points: 1

# Comments: 0

New comment by aj3 in "PSA: uBlock/AdBlocks on Chrome to lose function thanks to Manifestv3"

aj3 — Sat, 11 Dec 2021 18:59:22 +0000

There were over a dozen of 0day exploits this year alone. Some used in water hole style attacks, so not even that targeted. And these are state of the art incidents which would have pwned even users with all the updates installed.

After the patch has been pushed out, exploits become progressively cheaper so letting users to postpone security updates is a crime.

New comment by aj3 in "Tell HN: Lost then regained access to Google account, with correct credentials"

aj3 — Fri, 03 Dec 2021 14:47:17 +0000

Right. Session is stored either in cookies or in Local Storage. Both get cleared when you "clean cookies". If there is no device session, next time you're trying to log in, service will ask to show the second factor (so that hacker can't steal your account through finding the password on some other website).

Firefox didn't work, because person deleted session and didn't have second factor (nor backup auth methods). Chromium worked, because it still had device session.

I'm traveling and using TOR and VPNs just like everybody else and haven't faced any issues. There most definitely is a problem with communicating security/accessibility tradeoffs to the public though, so I'm not putting blame on the op here.

New comment by aj3 in "Tell HN: Lost then regained access to Google account, with correct credentials"

aj3 — Fri, 03 Dec 2021 13:43:00 +0000

It's not user agent, it's session (cookies, localStorage) that they didn't have in Firefox, but still had in Chromium. And this isn't Google specific at all.

New comment by aj3 in "Tell HN: Lost then regained access to Google account, with correct credentials"

aj3 — Fri, 03 Dec 2021 13:37:12 +0000

Most probably they've added MFA and lost it. Devices that have been authenticated already can be used with the bare login & password, but new sessions will ask for the MFA they can't access.

New comment by aj3 in "Tell HN: Lost then regained access to Google account, with correct credentials"

aj3 — Fri, 03 Dec 2021 13:36:07 +0000

Well yeah. If the recovery process is weaker than regular authentication, that's what bad guys will use for account takeover. You don't want to lose Gmail because someone bruteforced your backup code?

New comment by aj3 in "Price increase on .io domains on January 1, 2022 (Renewal: $55.00)"

aj3 — Thu, 02 Dec 2021 10:13:28 +0000

AFAIK, there are exactly two ways to avoid getting phished. One is using physical security keys (not implemented everywhere and we can't expect everyone in the world to buy one). The second one is checking the domain you're in.

Please, do elaborate on what other ways of phishing preventions you have in minds.

New comment by aj3 in "Price increase on .io domains on January 1, 2022 (Renewal: $55.00)"

aj3 — Wed, 01 Dec 2021 17:51:31 +0000

That's awesome for phishing.

New comment by aj3 in "Pixel sent to Google for replacement. They used it to post wife's nudes online"

aj3 — Wed, 01 Dec 2021 17:19:04 +0000

The official repair shops that Apple Repair will guide you to should never ask for the pin, afaik. There is that mode for diagnostics which you need to approve, but you don't need to provide the pin - just unlock the phone and press approve button yourself.

New comment by aj3 in "Pixel sent to Google for replacement. They used it to post wife's nudes online"

aj3 — Wed, 01 Dec 2021 17:14:45 +0000

Android has exactly this feature, two in fact: "Safe Folder" for regular files and "Locked Folder" for photos specifically.

New comment by aj3 in "FBI's ability to legally access secure messaging app content and metadata [pdf]"

aj3 — Wed, 01 Dec 2021 05:55:15 +0000

Employer might have been defense contractor. Most jobs without clearance don't even have "threat assessment coordinaror".

New comment by aj3 in "American spy hacked Booking.com, company stayed silent"

aj3 — Thu, 11 Nov 2021 19:34:47 +0000

Counter example where companies didn't stay silent: https://en.wikipedia.org/wiki/Operation_Aurora