Hacker News: akdev1l

New comment by akdev1l in "California moves to exempt Linux from its age-verification law after backlash"

akdev1l — Tue, 26 May 2026 13:12:27 +0000

Technically linux. Not open source in its commercial forms.

New comment by akdev1l in "California moves to exempt Linux from its age-verification law after backlash"

akdev1l — Tue, 26 May 2026 12:50:23 +0000

You can brute force the real age this way.

Do binary search and you don’t even need that many calls.

1. Is person older than 50? 2. Older than 25? 3. Older than 18? 4. Older than 9? 5. Younger than 14? 6. Older than 16?

New comment by akdev1l in "Goodbye Visa and Mastercard: 130M Europeans switching to sovereign payment"

akdev1l — Wed, 20 May 2026 14:10:03 +0000

You could still have this 1-click experience with another system.

Like you could set some rule like “this vendor is approved for charges below $50”. We don’t need the legacy system for that.

(I don’t know if any payment systems can do that atm, just that if we wanted we could make them do that)

Visa seemed not to care too much about fraud though so at some level they do prefer ease of use over security

New comment by akdev1l in "Frontier AI has broken the open CTF format"

akdev1l — Sat, 16 May 2026 11:34:10 +0000

My biology teacher in school once tried to teach us that winds created by God. Not like spiritually or something but that God literally made the wind I guess.

My “earth sciences” teacher also once tried to argue with me against the universal law of gravitation. (no, she was not referring to Special/General Relativity. She didn’t agree two objects in a vacuum fall at the same speed regardless of mass.

New comment by akdev1l in "A 0-click exploit chain for the Pixel 10"

akdev1l — Fri, 15 May 2026 15:26:58 +0000

As an anecdote, I provided fragnesia.c and the subsequent proposed patch to fix the issue and while it was not able to discover an entirely new vulnerability, I think it was able to find 2 new ways of exploiting the same underlying bug.

This is quite impressive considering I’m just a dumbass with a Claude subscription.

New comment by akdev1l in "Dirtyfrag: Universal Linux LPE"

akdev1l — Thu, 07 May 2026 22:35:43 +0000

The JVM has nothing to do with Android. There is no JVM running android apps.

There was Dalvik VM at one point but now it’s just the Android Runtime.

New comment by akdev1l in "Dirty Frag: Universal Linux LPE"

akdev1l — Thu, 07 May 2026 22:33:19 +0000

A very comprehensive SELinux deployment for one.

SELinux will stop any process in android from loading kernel modules, that’s not allowed. The android permission model as a whole is ultimately backed by SELinux.

New comment by akdev1l in "Dirty Frag: Universal Linux LPE"

akdev1l — Thu, 07 May 2026 22:27:58 +0000

The thing is that we could simply split those modules into separate packages

No reason why you couldn’t just `dnf install -y kmod-rxrpc` if for whatever reason you need that.

New comment by akdev1l in "CopyFail was not disclosed to Gentoo developer"

akdev1l — Thu, 30 Apr 2026 22:52:10 +0000

interesting but in that case no point in keeping the x bit either and suid binaries should just be 4700 ?

New comment by akdev1l in "For Linux kernel vulnerabilities, there is no heads-up to distributions"

akdev1l — Thu, 30 Apr 2026 20:16:21 +0000

F44 is safe as the kernel is greater than 6.18.22

New comment by akdev1l in "For Linux kernel vulnerabilities, there is no heads-up to distributions"

akdev1l — Thu, 30 Apr 2026 20:15:52 +0000

Without read permissions you cannot execute the binary, that would not make any sense.

To execute the binary it needs to be read from disk and loaded into memory.

In fact if you have read permissions but not executable permissions on a specific binary then you can still execute it by calling the linker directly /bin/ld.so.1 /path/to/binary (the linker will read and load the binary and then jump to the entry point without an exec() call)

New comment by akdev1l in "Copy Fail"

akdev1l — Thu, 30 Apr 2026 14:20:34 +0000

> you dont test exploit pocs on your daily driver.

Do you just like making fake points and pretending other people said them?

New comment by akdev1l in "Copy Fail"

akdev1l — Wed, 29 Apr 2026 23:13:36 +0000

what the blog says and what the code does are two different things.

For all I know the blog itself is a honey pot. I need to know what the code does before I run it.

New comment by akdev1l in "Copy Fail"

akdev1l — Wed, 29 Apr 2026 20:58:00 +0000

Disagree because to run the PoC you really ought to understand what it’s doing.

And this code is not readable at all. It is failing at letting people confirm the exploit easily.

New comment by akdev1l in "Copy Fail"

akdev1l — Wed, 29 Apr 2026 20:53:11 +0000

Agreed lmao the PoC itself looks like you’re getting attacked

Which I guess is true but I would like to verify the attack is the intended one

New comment by akdev1l in "Copy Fail – CVE-2026-31431"

akdev1l — Wed, 29 Apr 2026 20:39:54 +0000

You’d have to reinstall the su binary itself I guess

New comment by akdev1l in "Copy Fail"

akdev1l — Wed, 29 Apr 2026 20:39:07 +0000

No, Android doesn’t have suid binaries to exploit like in the PoC

New comment by akdev1l in "My audio interface has SSH enabled by default"

akdev1l — Sat, 25 Apr 2026 03:11:32 +0000

there’s barely any hacking here

the guy found this through looking at the firmware but nmap -p 22 would have also found this

So like the first thing you would do to attack the device

I found an issue exactly like this on an ISP-provided router. I am nowhere near geohot but also didn’t even do as much as the guy in the article lmao

New comment by akdev1l in "Meta tells staff it will cut 10% of jobs"

akdev1l — Fri, 24 Apr 2026 22:35:09 +0000

It was. Not anymore. See: layoffs.

New comment by akdev1l in "Meta tells staff it will cut 10% of jobs"

akdev1l — Fri, 24 Apr 2026 02:25:27 +0000

Also Google has a whole YouTube inside of it