Hacker News: alaxapta7

New comment by alaxapta7 in "Firefox tooltip bug fixed after 22 years"

alaxapta7 — Tue, 10 Oct 2023 07:26:30 +0000

Same, although I haven't seen this one for a while now. One way to fix the misbehaving explorer (which start menu, tray and others are part of) is to simply kill it and start it over from the task manager. Some applications failed to re-create their tray icons after this, but either all of them fixed it, or it got somehow fixed in Windows.

New comment by alaxapta7 in "Data accidentally exposed by Microsoft AI researchers"

alaxapta7 — Mon, 18 Sep 2023 20:14:10 +0000

Normally I do that too, but this was fairly new and internal application that was still in development, so that's why it was there. And if it wasn't for this incident, they might actually trick our management into thinking they're somehow qualified to carry out such an audit.

New comment by alaxapta7 in "Data accidentally exposed by Microsoft AI researchers"

alaxapta7 — Mon, 18 Sep 2023 18:15:01 +0000

I've seen worse. Couple years back, there was an audit that included an internal system I've been working on. It was running on Debian oldstable because of a vital proprietary library I wasn't able to get working on stable at the time, but it had unattended upgrades set up and all that.

The company made some basic port scan and established that we're running outdated and vulnerable version of Apache. I found the act of explaining the concept of backports to a "pentester" to be physically painful.

They didn't get paid and another company was entrusted with the audit.

New comment by alaxapta7 in "Any sufficiently advanced uninstaller is indistinguishable from malware"

alaxapta7 — Wed, 13 Sep 2023 08:54:55 +0000

I use and recommend subhook[0].

[0] https://github.com/Zeex/subhook

New comment by alaxapta7 in "An Internet of PHP"

alaxapta7 — Sat, 09 Sep 2023 14:26:22 +0000

You can take full control over the routing using router script, then none of the default rules will apply. To be honest, I really dislike how many applications are wired around some Apache configuration or at least assume some specific hostname or path to be used for no reason. If it works with the built-in webserver, then it will work just as well with pretty much any SAPI.

New comment by alaxapta7 in "An Internet of PHP"

alaxapta7 — Sat, 09 Sep 2023 10:06:59 +0000

The built-in web server can only process one request at a time.

New comment by alaxapta7 in "Using LD_PRELOAD to cheat, inject features and investigate programs"

alaxapta7 — Fri, 08 Sep 2023 23:26:38 +0000

I used LD_PRELOAD for patching RCE vulnerability in PunkBuster[0]. They did patch the exploit, but that didn't involve many of the older games they dropped support for. The AC itself isn't effective or even operational for the most part in those, but it still serves as a reliable method of identifying players.

Even their server libraries are obfuscated, and hooking open() turned out to be just easier than trying to patch the binaries themselves.

[0] https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36e

New comment by alaxapta7 in "Someone keeps trying to reset my Facebook password"

alaxapta7 — Fri, 08 Sep 2023 00:14:43 +0000

I thought this was the Passwordless account they implemented (EDIT: didn't realize you weren't talking about the Authenticator app), but I had it turned off. I somehow managed to make it stop by re-enabling/re-disabling both Passwordless and 2FA. So now they always ask me for a password and then I get the challenge.

To this day, I can't comprehend how this is supposed to be safe. So someone can just type in my username and wait until i eventually misclick in the Authenticator app? If it was from a browser I have used before at least, but I was getting these challenges from around the globe.

New comment by alaxapta7 in "Google preemptively banned hundreds of millions of 'pirate' URLs last year"

alaxapta7 — Mon, 04 Sep 2023 18:19:00 +0000

Did it give you a result leading directly to their canonical campaign website? I can see Sanders and Clinton with international, but can't see DeSantis nor any other Republican candidate (not even Pence).

I can definitelly see pages with lists of candidates, but I couldn't find a single one that would also link their websites and thus satisfy the query, at least indirectly.

New comment by alaxapta7 in "Google preemptively banned hundreds of millions of 'pirate' URLs last year"

alaxapta7 — Mon, 04 Sep 2023 08:37:06 +0000

Kagi, location set to United States:

Page 1: Biden, Williamson and link to an article Google hides campaign sites of Trump, RFK Jr. and other Republican candidates

Page 2: Biden again, Pence

No further pages. 5th result contains an article that claims to be linking all presidental candidate websites, but it's a Medium, hidden behind sign-up. I haven't find any result with a comprehensive list of the websites of interest. Kagi does aggregate results from Google and Yandex, so this is probably not too surprising.

New comment by alaxapta7 in "The worst programmer I know"

alaxapta7 — Sun, 03 Sep 2023 02:24:21 +0000

Yeah, that must have been my collegue. Usually he was in charge of implementing all the new stuff, because he was able to deliver fast. And then I had to refactor, or usually just rewrite and redesign the whole thing, because it was immediatelly unmaintenable. I didn't mind, since at the end of the day, he was really good and doing these prototypes and selling them to management. I was good at making the application last and stable, so it kinda worked out.

New comment by alaxapta7 in "Firefox Relay – secure random email and phone number masks"

alaxapta7 — Thu, 31 Aug 2023 01:00:28 +0000

That caught my attention too. Right now, the cheapest option out there still seems to be getting a dumbphone and a few pre-paid SIM cards. Sadly, pre-paid cards are no longer an option in many EU countries. Even just the least expensive SMS gateways are like 10 €/month last time I checked.

New comment by alaxapta7 in "2023 Paid VPN Relationship and Corporate VPN Ownership Map"

alaxapta7 — Thu, 31 Aug 2023 00:17:23 +0000

Sure, but then VPN might be just as problematic unless it's a one that's not provided by a known VPN company. My point is that VPN is just a way to proxy your traffic to somewhere else and hide the content (but not its existence!) from your ISP. Anything else shouldn't ever be taken for granted.

New comment by alaxapta7 in "2023 Paid VPN Relationship and Corporate VPN Ownership Map"

alaxapta7 — Thu, 31 Aug 2023 00:06:16 +0000

Someone else had the IP assigned, then, or you're behind some sort of NAT with someone else. The ISP very likely holds a record of which device had a particular address assigned at any given time. At where I live, addresses are usually lent for pretty much forever. I have mine for 8 years, unchanged. Even my mobile carrier latches the same address for months even.

New comment by alaxapta7 in "2023 Paid VPN Relationship and Corporate VPN Ownership Map"

alaxapta7 — Wed, 30 Aug 2023 17:42:48 +0000

> w/o your ISP knowing

I'd be more concerned about everyone else: https://iknowwhatyoudownload.com

New comment by alaxapta7 in "2023 Paid VPN Relationship and Corporate VPN Ownership Map"

alaxapta7 — Wed, 30 Aug 2023 17:40:30 +0000

If no-log is a priority, you need Tor, not a VPN.

New comment by alaxapta7 in "Windows 11 will happily execute a binary compiled 30 years ago"

alaxapta7 — Fri, 18 Aug 2023 16:48:56 +0000

I don't have nearly as large sample size, but all the games I used to play on XP work fine on W10. And I don't think I've used the compatibility mode, ever.

Actually yes, C&C Red Alert 2 was running slow, but the community came up with patches that make it play nice, including the multiplayer which now works better than it did back in 2000.

New comment by alaxapta7 in "AI bots are now better than humans at decoding CAPTCHAs"

alaxapta7 — Thu, 17 Aug 2023 23:51:46 +0000

> faster

It's purely anecdotical, but I'm convinced that Google CAPTCHA (which I don't see more often only because I rarely use Google Search) punishes me for being fast. I can half-ass it or do a perfect score, but if I'm done with it in less than 3 - 5 seconds, I'll only get another puzzle as a reward.

New comment by alaxapta7 in "AI bots are now better than humans at decoding CAPTCHAs"

alaxapta7 — Thu, 17 Aug 2023 23:46:14 +0000

> It will get bypassed easily.

For now. But we're slowly walking towards the future where you can only consume web using an official and conformant browser running on a locked-down platform. That'd make it considerably harder for spammers, but of course spam isn't what this is about, it's more like a cherry on top.

New comment by alaxapta7 in "‘I've got nothing to hide’ and other misunderstandings of privacy (2007)"

alaxapta7 — Mon, 14 Aug 2023 19:20:47 +0000

To my fake name (from family and friends), anything official goes to the mailbox at my real address to which I have access to. But that rarely happens thanks to e-government. Because of presumed delivery, there's no benefit in receiving that kind of mail on paper, so I opted-in.

For e-mail, I use a domain with a catch-all mailbox. I rot13 the service name or whatever in the local-part to identify where the e-mail got leaked/sold from, which I feel like happens more often than not when buying anything from small e-shops.