Comments URL: https://news.ycombinator.com/item?id=28809278

Points: 3

# Comments: 1

You can actually see a list of all resources served from scriptobservatory.org for the last 6 months here: https://scriptobservatory.org/webpage/b0852f543b380fd1515112...

There are no ads, popups, etc.

The results for the site you mentioned are here - https://scriptobservatory.org/webpage/543677125f1bea8226ba7c... - but I don't see anything that looks like a clear match.

If you were only able to reproduce it on a Nexus 5, I don't think analysis with ScriptObservatory will be easy. I'd still suggest submitting the URLs to be scanned by the robo-browser and then looking to see if what gets reported looks similar to what you saw before.

Also, if you write a Yara rule that matches on some of the unique features in the JS/iframes you saw, you could run a search through what's been seen. You can use that to also be alerted when new matches are reported. If something similar has been seen elsewhere, you might be able to tie it to a specific ad network.

Why is something like this a good idea?

JavaScript, iframes, and other embedded web content have the potential to cause your browser to take unwanted and even harmful actions on your behalf, however visibility into what you're running as you browse is very limited. After-the-fact analysis of what you were sent is (in nearly all cases) outright impossible.

If you have any thoughts or want a few interesting queries to get started, get in touch. Feedback is welcome!

Comments URL: https://news.ycombinator.com/item?id=10409860

Points: 38

# Comments: 9

Why is something like this a good idea?

JavaScript, iframes, and other embedded web content have the potential to cause your browser to take unwanted and even harmful actions on your behalf, however visibility into what you're running as you browse is very limited. After-the-fact analysis of what you were sent is (in nearly all cases) outright impossible.

If you have any thoughts or want a few interesting queries to get started, get in touch. Feedback is welcome!

Comments URL: https://news.ycombinator.com/item?id=10405122

Points: 1

# Comments: 1

With that, I can search the history of what we've been sent to get a list of all webpages that this exploit has been seen on.

Email is scriptobservatory -at- gmail -dot- com or you can input it in the "Do you have a list of websites you want to be scanned regularly?" text box.

Re: SoftwareMaven's "why is the 'player character' so important?", I don't think the player character we follow is necessarily any more important than the other player characters. You can say every individual character (or particle in the real-world side of the analogy) has an importance only within its own reference frame and I think it still works.

Just like you can have many players playing the MMO game and "collapsing the state" of different things from their own reference frames at different times, you can have the same be true for the particles in the real-world analogy. No one player of the game is more "important" than any others. The only requirement is that it all stays self-consistent in the backend and across everyone's individual points of view at all times.

But (for better or worse) I don't think what we're talking about now is science, really, unless there's some way to test it.

Maybe you could try to detect a "lag" by doing something that causes an especially large number of states to collapse across an especially large number of frames of references all at once, but I'm not sure if you could do anything that would detect this lag because all of our ways of detecting would be lagging too. (This goes along the same lines as trying to tell if the computer you're using is running within a VM or running natively.)

Any ideas?

https://home.capitalone360.com/rates https://www.simple.com/policies/rates/

To what degree is he familiar with the specific details of the classified government contracts Apple has taken up?

Comments URL: https://news.ycombinator.com/item?id=6990805

Points: 1

# Comments: 0

FWIW, I agree the contest is a sham for the reasons moxie & others listed here and elsewhere.

If you're not familiar with the basics of the Holographic Principle, start here: https://en.wikipedia.org/wiki/Holographic_principle

It's been a while since I've watched these, but IIRC these are very good videos to start with:

- http://www.youtube.com/watch?v=2DIl3Hfh9tY

- http://www.youtube.com/watch?v=GHgi6E1ECgo

EDIT:

Key clippings from the wikipedia article-

"But Jacob Bekenstein noted that this leads to a violation of the second law of thermodynamics. If one throws a hot gas with entropy into a black hole, once it crosses the event horizon, the entropy would disappear. The random properties of the gas would no longer be seen once the black hole had absorbed the gas and settled down. The second law can only be salvaged if black holes are in fact random objects, with an enormous entropy whose increase is greater than the entropy carried by the gas.

Bekenstein argued that black holes are maximum entropy objects—that they have more entropy than anything else in the same volume. In a sphere of radius R, the entropy in a relativistic gas increases as the energy increases. The only limit is gravitational; when there is too much energy the gas collapses into a black hole. Bekenstein used this to put an upper bound on the entropy in a region of space, and the bound was proportional to the area of the region. He concluded that the black hole entropy is directly proportional to the __area__ of the event horizon."

(__'s mine)