Hacker News: cotillion

New comment by cotillion in "US- and Greek-owned tankers ablaze after Iran claims 'underwater drone' strike"

cotillion — Thu, 12 Mar 2026 16:12:11 +0000

Some of the states held presidential elections, not all, but the winners write history so it worked out fine in that case.

New comment by cotillion in "How Copyover MUD Servers Worked"

cotillion — Tue, 11 Feb 2025 12:18:16 +0000

I still maintain the CD LPMud driver for Genesis MUD at https://github.com/cotillion/cd-gamedriver. There is not very much activity though since most critical issues have been fixed over the years and the game is very stable.

New comment by cotillion in "EUCLEAK Side-Channel Attack on the YubiKey 5 Series"

cotillion — Tue, 03 Sep 2024 20:52:52 +0000

Infineon chips are used in some smart tachographs in EU. This is likely to get very messy.

Extract those keys and your drivers can ignore all annoying work-time rules and you can just patch the files if you are audited.

New comment by cotillion in "Netlify just sent me a $104k bill for a simple static site"

cotillion — Tue, 27 Feb 2024 07:48:38 +0000

My experience is that customers don't really care that much about small amounts of downtime no matter what size you are, people mostly get that unexpected stuff happens as long as you don't get hacked or misplace their data. Customers might complain a bit but seldom leave because of a few hours downtime.

This seems to mostly hold true to developers also, GitHub manages to survive just fine after all.

New comment by cotillion in "Ransomware attack affecting Tietoevry's services to some customers in Sweden"

cotillion — Mon, 22 Jan 2024 10:48:12 +0000

They obviously had no separation at all between customers within the DC though. Which is worrying.

New comment by cotillion in "0-days exploited by commercial surveillance vendor in Egypt"

cotillion — Fri, 22 Sep 2023 18:33:59 +0000

Ouch.

Apparently Firefox has "Https First" also but requires the pref dom.security.https_first to be set.

"HTTPS-Only Mode" is obviously best if you can do that.

New comment by cotillion in "Google Translate “Get well [Swedish firstname]” translates to “fuck you”"

cotillion — Tue, 09 May 2023 13:56:58 +0000

Its aggression is related to animals somehow.

- krya på dig katt (cat) - fuck you cat

Björn is also bear in swedish.

New comment by cotillion in "FreeBSD optimizations used by Netflix to serve video at 800Gb/s [pdf]"

cotillion — Thu, 03 Nov 2022 12:52:29 +0000

Netflix works because they move content close to the users. This is done by either having the ISP establish a peering connection directly to Netflix hosted servers or by having the ISPs host "Open Connect Appliances" which cache the most requested content. These appliances are based on FreeBSD.

The AWS egress savings from this setup must be immense.

https://openconnect.netflix.com/

New comment by cotillion in "I fucking hate Jira"

cotillion — Mon, 20 Jun 2022 20:01:21 +0000

I think those of us who have had to suffer through ClearQuest, Lotus notes etc have an entirely different scale on how bad things can be compared to those who appear to really really hate Jira today. I'm not a fan of Jira but atleast it loads, eventually.

New comment by cotillion in "Possible Spring core RCE"

cotillion — Wed, 30 Mar 2022 07:57:33 +0000

This appears to be some Chinese source with the same info: https://cn-sec.com/archives/853339.html

Looking at Github and uses of SerializationUtils.deserialize this is going to be painful.

New comment by cotillion in "Attackers exploit flaw in web’s security to steal $2M in cryptocurrency"

cotillion — Fri, 11 Mar 2022 13:36:29 +0000

No, klayswap.com has CAA configured in DNS.

New comment by cotillion in "Attackers exploit flaw in web’s security to steal $2M in cryptocurrency"

cotillion — Fri, 11 Mar 2022 13:21:19 +0000

You are most likely vulnerable to some extent, protection has to be done by your ISP.

In this case it seems like the attackers targeted an SDK. Subresource integrity would have helped here.

https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

New comment by cotillion in "Compromising Angular via expired NPM publisher email domains"

cotillion — Sun, 20 Feb 2022 10:06:44 +0000

The mitigation against this was probably the restriction on password resets which support lifted. They just forgot to train support how to deal with it.

New comment by cotillion in "Hetzner now provides IPv6 only dedicated servers"

cotillion — Tue, 07 Dec 2021 14:31:52 +0000

In the server auction the price appears to drop by €2.13 when IPv6 is selected. Which I guess is affected by local VAT.

New comment by cotillion in "EU lawmakers pass strict new rules affecting big U.S. tech"

cotillion — Tue, 23 Nov 2021 14:09:31 +0000

When the words on the page are "Minimum level of fines of 4% and up to 20% of total turnover " it might be time to start to listen.

And for systematic non-compliance “structural or behavioural remedies”.

New comment by cotillion in "DoorDash Joins Forces with Wolt"

cotillion — Wed, 10 Nov 2021 10:13:28 +0000

Most pizza-places here attempt to avoid the "(wolt|foodora) tax" price increase for pickups by offering free drinks if you call and order instead of doing it through the app.

Wouldn't be surprised if they start splitting into separate legal entities soon to get out of the pickup price matching restrictions.

New comment by cotillion in "Fastmail, Runbox, and Posteo under DDoS extortion attack"

cotillion — Sat, 23 Oct 2021 14:09:24 +0000

At this scale you pretty much need to apply some sort of DDoS scrubbing service. Your ISP might already have one they can route traffic through or if you have your own AS you can let a DDoS service announce the target prefixes.

A game i run was recently hit with a 102 Ggbps CLDAP reflection attack. We were down for a while until our ISPs DDoS protection detected it after that we were mostly unaffected. If the attack is difficult to separate from legitimate traffic you'll still suffer though.

New comment by cotillion in "Gmail password first character is case insensitive on mobile device"

cotillion — Sat, 09 Oct 2021 10:38:23 +0000

They probably just do two password checks.

New comment by cotillion in "Facebook-owned sites were down"

cotillion — Mon, 04 Oct 2021 17:14:21 +0000

So, does anyone know where to one can buy an LTE gateway with a serial port interface? Asking for a friend.

New comment by cotillion in "Cooling system leak led to Victorian Big Battery fire"

cotillion — Tue, 28 Sep 2021 11:26:54 +0000

Well, the conclusions seem to suggest they have passive safety.

"The affected Megapacks failed safely despite total loss."