Hacker News: currysausagehttps://news.ycombinator.com/user?id=currysausageHacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 13 Apr 2026 17:52:18 +0000<![CDATA[Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns]]>Article URL: https://gbhackers.com/hackers-exploit-free-firebase-accounts/

Comments URL: https://news.ycombinator.com/item?id=47014468

Points: 1

# Comments: 0

]]>Sat, 14 Feb 2026 13:42:43 +0000https://gbhackers.com/hackers-exploit-free-firebase-accounts/currysausagehttps://news.ycombinator.com/item?id=47014468https://news.ycombinator.com/item?id=47014468<![CDATA[New comment by currysausage in "Mathematics for Computer Science (2018) [pdf]"]]>When I need a refresher on the basics of Python, I refer to Python Distilled, and when I want a deep dive, I turn to Fluent Python. Reading these books makes me feel like I'm sitting next to an experienced, witty colleague.

I will take a look at Python Crash Course.

]]>Fri, 09 Jan 2026 23:20:28 +0000https://news.ycombinator.com/item?id=46560790currysausagehttps://news.ycombinator.com/item?id=46560790https://news.ycombinator.com/item?id=46560790<![CDATA[Updates to the pf packet filter in FreeBSD and pfSense software]]>Article URL: https://www.netgate.com/blog/updates-to-the-pf-packet-filter-in-freebsd-and-pfsense-software

Comments URL: https://news.ycombinator.com/item?id=45291749

Points: 3

# Comments: 0

]]>Thu, 18 Sep 2025 16:36:23 +0000https://www.netgate.com/blog/updates-to-the-pf-packet-filter-in-freebsd-and-pfsense-softwarecurrysausagehttps://news.ycombinator.com/item?id=45291749https://news.ycombinator.com/item?id=45291749<![CDATA[New comment by currysausage in "Vaultwarden commit introduces SSO using OpenID Connect"]]>The web frontend could still send secrets to third parties.

]]>Fri, 15 Aug 2025 17:50:22 +0000https://news.ycombinator.com/item?id=44915387currysausagehttps://news.ycombinator.com/item?id=44915387https://news.ycombinator.com/item?id=44915387<![CDATA[New comment by currysausage in "The Scourge of Arial (2001)"]]>Aptos replaced Calibri in Word and Excel.

]]>Mon, 14 Jul 2025 09:41:05 +0000https://news.ycombinator.com/item?id=44558101currysausagehttps://news.ycombinator.com/item?id=44558101https://news.ycombinator.com/item?id=44558101<![CDATA[New comment by currysausage in "Microsoft extends free Windows 10 security updates into 2026"]]>One upside of this reimplementation is that we can now enjoy state-of-the-art Electron-level loading times when opening a new Explorer window. /s

]]>Sat, 28 Jun 2025 17:43:56 +0000https://news.ycombinator.com/item?id=44406629currysausagehttps://news.ycombinator.com/item?id=44406629https://news.ycombinator.com/item?id=44406629<![CDATA[New comment by currysausage in "Stop Using Encrypted Email (2020)"]]>There are, of course, web email services that purport to encrypt messages. But they store encryption keys (or code and data sufficient to derive them). These systems obviously don’t work, as anyone with an account on Ladar Levison’s Lavabit mail service hopefully learned. The popularity of “encrypted” web mail services is further evidence of encrypted email’s real role as a LARPing tool.

]]>Wed, 11 Jun 2025 22:39:31 +0000https://news.ycombinator.com/item?id=44252580currysausagehttps://news.ycombinator.com/item?id=44252580https://news.ycombinator.com/item?id=44252580<![CDATA[New comment by currysausage in "Smallest Possible Files"]]>I believe the sentence from the RFC:

[XHTML1] defines a profile of use of XHTML which is compatible with HTML 4.01

is technically incorrect. While the XHTML 1 compatibility profile was compatible with HTML 4 as implemented by major browsers, that wasn't actually HTML 4. HTML 4 is based on SGML, while what was implemented was a combination of HTML 4 semantics with the tagsoup parsing rules that browsers organically developed. These rules were only later formalized as part of HTML 5.

The compatibility guidelines do recommend a space between
, but (at least according to https://validator.w3.org/ in HTML 4 mode) this doesn't change anything about
being a NET-enabling start-tag
Enter this:

  
Hello
world
and select "Validate HTML fragment", "HTML 4.01", and "Show Outline". This is the result:

  [H1] Hello>world
(Obviously nitpicking, but that's my point: the nitpickers can be out-nitpicked.)

]]>Fri, 30 May 2025 15:15:09 +0000https://news.ycombinator.com/item?id=44137045currysausagehttps://news.ycombinator.com/item?id=44137045https://news.ycombinator.com/item?id=44137045<![CDATA[New comment by currysausage in "Smallest Possible Files"]]>This is especially ironic, considering the same people will gladly use XML syntax and serve it as text/html. Historically, this has only worked because no relevant browser has ever implemented SGML (and NET [1], in particular), as required by HTML standards up to version 4 [2].

[1] https://en.wikipedia.org/wiki/Standard_Generalized_Markup_La...

[2] https://www.w3.org/TR/html401/conform.html#h-4.2

]]>Fri, 30 May 2025 08:30:58 +0000https://news.ycombinator.com/item?id=44134151currysausagehttps://news.ycombinator.com/item?id=44134151https://news.ycombinator.com/item?id=44134151<![CDATA[New comment by currysausage in "Global, distributed and backwards compatible CVE alternative launched by CERT"]]>CERT stands for Computer Emergency Response Team.

CIRCL, the supposed operator behind gcve.eu [1], "is the CERT for the private sector, communes and non-governmental entities in Luxembourg" [2].

[1] https://gcve.eu/contact/

[2] https://en.wikipedia.org/wiki/Computer_emergency_response_te...

]]>Wed, 16 Apr 2025 13:35:35 +0000https://news.ycombinator.com/item?id=43705363currysausagehttps://news.ycombinator.com/item?id=43705363https://news.ycombinator.com/item?id=43705363<![CDATA[New comment by currysausage in "Default styles for h1 elements are changing"]]>If I remember correctly, W3C’s XHTML2 working group wanted a generic tag [1], and WHATWG, focused on evolving HTML in a backwards-compatible manner, repurposed

as a context-dependent heading tag instead.

[1] https://www.w3.org/TR/2010/NOTE-xhtml2-20101216/mod-structur....

]]>Fri, 11 Apr 2025 18:59:43 +0000https://news.ycombinator.com/item?id=43657245currysausagehttps://news.ycombinator.com/item?id=43657245https://news.ycombinator.com/item?id=43657245<![CDATA[New comment by currysausage in "Nebula Sans"]]>Fira was designed by world-class type designers, and it’s only free thanks to the funding by Mozilla and Here, so yes, definitely a different category.

Same goes for IBM Plex, by the way.

]]>Sat, 05 Apr 2025 08:08:00 +0000https://news.ycombinator.com/item?id=43591808currysausagehttps://news.ycombinator.com/item?id=43591808https://news.ycombinator.com/item?id=43591808<![CDATA[Thundermail and Thunderbird Pro Services]]>Article URL: https://thunderbird.topicbox.com/groups/planning/T437cd854afcb1395

Comments URL: https://news.ycombinator.com/item?id=43535071

Points: 8

# Comments: 0

]]>Mon, 31 Mar 2025 13:51:53 +0000https://thunderbird.topicbox.com/groups/planning/T437cd854afcb1395currysausagehttps://news.ycombinator.com/item?id=43535071https://news.ycombinator.com/item?id=43535071<![CDATA[New comment by currysausage in "Why does target="_blank" have an underscore in front?"]]>Another nitpick: the attribute was called name, not id.

https://www.w3.org/TR/html401/present/frames.html#h-16.3

]]>Mon, 24 Feb 2025 11:57:26 +0000https://news.ycombinator.com/item?id=43158524currysausagehttps://news.ycombinator.com/item?id=43158524https://news.ycombinator.com/item?id=43158524<![CDATA[One-Core-API Project]]>Article URL: https://github.com/shorthorn-project/One-Core-API-Binaries

Comments URL: https://news.ycombinator.com/item?id=43141227

Points: 2

# Comments: 0

]]>Sat, 22 Feb 2025 17:46:22 +0000https://github.com/shorthorn-project/One-Core-API-Binariescurrysausagehttps://news.ycombinator.com/item?id=43141227https://news.ycombinator.com/item?id=43141227<![CDATA[New comment by currysausage in "Dumping Memory to Bypass BitLocker on Windows 11"]]>> use TPM (PCR 7+11) with a PIN

A power-on password (set in the BIOS) should also work, since without it the system will never get to the point where the TPM unlocks the FVEK, right?

I prefer this setup to a Bitlocker PIN because I can use a fingerprint instead of the power-on password on my Thinkpad, and because it should make the device largely unusable to a thief.

Of course, power-on password and fingerprint auth are only as strong as my TPM, but the same goes for Bitlocker TPM+PIN, right?

]]>Tue, 31 Dec 2024 13:11:14 +0000https://news.ycombinator.com/item?id=42558484currysausagehttps://news.ycombinator.com/item?id=42558484https://news.ycombinator.com/item?id=42558484<![CDATA[New comment by currysausage in "Even Microsoft Notepad is getting AI text editing now"]]>https://www.microsoft.com/en-us/windows/tips/clipboard-histo...

]]>Thu, 07 Nov 2024 18:26:10 +0000https://news.ycombinator.com/item?id=42079355currysausagehttps://news.ycombinator.com/item?id=42079355https://news.ycombinator.com/item?id=42079355<![CDATA[New comment by currysausage in "Sshfs for Windows"]]>Looking for something like this right now. How does it compare to rclone [1]?

[1] https://rclone.org/sftp/

]]>Sat, 21 Sep 2024 14:00:54 +0000https://news.ycombinator.com/item?id=41610030currysausagehttps://news.ycombinator.com/item?id=41610030https://news.ycombinator.com/item?id=41610030<![CDATA[Tell HN: Microsoft Remote Desktop app for iOS does not verify server certificate]]>By default (in the absence of a CA-signed server certificate), RDP connections between Windows PCs rely on a trust-on-first-use (TOFU) model, where the client software displays a warning [1] before sending credentials to a server whose certificate is not pinned to the registry [2].

(This is somewhat similar to SSH with password, although the auto-generated self-signed RDP server certificates are only valid for 6 months for some reason, so users eventually learn to just ignore these warnings.)

Microsoft's RDP client for iOS used to work like the Windows client in this respect [3], but over the last few years I have noticed that while the Windows client kept periodically prompting me to acknowledge new self-signed certificates, the iOS client stopped doing so.

Recently, I manually generated self-signed 10-year certificates for my personal laptops in an attempt to fix the TOFU model. Sure enough, while the Windows client warned me about these unfamiliar certificates, the iOS client just kept connecting. Neither reinstalling the app nor using a FQDN to connect had any effect.

I tried contacting MSRC [4], but they just responded with boilerplate ("closed as a non-MSRC case" etc.). Could someone who works for MS tell if the app's silence on iOS is a bug or a feature? (And if it's a feature, why can't it be turned off?)

[1] https://i.sstatic.net/pu5YX.png

[2] HKCU\SOFTWARE\Microsoft\Terminal Server Client\Servers\...\CertHash

[2] https://nextpointhost.com/images/knowledgebase/how_to_access_forex_vps_via_rdc_using_iphone_or_ipad_6.PNG

[3] https://msrc.microsoft.com/report/vulnerability/auth/

Comments URL: https://news.ycombinator.com/item?id=41436340

Points: 1

# Comments: 0

]]>Tue, 03 Sep 2024 16:08:58 +0000https://news.ycombinator.com/item?id=41436340currysausagehttps://news.ycombinator.com/item?id=41436340https://news.ycombinator.com/item?id=41436340<![CDATA[New comment by currysausage in "Google loses antitrust suit over search deals on phones"]]>> That sounds like an Apple issue

True. But guess who’s paying Apple good money in order to remain the default search engine. Who knows what else might be part of this deal?

]]>Mon, 05 Aug 2024 20:37:56 +0000https://news.ycombinator.com/item?id=41165361currysausagehttps://news.ycombinator.com/item?id=41165361https://news.ycombinator.com/item?id=41165361