Hacker News: ian_d

New comment by ian_d in "What being ripped off taught me"

ian_d — Mon, 06 Apr 2026 14:04:08 +0000

Evergreen advice from the design side: https://www.youtube.com/watch?v=jVkLVRt6c1U (Mike Monteiro: F*ck You, Pay Me)

New comment by ian_d in "Bucketsquatting is finally dead"

ian_d — Fri, 13 Mar 2026 12:27:06 +0000

The _really_ fun bucket squatting attacks are when the cloud providers themselves use deterministic names for "scratch space" buckets. There was a good DC talk about it at DC32 for AWS, although actual squatting was tough because there was a hash they researchers couldn't reverse (but was consistent for a given account?): https://www.youtube.com/watch?v=m9QVfYVJ7R8

GCP, however, has does this to itself multiple times because they rely so heavily on project-id, most recently just this February: https://www.sentinelone.com/vulnerability-database/cve-2026-...

Zigazoo: GCP Security at "The Largest Social Network for Kids"

ian_d — Mon, 09 Feb 2026 11:15:33 +0000

Article URL: https://amenbreakpoint.com/posts/zigazoo/

Comments URL: https://news.ycombinator.com/item?id=46944005

Points: 1

# Comments: 0

New comment by ian_d in "Flock CEO calls Deflock a “terrorist organization” (2025) [video]"

ian_d — Thu, 05 Feb 2026 20:53:54 +0000

Mountain View recently turned off their Flock installs after they discovered Flock had enabled data sharing without notice and other agencies were searching through MV data.

https://www.malwarebytes.com/blog/privacy/2026/02/flock-came... > A separate “statewide lookup” feature had also been active on 29 of the city’s 30 cameras since the initial installation, running for 17 straight months until Mountain View found and disabled it on January 5. Through that tool, more than 250 agencies that had never signed any data agreement with Mountain View ran an estimated 600,000 searches over a single year, according to local paper the Mountain View Voice, which first uncovered the issue after filing a public records request.

A different town (Staunton, VA) also turned of their Flock installs after their CEO sent out an email claming:

https://www.aclu.org/news/privacy-technology/flock-ceo-goes-... > The attacks aren't new. You've been dealing with this for forever, and we've been dealing with this since our founding, from the same activist groups who want to defund the police, weaken public safety, and normalize lawlessness. Now, they're producing YouTube videos with misleading headlines.

New comment by ian_d in "A16Z hires acquitted former Marine Daniel Penny as an investor"

ian_d — Mon, 19 Jan 2026 20:46:01 +0000

If you don't remember, Daniel Penny is the ex-Marine that killed a homeless man on the NYC subway then was found not guilty of criminally negligent homicide.

A16Z hires acquitted former Marine Daniel Penny as an investor

ian_d — Mon, 19 Jan 2026 20:46:01 +0000

Article URL: https://techcrunch.com/2025/02/04/a16z-hires-acquitted-former-marine-daniel-penny-as-an-investor/

Comments URL: https://news.ycombinator.com/item?id=46684264

Points: 5

# Comments: 2

New comment by ian_d in "Encryption made for police and military radios may be easily cracked"

ian_d — Fri, 08 Aug 2025 10:36:00 +0000

There was actually a good DC31 talk called "Snoop On To Them, As They Snoop On To Us" kinda in this vein, but with Bluetooth devices that are part of a lot of cop's gear.

https://www.youtube.com/watch?v=cO1JSzAdPM8

Zigazoo, A Firebase Boogaloo: Security at "The Largest Social Network for Kids "

ian_d — Mon, 21 Jul 2025 13:23:45 +0000

Article URL: https://amenbreakpoint.com/posts/zigazoo/

Comments URL: https://news.ycombinator.com/item?id=44634808

Points: 2

# Comments: 0

New comment by ian_d in "The young, inexperienced engineers aiding DOGE"

ian_d — Mon, 03 Feb 2025 20:07:58 +0000

Elon is also now claiming to have "deleted" 18F (https://18f.gsa.gov/): https://x.com/elonmusk/status/1886498750052327520

New comment by ian_d in "What happened to Mint?"

ian_d — Thu, 23 Jan 2020 18:23:30 +0000

I'd go check the YNAB forums, there's a lot of v4 users who really hate the cloud version. I tried to switch and gave it up for two reasons:

- Import from v4 is super broken for credit card accounts and I ended up with weird positive balances that don't add up based on any combination of transactions. Forum advice was "start over".

- You cannot tag income as "available for next month", instead all income must be immediately budgeted. Which is different than the old YNAB advice of being a month ahead. Forum advice is to earmark it a special category then fix it when the next month lands (https://support.youneedabudget.com/t/63pgpp/budget-using-onl...).

- No side-by-side month view. You can only view one month at a time.

The differences were too much for me and the import was so borked that I immediately gave up and stuck with v4.

New comment by ian_d in "Show HN: SSM/KMS/ENV-aware Go template file fetcher and parser for AWS ECS"

ian_d — Fri, 21 Sep 2018 13:48:09 +0000

Since ECS is missing k8s configMap/secrets style integrations for SSM and KMS I wrote this small tool to help get secrets into place without a bunch of ECS-specific custom entrypoint code. Scratches a particular itch I've encountered a number of times working with ECS and thought it might be useful to anyone else running AWS ECS services.

Show HN: SSM/KMS/ENV-aware Go template file fetcher and parser for AWS ECS

ian_d — Fri, 21 Sep 2018 13:47:59 +0000

Article URL: https://github.com/ian-d/ecs-template

Comments URL: https://news.ycombinator.com/item?id=18039637

Points: 1

# Comments: 1

New comment by ian_d in "San Francisco Officials to Tech Workers: Buy Your Lunch"

ian_d — Wed, 01 Aug 2018 18:18:11 +0000

I could really see something like France's "tickets restos" / meal voucher system benefitting everyone. Fitting for smaller companies who want to provide a perk w/out an on-site cafeteria, puts some money into the local economy, a little tax relief for employees who are normally buying food for lunch...

New comment by ian_d in "[dead]"

ian_d — Wed, 20 Jun 2018 21:56:55 +0000

The DHS Press Secretary's response is particularly infuriating.

https://twitter.com/SpoxDHS/status/1009502457058201600

New comment by ian_d in "Show HN: Gripsweat, rare vinyl auction and sales with sound clips"

ian_d — Sat, 21 Apr 2018 14:26:19 +0000

It's Record Store Day again and I thought I'd share the site that I've been running for a few years now. It collects vinyl auctions and sales daily (with sound clips), and is at >10M items and >500k sound clips.

I've killed hours just clicking through sound clips to find 45s and LPs that probably otherwise would have slipped past me. This is especially nice for "deep" genres like:

Afrobeat: https://goo.gl/UG6kZm

Reggae: https://goo.gl/tHvJyA

Garage: https://goo.gl/51cJpQ

Northern Soul: https://goo.gl/Jj88Bd

etc,etc

Or you can just watch RSD2018 get out of hand: https://goo.gl/VXN8w8

Show HN: Gripsweat, rare vinyl auction and sales with sound clips

ian_d — Sat, 21 Apr 2018 14:26:04 +0000

Article URL: https://gripsweat.com

Comments URL: https://news.ycombinator.com/item?id=16891528

Points: 3

# Comments: 1

New comment by ian_d in "Show HN: Vinyl record and sleeve grading tool"

ian_d — Sat, 21 Apr 2018 13:56:34 +0000

Missing the real-life seller grades:

  EX- / VG++(+)  
  M+  
  Skip on A2, otherwise MINT  
  SOLID PLAY COPY

(Kidding, nice tool!) Goldmine does have a bit of a no-man's-land between NM and VG+, though.

New comment by ian_d in "An Open Source Tool to analyze wasted EBS capacity in your AWS environment"

ian_d — Sat, 17 Mar 2018 20:58:19 +0000

Nice tool, thank you for releasing it.

Unfortunately, in my experience it's a pretty normal strategy to over provision EBS gp2 volumes to get the IOPS since they scale linearly up to ~10k. I think that's the break-even point where it's actually cheaper to switch over to provisioned IOPS volumes.

So we'd have a number of little-utilized (in terms of data actually stored) 3TB drives just to avoid paying for provisioned IOPS.

New comment by ian_d in "Why George Guidall Is the Undisputed King of Audiobooks"

ian_d — Wed, 23 Aug 2017 16:59:06 +0000

I like Carlin's cadence, but I really wish they would run everything through some compression. The volume range between his "speaking" voice and when he's quoting someone is HUGE and sometimes requires mucking around with the volume to keep it listenable.

New comment by ian_d in "How to present a GitHub project for your resume (2016)"

ian_d — Sat, 29 Jul 2017 15:05:16 +0000

Yeah, here in the slums of higher-ed dev/IT just having a github repos of any original code makes an applicant novel. We never really discussed an applicant's github code with them, but we absolutely read through and took it as a very positive hiring signal.

You don't have to have a huge contribution history or a project with a ton of stars, just having something out there matters to some places.