Hacker News: kevcampb

New comment by kevcampb in "New Nginx Exploit"

kevcampb — Mon, 18 May 2026 08:54:29 +0000

They've just been released

https://security.snyk.io/vuln/SNYK-DEBIAN13-NGINX-16732761

https://security.snyk.io/vuln/SNYK-ALPINE323-NGINX-16722461

So it seems that Snyk is taking almost a week to get advisories out for an RCE

New comment by kevcampb in "New Nginx Exploit"

kevcampb — Fri, 15 May 2026 13:38:56 +0000

It seems that Snyk isn't picking this up on our docker images. They have a vulnerability published for the nginx binary itself.

https://security.snyk.io/vuln/SNYK-UNMANAGED-NGINX-16679754

But they've not released any vulnerability for the Alpine or Debian packages.

Does anyone know what's happening here? Seems concerning that there's a 2 day old RCE not being picked up.

New comment by kevcampb in "Chrome removes claim of On-device Al not sending data to Google Servers"

kevcampb — Fri, 08 May 2026 09:48:06 +0000

That's on Google apps, that's not on Chrome. That's not Chrome sending your browsing data or content from inside webpages to Google.

New comment by kevcampb in "Chrome removes claim of On-device Al not sending data to Google Servers"

kevcampb — Thu, 07 May 2026 21:30:57 +0000

This seems somewhat specious - it's also quite possible that they just altered the wording to make it less verbose. Does anyone have access to the link "Learn more about on-device AI"?

If Chrome starts sending data from the browser back to Google, that's going to be a huge compliance issue. If you work for a company that processes customer data in the browser, you're going to need to ban Chrome.

New comment by kevcampb in "Atlassian enables default data collection to train AI"

kevcampb — Mon, 20 Apr 2026 14:45:05 +0000

"Your available data contribution settings will be available no later than May 19, 2026."

So let me guess, they're hoping that we forget about this by then, so that they can scoop up our data? I can't think any other reason for it.

New comment by kevcampb in "Atlassian enables default data collection to train AI"

kevcampb — Mon, 20 Apr 2026 14:02:05 +0000

Unfortunately that one has a subheading of "From August 17, the outfit will collect customer metadata by default unless you pay for the top tier"

It's not just metadata, it's all "in-app data"

New comment by kevcampb in "Atlassian enables default data collection to train AI"

kevcampb — Mon, 20 Apr 2026 12:30:40 +0000

I really wish I could find a better source to link to for this. By default, all free and paid customers are being opted-in to their data being used for AI training.

All your Confluence pages, Jira tickets, etc.

https://support.atlassian.com/security-and-access-policies/d... describes how to disable this, but it also appears that the setting to disable this doesn't exist (it's not visible on any of our instances).

Atlassian enables default data collection to train AI

kevcampb — Mon, 20 Apr 2026 12:23:39 +0000

Article URL: https://letsdatascience.com/news/atlassian-enables-default-data-collection-to-train-ai-f71343d8

Comments URL: https://news.ycombinator.com/item?id=47833247

Points: 604

# Comments: 136

Hackers exploiting Acrobat Reader zero-day flaw since December

kevcampb — Thu, 09 Apr 2026 13:21:09 +0000

Article URL: https://www.bleepingcomputer.com/news/security/hackers-exploiting-acrobat-reader-zero-day-flaw-since-december/

Comments URL: https://news.ycombinator.com/item?id=47703398

Points: 12

# Comments: 0

New comment by kevcampb in "Show HN: Sheet Ninja – Google Sheets as a CRUD Back End for Vibe Coders"

kevcampb — Sun, 29 Mar 2026 12:23:15 +0000

Which works out at $100 USD / year. You might think that's trivial, but when you start provisioning multiple environments over multiple projects it starts to add up.

It's a shame that Google haven't managed to come up with a scale to zero option or serverless alternative that's compatible.

New comment by kevcampb in "Updates to GitHub Copilot interaction data usage policy"

kevcampb — Sun, 29 Mar 2026 06:03:50 +0000

This is terrifying. Github was the one provider I did not expect to make such an action. We're now playing whack-a-mole with vendors to try and ensure that our company IP doesn't end up being used to train a model.

New comment by kevcampb in "Mixpanel Security Breach"

kevcampb — Thu, 27 Nov 2025 08:48:59 +0000

That's a mixpanel breach if the unauthorised access was mixpanel staff accounts.

If someone phishes your gmail account, there is no gmail breach.

New comment by kevcampb in "Mixpanel Security Breach"

kevcampb — Thu, 27 Nov 2025 08:08:31 +0000

Possibly because OpenAI have just made a post stating there has been a breach https://openai.com/index/mixpanel-incident/ and implicating Mixpanel as the cause

New comment by kevcampb in "Mixpanel Security Breach"

kevcampb — Thu, 27 Nov 2025 07:22:01 +0000

The title here is misleading. The original article does not state breach and at no point have Mixpanel used that term.

Pixnapping Attack

kevcampb — Wed, 15 Oct 2025 06:05:51 +0000

See also Hackers can steal 2FA codes and private messages from Android phones - https://news.ycombinator.com/item?id=45574613

Comments URL: https://news.ycombinator.com/item?id=45588594

Points: 311

# Comments: 72

New comment by kevcampb in "Gmail will no longer support checking emails from third-party accounts via POP"

kevcampb — Thu, 02 Oct 2025 13:40:53 +0000

Google converted my mum's Gmail account to a workspace account automatically. Now she can't use her bedroom alarm clock because it's connected to my dad's Gmail account and you can't share access to workspace accounts. It's stupidly maddening.

And yes I realise that an IoT alarm clock is ridiculous, but that's not the point.

New comment by kevcampb in "Kagi News"

kevcampb — Tue, 30 Sep 2025 17:59:36 +0000

> This is pulling the content of the RSS feeds of several news sites into the context window of an LLM and then asking it to summarize news items into articles and fill in the blanks?

This is awful. It's cutting out any money going to the news agencies that go out there and write news. If they didn't exist, Kagi wouldn't work.

New comment by kevcampb in "DARPA solicitation for the Active Social Engineering Defense program (2017)"

kevcampb — Wed, 05 Feb 2025 22:55:04 +0000

If you read the proposal, this is for providing automated defences against social engineering attacks - eg: phishing. It's incredibly benign.

That's not how it's presented on Elon's twitter post, certainly. The replies are just layers and layers of conspiracy theories.

New comment by kevcampb in "DARPA solicitation for the Active Social Engineering Defense program (2017)"

kevcampb — Wed, 05 Feb 2025 22:08:05 +0000

For context, this is likely related to an Elon Musk tweet earlier today https://x.com/elonmusk/status/1887185381797343504 quoting Ian Miles Cheong

> Can someone explain to me why the Department of Defense provided $9,147,532.00 to Reuters for "ACTIVE SOCIAL ENGINEERING DEFENSE (ASED) LARGE SCALE SOCIAL DECEPTION (LSD)"

Deep Green’s Digital Boiler – Harnessing the Heat from a Tiny Data Centre

kevcampb — Tue, 14 Mar 2023 19:02:40 +0000

Article URL: https://www.stateofswimming.com/deep-greens-digital-boiler-harnessing-the-heat-from-a-tiny-data-centre-to-keep-pool-at-30c/

Comments URL: https://news.ycombinator.com/item?id=35156799

Points: 1

# Comments: 0