<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: kokx</title><link>https://news.ycombinator.com/user?id=kokx</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Mon, 13 Jul 2026 05:39:03 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=kokx" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by kokx in "Upcoming changes to Let's Encrypt and how they affect XMPP server operators"]]></title><description><![CDATA[
<p>The article literally talks about how one of the server implementations does exactly that:<p>> Does this affect Prosody?<p>> Not directly. Let’s Encrypt is not the first CA to issue server-only certificates. Many years ago, we incorporated changes into Prosody which allow server-only certificates to be used for server-to-server connections, regardless of which server started the connection. [...]</p>
]]></description><pubDate>Mon, 09 Feb 2026 23:34:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=46953168</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=46953168</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46953168</guid></item><item><title><![CDATA[New comment by kokx in "JD Vance's team had water level of Ohio river raised for family's boating trip"]]></title><description><![CDATA[
<p>I wouldn't be surprised if this happened without JD Vance's knowledge. This sounds like a thing that Secret Service would make happen to make sure they can secure him at all times.</p>
]]></description><pubDate>Sat, 09 Aug 2025 19:54:39 +0000</pubDate><link>https://news.ycombinator.com/item?id=44849571</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=44849571</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44849571</guid></item><item><title><![CDATA[New comment by kokx in "VPN use surges in UK as new online safety rules kick in"]]></title><description><![CDATA[
<p>Our politics does have some good parts. The political system we have is reasonably good. We have many political parties due to the proportional representation system. A single party is also unlikely to get a majority in parliament on their own, so parties with different backgrounds will have to work together to form a functioning government.<p>We do suffer from many political parties not willing to cause short term pain to improve long term outcomes. There are a few urgent issues going on in politics at the moment. Stuff where a decision needs to be made now and action should be taken. But the political parties do not want to make those decisions because they would inflict short term pain to some voters but would also improve the long term quality of life and economics of the Netherlands.<p>The worst part is that those issues have been known for a long time, but decisions were postponed over and over again because politicians didn't want to make the decision. Making the issues worse and more urgent over time.<p>At the same time populism is clearly on the rise in the Netherlands. A famous thing happening in a debate before the previous elections was a populist saying "But this woman cannot wait for the costs to be decreased, she needs it now." about decreasing a specific part of healthcare costs for citizens. Of course when the same populist became the biggest party during the elections, they never introduced anything to decrease that part of the healthcare costs.</p>
]]></description><pubDate>Mon, 28 Jul 2025 17:57:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=44713451</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=44713451</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44713451</guid></item><item><title><![CDATA[New comment by kokx in "Why MIT switched from Scheme to Python (2009)"]]></title><description><![CDATA[
<p>This depth you are never going to get in a college education anyway. Especially not since programming isn't (and shouldn't be) the only thing you learn in a Software Engineering / Computer Science bachelor.</p>
]]></description><pubDate>Fri, 25 Jul 2025 23:58:13 +0000</pubDate><link>https://news.ycombinator.com/item?id=44689928</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=44689928</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44689928</guid></item><item><title><![CDATA[New comment by kokx in "An inside look at NSA tactics, techniques and procedures from China's lens"]]></title><description><![CDATA[
<p>The type of work the people working at an APT do, is mainly office work, while it still is very much "hands-on-keyboard" work (so you cannot set an action to automatically occur when nobody is checking the results in the middle of the night). You might want to try shuffling this up when you are in charge, but your (usually highly skilled and expensive) employees probably don't want to be working weird shifts all the time. Especially when they have families.<p>It also may not be worth it. Generally APT's want to stay under the radar while they are executing. But after the goals have been reached, most of the time it doesn't matter much if they get attributed. We have yet to see real consequences against any APT's. So paying your employees more to work night shifts, likely doesn't stack up against the consequences of attribution.</p>
]]></description><pubDate>Wed, 19 Feb 2025 20:14:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=43106999</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=43106999</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43106999</guid></item><item><title><![CDATA[New comment by kokx in "Reverse Engineering the Duco Connectivity Board"]]></title><description><![CDATA[
<p>The biggest piece of advice I have is to not give up too easily. The writeup makes things seem a lot easier than they actually are. While working on this project I had many moments where I almost gave up. Pushing past such roadblocks can get you to great insights.<p>For learning how to do such things? Well, a general computer science or electrical engineering background is a great start already. Ideally you learn a bit about embedded systems and how electricity works on circuit boards. A great resource for this is Big Clive on Youtube [1] who reverse engineers many circuits on his channel.<p>Tinkering around with hardware at a lower level will also reward you with a lot of knowledge. For example just working with an ESP32 and some off-the-shelf sensors will help you get a feeling for how these things work. See if you can communicate with other systems as well this way. Try to do as much as possible using jumper wires and breadboards rather than premade cables, so you get to know how it works. Also get a multimeter (one that beeps) and get comfortable using it. If you're unsure which multimeter to get, Big Clive has a pretty good video about that.<p>One thing I recommend getting is a logic analyzer. You don't need to go for an expensive Saleae (you can find pretty cheap clones on your regular Chinese webshops for example). Then just use it to investigate things that you already have access to. Attach it to a UART port where you know data is sent over and see if you can obtain that using the logic analyzer.<p>Then you can probably step over to investigating things you don't know. Just figure out with a multimeter what the voltages are and see if maybe data is sent over the line.<p>[1]: <a href="https://www.youtube.com/@bigclivedotcom" rel="nofollow">https://www.youtube.com/@bigclivedotcom</a></p>
]]></description><pubDate>Tue, 31 Dec 2024 17:57:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=42560436</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=42560436</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42560436</guid></item><item><title><![CDATA[Reverse Engineering the Duco Connectivity Board]]></title><description><![CDATA[
<p>Article URL: <a href="https://github.com/kokx/duco-analysis">https://github.com/kokx/duco-analysis</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42521630">https://news.ycombinator.com/item?id=42521630</a></p>
<p>Points: 35</p>
<p># Comments: 4</p>
]]></description><pubDate>Fri, 27 Dec 2024 12:29:14 +0000</pubDate><link>https://github.com/kokx/duco-analysis</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=42521630</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42521630</guid></item><item><title><![CDATA[New comment by kokx in "Phish-friendly domain registry ".top" put on notice"]]></title><description><![CDATA[
<p>With a little trickery with URL's you could construct something like:<p><a href="https://github.com/example/project/releases/@example-project-v1.zip">https://github.com/example/project/releases/@example-project...</a><p>Due to everything in a URL before the @ being interpreted as a username for basic authentication, this would result in the user navigating to <a href="https://example-project-v1.zip" rel="nofollow">https://example-project-v1.zip</a> instead of to github.<p>Edit: Fortunately it seems like browsers have caught on to this trick</p>
]]></description><pubDate>Thu, 25 Jul 2024 08:33:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=41066265</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=41066265</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=41066265</guid></item><item><title><![CDATA[New comment by kokx in "United States White House Report on Memory Safe Programming [pdf]"]]></title><description><![CDATA[
<p>Usually that CFO doesn't have admin privileges. However, the exe he ran could very easily make use of a privilege escalation exploit on a service that does run with admin privileges. An exploit that is a buffer overflow or otherwise an exploit that is possible due to memory safety issues.<p>Or that exe tries to connect to other services in the network to exploit a buffer overflow on another system. An example of such an exploit was EternalBlue.<p>So yes, you're probably right that from a purely external perspective, attackers are unlikely to gain initial access using exploits targeting memory safety. However, once they are in, there are all sorts of memory safety bugs that could be used.</p>
]]></description><pubDate>Wed, 28 Feb 2024 19:58:59 +0000</pubDate><link>https://news.ycombinator.com/item?id=39542743</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=39542743</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=39542743</guid></item><item><title><![CDATA[New comment by kokx in "Spoofing DNS records by abusing DHCP DNS dynamic updates"]]></title><description><![CDATA[
<p>As a pentester that did exactly this in many corporate networks: this is extremely effective. Just announce with a router advertisement that there is a DHCPv6 server and start handing out link-local IPv6 addresses while you specify your own system as DNS-server.<p>Clients (both Windows and Linux) will prefer the DNS-server specified through IPv6 over the one from IPv4. Then you can spoof any DNS record and capture juicy NTLM hashes flying through the network or relay their authentication and get a free authenticated connection.<p>This is most effective in networks that were designed for only IPv4 and didn't consider IPv6 at all. But it is also effective in some networks that do use IPv6.<p>Mitigations? Either disable the IPv6-stack on all systems, or configure your switches to block the router advertisements and do not allow DHCPv6 traffic to the wrong systems.</p>
]]></description><pubDate>Fri, 08 Dec 2023 22:57:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=38575857</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=38575857</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=38575857</guid></item><item><title><![CDATA[New comment by kokx in "Framework Laptop Wins Two Design Awards"]]></title><description><![CDATA[
<p>FWIW, I'm typing this on my framework right now, and I'm in Europe (Netherlands). So it is available in parts of Europe. Don't remember them promising delivery in all of Europe though?</p>
]]></description><pubDate>Tue, 03 May 2022 20:51:53 +0000</pubDate><link>https://news.ycombinator.com/item?id=31253408</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=31253408</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=31253408</guid></item><item><title><![CDATA[New comment by kokx in "US Senate votes unanimously to make daylight savings time permanent"]]></title><description><![CDATA[
<p>I'm from the Netherlands as well, and I'm very scared of the talks of permanent DST over here. Which means that the sun would rise at 9:45 if we permanently switch to DST. Our country would be better suited at UTC, instead of UTC+1. Keeping it permanently at UTC+2 would be a special form of hell for me.</p>
]]></description><pubDate>Tue, 15 Mar 2022 21:33:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=30692064</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=30692064</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=30692064</guid></item><item><title><![CDATA[New comment by kokx in "WhatsApp end-to-end encrypted backups security assessment"]]></title><description><![CDATA[
<p>As a pentester at a security company doing assessments for customers, I can say that this is definitely false.<p>We value our independence highly. It is what ultimately brings in business. It would be very bad business if one our customers gets hacked, when it was an easy vulnerability for us to find.<p>This is the same for the NCC group here. If in a few weeks the WhatsApp e2e encryption on backups was cracked, they would look like fools. And that is not good for business.</p>
]]></description><pubDate>Thu, 11 Nov 2021 07:20:30 +0000</pubDate><link>https://news.ycombinator.com/item?id=29185337</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=29185337</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=29185337</guid></item><item><title><![CDATA[New comment by kokx in "Transfer.sh – Easy file sharing from the command line"]]></title><description><![CDATA[
<p>I have literally done this once with a friend of mine, transfer a file over netcat. It cost us about 10 minutes of figuring out the exact commands, and we were at the same LAN party, and thus had a direct network path to each others systems. With most consumer routers and their NAT this would be much more complicated. And this was with a friend with high unix knowledge, so not just the "I know how to paste commands from askubuntu" knowledge.<p>So yeah, just being able to copy curl commands from a website certainly has value over configuring complicated commands.</p>
]]></description><pubDate>Mon, 05 Jul 2021 22:54:16 +0000</pubDate><link>https://news.ycombinator.com/item?id=27742586</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27742586</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27742586</guid></item><item><title><![CDATA[New comment by kokx in "NymphCast – Open-source Chromecast Alternative"]]></title><description><![CDATA[
<p>It doesn't expose a Google Cast device. It only allows streaming media from a Jellyfin instance to that device.</p>
]]></description><pubDate>Sat, 12 Jun 2021 11:31:48 +0000</pubDate><link>https://news.ycombinator.com/item?id=27483717</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27483717</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27483717</guid></item><item><title><![CDATA[New comment by kokx in "Dutch official calls for complete ban on Bitcoin"]]></title><description><![CDATA[
<p>Part of his (reported) reasoning is really strange: because Bitcoin is doomed to crash, we have to take action, so the Netherlands should ban it. Causing it to crash earlier rather than later.<p>He also says that he isn't afraid that banning Bitcoin will fail, because a ban would lead to a crash.</p>
]]></description><pubDate>Fri, 11 Jun 2021 12:56:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=27472644</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27472644</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27472644</guid></item><item><title><![CDATA[New comment by kokx in "How Parking Destroys Cities"]]></title><description><![CDATA[
<p>Bicycles replace both walking and driving trips. In Dutch cities, most people walk or cycle to the grocery store, which is a great example of cycling replacing walking trips.<p>In smaller villages however, that are more spread out and usually only have one or two grocery stores, people usually take the car or their bike to the grocery store, because walking is too far. In this case, bikes do replace trips by car.<p>Also note that in general, Dutch cities are quite walkable and cycleable. If I visit a friend on the other side of the city I live in, I go by bike. Which is about as fast as going by car. Going by public transport also takes about the same time. This is a result of the Downs-Thomson paradox [1].<p>[1]: <a href="https://en.wikipedia.org/wiki/Downs%E2%80%93Thomson_paradox" rel="nofollow">https://en.wikipedia.org/wiki/Downs%E2%80%93Thomson_paradox</a></p>
]]></description><pubDate>Fri, 11 Jun 2021 11:28:32 +0000</pubDate><link>https://news.ycombinator.com/item?id=27471855</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27471855</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27471855</guid></item><item><title><![CDATA[New comment by kokx in "Had Covid? You’ll probably make antibodies for a lifetime"]]></title><description><![CDATA[
<p>It is a great argument that non-immunocompromised people should get vaccinated. If non-immunocompromised people are vaccinated, the probability that immunocompromised people get infected gets smaller, thus causing less variants.</p>
]]></description><pubDate>Sat, 29 May 2021 01:15:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=27322308</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27322308</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27322308</guid></item><item><title><![CDATA[New comment by kokx in "Do countries get the list of every passenger that's transiting their airspace?"]]></title><description><![CDATA[
<p>Within the EU, flights rarely get overbooked. Especially on cheap flights like with Ryanair, the reimbursement that the airline has to provide in case of overbooking can easily be more than 10x the ticket value.</p>
]]></description><pubDate>Tue, 25 May 2021 11:18:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=27275440</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27275440</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27275440</guid></item><item><title><![CDATA[New comment by kokx in "JWT should not be your default for sessions"]]></title><description><![CDATA[
<p>Because a user could simply provide the cookie again on the next request. If you still see the JWT as valid even though you deleted the cookie, the user could stay logged in during that time.<p>Cookies are managed by the browser, hence they are ultimately controlled by the user.</p>
]]></description><pubDate>Thu, 13 May 2021 00:44:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=27137078</link><dc:creator>kokx</dc:creator><comments>https://news.ycombinator.com/item?id=27137078</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=27137078</guid></item></channel></rss>