Hacker News: nettlin

New comment by nettlin in "Vercel April 2026 security incident"

nettlin — Sun, 19 Apr 2026 19:18:00 +0000

They just added more details:

> Indicators of compromise (IOCs)

> Our investigation has revealed that the incident originated from a third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting hundreds of its users across many organizations.

> We are publishing the following IOC to support the wider community in the investigation and vetting of potential malicious activity in their environments. We recommend that Google Workspace Administrators and Google Account owners check for usage of this app immediately.

> OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

https://vercel.com/kb/bulletin/vercel-april-2026-security-in...

New comment by nettlin in "Vercel April 2026 security incident"

nettlin — Sun, 19 Apr 2026 19:17:46 +0000

They just added more details:

> Indicators of compromise (IOCs)

> OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

https://vercel.com/kb/bulletin/vercel-april-2026-security-in...

New comment by nettlin in "North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package"

nettlin — Tue, 31 Mar 2026 23:36:28 +0000

> [Google Threat Intelligence Group] attributes this activity to UNC1069, a financially motivated North Korea-nexus threat actor active since at least 2018, based on the use of WAVESHAPER.V2, an updated version of WAVESHAPER previously used by this threat actor. Further, analysis of infrastructure artifacts used in this attack shows overlaps with infrastructure used by UNC1069 in past activities.

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package

nettlin — Tue, 31 Mar 2026 23:35:51 +0000

Article URL: https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/

Comments URL: https://news.ycombinator.com/item?id=47594887

Points: 7

# Comments: 2

New comment by nettlin in "I want to wash my car. The car wash is 50 meters away. Should I walk or drive?"

nettlin — Mon, 16 Feb 2026 07:24:53 +0000

Just now, with GPT 5.2 Thinking:

> The car wash is only 50 meters from my house. I want to get my car washed. The car is at my house currently. Should I walk there or drive?

> Walk. > > At 50 meters, walking is faster than the full “start car → pull out → reposition → park” cycle, avoids cold-start wear, and you won’t risk arriving with dusty brakes/tires or water streaks from immediately driving afterward. Drive only if you can’t comfortably walk (mobility, heavy weather, you need to bring bulky items), or if the car wash explicitly requires you to drive it into a queue/track.

New comment by nettlin in "We found that the fix to address the DoS vulnerability in React was incomplete"

nettlin — Fri, 12 Dec 2025 18:56:48 +0000

> The patches published earlier are vulnerable.

> If you already updated for the Critical Security Vulnerability last week, you will need to update again.

> If you updated to 19.0.2, 19.1.3, and 19.2.2, these are incomplete and you will need to update again.

https://react.dev/blog/2025/12/11/denial-of-service-and-sour...

We found that the fix to address the DoS vulnerability in React was incomplete

nettlin — Fri, 12 Dec 2025 18:56:48 +0000

Article URL: https://bsky.app/profile/react.dev/post/3m7qs2rtey22l

Comments URL: https://news.ycombinator.com/item?id=46247393

Points: 14

# Comments: 1

New comment by nettlin in "AWS multiple services outage in us-east-1"

nettlin — Mon, 20 Oct 2025 20:01:43 +0000

> The Amazon retail site seems available, but I’m curious if it’s even using native AWS or is still on the old internal compute platform.

Some parts of amazon.com seem to be affected by the outage (e.g. product search: https://x.com/wongmjane/status/1980318933925392719)

New comment by nettlin in "Did you read the quarter-million-line license for your Slack app?"

nettlin — Sat, 20 Sep 2025 02:02:08 +0000

This file does not contain the terms of service of Slack. Rather, it contains the software licenses of third-party code that is embedded in Chromium, which in turn is embedded in the Slack app. Every dependency has its own license, which is why the file is so big (800× Apache-2.0, 237× MIT, 59× LGPL, and so on).

New comment by nettlin in "The Space Shuttle Columbia disaster and the over-reliance on PowerPoint (2019)"

nettlin — Fri, 29 Aug 2025 01:26:38 +0000

Discussed at the time: https://news.ycombinator.com/item?id=19668161

I found it surprising that the slide in the article uses Calibri, a typeface that wasn’t publicly available at the time. The original discussion confirms that the slide in the article is a recreation of the original one:

> The slide in the article has the same text, but is a recreation of the original (The Calibri typeface used wasn't part of PowerPoint until 2007).

> The original slide can be seen in the full report linked in the article:

> https://www.edwardtufte.com

New comment by nettlin in "Vanilla JavaScript support for Tailwind Plus"

nettlin — Fri, 25 Jul 2025 19:26:32 +0000

When using Tailwind you’re likely to use something like React components, so your actual code is more likely to look like:

  
    Dropdown button
    …

which is even better than what Bootstrap provides since you get type safety for component props (and more opportunities for customization than what Bootstrap allows)