Hacker News: penagwin

New comment by penagwin in "Stealth bomber in flight on Google Maps"

penagwin — Mon, 20 Dec 2021 20:16:20 +0000

You can find a list of satellites here: https://www.ucsusa.org/resources/satellite-database

According to the image on Google maps it was taken by Maxar. Maxar appears to have a few satellites, looks like 5 in geostationary orbit (~35,700km), 3 at about 400km and 1 at about 500km.

New comment by penagwin in "Hacker steals government ID database for Argentina's entire population"

penagwin — Tue, 19 Oct 2021 16:20:11 +0000

Yes, as well as applying for jobs (or at minimum when hired), renting an apartment, and lots of financial things including any type of KYC crypto exchange or investment accounts. I've also had utility companies ask for it.

These are in no way secret, I have no idea how people are okay with this. You can easily social engineer so many critical services if you know somebody's SSN.

New comment by penagwin in "Antiviral compound blocks SARS-CoV-2 from entering cells"

penagwin — Fri, 15 Oct 2021 14:26:49 +0000

> PNAS October 26, 2021 118 (43) e2108728118; https://doi.org/10.1073/pnas.2108728118

I'm curious how was this published October 26, 2021? (Currently Oct 15)

New comment by penagwin in "Mobile LTE Coverage Map"

penagwin — Tue, 28 Sep 2021 23:07:34 +0000

Apparently 3G is being phased out by AT&T (and I think most other providers have already left 3G) in the US.

Which sucks because I can get a 3G module for my iot projects for 5$ and I think 4G modules start at 50$?

Are we just at the mercy of 4G now for services that need large coverage but low throughput? I know 5G technically has a spec for IOT type stuff but I haven't seen anything about it, and I haven't seen modules for it.

New comment by penagwin in "Incident Response to September 20th 2021"

penagwin — Tue, 21 Sep 2021 19:09:43 +0000

To me it's fair to say it's not a likely scenerio, it's just that they continously say "this would be difficult" at every step. I appreciate the breakdown, but it comes off as trying to convince you it was a near-complete impossibility. I understand it was unlikely, but it was possible, and that makes it severe either way.

New comment by penagwin in "Show HN: Errorpush – Minimalist Sentry alternative using PostgreSQL"

penagwin — Mon, 20 Sep 2021 13:55:39 +0000

We currently self host a version from ~2019, I haven't looked into upgrading the version but just the old version is working great.

New comment by penagwin in "Mozilla HTTP Observatory"

penagwin — Mon, 20 Sep 2021 13:37:13 +0000

I live in the US and have had comcast inject into http requests. I noticed because of a pop-up in csgo's menu (it loads html for their blog)

New comment by penagwin in "Jam 80 Cores, 768GB of RAM into E-ATX Case with This Tiny Board"

penagwin — Fri, 17 Sep 2021 17:20:04 +0000

one instance of doom compiled with wasm on electron, but only if you lower the resolution to get it to run smooth

New comment by penagwin in "Kape Technologies buys ExpressVPN for $936M"

penagwin — Thu, 16 Sep 2021 21:54:01 +0000

Yes! However it gets a bit complex, as they're using dns based geofencing so there's some extra steps.

New comment by penagwin in "Kape Technologies buys ExpressVPN for $936M"

penagwin — Thu, 16 Sep 2021 21:53:06 +0000

He is talking about government level threats, DO provides no benefit.

I'll add that rolling your own means you're the only one exiting that IP address, so if your threat model involves websites profiling you and/or alternative accounts that won't help.

New comment by penagwin in "Please stop closing forums and moving people to Discord"

penagwin — Thu, 16 Sep 2021 18:13:13 +0000

The user id though will burn you though. People who use something like BetterDiscord will be able to easily spot it (as well as your join date).

I'd recommend just using the browser to make an alt.

New comment by penagwin in "Kape Technologies buys ExpressVPN for $936M"

penagwin — Thu, 16 Sep 2021 16:37:24 +0000

Yeah it's a tricky one isn't it? On one hand many of the best security researches are ex-state employees, and many of them go from that into the private sector. On the other hand it makes it sound like they are friendly with potential adversaries.

New comment by penagwin in "Stripe banned us for payment disputes but we never had a single dispute"

penagwin — Tue, 14 Sep 2021 15:05:32 +0000

I don't think crypto would solve this particular issue. Stripe needs the ability to back out of moving money, so there's several settlement periods for different parts of the transaction and ways to appeal transfers retroactively.

I suspect fraudster's are able to wait out this period without detection so they can cash out. If this is the case, then even time locking smart contracts won't help, as the fraudsters just wait out the time period. At that point Stripe would have even less recourse to recover money, as retroactive transfers are not possible at that point.

I could see services such as their debit card offering being abusable too.

They also likely have to worry about things such as predatory recurring payments as those will result in chargebacks which could ultimately fall on Stripe to foot.

New comment by penagwin in "Pumpkin OS: x64 port/re-implementation of PalmOS"

penagwin — Thu, 09 Sep 2021 13:02:06 +0000

I'm not affiliated with this project but I'll plug https://palmdb.net

There's also the subreddit and a discord channel with a very active community of palm developers/collectors

New comment by penagwin in "Climate activist arrested after ProtonMail provided his IP address"

penagwin — Mon, 06 Sep 2021 01:56:19 +0000

From my understanding it depends on how naughty your current exit node has been. Most tor exits in my experience allow creation and you just need to verify another email (just use a random burner- they only block a few. Supposedly some well behaved exits require just a captcha but I've never seen it.

New comment by penagwin in "Mozilla VPN Completes Independent Security Audit by Cure53"

penagwin — Wed, 01 Sep 2021 22:03:47 +0000

Because like 90% of the traffic is malicious. VPNs and proxies obviously change your exit IP, and people rotate through these as they do things like spam, make accounts, credential stuff, etc. This means they're burning through the IP ranges and getting them flagged.

If you're on a VPN with a fresh ASN and IP range you won't have any issues (until people start using it for other reasons).

If you wanted to "fix it" the dirty method, there's extensions for chrome/firefox/etc that will automatically submit your captcha to a captcha solving service and it costs some tiny amount.

tldr; Mischievous basically has to go through VPNs, and they rotate through IPs getting them flagged. You can join the dark side with a captcha solving service and extension, and there's some "solutions" like privacy pass you can try.

New comment by penagwin in "FCC Temporary Waiver Permits Higher Symbol Rate Data for Hurricane Ida Traffic"

penagwin — Mon, 30 Aug 2021 22:22:43 +0000

I've listened to several police radios with my SDR - "old male with [medical condition] at [person's address]" isn't uncommon.

Some research - paramedics are likely covered under HIPAA (if they work for a healthcare entity that provides ambulance services), I don't believe police or the fire department would be covered.

New comment by penagwin in "Incident with GitHub Actions, API Requests, Git Operations, Issues and more"

penagwin — Tue, 10 Aug 2021 15:41:28 +0000

Same here!

> remote: fatal error in commit_refs

New comment by penagwin in "Show HN: Ots – share a secret via one-time URL"

penagwin — Mon, 09 Aug 2021 18:42:58 +0000

Myself and I'm sure many other's can't wait to try it once you have the self hosted version!

New comment by penagwin in "Ask HN: Is anyone working on an open hardware 3G/4G dongle?"

penagwin — Mon, 09 Aug 2021 15:16:10 +0000

Something tells me you might have a difficult time convincing say Qualcomm with just that reasoning.