Hacker News: plingbang

New comment by plingbang in "Discord will require a face scan or ID for full access next month"

plingbang — Mon, 09 Feb 2026 16:23:37 +0000

> Teen-by-default settings to roll out globally for all Discord users

Does it mean that even people who reside outside jurisdictions touched by the age verification craze will have to deal with all this?

> use facial age estimation

Surely a kid won't be able to ask someone else to pass the check for them. But let's talk about false positives. If the estimator falsely declares someone an adult, is Discord legally liable?

> submit a form of identification

If you have a picture of an ID document, can you verify that it's real? You'd have to ask the government for that. And at least in one country there is no process for that.

> On-device processing

Oh, a client-side check. Must be secure.

New comment by plingbang in "Benchmarking leading AI agents against Google reCAPTCHA v2"

plingbang — Tue, 11 Nov 2025 14:40:41 +0000

I have a recording of me trying to pass the captcha for straight 5 minutes and giving up. To be fair, this has only happened once.

What is the purpose of such loop? Bots can simply switch to another residential proxy when the captcha success rate gets low. For normal humans, it is literally "computer says no".

New comment by plingbang in "Amazon’s Ring to partner with Flock"

plingbang — Fri, 17 Oct 2025 11:38:16 +0000

citation needed

New comment by plingbang in "Asterinas: A new Linux-compatible kernel project"

plingbang — Fri, 20 Jun 2025 15:29:55 +0000

A very close idea was jokingly suggested in The Birth & Death of JavaScript[1] at 18:07 (rewind to 14:14 for more context)

[1]: https://www.destroyallsoftware.com/talks/the-birth-and-death...

New comment by plingbang in "By default, Signal doesn't recall"

plingbang — Wed, 21 May 2025 19:11:47 +0000

Fighting with the OS is futile. The OS is always in control and apps can only ask it nicely to do things.

Microsoft can simply change Recall to capture DRM-marked content too. And to avoid copyright issues, it will store some kind of visual summary (or whaterer the neural network can use) instead of plain screenshots like it is doing now.

New comment by plingbang in "Xiaomi global bootloader unlock policy has changed"

plingbang — Thu, 02 Jan 2025 12:40:41 +0000

I found a wall of shame that includes manufacturers that make it hard or impossible to unlock the bootloader[1]. It was mentioned in a forum post[2].

[1]: https://github.com/melontini/bootloader-unlock-wall-of-shame

[2]: https://xdaforums.com/t/future-of-unlocking-bootloaders-in-a...

New comment by plingbang in "I was banned from the hCaptcha accessibility account for not being blind (2023)"

plingbang — Mon, 18 Nov 2024 15:55:58 +0000

> It's tricky, though. What else can you do?

I had an idea about amost-privacy-preserving system by involving government ID and blind signatures:

1. The service passes a random string to the user. 2. The user authenticates to their government and asks the government to sign it. 3. The government applies a blind signature which basically says "this user/citizen hasn't registered an account in the last 60 minutes". 4. The government records the timestamp. 5. The user passes the signature back to the service.

Upsides:

* Bypassing this would be orders of magnitude more expensive than phone numbers. * Almost private

Downsides:

* Won't happen. Remote HW attestation is likely to win :( * The service knows your citizenship * The gov knows when and how often you register. * Any gov can always bypass the limits for themselves.

I think it may be also possible to extend it so that the government attests that you have only one account on the service but without being able to find which account is yours.

New comment by plingbang in "IMG_0416"

plingbang — Mon, 11 Nov 2024 13:04:26 +0000

Some time ago there was a website that showed you a random YouTube video. Like truly random. The biggest discovery to me was that a typical video has 0-1 views, nearly always <10. I bet most people don't realize this is how YouTube actually looks like. And I guess it's also a good small reminder to all people trying to become famous on social media.

I believe the website tried to find videos with least bias possible by doing some clever searches using YouTube API (so not just videos titled IMGXXXX). Maybe it was trying to do partial matches on video ID.

New comment by plingbang in "Morsle – A daily Morse code challenge"

plingbang — Mon, 21 Oct 2024 17:07:56 +0000

Looks usable and useful unlike my joke version:

https://plingbang.github.io/morsel/

New comment by plingbang in "Ask HN: Tips for hacking a TV?"

plingbang — Sun, 20 Oct 2024 11:03:53 +0000

That's probably rare but I had a no name TV which just let me just enable adb over network with full root access. IIRC I had to install an app that can launch arbitrary activities so I could access the buildin Android settings menu instead of the crippled TV settings UI.

New comment by plingbang in "Send: Open-source fork of Firefox Send"

plingbang — Sat, 19 Oct 2024 20:07:51 +0000

For a case when file sharing is intended between individuals or small groups there's an easy solution:

Anyone who got the link should be able to delete the file.

This should deter one from using the file sharing tool as free hosting for possibly bad content. One can also build a bot that deletes every file found on public internet.

New comment by plingbang in "Ask HN: Why does Microsoft prohibit employee personal open source projects?"

plingbang — Mon, 02 Sep 2024 15:06:37 +0000

Can you provide some context? Do you mean MS employees are prohibited from doing open source even outside work hours?

New comment by plingbang in "A Collection of Free Public APIs That Is Tested Daily"

plingbang — Wed, 28 Aug 2024 10:41:38 +0000

Awesome but seem to fail on some numbers e.g.

https://api.isfizzbuzz.xyz/api/15000000000000000000000000000...

BTW, there are neat divisibility rules which can give you the answer in practically linear time when the number is in decimal: https://en.wikipedia.org/wiki/Divisibility_rule

New comment by plingbang in "Show HN: I built a simple, open-source tool to manage servers and SSH keys"

plingbang — Tue, 06 Aug 2024 16:22:36 +0000

That's a good point. Moreover, someone built[1] an SSH server that prints your name when you connect (because GitHub publishes SSH public keys of every user):

    ssh whoami.filippo.io

[1]: https://words.filippo.io/ssh-whoami-filippo-io/

New comment by plingbang in "How to build highly-debuggable C++ binaries"

plingbang — Tue, 30 Jul 2024 16:12:32 +0000

> so users can see in real-time what code was run and when

I'm really curious how this was presented to the user. A table with timestamp, filename, line number, and line contents? Or something more advanced?

New comment by plingbang in "Apple Maps on the web launches in beta"

plingbang — Thu, 25 Jul 2024 08:37:56 +0000

I understand they "cannot test every possible browser" and that "users may get subpar experience".

I don't understand why there isn't "continue at your own risk" button. Maybe with a scary warning. It's kind of stupid that I have to spoof UA for a website to let me in. And in most cases, everything just works fine.

Maybe one day I'll create a website to inform about the issue.

New comment by plingbang in "It's never been easier for the cops to break into your phone"

plingbang — Tue, 16 Jul 2024 17:34:57 +0000

Can you name a single Android phone or tablet model that is <10 y.o. for which you can access personal data with this method?

New comment by plingbang in "Integrated assembler improvements in LLVM 19"

plingbang — Mon, 01 Jul 2024 10:10:36 +0000

Why not just an LLM-based interpreter that direclty executes a PDF spec plus edits received by email? No need to recomplile and restart the app. A DB is also not required - the LLM will naturally remember all user requests and figure out the current state. (We'll solve the limitations of context later)

New comment by plingbang in "Discussions: Flat or Threaded? (2006)"

plingbang — Mon, 10 Jun 2024 13:26:55 +0000

And what makes it worse in phpBB and other forum engines is the waste of vertical space. 4 messages on your screen seems to be the maximum despite using smaller fonts than web average nowadays.

New comment by plingbang in "Encryption at Rest: Whose Threat Model Is It Anyway?"

plingbang — Tue, 04 Jun 2024 14:09:34 +0000

> Or you can end up like the people who lost their data [1]

I don't see how encryption at rest could've changed the outcome.

In the article, the cloud provider, which has full control over the VMs, was compromised. The VMs were hosting various Bitcoin services, which needed continuous wallet access for operation. So, I'd say there was no data at rest to be secured. The attackers could theoretically patch the application to make malicious transactions or just extract the wallet from RAM.

Also, the article suggests that the attackers were getting inside the running VMs rather than accessing VM storage directly.