Hacker News: r1ch

New comment by r1ch in "A Roblox cheat and one AI tool brought down Vercel's platform"

r1ch — Tue, 21 Apr 2026 12:49:54 +0000

The timeline is off too if the Trend Micro report is to be believed. It makes for a catchy headline, but a source is definitely warranted here.

New comment by r1ch in "My Google Workspace account suspension"

r1ch — Sun, 05 Apr 2026 14:17:36 +0000

I recently had to go through the recovery flow for an admin account and it was wild. Despite Google manually unlocking the account and giving me a reset link, every login was forced to authenticate via SMS using the (removed) phone number. Luckily I was able to get a hold of it and get the code, but even after adding a TOTP and security key 2FA, further logins still required SMS.

It feels like the security team made this change to reduce account hijacking but it's at complete odds with the recovery flow and modern security practices. Better hope your phone number doesn't get hijacked or recycled because it's the key to your account now, security keys be damned.

New comment by r1ch in "The RCE that AMD won't fix"

r1ch — Fri, 06 Feb 2026 12:54:36 +0000

Anyone can request a CVE, this is sadly the most likely path towards getting it fixed.

New comment by r1ch in "Notepad++ hijacked by state-sponsored actors"

r1ch — Mon, 02 Feb 2026 04:39:02 +0000

Every shared hosting provider has this risk. Critical projects should be using dedicated or VPS hosting, preferably with encrypted filesystems too as even datacenter techs can fall victim to social engineering.

I'm pretty surprised that they got away with unsigned updates and shared hosting as long as they did. I wonder how many similar popular projects are out there on dodgy infrastructure.

New comment by r1ch in "Vitamin D and Omega-3 have a larger effect on depression than antidepressants"

r1ch — Thu, 29 Jan 2026 11:03:48 +0000

Please do not take 5000mg/day of Vitamin D. The author confuses IU and mg which is very dangerous.

New comment by r1ch in "Copy-Item is slower than File Explorer"

r1ch — Sun, 07 Dec 2025 00:04:29 +0000

Yes, that's standardized but is only rated for up to 30 meters at the higher speeds you get from it, so it's not very useful outside of server room / data center applications and you probably want to be using fiber at that point.

New comment by r1ch in "Copy-Item is slower than File Explorer"

r1ch — Sat, 06 Dec 2025 23:17:41 +0000

The bottleneck with SFTP / SCP / SSH is usually the server software - SSH can multiplex streams, so it implements its own TCP-style sliding windows for channel data. Unfortunately OpenSSH and similar server implementations suffer from the exact same problems that TCP did, where the windows don't scale up to modern connection speeds, so the maximum data in-flight quickly gets limited at higher BDPs.

HPN-SSH[1] resolves this but isn't widely deployed.

[1] https://www.psc.edu/hpn-ssh-home/

New comment by r1ch in "Copy-Item is slower than File Explorer"

r1ch — Sat, 06 Dec 2025 23:12:02 +0000

OP mentions using "Cat 7" cables - please don't buy these. Cat 7 isn't something that exists in TIA/EIA standards, only in ISO/IEC and it requires GG45 or TERA connectors. Cat 7 with RJ45 connectors isn't standardized, so you have no idea what you're actually getting. Stick with pure copper Cat 6A.

New comment by r1ch in "Trick users and bypass warnings – Modern SVG Clickjacking attacks"

r1ch — Fri, 05 Dec 2025 04:09:15 +0000

The modern way to do this is with the Content-Security-Policy: frame-ancestors directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

New comment by r1ch in "How to Run WordPress completely from RAM"

r1ch — Sun, 12 Oct 2025 17:40:58 +0000

Cloudflare will actually slow down TTFB for small, less popular sites since they don't maintain a keepalive connection to the origin. This means you pay an additional TCP/TLS setup cost from the Cloudflare POP to the origin which is worse than a direct connection. I also tried testing a smart-placed worker and cloudflared, neither of which seemed to help.

New comment by r1ch in "Cloudflare Radar: AI Insights"

r1ch — Tue, 02 Sep 2025 01:32:07 +0000

Ironically the AI crawlers I do want to block - the million-IP-strong residential botnets that fake their user agents - Cloudflare doesn't detect at all.

New comment by r1ch in "DSLRoot, proxies, and the threat of 'legal botnets'"

r1ch — Thu, 28 Aug 2025 15:28:31 +0000

At first they were easily detectable using HTTP header analysis - e.g. pretending to be Chrome but not sending the headers that Chrome always sends. Now it's a combination of TLS / HTTP protocol level analysis and application layer - e.g. we send a cookie on the user's "normal" page view and check it exists on the higher-resource usage pages they might later visit - the bots don't care about normal viewing patterns and try to hit the higher-resource pages on their first visit, so they get blocked.

New comment by r1ch in "DSLRoot, proxies, and the threat of 'legal botnets'"

r1ch — Tue, 26 Aug 2025 16:52:14 +0000

Residential proxy botnets have exploded since LLMs became a thing. The amount of DDoS-level scraping we receive from residential IPs has exploded over the last year, one of our sites that typically sees around 10k unique IPs per day jumped to over 2M before we were able to deploy appropriate mitigations. We originally started blocking the IPs, but then we ended up blocking legitimate users as they seem to specifically use ISPs that have very dynamic IPs (i.e. the customer's IP will change even if their router stays on 24/7).

New comment by r1ch in "Google will allow only apps from verified developers to be installed on Android"

r1ch — Mon, 25 Aug 2025 22:12:22 +0000

This is the same direction that Microsoft is taking Windows. Smart App Control is already rolling out to some regions - no .exe will run without a code signing certificate.

https://learn.microsoft.com/en-us/windows/apps/develop/smart...

New comment by r1ch in "A 14kb page can load much faster than a 15kb page (2022)"

r1ch — Sat, 19 Jul 2025 16:10:12 +0000

Loss-based TCP congestion control and especially slow start are a relic from the 80s when the internet was a few dialup links and collapsed due to retransmissions. If an ISP's links can't handle a 50 KB burst of traffic then they need to upgrade them. Expecting congestion should be an exception, not the default.

Disabling slow start and using BBR congestion control (which doesn't rely on packet loss as a congestion signal) makes a world of difference for TCP throughput.

New comment by r1ch in "Show HN: I built a(nother) house optimized for LAN parties"

r1ch — Sun, 17 Nov 2024 01:49:17 +0000

Thanks, somehow I missed that entry.

New comment by r1ch in "Show HN: I built a(nother) house optimized for LAN parties"

r1ch — Sat, 16 Nov 2024 22:45:54 +0000

How did you deal with the length of the USB and display cables? I thought after 5m or so things would start falling apart. Are there active extenders and can they can handle 240+ Hz?

New comment by r1ch in "Before you buy a domain name, first check to see if it's haunted"

r1ch — Sat, 26 Oct 2024 15:08:41 +0000

This can also happen with IP addresses. We recently moved one of our sites to a new IP and got a trickle of complaints about it being inaccessible from various authoritarian countries. After some digging, the new IP was used as a Tor bridge (not even an exit node) over _ten years ago_. I gave up any hope of fixing that and just ordered a different IP address.

New comment by r1ch in "We accidentally burned through 200GB of proxy bandwidth in 6 hours"

r1ch — Thu, 19 Sep 2024 17:35:46 +0000

The end user typically has their device compromised by using free apps where the developers were bribed $$$ to add the proxy "SDK". The botnet operator then rents out the bandwidth at exorbitant rates to anyone who will pay for it.

Chrome extensions are also a huge source of this, they look for extensions with a large install base and then make an offer to buy it to turn all the users into proxies.

New comment by r1ch in "Cloudflare Introduces Automatic SSL/TLS"

r1ch — Fri, 09 Aug 2024 08:54:43 +0000

The re-encrypted part isn't necessarily true though and you have no way of knowing. Users are misled because they see a nice secure lock icon in the browser, but that only protects the connection to the local Cloudflare POP, the rest of the way to the origin is all vulnerable to MITM.

As a security company, anything less than "Full (Strict)" should not exist.