Hacker News: reincarnate0x14

New comment by reincarnate0x14 in "Who is Satoshi Nakamoto? My quest to unmask Bitcoin's creator"

reincarnate0x14 — Thu, 09 Apr 2026 07:09:52 +0000

Signal, which shares its name with the propaganda publication of the Third Reich ...

New comment by reincarnate0x14 in "Show HN: TUI-use: Let AI agents control interactive terminal programs"

reincarnate0x14 — Wed, 08 Apr 2026 19:19:16 +0000

I sincerely think the chatbot phenomena is giving people the perspective that whatever hallucinatory conversation they're having is profound because it's the first time they personally have thought about it.

On one hand this is normal in education and pedagogy to have the student or apprentice put the boring pieces together to find the wonder of the puzzle itself, but on the other this is how we end up with https://xkcd.com/927/

New comment by reincarnate0x14 in "Veracrypt project update"

reincarnate0x14 — Wed, 08 Apr 2026 17:57:00 +0000

Microsoft hasn't managed to burn down entire towns (But Copilot is probably working on it), so I suppose we do have at least some kind of gauge of callousness to work off of thanks to PG&E. Which was also the company behind that whole slightly famous Erin Brockovich thing, amongst so very many others.

Sometimes, it's both incompetence AND malice.

New comment by reincarnate0x14 in "Veracrypt project update"

reincarnate0x14 — Wed, 08 Apr 2026 17:46:59 +0000

I had something similar with a 6-letter apple account that has never been compromised but I guess got put on some kind of list, because I had to go through account recovery almost every time I logged in, which wasn't a big deal until I got an iphone. Apple support was completely useless. Random old buried forum post in a stall marked "beware the leopard" mentioned the behavior and suggested changing the account name.

Nothing in the Apple site or phone stuff would even clue the user in to what was happening, much less how to resolve it.

New comment by reincarnate0x14 in "How many products does Microsoft have named 'Copilot'?"

reincarnate0x14 — Sat, 04 Apr 2026 21:27:32 +0000

My "callsign" at work for many, many years was a result of the entire C-suite hearing me laughing about Microsoft Critical Update Notification Tool and sending a manager down to figure what the hell was going on in the test lab.

New comment by reincarnate0x14 in "IPv6 address, as a sentence you can remember"

reincarnate0x14 — Thu, 02 Apr 2026 04:02:21 +0000

If you're assigning addresses, you can make the addresses in a ULA as short as you want. You're supposed to use a random 40 bit network id but if you can accept that you may need to renumber at some point there is no reason you can't use fd12:b:a:d::beef or whatever.

New comment by reincarnate0x14 in "Father claims Google's AI product fuelled son's delusional spiral"

reincarnate0x14 — Wed, 04 Mar 2026 20:56:09 +0000

It is telling that the answer is never stop.

It's like the sobriquet about the media's death star laser, it kills them too because they're incapable of turning it off.

New comment by reincarnate0x14 in "Tove Jansson's criticized illustrations of The Hobbit (2023)"

reincarnate0x14 — Mon, 02 Mar 2026 03:14:34 +0000

In the original version, there is minimal physical description of Gollum (it was dark after all) and the ring was simply a magic ring that granted invisibility. Gollum lost it and IIRC he just let Bilbo go. They whole idea of him being some hobbit-like creature corrupted by the One Ring was not present at all. It was one of a series of fairy-tale adventures no more important than the trolls turning to stone. Bilbo needed a way to sneak around Smaug, so he found a magic ring.

It's doubtless still possible to find that version, I read it in an old country library that had it on the shelf since the 1950s.

New comment by reincarnate0x14 in "Why does SSH send 100 packets per keystroke?"

reincarnate0x14 — Fri, 23 Jan 2026 12:11:36 +0000

If you're debugging your own equipment you should have the certificates or keys to make it work. I'm not saying that's easy in a lot of scenarios, in fact it's frequently tedious as hell. But for example there are debug tools for like DNP3 or RPC over TLS, etc that can watch the whole exchange if provided the keys and parse the SCADA traffic or JSON objects as if it was plaintext.

But this goes back to the vendors not providing better tools in the first place. We shouldn't NEED to be picking apart packet streams to prove to some jackass tech support ticket that their code is FUBAR. They're basically outsourcing support to their customer or userbase and we tolerated it because it was more expedient.

New comment by reincarnate0x14 in "Why does SSH send 100 packets per keystroke?"

reincarnate0x14 — Fri, 23 Jan 2026 01:32:12 +0000

The behavior exists to prevent a 3rd party from inferring keystrokes from active terminal sessions, which is surprisingly easy, particularly with knowledge about the user's typing speed, keyboard type, etc. The old CIA TEMPEST stuff used to make good guesses at keystrokes from the timing of AC power circuit draws for typewriters and real terminals. Someone with a laser and a nearby window can measure the vibrations in the glass from the sound of a keyboard. The problem is real and has been an OPSEC sort of consideration for a long time.

The client and server themselves obviously know the contents of the communications anyway, but the client option (and default behavior) expects this protection against someone that can capture network traffic in between. If there was some server side option they'd probably also want to include some sort of warning message that the option was requested but not honored, etc.

New comment by reincarnate0x14 in "Why does SSH send 100 packets per keystroke?"

reincarnate0x14 — Fri, 23 Jan 2026 00:04:18 +0000

I used to share that opinion but after decades in industrial automation I find myself coming down much more on the "yeah, encryption everywhere" because while many vendors do not provide good tools for debugging, that's really the problem, and we've been covering for them by being able to snoop the traffic.

Having to MITM a connection to snoop it is annoying, but the alternative appears to be still using unencrypted protocols from the 1970s within the limitations of a 6502 to operate life-safety equipment.

New comment by reincarnate0x14 in "Why does SSH send 100 packets per keystroke?"

reincarnate0x14 — Thu, 22 Jan 2026 23:26:08 +0000

It sort of already is. This behavior is only applied to sessions with a TTY and then the client can disable it, which is a sensible default. This specific use case is tripping it up obviously since the server knows ahead of time that the connection is not important enough to obfuscate and this isn't a typical terminal session, but in almost any other scenario there is no way to make that determination and the client expects its ObscureKeystrokeTiming to be honored.

New comment by reincarnate0x14 in "IPv6 is not insecure because it lacks a NAT"

reincarnate0x14 — Wed, 21 Jan 2026 11:43:00 +0000

No idea what you're doing on a daily basis, but let's grab a not-exactly random example. You and your friends are at your house trying to play an online game of King's Court (it's super checkers!) with some friends in Denmark. For whatever reason the developers decided all clients will use port 12345 to communicate. In ipv4 with NAT, local connections will be possible but only the first one to try to communicate out will ever possibly succeed. You and your friend are thwarted and have to find some NAT-defeating means or just give up on doing 10-jump moves to ruin each other's evenings and have an internet drinking game. With IPv6, all of it works fine.

Most casual users have lived with NAT so long they assume its limitations are natural. But they are not. You can achieve the same result with a firewall or ACLs or whatever on ipv6, but that's a choice and not a limitation.

New comment by reincarnate0x14 in "IPv6 is not insecure because it lacks a NAT"

reincarnate0x14 — Wed, 21 Jan 2026 06:26:27 +0000

WebRTC and similar tools have existed for over a decade at this point and been abused horribly. Many common UPNP or similar daemons trust ANYTHING on the "trusted" side and will happily grant basically anything asked for because their vendors don't want customer support calls over whatever insane behavior some printer or IOT lightbulb is doing without the end user's knowledge.

New comment by reincarnate0x14 in "IPv6 is not insecure because it lacks a NAT"

reincarnate0x14 — Wed, 21 Jan 2026 06:03:44 +0000

You can do the many-to-few (or one) NAT behavior with port rewrites in IPv6 if you want to, there are just few circumstances it makes any sense.

FWIW the broad IPv6 network-prefix NAT behavior ALSO EXISTS in IPv4, it's just less applicable.

New comment by reincarnate0x14 in "IPv6 is not insecure because it lacks a NAT"

reincarnate0x14 — Wed, 21 Jan 2026 05:41:31 +0000

UPNP and a dozen other NAT defeating tactics exist and have since the early 2000s. NAT translates addresses. Thinking a non-routable range is safe because it's behind NAT is at this point grossly ignorant of how modern network equipment works. It's kind of like port-knocking; yes it makes the attack slightly harder, but doesn't prevent it.

e.g. symmetric NAT exists and often doesn't come with a stateful firewall. Just because the linux box with iptables is protecting your network uses NAT doesn't mean NAT is doing the heavy lifting here. I can see the OMG MY PRIVACY crew is out in force here apparently misunderstanding that NAT does not do that either. I mean, we can explain things to you, but we can't understand it for you.

New comment by reincarnate0x14 in "Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation"

reincarnate0x14 — Sat, 17 Jan 2026 22:32:53 +0000

I mean this kindly, but if you're still using net-netlmv1 on anything that matters, you need to pay much more mind to your own business because even the original vendor of it has been telling you to get off that since 1999 because it is not safe.

If you're using it on something that doesn't matter, then it also doesn't matter that rainbow tables any attacker could have already had for a decade are slightly more available.

New comment by reincarnate0x14 in "Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation"

reincarnate0x14 — Sat, 17 Jan 2026 07:37:06 +0000

It's been 15 years since this was known broken. If you had children when it was not known broken, they'd be almost old enough to drive in most western nations.

At some point the line must be drawn.

New comment by reincarnate0x14 in "Releasing rainbow tables to accelerate Net-NTLMv1 protocol deprecation"

reincarnate0x14 — Sat, 17 Jan 2026 07:29:03 +0000

You're not wrong, I just want to point out this is net-lmvm1, which is different and more complex. Not functionally meaningfully more complex to an adversary with a few hundred USD (almost typed LSD) in monies. But technically larger tables. That being said I'm in agreement that this has been known problem for 10+ years, and Google is just saying the horses are so long out of the barn their grandchildren are grazing.

New comment by reincarnate0x14 in "STFU"

reincarnate0x14 — Sat, 17 Jan 2026 06:31:56 +0000

It's 3am and we're arguing some insipid minutae over technically illegal tequila shots while one drunk girl is breaking it down on the tiny dance floor :)