Hacker News: timsh

A net of scammer groups on Telegram

timsh — Sat, 13 Dec 2025 10:07:28 +0000

Article URL: https://timsh.org/scam-telegram-investigation/

Comments URL: https://news.ycombinator.com/item?id=46253441

Points: 3

# Comments: 0

Why you should self-host

timsh — Tue, 07 Oct 2025 10:22:40 +0000

Article URL: https://timsh.org/why-you-should-self-host/

Comments URL: https://news.ycombinator.com/item?id=45501358

Points: 1

# Comments: 0

New comment by timsh in "We Built Real-World Robotic Games Without a Wild Budget"

timsh — Tue, 23 Sep 2025 15:09:03 +0000

Super cool! I love how the form factor evolved over time - do you think current Robomates will stay the same or change with time?

New comment by timsh in "NPM debug and chalk packages compromised"

timsh — Mon, 08 Sep 2025 18:17:54 +0000

If it produces no output, does that mean that there's no code that could act in the future? I first acted out of nerves and deleted the whole node-modules and package.lock in a couple of freshly opened Astro projects, curious if I should considered my web surfing to still be potentially malicious

New comment by timsh in "A blog does not need “analytics”"

timsh — Sat, 30 Aug 2025 22:46:20 +0000

you can simply selfhost Plausible or other not-invasive analytics to see all aggregated info you might need. it will be 100% yours and compliant with all sorts of privacy laws and principles

New comment by timsh in "If you have a Claude account, they're going to train on your data moving forward"

timsh — Sat, 30 Aug 2025 21:21:07 +0000

Im all in for the ai hate, but this kind of hysteria on HN is devaluing all the serious discussions about AI safety, skepticism and regulation.

They literally show you a full-page popup with clear text snd OPT IN toggle. It doesn’t seem really shady to me (or worth 10 separate posts on HN).

That said, if this popup doesn’t appear when you sign up after 28th, that would be a dark pattern and shady stuff. For now it’s just clickbait

New comment by timsh in "Is 4chan the perfect Pirate Bay poster child to justify wider UK site-blocking?"

timsh — Mon, 25 Aug 2025 09:24:16 +0000

This whole online safety act thing gives me goosebumps.

I had lived most of my live in Russia until migrating in 2022 and I’m pretty familiar with what it means when the gov starts messing with digital censorship.

If you’re not aware, it’s getting systematically harder and harder to browse the free web in Russia despite 50%+ of population using “some” VPN app.

And I’m not even talking extremist / anti-russian resources that the government turned against originally, but most of the independent websites that use CloudFlare free tier, for example. Because cloudflare enables proxying and a couple other IP-masquerading techniques by default, to effectively block a single website you have to block the entire cloudflare IP range and DNS - which is >20% of the web.

As for the VPNs, most of the common protocols and frameworks (eg OpenVPN) are already banned + detected via DPI, and people have to get into more and more sophisticated setups like VLESS+Reality (= most of the non-technical people can’t set it up by themselves or even buy a subscription to such thing). “Simple” shadowsocks, originally popularized in China to fight the great firewall are already almost rendered completely useless.

And it will get worse. The gov service which is responsible for blocking has a very high budget + some pretty neat tech to help them cut off more and more ways to bypass the censorship.

This is the future of any state that gets into this game. The future where you might have to become very proficient in networking and use some “shady” stuff like Tor to just read a blog post about Linux.

It doesn’t matter what it starts with - fighting anti-gov propaganda or, for god’s sake, porn (the least harmful thing for the kids in this horrible ai-post-capitalism world that we live in) — once the regulators get the feeling of power over the free web, every lobbyist, organization and party will come for a part of the web that you personally might enjoy, or even earn living from.

New comment by timsh in "AI crawlers, fetchers are blowing up websites; Meta, OpenAI are worst offenders"

timsh — Thu, 21 Aug 2025 14:27:24 +0000

A bit off-topic but wtf is this preview image of a spider in the eye? It’s even worse than the clickbait title of this post. I think this should be considered bad practice.

New comment by timsh in "End well, this won't: UK commissioner suggests govt stops kids from using VPNs"

timsh — Thu, 21 Aug 2025 12:08:49 +0000

This whole online safety act thing gives me goosebumps.

I’d lived most of my live in Russia until migrating in 2022 and I’m pretty familiar with what it means when the gov starts messing with digital censorship.

If you’re not aware, it’s getting systematically harder and harder to browse the free web in Russia despite 50%+ of population using “some” VPN app.

“Simple” shadowsocks, originally popularized in China to fight the great firewall are already almost rendered completely useless.

And it will get worse. The gov service which is responsible for blocking has a very high budget + some pretty neat tech to help them cut off more and more ways to bypass the censorship.

New comment by timsh in "Streaming services are driving viewers back to piracy"

timsh — Fri, 15 Aug 2025 07:45:16 +0000

hey, maybe you’d never heard of https://ororo[.]tv this is exactly what you describe, at lease for movies + shows…

just in case - not an ad, not affiliated with them anyhow, just use it for years with all my friends and family.

there are subtitles is 20+ languages, direct download links, no ads, and new episodes come out pretty fast (usually <24 hours from official release).

We trained LLM to find reentrancy vulnerabilities in smart contracts

timsh — Tue, 05 Aug 2025 14:37:49 +0000

Article URL: https://blog.unvariant.io/how-we-trained-llm-to-find-reentrancy-vulnerabilities-in-smart-contracts/

Comments URL: https://news.ycombinator.com/item?id=44798541

Points: 2

# Comments: 0

Switching to Claude Code and VSCode Inside Docker

timsh — Fri, 11 Jul 2025 15:11:24 +0000

Article URL: https://timsh.org/claude-inside-docker/

Comments URL: https://news.ycombinator.com/item?id=44533044

Points: 265

# Comments: 161

New comment by timsh in "Microsoft suspended the email account of an ICC prosecutor at The Hague"

timsh — Sat, 21 Jun 2025 16:15:26 +0000

not trying to justify it even a bit, but shouldn't people in his position (actively acting against the US-supported position) use something more secure? Like proton for starters?

I think most of the activists know the drill (not to use gmail/outlook/icloud... in their activism-related communications).

Ask HN: Where to look for research and writing opportunities in privacy&security

timsh — Fri, 02 May 2025 15:48:16 +0000

I have recently seen a job description at Palisade Research with such summary:

“Research generalists conduct experiments, build demonstrations and prototypes, write papers and blog posts about their findings. The ideal candidate combines the skills of a startup CTO and a scientist.”

Which I thought describes my experience, what I know and want to do quite good.

I’m looking for similar positions and opportunities, preferably part time, in the privacy, security and safety domains. Ideally - on a commercial basis, but would also be interested in project work with non-profits.

Any advice on where to look? Maybe anyone here has or seen a similar-looking role?

I got into the field about a year ago, and so far was doing independent research and blogging about it on https://timsh.org. I also did some small projects with non-profit organizations and enjoyed that a lot.

Comments URL: https://news.ycombinator.com/item?id=43871367

Points: 1

# Comments: 0

New comment by timsh in "Everyone knows your location, Part 2: try it yourself and share the results"

timsh — Sun, 20 Apr 2025 14:37:10 +0000

The difference should be only at the consent level, eg you might see less or more “Accept All” buttons with different design or different ToS linked. I don’t believe there’s a real difference on the code or even SDK level based on geo.

New comment by timsh in "Everyone knows your location, Part 2: try it yourself and share the results"

timsh — Thu, 17 Apr 2025 21:29:59 +0000

I mean, there should be something! Maybe not with this exact list of apps, but the code should be similar to other "how-to-record-traffic" guides.

New comment by timsh in "Everyone knows your location, Part 2: try it yourself and share the results"

timsh — Thu, 17 Apr 2025 19:53:35 +0000

author here to answer any questions or discuss an app

New comment by timsh in "Coolify: Open-source and self-hostable Heroku / Netlify / Vercel alternative"

timsh — Sun, 06 Apr 2025 12:58:14 +0000

Been using coolify to host my blog + analytics + a couple personal projects for around 6 months.

Good for 1-click installs that “don’t need” a lot of maintenance, like Ghost, Plausible, etc.

Had some issues with spikes in CPU usage (similar case: https://github.com/coollabsio/coolify/issues/3226) Monitoring is not enough but I just go straight to the container im looking for and htop it.

For not 1-click I still sometimes feel like bumping into a brick wall, and go for a standalone docker-compose setup outside of coolify. Coolify is too high-level to debug small Docker intricacies (or maybe it’s that I’m bad with that).

New comment by timsh in "Github scam investigation: Thousands of “mods” and “cracks” stealing data"

timsh — Fri, 28 Feb 2025 14:59:12 +0000

It’s not included in the list since it’s the stealer itself - it’s not misleading, it says “stealer”/“grabber”. But yeah the fact that it’s out still there is scary

New comment by timsh in "Github scam investigation: Thousands of “mods” and “cracks” stealing data"

timsh — Fri, 28 Feb 2025 10:59:32 +0000

I don't think that repositories presented and named as Malware or Virus should be deleted - they're good for educational and research purposes I guess. I specifically mean those that impersonate as legit programs (if you can call a "free download" or "mod" apps legit).