Hacker News: xx_ns

New comment by xx_ns in "AUR packages compromised with Infostealer and Rootkit"

xx_ns — Fri, 12 Jun 2026 12:26:24 +0000

This campaign is still ongoing. I just got an email that one of my old packages (which hasn't worked for years and was orphaned for a while) was adopted and immediately a malicious commit was pushed. They seem to be using bun instead of npm now, so any npm-based workaround likely isn't effective.

https://aur.archlinux.org/cgit/aur.git/commit/?h=toggldeskto...

New comment by xx_ns in "Hacking your PC using your speaker without ever touching it"

xx_ns — Wed, 03 Jun 2026 11:45:17 +0000

That would've been a cool PoC to work on as well, but seems a fair bit more complicated than the BadUSB-style attack I ended up doing. Would've had to do a lot more RE to figure out how to interact with the whole microphone subsystem, I think.

Pwnd Blaster: Hacking your PC using your speaker without ever touching it

xx_ns — Wed, 03 Jun 2026 10:53:00 +0000

Article URL: https://blog.nns.ee/2026/06/03/katana-badusb/

Comments URL: https://news.ycombinator.com/item?id=48382310

Points: 699

# Comments: 122

New comment by xx_ns in "A walking tour of surveillance infrastructure in Seattle (2020)"

xx_ns — Tue, 02 Jun 2026 14:12:16 +0000

> A probe packet contains the MAC address as well as the list of all the past Wi-fi networks that your device has tried to join before, which can reveal a lot about you!

Generally, most modern devices send broadcast/wildcard probes precisely to avoid leaking the PNL. From what I know, directed probes are only sent for hidden APs.

New comment by xx_ns in "Leaving GitHub for Forgejo"

xx_ns — Wed, 13 May 2026 13:17:52 +0000

From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.

New comment by xx_ns in "Flock Condemns False Child Predator Allegations, Yet Calls Critics Terrorists"

xx_ns — Sat, 18 Apr 2026 14:15:12 +0000

I'm not from the US, so I hope you excuse my ignorance, but who exactly voted for mass surveillance or AI cameras?

New comment by xx_ns in "Škoda DuoBell: A bicycle bell that penetrates noise-cancelling headphones"

xx_ns — Wed, 08 Apr 2026 11:17:52 +0000

I wish my city only had a single case like that. Unfortunately, in Tallinn, it is extremely common that a bike path is suddenly routed onto the curb, and that's when you're lucky. For some paths, the path just... ends, and you suddenly find yourself right in the middle of car traffic. Unfortunately, the city leadership is anti-bike and pro-car, and it shows in the infrastructure.

Paths where pedestrians and bikers (and other light transportation vehicles) are mixed are overwhelmingly common.

New comment by xx_ns in "Log File Viewer for the Terminal"

xx_ns — Tue, 24 Mar 2026 08:14:18 +0000

According to the linked homepage, the memory usage seems decent (few hundred megs for most use cases when working with a 3.3G logfile). There's a screenshot with various tasks and what the peak memory usage is.

At some point you need to keep quite a large context in memory to have both decent performance and useful features (that aren't unbearably slow to use). lnav seems to land at a reasonable middle ground.

Reverse engineering the Creative V2X soundbar to be able to control it on Linux

xx_ns — Fri, 20 Feb 2026 16:39:06 +0000

Article URL: https://blog.nns.ee/2026/02/20/katana-v2x-re/

Comments URL: https://news.ycombinator.com/item?id=47090276

Points: 2

# Comments: 0

Solving Fossil's ASCII art CAPTCHA in 171 characters

xx_ns — Thu, 29 Jan 2026 13:18:53 +0000

Article URL: https://blog.nns.ee/2026/01/29/fossil-captcha-solver

Comments URL: https://news.ycombinator.com/item?id=46809836

Points: 6

# Comments: 1

Reverse engineering my e-scooter and finding the master key to unlock them all

xx_ns — Tue, 06 Jan 2026 14:27:52 +0000

Article URL: https://blog.nns.ee/2026/01/06/aike-ble

Comments URL: https://news.ycombinator.com/item?id=46512674

Points: 39

# Comments: 1

New comment by xx_ns in "Turning an old Amazon Kindle into a eInk development platform (2021)"

xx_ns — Tue, 30 Dec 2025 21:22:22 +0000

Usable enough to run a Linux DE on it! I did so on my blog: https://nns.ee/kindle

New comment by xx_ns in "Cloudflare was down"

xx_ns — Fri, 05 Dec 2025 08:56:03 +0000

At least it's still right in spite of being down.

New comment by xx_ns in "This blog is now hosted on a GPS/LTE modem (2021)"

xx_ns — Tue, 25 Nov 2025 21:27:19 +0000

Good question! I wasn't too concerned about this, because the only way you could even interact with the OS where the server was running was via HTTP requests, which are fairly limited in nature. The OS or kernel itself wasn't directly exposed per se.

New comment by xx_ns in "This blog is now hosted on a GPS/LTE modem (2021)"

xx_ns — Tue, 25 Nov 2025 19:58:10 +0000

Just a little play on the recent HN post: https://news.ycombinator.com/item?id=46016902

Project that I did a few years ago. You might also be interested in the retrospective where I detail what all went wrong: https://blog.nns.ee/2025/04/01/modem-blog-retrospective/

This blog is now hosted on a GPS/LTE modem (2021)

xx_ns — Tue, 25 Nov 2025 19:58:10 +0000

Article URL: https://blog.nns.ee/2021/04/01/modem-blog

Comments URL: https://news.ycombinator.com/item?id=46049981

Points: 68

# Comments: 7

New comment by xx_ns in "Why Castrol Honda Superbike crashes on (most) modern systems"

xx_ns — Mon, 17 Nov 2025 11:45:14 +0000

Apologies, that's what I meant to say. I blame that on my lack of coffee today, my bad.

New comment by xx_ns in "Why Castrol Honda Superbike crashes on (most) modern systems"

xx_ns — Mon, 17 Nov 2025 11:25:52 +0000

The author linked to the repo and the code is at https://github.com/seritools/castrol-honda-dinput-fix/blob/m...

Seems pretty straightforward. They hook DirectInputCreateA() and pass their own device enumeration wrapper with the offending flag removed.

New comment by xx_ns in "Why Castrol Honda Superbike crashes on (most) modern systems"

xx_ns — Mon, 17 Nov 2025 10:16:23 +0000

I appreciated the footnote on filesize optimization as someone who's constantly trying to compulsively generate the smallest binaries possible.

Interesting article, thank you.

New comment by xx_ns in "A new Google model is nearly perfect on automated handwriting recognition"

xx_ns — Fri, 14 Nov 2025 23:47:43 +0000

Am I missing something here? Colonial merchant ledgers and 18th-century accounting practices have been extensively digitized and discussed in academic literature. The model has almost certainly seen examples where these calculations are broken down or explained. It could be interpolating from similar training examples rather than "reasoning."