deeqkah's comments

I honestly couldn't get through reading this in it's entirety as i was laughing too hard. I've saved the page so i could finish later.

Clever, utterly insane and timely.

Seems like a subtle advertisement for StartMail, honestly. Google has been doing this for years. I see the op has a previous submission for StartMail, too.

Any reason for that or is it just an attractive application/service to you? I mean, if it's something we should have a better look at, let us know.

There was a relevant update to iTunes last night (or earlier this week) for both OS X and Windows. It is usually these types of updates i keep an eye out for, as it is most importantly an update to certificate validation.

CVE-2013-1014 as it impacts iTunes for Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later (http://support.apple.com/kb/HT5766) -

"Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information

Description: A certificate validation issue existed in iTunes. In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning. This issue was resolved by improved certificate validation."

There were almost forty other CVEs for iTunes on Windows. And just a last bit - the discussion and quality of submissions here at Hacker News has taken a substantial fucking nose dive in the last year. I change my name every so often, but i can tell you that i've been here long enough to say that.

What i found most interesting about this is the slimmed down nature of what you collect. In the video, when you showed the grid of things you've collected... it was really appealing.

I think the real strength of this would be in it's technical implementation; how not-annoying is it in my browser, is it resource heavy, how can i adjust it etc, and then the community around it.

Which is where i think there would have to be some real differences between Pinterest. If you give the user the option to share (or not!) what he/she has collected with other people (perhaps a dedicated page), and played with the idea of how users could interact with each other ("This is what Julie collected on Tuesday," - then i think this idea could have even more potential than it already does.

Good luck to you folks. As i said this is really interesting.

The first thing i did when i opened your link knowing it was a parody was to check how many responses to the article there were. And there were too many. Way too many.

Comments on Hacker News more often than not go into the meta almost immediately, and constantly, so there's usually one comment with well over half of the op's responses nested under it. I use a userscript for HN for this exact reason.

It's upsetting, to be honest.

You know, it's funny because i got a very clever Pay Pal phishing e-mail this morning, linking to a PHP script hosted on renault-astrakhan.ru

What's worse is that i sent invitations to dropbox time ago to people that i have to now contact and say "Please be aware of this phishing e-mail disguised as a Pay Pal e-mail."

+1 for an alternative service, to be honest. Dropbox is very well done, but this is a good reason to stop using their service if they can't secure their clients' information.

It would greatly benefit them if they found the root of the problem, and reported if it were indeed an issue with them or one of the clients for dropbox.

In the David Sanger article published in the Times attributing Stuxnet to the US/Israel, this bit really struck me -

"One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant."

And i don't mean to stray off Stuxnet here, but just really quickly: The chosen-prefix collision attack used in signing the Windows Update malware (FLAME) also suspected of being from the US was a never before published variant.

The computing power alone was on the order of $200k, and makes you wonder what else the NSA or the national labs have up their sleeves.

"And third, for fuck’s sake, you are the Department of Homeland Security. What happens to me the next time I got through TSA at the airport, or try to cross the border into Canada? Do you think I may perhaps be on a “list” and have some difficulties?"

Nice FUD, bro. With what DHS has to do on a day to day basis, your fucking boat isn't making any impressions outside of one office's circle of employees.

If that office failed to serve for whatever reason, and you called them out then congrats on being a good citizen. But suggesting something as big as what you just did is more than a little fear mongering.

But yeah, sorry to hear about your bad day.

How did this get posted? I Posted this last week.

https://news.ycombinator.com/item?id=5221484

Just a heads up - Since submitting this at around 730am EST, Politico has changed the article's title (which the submission mirrored).

Link to the video - https://www.youtube.com/watch?v=gOWGEArhKU8

That's a solid source they have -

"Investigators said the computer attackers that targeted CFR were able to set up a covert network capable of identifying, encrypting and sending stolen information found in targeted and infected computers back to a secret command and control computer."

And they even mentioned that Internet Explorer versions 8 and above were vulnerable. I really hope the AV companies or someone puts together a nice White Paper about this.

But before that, i hope that IE vulnerability isn't a 0day.

"What the Skynet botnet creator realized, is that he could build a much stronger infrastructure at no cost just by utilizing Tor as the internal communication protocol, and by using the Hidden Services functionality that Tor provides."

This is not good, as this kills sinkholing the C&C. Add to that the ease by which this can be obfuscated from AV detection (it's already 15Megs of random data), and you'll have some storms brewing on the horizon.

Looking at the net as the weather, i have to say very recently it's been pretty stormy out. My mail server's been getting hit badly by spam that it hasn't in the past been hit by.

I wonder if the Tor developers could provide any insight on this. If i were them i'd be facepalming like "This is why we can't have nice things."

We're all capable of configuring our chosen distro in such a way that it's comfortable for us to use. We're all also capable of applying our values when choosing that actual distro (in the same way that Richard Stalman does).

Having said that, and i don't mean to insult anyone here, but why are we actually going to go directly into the meta of discussing other people's opinions here?

Why is this discussion relevant here on Hacker News? I don't see this as thought provoking, rather i see it as an open invitation for everyone to contribute to a perverted gossip column.

Resistance to this design decision by Canonical should have been intense when it was announced, and not when someone with an audience decided to state their opinion.

Again, this is in no way meant to insult anyone currently involved in talking about this. As much as everyone here has the opportunity to state why they support either side of the issue, it's also important to make opinions on it's context.

Kill that noise right now.

Before you grabbed that little war drum, if you thought of the consequences you really wouldn't want to start such a conflict in the first place.

The quick, unorganized retaliatory response from an anonymous actor is usually such that it puts innocent services and people directly into the crossfire. Not to mention an anonymous moniker allows anyone to act on the behalf of anyone.

PC guy here. Have used Fedora for years as my daily OS and the only reason i have a Windows VM on my linux machine is actually because i love iTunes so much. I don't have an iDevice, either.

I've used a vast array of media players for Linux and Windows and nothing i can find matches the features iTunes has for organizing my music library.

However, it's difficult to understand why Apple doesn't update iTunes on Windows more frequently. I'm pretty sure the last iTunes update on Windows fixed well over twenty-five security vulnerabilities in open source libraries that were known for upwards of six months to everyone.

While that STILL doesn't match the negligence of companies like Oracle and Adobe, it's still negligence. Unacceptable negligence which is putting users at risk.