HackerTrans
TopNewTrendsCommentsPastAskShowJobs

js2

31,184 karmajoined قبل 16 سنة
[email protected]

Submissions

Using a Vision Pro to help install a POE doorbell

old.reddit.com
2 points·by js2·قبل 8 ساعات·1 comments

Show HN: ttyd – Share your terminal over the web

github.com
5 points·by js2·قبل 4 أيام·2 comments

For Kodachrome Fans, Road Ends at Photo Lab in Kansas (2010)

nytimes.com
1 points·by js2·قبل 10 أيام·1 comments

Popping Root on Unifi OS: Unauthenticated RCE Chain Detection and Analysis

bishopfox.com
3 points·by js2·قبل 11 يومًا·0 comments

The Card That Made the Apple II Serious

wiseowl.com
25 points·by js2·قبل 14 يومًا·12 comments

United States Standard for the Colors of Signal Lights [pdf]

nvlpubs.nist.gov
4 points·by js2·قبل 19 يومًا·0 comments

Ice water drowning survival of young patient (2025)

jacc.org
204 points·by js2·قبل 22 يومًا·138 comments

Modeling the Performance of the Burevestnik Nuclear-Powered Cruise Missile

text.npr.org
6 points·by js2·قبل 23 يومًا·2 comments

ESPHome Voice Assistant for the Guition JC3636K718C

github.com
2 points·by js2·قبل 24 يومًا·0 comments

Where in the world, and when, does this human artifact belong?

anthropeum.com
1 points·by js2·الشهر الماضي·0 comments

Individual locomotor bias drives counterclockwise motion in pedestrian crowds

nature.com
6 points·by js2·الشهر الماضي·1 comments

Outlanders, Raleigh's Self-Governed Homeless Community

indyweek.com
3 points·by js2·الشهر الماضي·0 comments

Sandra Bullock Buying a Movie Ticket Online in 1995 [video]

youtube.com
2 points·by js2·الشهر الماضي·0 comments

A Family Secret No More

nytimes.com
1 points·by js2·قبل شهرين·1 comments

Song Sung Blue: From Barstool to Big Screen

reelasdirt.com
1 points·by js2·قبل شهرين·0 comments

Carleton College Cookie House

nytimes.com
2 points·by js2·قبل 3 أشهر·1 comments

Don't Use A.I. To Do This

nytimes.com
4 points·by js2·قبل 3 أشهر·1 comments

A Brief History of the Pull Request (2023)

rdnlsmith.com
2 points·by js2·قبل 3 أشهر·1 comments

Artemis II Flight Day 10: Crew Sets for Final Burn, Splashdown

nasa.gov
4 points·by js2·قبل 3 أشهر·1 comments

Have You Seen This?

nytimes.com
4 points·by js2·قبل 3 أشهر·1 comments

comments

js2
·قبل 8 ساعات·discuss
More details:

https://old.reddit.com/r/VisionPro/comments/1tq34lj/created_...
js2
·أمس·discuss
> There are parts of the U.S. that do this already. Ambulance rides are already subsidized by taxpayers in most places, thanks to public funding for fire departments; and a growing number of places have taken this further.

Indeed, in my county that's the case along with a $60/year subscription program to indemnify yourself against further costs:

https://www.wake.gov/departments-government/emergency-medica...
js2
·أمس·discuss
Can't remember the last time I read a DI article, but I've definitely read them before and value the non-AI content[^1]. Donated.

(Good golly, GoFundMe defaulted to a 17.5% tip. WTF?)

> This fundraiser is entirely separate from our Give a Damn donation system, which aims to cover Damn Interesting monthly expenses —web hosting, subscriptions, usage licenses, link curation, and that sort of thing. An amazing array of donors support us through that system, and those lovely people are the reason we survive to this day. This new experiment is specifically so I myself can afford to spend more time writing and running the site.

I'm left confused...

Why you don't run this experiment through that same system?

Why you don't pay yourself out of that system?

What will happen if this experiment fails?

[^1]: "Rider on the Storm" is very memorable - https://www.damninteresting.com/rider-on-the-storm/
js2
·أول أمس·discuss
> Every now and then, I know you'll never be the boy you always wanted to be. But every now and then, I know you'll always be the only boy who wanted me the way that I am. Every now and then, I know there's no one in the universe as magical and wondrous as you. Every now and then, I know there's nothing any better. There's nothing that I just wouldn't do.

Well, I never knew this till now:

> With 'Total Eclipse of the Heart', I was trying to come up with a love song and I remembered I actually wrote that to be a vampire love song. Its original title was 'Vampires in Love' because I was working on a musical of Nosferatu, the other great vampire story. If anyone listens to the lyrics, they're really like vampire lines. It's all about the darkness, the power of darkness and love's place in the dark.

https://genius.com/Bonnie-tyler-total-eclipse-of-the-heart-l...

https://en.wikipedia.org/wiki/Total_Eclipse_of_the_Heart
js2
·قبل 3 أيام·discuss
Why did an action running in the context of public repo even have access to the private repo? Looking at the workflow, it seems to use the github token which should not normally grant rights to a private repo.

Or was it the agent itself that somehow had elevated permissions? If that's the case, you've misconfigured the agent... we know that agents cannot be trusted to enforce anything.
js2
·قبل 3 أيام·discuss
Thanks. I double checked for alternate spelling but whichever dictionary I used didn't have the U.K. alternative. Good to know.
js2
·قبل 3 أيام·discuss
From the submitted link:

> we distil what it does

FYI, "distill".
js2
·قبل 5 أيام·discuss
Maybe you're just taking the piss from over the pond, but the differing names/spellings aren't just a typo by us dumb, arrogant Americans:

https://en.wikipedia.org/wiki/Aluminium#Naming_and_spelling_...

Cheers. :-)
js2
·قبل 7 أيام·discuss
Can we update the link to https://xkcd.com/3266/

Anyone who wants the large image can click/tap the image, but the revere is harder to do.

In the other direction, Mt. Everest is 8,848.86 meters above sea level. I guess we don't include Lake Tahoe and/or Crater Lake because even though they're deep(ish), their bottoms are above way sea level?
js2
·قبل 8 أيام·discuss
Were you able to unmask an HME address via SMTP or not? If so, was the real address an iCloud.com address?
js2
·قبل 8 أيام·discuss
Why don't you give it a try and report back.
js2
·قبل 8 أيام·discuss
> Try figuring out the message size that the forwarding edge (icloud.com) accepts, but the receiver (the mailbox server) does not.

Is this a theory or did you test this yourself?

Anything even 1 byte less than that rejected at the edge passes through. And there's not a chain of SMTP servers either. It goes through a single SMTP server into my iCloud mailbox.

If you think this is the flaw, you're welcome to prove it. I'm skeptical and not spending more time on it.

Edit: this is with forwarding to an icloud.com address. If forwarding to a private domain and that domain's SMTP servers have more restrictive size limits, then yes, that bounce could reveal the real address. Don't use a non-icloud.com real address with HME. But the original (vague) description of the problem says nothing about whether the real address matters. In any case, I have no way to test that scenario.
js2
·قبل 8 أيام·discuss
I've run decently sized SMTP servers in the course of my career. I have some idea how SMTP works. In my testing, Apple's HME SMTP servers do NOT sanitize the headers at all.

If you setup HME to forward to a non-iCloud address, you absolutely risk leaking information if you reply to an HME email. For example, in my testing, the replies disclosed the DMARC policy I have on my domain when Apple's SMTP servers themselves added that header:

    X-DMARC-Info: pass=pass; dmarc-policy=reject; s=r1; d=r1; pdomain=mydomain.org
(Where "mydomain.org" is my actual personal domain from which I replied when I had HME setup to forward to [email protected].)

So in that sense, I'm agreeing with you.

But, that's not the claim that alexpc201 made. To wit: "sends a response email (from the real address) with the rejected email message"

Sure, that's possible, but I doubt it and I was also unable to trigger such behavior. An oversized message is bounced directly by the receiving SMTP server with:

    message size 67539976 exceeds size limit 28311552 of
    server mx01.mail.icloud.com[17.57.154.33]
I tried various approaches. They all bounce at the edge:

    Reporting-MTA: dns; mailfout.phl.internal
    X-Postfix-Queue-ID: 13B6AEC00E7
    X-Postfix-Sender: rfc822; [email protected]
    Arrival-Date: Thu,  2 Jul 2026 18:28:38 -0400 (EDT)

    Final-Recipient: rfc822; [email protected]
    Original-Recipient: rfc822;[email protected]
    Action: failed
    Status: 5.0.0
    Remote-MTA: dns; mx02.mail.icloud.com
    Diagnostic-Code: smtp; 550 We are unable to send your email as one or more of its attachments may be corrupted or may contain malicious content.
So the theory now has to be that possible to sneak something past the edge SMTP server, past the point where the system rewrites the HME address, then bouncing, and in sending the bounce, failing to properly rewrite something on the way back out, thus disclosing the real address. I remain skeptical that's what's happening.

Elsewhere in this thread someone theorized that the leak doesn't involve SMTP at all, but maybe some other service Apple operates.

---

Since doing this testing, I updated my HME setting to forward to my real iCloud.com address instead of my personal domain. If I then reply on icloud.com, nothing that I can see is leaked.

So basically, the HME SMTP servers are:

1. Rewriting the From and To address in a reply.

2. Are not sanitizing message headers.

3. When replying from a non-icloud.com domain, are actually inserting new headers which leak information such as your domain if you have a DMARC policy setup.

Eeek! So be careful when replying to an HME email! But even though the blog post is vague, I believe the claim is that no reply from the HME address is necessary.
js2
·قبل 9 أيام·discuss
That Received header is inserted by smtp.gmail.com (Google), not Apple.
js2
·قبل 9 أيام·discuss
Can you please clarify whether this is only an issue if I reply to an email sent to one of my HME addresses or whether you can unmask any HME address w/o needing a reply from the recipient.

Can you also clarify whether it matters what the forwarding address is? e.g. whether my HME addresses forward to an icloud.com address (e.g. [email protected]) or say a personal domain associated with my Apple ID (e.g. [email protected]).
js2
·قبل 9 أيام·discuss
Gmail's SMTP servers are what's adding the received header with your IP address, not Apple Mail.
js2
·قبل 9 أيام·discuss
This is your email provider doing this. I use Fastmail. Fastmail does not log the IP of the sender when you use its SMTP servers.
js2
·قبل 9 أيام·discuss
Apple rewrites the From address of before forwarding so that replies go back through its SMTP servers. Those SMTP servers should rewrite the reply not to leak information.
js2
·قبل 10 أيام·discuss
https://www.nytimes.com/2010/12/30/us/30film.html?unlocked_a...
js2
·قبل 10 أيام·discuss
The HP's power-supply is 19.5V:

https://www.ebay.com/itm/235241551377

The SD-500 is available in 12V, 24V, and 48V, none of which adjust to that range:

https://www.meanwell.com/Upload/PDF/SD-500/SD-500-SPEC.PDF

Also, not sure why you're suggesting a DC-DC supply here? His input is AC.