Great work! This is my favourite type of vulnerability, simple, effective and brutal. Reminds me of a time two decades ago when with a friend from uni we theorised about a perfect server vulnerability where you’d exploit a machine by pinging it. And of course, two years ago it was in fact discovered as CVE-2022-23093.
It was actually almost 3 decades ago, making me feel extremely old - the period right at the end of '96 and into mid '97 when this was a popular way to cause mischief via IRC was truly a magical time
Hard to believe that during those times in IRC, you were used to automatically (and proudly) advertising your IP address, your exact client version, and the means for a direct connection to your client without any server in between (CTCP, literally “client-to-client protocol”). And all of that most often with no packet filter whatsoever, not even NAT, in between.
Everything was plaintext, including “authentication”, which was (at best) just asking the “ident server” on the same machine as your client who you claimed to be, which was considered sufficient because, after all, to run identd on its “privileged” low port meant you were an “administrator” (i.e. root of a unix machine).
CTCP messages still go through the server. DCC (direct client connection) are the p2p connections you are thinking of, but they of course don’t work behind nat.
I was behind NAT when I first got on IRC in ‘98. I set it up with ipfwadm.
Ah you are right, I mixed CTCP and DCC up. The former was also used to set up the latter I think? (Among other things.)
I joined IRC in the early 90s, there was no NAT then, packet filtering was uncommon, and practically nothing on the Internet was encrypted. It was a very different time.
When I was in college circa 2001 we used to prank each other with the ping of death and other crash exploits. Also random IPs on the college network when we were bored. It was crazy how long it was around for and how easy it was to exploit.
Try scrolling down. On mobile (maybe because of ad blockers) Wayback pages have a full screen of white space above the page contents anymore for me. This happens on pretty much every Wayback page I've tried. It's also relatively recent and I'm not sure the exact cause.
Only if their modem didn’t implement the Hayes command set properly or you could otherwise control the per-character timing of the OS sending. It required a pause (1sec by default), “+++” with no pauses, another pause, _then_ the ATH command
I had an external USRobotics 56k modem, I was immune. But the many many "bulk" no-name modems were vulnerable. You could ping entire ranges of dial-up IPs and watch the results on big IRC channels. Uhmmm, allegedly :)
I’m too lazy to look it up but there was some string you could send over IRC that would make some routers drop the connection immediately - if you pasted that string in a big channel you would see dozens of people immediately disconnect.
This caused the DCC ALG helper in ancient Linux kernels to close the connection, as they failed to parse 0 as a valid IP address. Users connecting to IRC servers over TLS were immune, as the ALG helper in the router could not observe the traffic.
This is what breaks DCC in general -- to use DCC on IRC while connecting to the server over TLS and behind a NAT, you must instruct your client to use a specific range of ports for DCC and preforward those ports to your machine in your router, as the ALG helper cannot mark the incoming connection as RELATED (and forward it through to you) as it cannot see the outgoing command that caused the incoming connection to occur. You must also instruct your client to determine the correct external IP address to advertise, as the ALG helper will be unable to rewrite it when the router does masquerading.
it was `{S /con/con`; my memory transposed two characters. the {S was the "system message" that AOL chatrooms used to send sounds, so that sequence of characters after a newline made your computer look for that sound. It was cool if everyone was trusted to not do the /con/con, people would have email chains with the audio files on them, like a proto-napster.
I remember you could brute force passwords by brute forcing in sequence single characters to access anyone’s disk on a giant dialup network. Crazy times.
Hilariously, the PPP (Point-to-Point Protocol) is still used in modern IoT modules. It is actually the only way to run your own TCP/IP stack (and maintain control over TLS), as not all modules support QMI or MBIM.
There’s a moral in this story but the HN crowd ain’t gonna like it: money is capital. Two years ago the author had no job and 80k in the bank. At least half was disposable. Had he invested that 40k or more in a risk-averse fashion (20% s&p/btc; 80% t-bills) his position today would be much better. Instead he ate through his capital. Always invest your disposable savings or income. Hate me now. Thank me later.
Yep, 2024 market is considerably too good though. When he about to quit, I'd expect 8% yield (pessimistic) per year, so $6.4k/yr or $533/mo, that's "good" living quality in non major cities in Thailand. But to be fair, it's only good for locals, not for foreigners. And that $80k also needs to be invested 1 year before quitting.
If you get 8% returns per year on average, the expected annualized return over a multi-year period is going to be LESS than 8%.
This is because you won't get exactly 8% each year. For example, suppose the returns over a 3-year period are: 20%, -10%, 14%. In this case, the return over the whole period is 23.21% (= (1 + 0.20) * (1 - 0.10) * (1 + 0.14) - 1). On the other hand, a 8% return each year would have resulted in a 25.97% return over the whole period (= (1 + 0.08)^3 - 1).
The type of people that want to start companies rarely invest. Once you adopt an investor mindset you start to see startups as one of the riskiest investments you could ever make.
I've seen quite a few one hit entrepreneurs lose it all chasing the next idea and never investing anything.
Indie startup (or just simply call it "selling app online") is not bad if your "capital is lower than $1M" AND "desirable MRR at $10k". You can beat $1M capital, 10% return .. by making $10k MRR SaaS instead.
The difference is volatility. S&P and BTC hit their bottoms around Nov 2022. Since then the former is almost 2x up, the latter almost 7x. Similarly once they hit their tops, S&P will go down 15-20% but BTC more like 50-70% down.
oh that's funny, somebody saying they should buy bitcoin with part of their money rather than blow it in 2 years trying to pursue their entrepreneur dreams.
Planet Earth will be fine. It survived much worse than some little human emissions. The meteor and winter that followed that killed off the dinosaurs was much worse than some elevated CO2. Whether humanity survives this is another question. My bet is we will, since we are like roaches. But many will die for the sins of the few. Interestingly, these few who will survive are probably the ones who created this mess and can afford to. The many that will die are probably for the better anyway. The future of humanity is not yet decided, but it will take a great leap of tech to overcome this. One thing is for sure: we cant save the Planet by trying to "save the planet", meaning downsize, recycle, emit less etc. Exactly like one cannot become a millionaire by saving. We need to invest in our future and find efficient ways to extract CO2 from the atmosphere and convert it to power. Optimize and cheapen stuff like E-Diesel made from atmospheric CO2 and hydrogen from desalinated seawater using solar and wind. And stop giving space and time to idiots from Extinction Rebellion and The Last Generation. I hope not all here are brainwashed and understand what I'm saying.
I agree the Earth will survive even if it's not the same Earth we know and love today. Maybe we should all give a little extra appreciation for this specific time we live in - one of great technological advancement and one in which we still have much of the natural beauty we've come to take for granted. The future will be increasingly high tech, but those who live in it may not have untouched forests, coral reefs, or temperate weather in which to enjoy alongside it.
The planet itself (the rock) will of course be fine but the ecosystem has undergone and continues to undergo a massive extinction event caused by humans. This is an avoidable tragedy. I agree with some of your analysis but strongly disagree with your sentiment.
Yes, kinda proving my point here since I didnt say you are brainwashed if you dont agree with me but if you dont understand what I'm saying. Whether you agree with my point of view or not is irrelevant to me. And to the Planet Earth for that matter. :)
"Save the planet," isn't about saving the planet—it's about making people feel bigger than they are. People don't like the feeling of smallness that comes with the realization that nothing we do really matters.
I think it's a combination of both technology and changes to our behavior. A cheap way to sequester CO2 and methane would be really helpful. The 2020 lockdowns showed us that slowing down on shipping and driving to work can make a measurable positive impact on our environment. But we'd have to get over our own ego and greed to do this full time.
2020 showed that we can have remote work as the primary method of work for a vast majority of jobs. The government could’ve mandated that if your company’s work could be done remotely, remote work has to be an option.
The amount of emissions to support daily commute of this many people (especially with commutes getting longer and longer) is insane.
The problem with this approach is that you think you are getting a high level understanding but in fact you are not getting the understanding at all. You just get an opinion view based on what facts are reported and what facts are not.
True, but for the kinds of thing I'm thinking of, and the level of understanding I want (at that point at least) I'm fine with that. (And as sibling says BBC is hardly awful in that regard.)
Take the protests/riots example, I had no awareness of it whatsoever (I don't follow the news any more, just HN really), but I heard enough to be confused and want some idea. The potential political bias in whether it's described as racist/terrorism/peaceful/righteous doesn't really matter to me, I just wanted 'oh, people are angry about things in the vicinity of X, and there are riot police out'.
If I wanted more, yeah the likes of the BBC aren't going to give me deep nourishing (to continue the junk food analogy) insight, and I'd seek out a broadsheet, an insightful blogger, books on the subject, etc. But I don't, so I can instead move on.
Virtually no true expert whose predictions are accurate shares their opinion with the public, because they know what their words are really worth. Virtually all news experts are clueless placeholders put there to support the daily narrative.
Happened to me too when i was a student, earned $300, tried withdrawing and they just froze my account, for "fraud clicks". It's Google's long tail business model to not filter fraud out on the go and instead just lead small site owner on. On a global scale I expect billions in additional revenue, but no global court to challenge Google with a class-action. Maybe someday...
They got me on a hobby site for about $5k. No real reason given, just rejected my ID verification with no appeal possible. hundreds of similar stories out there
Yeah it's not been a thing a google for at least a decade. When I went to work for them the onboarding did not have that phrase anywhere in any of the documents (onboarding, training, or orientation) - and I explicitly searched for it.
They were noticed publicly removing it in 2018 (which was reported on), so I'm guessing I came on during a period it was gone, and they have since re-added it.
Most of the public reporting was incorrect. The phrase never left the Google code of conduct, but it did move to a less prominent position, and the closest thing that has ever been in the code of conduct of the parent company Alphabet since its creation in 2015 is “Do the right thing”.
“Less prominent position” does not mean “zero prominence”. A mention in the final sentence is not anywhere near as prominent as it was before the change, but that’s still more prominent than something like hiding it in the middle.
Now, their adherence to the phrase has certainly decreased over time and was never perfect. That’s a separate matter.
Disclosure: I used to work for Google, but not since before Alphabet was created (which was some years before this Google code of conduct change). I never had any involvement in the decisions over this motto or the changes to where it shows up, beyond of course trying my best to adhere to it in my own work.
Yes, and look what happened. It's not as if they have disappeared, they handed the reins to a guy who walked all over that and got away with it. If they really cared they would have put a stop to that and the uncountable other privacy and tracking issues that Google has been up to over the years.
I do not recall seeing it, and I do recall looking for it explicitly. Which means even if it were there - which given this was the era in which they were removing stuff like this in order to win pentagon contracts seems completely plausible - it was not considered important enough to highlight or to put at the forefront of employee information.
I earned a couple hundred with them too when I was young. Never claimed it. They eventually released it to my states unclaimed property system and a decade later I got it from that.
> It's Google's long tail business model to not filter fraud out on the go
Well the honest answer is that it's harder for clickfraud farms to hyperoptimize against detection algorithms on-the-fly this way. This makes it harder for them to figure out exactly what pattern is flagging the algorithm.
Plus Czech Rep, Austria (and Switzerland) all have plenty of nuclear plants and energy, and will fight the EU to keep them. Germany stance is ideological at best and irrational at worst. Time will tell if it works well for German in the end. Unfortunately their recent track record with risky decisions is not great (I refer to the refugee crisis and the reliance on russian gas).
You are completely wrong there, Austria is the biggest anti-nuclear zealot in EU, they are the reason why investments into nuclear are not considered green (effectively stifling development of it).
Bullshit. There was no "decision" in the refugee crisis, we had to take in the refugees because of our constitution and frankly because we (constitutionally and fortunately) don't have the means to get rid of them even if we wanted to.
So far everything works well for Germany. Relying on Russian gas meant cheaper power for quite some time. Hard to tell if alternatives would have fared better. Hindsight is always 20/20. Putin's invasion of Ukraine is irrational from any standpoint and not expecting him and his country shooting themselves in their feet that way wasn't illogical.
To be honest, there were plenty of warnings. Putins wars in Chechenia, Georgia. And he actually invaded Ukraine in 2014. That was the last date after which the German government should have planned for a future without gas from Russia.
Which isn't what you and others said at the time, I'd guess. Hardly anyone was advocating for this. None of the major parties for certain. Nobody wanted more expensive energy.
Sorry, why would you say such a thing about me? I was actually quite concerned by the absence of a strong international and especially German reaction to the invasion of 2014. Especially it became obvious, that all the Nordstream pipelines were a weapon against the Ukraine.
Haha what a cute title and argument, "the only". Now let me tell you why it's bullshit. If you think about it really well, "the only" group that needs a car as a necessity and not luxury are parents. Everyone else can pretty much take care of themselves using public or for-hire transport. But parents... they have kids. And especially the little ones, you never know when you need to move. And when you need, you need to do it like right now. And try fitting two or more car seats in these ultra-light vehicles. And then putting the screaming wiggling kid in it. And then a stroller and some bags to go. Good luck.
The narrow minded innovative hipsters who try to "disrupt" are cute, I remember being like that in my 20s. I'm almost 40 now, with small kids and let me tell you. I have no energy to even care about anything. I need a big car to fit all the family and our junk. I need to move from point A to B with the least disruption possible. Preferably with the kids asleep in the car seats. I really really don't care about anything else. And sure as hell I won't trade my sanity for hopping public transportation and extending my trip by a few hours to appease some eco friendly conscious 20-something hipsters who have all the time in the world to do their meaningless self-serving I-want-to-feel-good-about-myself-and-the-world bullshit. Especially when my kids are sick with fever screaming bloody murder.
So no, living in the city or in the suburbs, parents wont trade their SUV and Vans any time soon. But be my guest, you singles do it. Ultra-lights are not "the only" viable future. I rode a bike and subway all my teens and 20s. And you should too, so the parents can ride their tanks and not end up in mental hospitals. And our species can continue.
While I agree with you that I don't see a role for these ultra-lights, the rest of your argument makes absolutely no sense. I have never once had a problem fitting two kids and all our 'junk' into a perfectly normal sized sedan. Hell my sedan has more trunk space than some SUVs I've seen. Yes, lots of people need normal cars, and some people with lots of kids need vans. Basically no one "needs" an SUV.
Many people love to make rules for other people. Those who through no initiative of their own can afford to walk/bike everywhere they need to, or wait for public transportation because their schedules are flexible, won't be affected by rules making car ownership and use more onerous. They see only the broad or long-term or in-theory effects and not the impact on real living people right now. It's the exact same phenomenon as - possibly even a reaction to - older people who just happen to have lived in an era of stable jobs and cheap houses criticizing young people for not behaving "professionally" or saving enough. See also: non-drinkers happy to ban drinking, non-smokers happy to ban smoking, traditionalists happy to legislate others' sexual or reproductive lives. It all comes down to lack of empathy.
Here's the thing: good (to the extent that the concept has any meaning at all) lies in decisions requiring effort. Being born into a particular circumstance confers no virtue. Other people are born into different circumstances, facing different choices, and those should be respected. Someone born into a US suburb is in a different situation than someone born into a European or Japanese city. Millions of people who control politics in thousands of towns aren't suddenly going to act against their own economic self interest (as home owners) to turn modern suburbs into something better. That's going to take a lot of work, most of it incremental and having to do with incentives or power structures rather than specific issues.
Getting to a less car-centric culture would be absolutely fantastic, but people who dismiss the means of getting there with a hand-wave, or propose paths that are convenient for them but burdensome to others, aren't really engaged in problem solving. It's just idle musing at best, more often an old-fashioned display of group affiliation or (unearned/imaginary) dominance. The irony is that such anti-cooperative behavior is exactly what got us where we are now.
I'm a bit disappointing I didn't read this reply before replying to your other reply in earnest. Honestly, this comment reads as more as a personal projection about the kinds of people who want to have more transportation options, than anything actually constructive.
It's hilarious to actually _blame_ the anti-car stance as the thing that got us in to this situation in the first place. Like it wasn't a fight won in heartfelt debates, rather a systemic lobbying by the auto industry to fundamentally rebuild the post war US into one where automobiles are absolutely necessary for most people.
I've left a bunch of actionable advice in the other thread hopefully you'll read up on it, overall this kind of intellectual dead-ending is dreadfully sad to see on HN
Nowhere did I blame anti-car people for the current situation. That's a total strawman, and - as you say - sad to see on HN. But not surprising. I'm also well aware of strongtowns and missingmiddle and so on, and often draw my arguments from them. If you look back in my history, as you already seem to have done but only to cherry-pick and escalate, you should be able to see that.
I do want more transportation options. I grew up in a city where there were more (overseas) and have traveled to many more. But I also see a continuing role for cars, and better for them to be EV than ICE. And I'm sick to death of people who sit around and kibitz, as if we can quantum-leap from one state to another - whether it exists elsewhere or not - instead of doing the work to get there through the incremental paths still available to us. That's the real intellectual dead end. Intellect should be employed for understanding and planning and problem solving, not merely wishing problems away and throwing fallacies at anyone who disagrees with that approach.
This is phrased rather argumentatively, but the points are good ones. I also believe that these micro-cars merely fill a small niche in the transport ecosystem. They are far from "the only".
Tradies. Various professionals and technicians that need to carry around equipment. Sales people. Families. People with large dogs. People who visit the outdoors frequently, e.g. for skiing. Those are just some groups who would not use a microcar.
The "need" for an SUV is a band-aid fix for American suburbs. The build environment really necessitates it, especially in sprawling suburbs. But again, people raise families without owning a car perfectly fine in modern European cities.
Cool observation. Also a common one. Now: how do we transition from the American model to the European one, in the face of perverse financial incentives and how government at all levels works? The detours we've already taken make that quite difficult. Pointing to a destination is not quite the same as providing a workable route to get there, let alone actually helping push the cart. It's really just kibitzing, which has always been a way to claim credit for right answers and quietly walk away from wrong ones. Risk free. A constructive approach would be to consider what role can be filled by EVs of various types, not just dump on them for not being perfect.
Sure, as you mentioned lobbying and money in politics is probably the biggest hurdle as it basically maligns most projects for social good with profits for the biggest lobbyists. Local governments have a lot of power in this regard, they're able to set parking minimums and potentially zoning for denser residential areas.
Regional support would be needed for a more comprehensive public transit options, railways, bus routes etc. Also at the regional / state level we would stop subsiding suburban communities. States often foot the initial bill for roads / water / sewage and suburbs are usually not able to self-fund for repairs needed in 10/20/30 years respectively, so they rely on denser areas taxes (mostly commercial tax) to make up for it. [1]
The financial incentives are there, denser urban areas already provide much of the tax income needed to make public services feasible and make up for the sprawl around a city that it's residents can't pay for. [2]
To your point about "detours" we've taken, sure it will be a multi-decade project but places like Amsterdam / London have a pretty good roadmap for regulating car-centric infrastructure. EVs really only exist to extend the life of an industry that's already extracted billions in profit by lobbying that car based transit was the only way to go. ICE vehicles are a massive liability in the face of an energy crisis, and the US heavily subsidies gasoline prices. In other countries this is already priced in, and that incentivizes alternative forms of transit and better designed cities.
> EVs really only exist to extend the life of an industry
That's just silly, since EVs don't burn those fuels. They exist to prolong the life of a road and housing infrastructure, which has both positive and negative aspects to it but is in any case unavoidable during what is sure to be a long transition. Again, bashing them for not being the perfect quantum leap to an ideal state is not productive. Small improvements are still improvements.
Car seats intentionally use designed obsolescence. The plastics get weaker over time and won't meet their ratings. You aren't suppose to use old ones at all.
> "the only" group that needs a car as a necessity and not luxury are parents.
I'm as pro-public-transit, pro-cycling as they come. But yes, there are plenty of reasons cars are needed:
- Parents (like you said)
- People without the ability to walk long distances (older/sick people, etc)
- Anyone who needs to go to Ikea / Costco / whatever and buy something big
- Delivery vehicles (not everything is suitable for cargo bike delivery)
- People who live outside urban areas
etc
And that's all fine. In a dense city, I think there is plenty of middle ground where everyone is happy and most people get along great most of the time without driving.
I agree that articles like this claiming absolutes are silly.
I feel like the use-case identified for ultra-light cars in this article is the worst argument for cars of any size. There are lots of cases where a small urban electric vehicle could be all you need, but a lot of those cases are also (or better!) covered by public transit or biking or something similar. In cases where you actually need a car, you're probably better off with a slightly larger vehicle. For a lot of the downsides of cars, like traffic, parking, etc, making cars smaller doesn't solve the problems nearly as well as getting them off the road entirely.
To put it another way, ultra tiny EVs you use for every trip seem like a much worse future than a future where you have a larger EV you don't have to use as often because there are good alternatives to driving that cover a lot of your needs.
