
How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq - xorrbit
https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq
======
joosters
The crossed out '2025' in the timeline is bizarre. Have I missed some joke
here, or does the author not like to use the delete key?

~~~
tom_walker
yes, its a joke. vendors take a long time to respond, sometimes :-)

~~~
pja
I used to work with the author of dnsmasq - I’d be surprised if he sat on a
vulnerability report the way some larger vendors do.

~~~
iagox86
Yeah, it was a fixed typo, not a tongue-in-cheek comment. :)

The vendor responded with a fix within hours!

~~~
ytdht
if he responded in less then 24 hours, I would include the times with the
dates

~~~
iagox86
I could have, and perhaps next time, but I think <24h is enough information.
:)

------
viraptor
I really didn't expect dnsmasq to count the number of hops. I found a very
similar issue in systemd-resolved, but with a different fix:

[http://comments.gmane.org/gmane.comp.sysutils.systemd.devel/...](http://comments.gmane.org/gmane.comp.sysutils.systemd.devel/25160)

The compressed label should never be allowed to refer to itself in the first
place, so there's no point in counting how many times you loop.

------
JadeNB
Why was the title changed from the blog post's title ("How I nearly almost
saved the Internet ...")?

~~~
forgottenpass
HN moderators edit submission titles so that they match the submitted
articles. Except in the cases where they arbitrarily change it to their
liking. Like turning "laid off" into "let go."

~~~
dang
We don't change titles arbitrarily and we certainly don't euphemize.

Turning "laid off" into "let go" sounds like nothing we'd do, and there's
nothing like it in the logs, so I don't believe we did this.

~~~
jallmann
IMO the newer title enforcement policies are worse than the old ones. The old
ones might have been unreasonably rigid, but at least they were consistent.
Right now the policy is "Keep the original title... unless we feel like it."
The definition of "linkbait" here is so vague that it destroys any possibility
for creative expression (remember the days when writing a good headline was an
art?) and reinforces the notion that HN has no sense of humor.

That's without getting into the separate tendency that original user-submitted
titles (whether or not it matches the article title) often capture the essence
of what's actually interesting to the audience here. Subsequent edits then
lose that association -- making it less likely that I (or other people) will
click through. Linkbait, you say? That's the whole point, I say.

In this case: Sure, the article's original title was hyperbolic. But so what?
It's hyperbolic to good effect, and gives a feel for the tone of the rest of
the article.

~~~
MichaelGG
I wouldn't be interested in readinh an article called "I how I almost saved
the Internet" as it sounds like the kinda stuff Wired or those tech blog/news
sites publish.

This new title, however, is far more interesting and the article was
fantastic.

~~~
jallmann
> I wouldn't be interested in readinh an article called "I how I almost saved
> the Internet"

The old title was "how I nearly almost saved the Internet _starring afl-fuzz
and dnsmasq_ "

That title gives enough detail to be interesting while still being a bit
cheeky -- and the article itself is a bit cheeky. That cheekiness makes the
article all the more fantastic, IMO.

The current title of "Finding a vulnerability in dnsmasq using afl-fuzz,"
while a factually accurate description, reads like a dry research paper.

Anyway, there are situations where changing the title is appropriate. I just
don't think this was one of them.

~~~
dang
Ok, you've made a strong enough case that we'll set the title back. It isn't
_that_ linkbaity, because "nearly almost" is clearly self-deprecating, and it
won't hurt the front page to let the author's cheerfulness through.

