(I'm not bschmidt, but just claimed this account since it seemed like the next one he was going to register)
He seems to think he's cracked "HN's HMAC" but he's confused about why it exists. The HMAC HN requires on comment/story posts is there to protect from CSRF attacks. It's not an anti-bot mitigation since as bschmidt and everyone else knows, it's trivial to automate. It's for CSRF protection: https://owasp.org/www-community/attacks/csrf
I flagged this. It's the only visibility the troll in question has achieved. All his posts are dead. Only the minority of us with 'show dead' enabled need know anything about it.
HN has value larger than for just for the community of people commenting here. It is also used as a platform for YC companies. YC Founders can even see each others usernames in orange color[1].
A spamming actor could also be testing the limits of the system now for a future attack. Anyway, this is the job an Infosec team usually deals with. Hopefully @dang / HN team has access to people with such skillset.
Very strange. Can't tell if they're doing it "for the lulz" or it's some sort of psychotic breakdown. Either way, good stress test for HN's spam moderation I suppose.
He’s a wittle baby that thinks Wiz doesn’t actually have a product and is a shell company designed to buy other companies and then be acquired. He’s also an hard core antisemite. And a dick.
ETA: it’s not a theory, you said it yourself the other day on the wiz post. Also, I’m not Jewish.
He seems to think he's cracked "HN's HMAC" but he's confused about why it exists. The HMAC HN requires on comment/story posts is there to protect from CSRF attacks. It's not an anti-bot mitigation since as bschmidt and everyone else knows, it's trivial to automate. It's for CSRF protection: https://owasp.org/www-community/attacks/csrf