Hacker News new | past | comments | ask | show | jobs | submit login
How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq (skullsecurity.org)
154 points by xorrbit on July 16, 2015 | hide | past | web | favorite | 27 comments

The crossed out '2025' in the timeline is bizarre. Have I missed some joke here, or does the author not like to use the delete key?

I edited the blog to make it more clear what happened - it was a typo I fixed. It didn't occur to me that it could be misconstrued, usually it's obvious that it's a typo fix, but in the case of the year it wasn't. :)

yes, its a joke. vendors take a long time to respond, sometimes :-)

I used to work with the author of dnsmasq - I’d be surprised if he sat on a vulnerability report the way some larger vendors do.

Yeah, it was a fixed typo, not a tongue-in-cheek comment. :)

The vendor responded with a fix within hours!

if he responded in less then 24 hours, I would include the times with the dates

I could have, and perhaps next time, but I think <24h is enough information. :)

Probably fixed it after publishing the article, and wants to keep corrections visible?

This. Somebody pointed out my typo on Twitter. :)

I really didn't expect dnsmasq to count the number of hops. I found a very similar issue in systemd-resolved, but with a different fix:


The compressed label should never be allowed to refer to itself in the first place, so there's no point in counting how many times you loop.

Why was the title changed from the blog post's title ("How I nearly almost saved the Internet ...")?

I think it might be considered linkbait, and that's discouraged in the guidelines:


HN moderators edit submission titles so that they match the submitted articles. Except in the cases where they arbitrarily change it to their liking. Like turning "laid off" into "let go."

We don't change titles arbitrarily and we certainly don't euphemize.

Turning "laid off" into "let go" sounds like nothing we'd do, and there's nothing like it in the logs, so I don't believe we did this.


Did the user edit it? I remember commenting at the time bacause I had two tabs open to the same discussion opened some time apart from each other and the title was different on them.

I don't have a record of the original title but the submitter definitely edited the post, and the only change we made to it was turning off the automatic penalty for posts without URLs.

If you noticed all the times we've changed "f* * *" to "fuck" in titles, I doubt you'd have suspected us of bowdlerizing that one. :)

IMO the newer title enforcement policies are worse than the old ones. The old ones might have been unreasonably rigid, but at least they were consistent. Right now the policy is "Keep the original title... unless we feel like it." The definition of "linkbait" here is so vague that it destroys any possibility for creative expression (remember the days when writing a good headline was an art?) and reinforces the notion that HN has no sense of humor.

That's without getting into the separate tendency that original user-submitted titles (whether or not it matches the article title) often capture the essence of what's actually interesting to the audience here. Subsequent edits then lose that association -- making it less likely that I (or other people) will click through. Linkbait, you say? That's the whole point, I say.

In this case: Sure, the article's original title was hyperbolic. But so what? It's hyperbolic to good effect, and gives a feel for the tone of the rest of the article.

HN's title policy hasn't changed since 2012. People sometimes mistakenly think we say to use the original title no matter what, but that's never been the case.

If we allowed linkbait in titles, the threads would mostly be about linkbait in titles. This effect is strong, reliable, and immediate. Therefore we don't allow linkbait in titles.

As for "unless we feel like it," nothing could be less true. The way we edit titles isn't algorithmic but it's at least semi-objective, and you'd be surprised at how meticulous we are. It's easy to defend in nearly any specific case (we make mistakes, of course, but that's not a policy), which is why when people complain about it, they tend to either kvetch vaguely or use inaccurate examples.

The written guidelines might not have changed, but the enforcement policies certainly have. So instead of complaining about linkbait in titles, people complain about changing the title. Always going to be something to complain about...

Anyway, I understand it's a hard thing to balance systematically. Titles aside, HN is still a much improved place under the "new regime". Thanks for your ongoing efforts with transparency and communication here.

> the enforcement policies certainly have

I have to think you're falling prey to sample bias here. I'm the one setting the enforcement policies and can assure you they haven't changed. I also don't see as many complaints about title changes as I used to; that may be because we started posting comments about particular edits, so it's easier for people to know what's going on.

The current thread is an exception, but it's ok if this stuff comes up occasionally and has a hearing.

For the record, I wasn't arguing about it; I just didn't understand the reason. I do now!

I wouldn't be interested in readinh an article called "I how I almost saved the Internet" as it sounds like the kinda stuff Wired or those tech blog/news sites publish.

This new title, however, is far more interesting and the article was fantastic.

> I wouldn't be interested in readinh an article called "I how I almost saved the Internet"

The old title was "how I nearly almost saved the Internet starring afl-fuzz and dnsmasq"

That title gives enough detail to be interesting while still being a bit cheeky -- and the article itself is a bit cheeky. That cheekiness makes the article all the more fantastic, IMO.

The current title of "Finding a vulnerability in dnsmasq using afl-fuzz," while a factually accurate description, reads like a dry research paper.

Anyway, there are situations where changing the title is appropriate. I just don't think this was one of them.

Ok, you've made a strong enough case that we'll set the title back. It isn't that linkbaity, because "nearly almost" is clearly self-deprecating, and it won't hurt the front page to let the author's cheerfulness through.

For what it's worth, my response would be that, if you want to decide whether or not to read posts based on their titles, then you want to see the original titles, linkbait-y or not; seeing a toned-down version will just 'trick' you into reading something you wouldn't have otherwise. On the other hand, since you are glad that you read it, maybe that's an argument against deciding whether or not to read based solely on the title.

If only there was a way to submit both the original title and some kind of summary...

Then the moderators would just edit the title and summary as they see fit.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact