Hacker News new | past | comments | ask | show | jobs | submit | reassess_blind's comments login

Website keeps crashing and reloading on Brave iOS.

Same here. Well, Google being Google, not surprised.

Unrelated if you’re just listening to music, but Deezer recently shut down their API for new registrations completely.


Same, but it’s vulnerable to prompt injection among other things.


I was recently reviewing my Google account session history and saw an active session from some small town in western China. Obviously freaked out, rolled all passwords, spent hours scouring what they could’ve had access to, etc.

Only for the next day, when Google updates the exact same sessions location to my exact real location on another continent.

Google of course won’t show the IP address of sessions anymore, just the “location” so there was no way of confirming beforehand.


I have a question - I've seen TikToks of people who buy rolls of coins from the bank and sort through them for rare imperfections then sell them on eBay. I've always wondered whether it would be possible to develop an automated system where a camera takes high res photos of the coins on a conveyor belt, compares to a DB of known imperfections and sets them aside?

Is anyone doing this? It's an interesting business model as the product is money so you'd only stand to make a profit never a loss.


Nobody that I know of is doing this, and see no reason why it wouldn't be possible from a technical standpoint. I think the only reason I can imagine NOT to do is that the ROI probably isn't that high in reality. Now, granted, I don't watch the coin TikToks because 95% of it is clickbait, exaggerate, etc. But my actual impression is that there simply isn't that much actually-valuable material out there hiding in bank rolls (despite what TikTok says).

Most of the people I know who do bank roll hunting and doing it because it's just kinda fun and there's a thrill when you find a silver quarter from 1964 (worth about $5) hiding in a roll of otherwise-normal quarters. But so much of the good stuff has already been plucked from circulation.

Having said that, nothing should stop a good hacker from doing something just for the hell of it :)


If there was a good ROI the banks would do it. It might be enough ROI living but it will be a lot of labor for a small income.


Tellers get first dibs


do you know why vendors take credit cards, square and applepay, even though those services charge several percent fees? part of it is for convenience for the customer, but another part is that shuttling cash around to the bank and back is time consuming, risky, and takes you away from running your business (let's say you are a breakfast place, you don't make your own cups and napkins or farm your own eggs and coffee either)

>product is money so you'd only stand to make a profit never a loss

you're grabbing the expense part of the business that everybody else is trying to shed. Let's talk also about time value of money. All the money that you've invested in cash is not making money passively as other investments do. Compared to putting the money in the stock market, you're losing 7% a year on this scheme, plus the expenses of running your business, and opportunity cost of not doing something else that generates income.


I did this for personal collections a while back and went through a lot of Canadian quarters to get one from each year and never even found the 1991 I was looking for which is somewhat rare. I guess if you do it full time or automate a bunch maybe you could make money, seems hard though.


This is relatable. I started a side SaaS project that saw some success so I put payments in, and it slowly grew into a small business. The product was targeted towards digital marketers, but also unfortunately appealed to scammers as part of their scam "flow". It was a constant fight in moderating the userbase, a bunch of Stripe disputes, etc. It was profitable but the headaches in moderating the userbase and dealing with disputes (which cost $25 on top of the refund, by the way), support tickets from obvious scammers etc. was draining and turned me off the project all together.

I started another product in a different niche which also showed some success and eventually overtook it and allowed me to quit my 9-5. I shuttered the original product as it wasn't worth the hassle. The quality of the customer in the new niche is so much higher and therefore the mental drain is a lot lower.


How would you own the server if you don't know what the domain is going to be? Perhaps I don't understand.

Edit: Ah, wildcard subdomain? Does that get prefetched in Slack? Pretty terrible if so.


Wildcard dns would work:

*.example.com. 14400 IN A 1.2.3.4

after that just collect webserver logs.


Yeah, assuming Slack does prefetch these links that makes the attack significantly easier and faster to carry out.


I actually meant DNS prefetching, not HTTP prefetching. I don't think browsers will prefetch (make HTTP GET requests before they are clicked) links by default (maybe slack does to get metadata), but they quite often prefetch the DNS host records as soon as an "a href" appears.

In case of DNS prefetching, a wildcard record wouldn't be needed, you just need to control the nameservers of the domain and enable query logging.

But I'm not sure how do browsers decide what links to DNS prefetch, maybe it's not even possible for links generated with JS or something like that ... I'm just guessing.


I think if you make the key a subdomain and you run the dns server for that domain it should be possible to make it work

ie:

secret.attacker-domain.com will end up asking the dns for attacker-domain.com about secret.attacker-domain.com, and that dns server can log the secret and return an ip


Subdomains.


One of my products makes well over that amount, and it’s an identical clone of one of about 500 identical products in the same (large) niche.

If all you want is $1000/mo, you don’t necessarily have to solve a new problem, you can solve a problem that already has solutions (ideally doing it slightly better, but this isn’t required).

If your product is identical to the competitors, then you can carve out a small percentage of the market just be being the first solution the user tries, e.g via paid ads putting you at the top of the search.

Best of luck!


Not OP, but it is something that I've had to deal with. I essentially need to be within X hours of my laptop and a solid internet connection, where X is the maximum acceptable downtime.

I'd love to travel to a remote island, or do a 2 week hike out of cell service but it's difficult. The odds are incredibly low that downtime occurs in that window, but Murphy's Law and my anxiety won't allow it. The pros greatly outweigh the cons though. While I can't do those remote trips, I can still travel wherever else and just ignore things unless there's a downtime alert or an urgent support ticket.


In a similar boat, a run a few SaaS’s as a one man band. Around 1,000 subscribers. It’s not all sunshine and rainbows, being responsible for uptime while you’re sleeping can be stressful, thinking you may have overlooked a massive security vulnerability is constantly in the back of your mind. I wouldn’t trade it for anything though, it’s a very fortunate position to be in.

I also don’t feel the pressure to grow the product features anymore similar to OP. In fact I struggle sometimes now from being overly comfortable and feeling stagnant.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: