Hacker Newsnew | past | comments | ask | show | jobs | submit | akerl_'s commentslogin

How many people out there have attackers doing individualized research to identify services on their home LAN so they can chain a network attack with CVEs in their self-hosted service?

Everyone, now that you can just toss the work at an LLM.

Where are you seeing this? LLMs make it easier to do bulk data analysis / scale attack patterns, but I've not seen anything to suggest they're incentivizing people to do OSINT against random individuals to fire off targeted attacks on home LANs.

The juice isn't really worth the squeeze for the token spend any more than it was worth the human energy.


Your original link makes fairly clear how disingenuous it is to call the figures a national average:

> Data from International IQ Test (IIT) are based on data from 1,352,763 participants worldwide who took the same IQ test on the website.

> Becker’s estimates are categorized by source. T = value is based upon actual test results from said country. E = value is a best-guess estimate based upon measured values of nearby countries.

Opening up the actual paper from Becker they're citing is basically a wandering tour where they try to find whatever numbers do exist and then math their way out of the fact that the sample sizes are small and the tests are different everywhere.

Various entities have performed IQ tests on people in many nations. But taking that and trying to flip it to say we've derived average national IQ is junk science.


If you don't like that link - which is just one of the many I got when searching for 'national IQ average' there are many other similar studies to be had. Here's a few of them, again just some results from the first page in my SearXNG instance. The results are not identical but they are comparable.

https://international-iq-test.com/en/test/IQ_by_country

https://www.worlddata.info/iq-by-country.php

https://www.universaliqtest.com/statistics/average-iq-by-cou...

https://www.datapandas.org/ranking/average-iq-by-country

https://www.researchgate.net/publication/229401257_National_...

https://openpsych.net/files/papers/Parra_2025a.pdf


You've just provided:

(1) Several surveys backed by anonymous online "IQ test" web sites.

(2) Richard Lynn, whose numbers are essentially fraudulent.

(3) Emil Kirkegaard, the famous Danish white supremacist.

The counterargument is very simple: countries don't generally do IQ surveys. Most people on HN have never been asked to take a calibrated IQ test. The data simply doesn't exist.


Don’t worry, they got data from a whole 5000 people in Australia and 300 people in Afghanistan!

I’m sure that’s generalizable to the whole country’s worth of 28 and 40 million, respectively.


Hard to beat Richard Lynn's sample of Senegal, which came from 57 children in a malaria hospital.

> Countries with fewer than 100 test-takers were excluded from the ranking due to limited sample size and are shown in gray on the map above.

How generous of them.


I don’t suppose this was related to the recent Netvue/Birdfy outage that they claimed was due to a registrar issue and lasted over a week?

The reason this bug is unexpected is that the user is expecting to have to enter their password (because they expect the key to be wiped on suspend), and then _they are_ asked for their password. But there was a copy of the key elsewhere in kernel memory that was never cleared.

Ah, my bad. Yes, if the user was being presented with the prompt on wake, I see the problem.

I have never had that setup so I was confused.


Managing an Apple fleet is similarly fine, and that includes using any of the MDM tooling that also does key escrow on enterprise Filevault devices.

> I recently heard that a trip to Popeye's for a family of 3 recently cost $68 in Florida.

Does it?


no, a combo meal (entree, side, drink) there is ~$10.

We've managed to make the entire corpus of open source software but the thing that's a "Hard Problem" that nobody can find a way to do is making the icons look good?

It's almost like it's not a technical challenge, it's that getting good looking icons would require a unified userbase, and Apple has that but Linux does not.


Also, more importantly IMO, the corpus of open source and free software leans _hard_ towards things _programmers_ find interesting/useful.

The further from “I use this everyday to program” you get - the less concentrated/competitive open source and free software solutions are.

All programmers are programmers (this is almost as close to a tautology as you can get). Finding programmers who will write programs as an unpaid hobby to improve their SDLC experience when they program is substantially easier than finding competent UI/UX/icon designers who will do the same. The ecosystem of software under their icons is entirely inaccessible to them - the source being “free” or “open” is irrelevant to them, they can’t program so they can’t modify the system in the same way a programmer can.

My spicy take on this is that the free and open source software ecosystems have failed to deliver on their goals in any meaningful way for non technical people. The world around programs has gotten _objectively worse_ for the common man while the corpus of free and open source software has grown. The world runs on OSS and yet the world’s data is all owned by SaaS companies. Everyone has lost agency over their digital lives but at least we have Automake and emacs.


I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.

It just feels a bit like you've decided to solve the hardest possible side quest first.

Everything else on your roadmap could have been built and shipped in the universe that exists, and then if down the road it's working, you could have aimed for your own TLD.

Instead you're putting the TLD first and any of the actual functionality that end users might want afterwards.


That is a fair criticism, however I would say that the reason we are going for the TLD now is because now is the only time we can do it. The last round of TLD applications was in 2012, so if we don't apply now, it could be a veeery long time before the opportunity comes around again. We are a new org and our goal is to build functionality in parallel with the ICANN application which will likely take years to resolve.

Are you working on the not-TLD parts in parallel? If you don't get the TLD, do you plan to launch on a more traditional domain?

The marketing stuff makes it look like the TLD is your main focus.


What is the premise for being able to do "one person, one subdomain" that isn't a privacy/security nightmare?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: