It was down for a couple of months already. However, the IP and server seems to be there. Maybe the person who keeps that up will restart the daemons when they remember they operate one of the nostalgia cornerstones of better part of the internet.
Maybe the server's password is hunter2. Let's see whether can I access it.
Edit: Nope. Seems firewalled.
Almost, the password is ********.
I can't read it. pfft
That's because of the HN security. It prints all passwords as stars.
You can try putting your HN password in a comment, it would be visible only by you, and the others will not see it.
I guess you're right. My HN password is *****.
When I edit, I can see it, but when I save the comment, it becomes starred. It even randomizes the length every time I save.
Brilliant!
But this also means that they know your plaintext password, meaning that they're saving passwords in plaintext. Given that this is mostly a technical community, it's much more the risk of keeping a database of plaintext passwords than the benefit of being able to obfuscate passwords in comments.
EDIT: thanks to another commenter, I understood that what's happening in the above comments is just a meme and HN isn't storing plaintext passwords. Sorry for the misunderstanding.
(sticking with the obliviousness for a moment,) Would they need to store the plaintext password? Hashing every word typed isn't efficient but it's possible to achieve without knowing the plaintext.
It reminds me of Facebook allowing login even when you've mistyped your password: https://security.stackexchange.com/questions/214814/why-can-...
Wouldn’t work if your password contains spaces.
But it does! They, instead, hash each letter independently, that's how they can do this.
They just hash every substring that can be a password.
Don't write long comments. Show some love to HN's server carrying its O(n^2) burden.
Yes, that's true. But since HN is famously hosted on a single not-so-powerful server, that would be unlikely to be the employed solution.
Considering how laggy the comment box is on reddit, it makes me wonder if they're not already doing something similar, but client-side in js. I guess it would expose the salt though.
Exposing the salt isn't an issue, it can (and should) even be a different one for each account.
In case you're unclear why your being down voted, comment chain is a riff on one of the more famous bash.org quotes: https://knowyourmeme.com/memes/hunter2.
HN does not actually know your password or hide it in comments.
Does it not know? What if I post it in this comment? My password is *****.
(whistles softly as he changes password from a string of twelve asterisks to ******)
What actually happens is more complex: when you type a *******, HN tries to log in once for every string in your *******, and then when it succeeds it goes back and replaces that string with a randomized length of asterisks.
I love that some 20-30 years after that famous chat somebody still fell for it.
*****? That's amazing! I've got the same password on my luggage!
hunter1
Close.
hunter2
What? I just see stars
Get to a doctor!
What? I just see stars
Have you seen a doctor?
No, just stars
Ready when you are, Raul.
Wait, how did you see my password?
we see it as asterisks ... you see it as hunter2 and not **** 'cos it's your password
How about ****** Did it work?
Oh wow, you kiss your mother with that mouth?
I use my fingers to type passwords and ehh...
This has to be a joke.
The only way it can be realistically implemented involves the storage of clear-text user password to enable string replacement during comment submission. Either that or converting user comment to a prefix/suffix table (or something similar) and then hash each item to search for a match. Both option is ridiculously unnecessary.
Anyway, my HN password is ****. I bet it don't work.
Fortunately with modern serverless architecture, it's possible to make this performant! Just split up each comment into words and dispatch each word to a queue where AWS Lambda workers can check the words against the user's password hash. It might cost $20 to process each comment, but at least it'll autoscale to handle any comment volume you throw at it!
Can passwords include spaces?
I love each and every one of you who have posted into this subtree, although it's bittersweet if bash.org really is going away… <3
https://archive.is/0y1yT is the archive of http://www.bash.org/?244321
FIY, your archive link is not working too at the moment.
What do we do?
Sigh
I put on my robe and wizard hat
https://web.archive.org/web/20190228221758/http://www.bash.o...
Works for me. Do note that archive.is blocks CloudFlare DNS.
This has bitten me before; now my pihole has this line in its dnsmasq configuration
so that even if I'm using cloudflare dns for everything else, it will query 8.8.8.8 for those two domainsThis hack needs to be pinned to the front of HN :)
Works for me now too, probably the server was not handling the load.
Hey, how did you get my Hacker News password?
Relax, they didn't. Your password is 3 characters longer.
Indeed, over the years a symbol gets added for length/complexity/rotation purposes.
chef's kiss
So you're saying the server pings but nobody knows where it's at?
Host resolves, packets are dropped (ICMP timeouts, but nothing is "unreachable"). My sysadmin gut says that the server is there, behind a firewall, and the webserver is down/stopped, or the firewall is killing everything.
The IP is not shared. It reverse-resolves, too.
So, it's not dismantled and thrown to side.
Looks like the hosting provider, Idologic, got bought by Stablepoint. Maybe they have somehow blocked the site during the merger?
One of the most famous quotes was about a server that is online and pings, but the sysadmin doesn't know anymore where it physically is.
Happened to me recently when moving. Couldn't find one of my zigbee temperature sensors, but it was still reporting information diligently, so it had to be somewhere in the house. Took about 6 months before I found it.
Where was it?
Anticlimactic, partly unpacked moving box. I was mostly surprised it was able to re-join the mesh while being in a completely different spot, something that a lot zigbee chips struggle with.
I’m reminded of the time I dropped a Juul behind/beside a makeshift workshop table and it magnetically attached itself a foot or so below to the freestanding metal shelving unit directly next to it.
I don’t advise using Juul products for this and other reasons.
You didn't set each room on fire until you found it?
Ah, I probably missed it because we had the following dialogue at the office.
P.S.: I'm the one who installed that server physically and configured it in the first place. :DI once resolved a similar situation by having the PC speaker play the simpsons theme song.
Ah the fond days of being able to identify a machine remotely by ejecting its CD-ROM drive.
You mean the cup holder?
Funny, we used to do the same with random pcs in our lab that people would setup and forget about. We used the Duke Nuken 3D theme song from when the game first loaded.
Yes, it is this one:
<erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
Source: http://web.archive.org/web/20230610235249/http://bash.org/?5...
Gotta use audible pings and leave the PC speaker plugged in haha! Many network devices have a "blink management LED now" feature for the same reason.
There was a lab I hung out in back in college. The nature of the room and the devices that we had in there, there was 10bT, 10b2, and 10b5. Twisted pair, coax, and thick.
The someone had what was termed "the connector of evil". Apparently coax and thick had the same signal... just thick was more rigid about where you connected into it. ( https://en.wikipedia.org/wiki/10BASE5 and https://en.wikipedia.org/wiki/Vampire_tap ). The connector of evil looked like a 10b5 terminator on one side and 10b2 on the other... and passed the signal between them.
When adding another computer onto the 10b2 segment, we would invariably disrupt the wave in the wire and some devices would drop off.
The trick was to have each machine ping -f one of the systems on 10bT and redirect its output to /dev/audio. If the machine was making noise, it was good. And so then we'd fiddle with different lengths of coax between the T connectors until everything was buzzing away.
Famously it ends with the server being behind drywall or something after some construction project.
Also known as "the mexican cartel".
And decades before the Raspberry Pi.
I'd love to find the contact details for this old server I used to use. It's been online continuously since 1996 and I know the first name of the guy that has it, but I don't remember his last name. Shit, the server hardware might even be mine, I don't even remember. I can't even remember if it is Linux or *BSD at this point.
http://resworld.eolith.net/staff.html
The email address is no use as that is my domain name and I dropped it in like 1997 o_O
Dustin: if you see this I would love to pull my DMs off Resworld :)
This sounds complicated. I should grab my robe and wizard hat.
Whoosh
Hah! I see you've never dealt with Rackspace hosting.
That was a few years ago now… it’s probably up to hunter19 at least.
* At least 1 capital letter is required
* At least 1 number is required
* At least 1 symbol is required
These days it's probably 'Hunter2024!'
Hunter2 holds such a special place in our hearts, let's keep politics out of this!
I'm so European I didnt even make the connection to your politics
Besides, we know it's Hunter2028! No way he's running this cycle.
Hunter is already a symbol to MAGA world
well, his junk mostly
My work password changes every 90 days. It is at 52nd iteration now.
You don't go back to 0? Generally you can after the 24th iteration. Also congrats on sticking with it for nearly 13 years!
Did you put on your robe and wizard hat first?
They should have made everything available as a torrent or something