I’ve never seen people on the likes of blackhatworld selling hacker news accounts or services. The glass half full take on this is that hn is surprisingly robust in its ability to deal with vote manipulation.

Somebody spent a small fortune trying this a while ago with disliked results https://nypost.com/2025/04/13/entertainment/ailing-doctor-wh...

They seem to have been pleased with the results:

> “It has to be worth it for the pleasure it’s brought me to see them,” Levine said. “Doctor Who runs all night in my bedroom, complete, nothing missing.”

Ah I mean others disliked the results.

Make up your own mind I suppose, I doubt you will find them rewarding: https://youtu.be/rQabMPpdQnk?si=Fm9Yqj7EwAjYp5np

Well heck - many don't even like the originals at all :p. On the contrary I found these much more enjoyable than the audio and stills! Of course I'd prefer more of the original copies be found... but for now the AI ones fill the gaps in my collection instead of the audio reconstructions.

They animated a lot of the missing pieces of the missing episode Shada with excellent results. If AI could do something of similar quality that would be wonderful.

Please don't capture my cursor on your homepage, and if you have to, please don't apply smoothing to is so that it doesn't go where I want it to! I appreciate that it's pretty, but making your site annoying to use can only increase churn

RIP Danya <3

The outage did make me realise I’d be happier watching episodes of House instead

Most services appear to work, aside from actual video streaming for me

YouTube music is 95% broken for me too. UK.

Posted on the other thread as I thought it was pretty interesting:

>Roughly 0.5% odds on him on polymarket before he was announced

EDIT: I was wrong, he was quite down the list! He only appears in the chart because he ultimately won, so higher contenders dropped off.

--

He seemed to hover around 1%, which was the second highest behind Tagle (~20%)

https://polymarket.com/event/who-will-be-the-next-pope?tid=1...

That link isn't showing most of the options. I believe there were at least 10 above him. Just individually look at the lines for Zuppi, Pizzaballa, Sarah, etc.

I don't understand what people were basing that on; the conclave is a completely secret process?

The winning lottery numbers are a secret too before they're drawn; people just like to gamble.

Roughly 0.5% odds on him on polymarket before he was announced

Just had a look - looks like pretty regular/reasonable cloudflare default stuff as far as I can tell. The headers relating to error reporting are the only thing that stand out a little, though it doesn't look unreasonable.

---

Headers

---

HTTP/2 301

date: Fri, 24 Jan 2025 13:59:51 GMT

content-type: text/html

content-length: 167

location: <the website in question>

cache-control: max-age=3600

expires: Fri, 24 Jan 2025 14:59:51 GMT

report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JZu4FOa%2ByynaFOXWYlxaePF9KdRQ0qGUJkfm1F1aK2m3VEx6idlvWlb5go%2B08hgSog1zm1zuMobXcVK2BkR4mQD0SEGU%2Bzp2oC6mXPgQs%2FUzvOH7LbqAG96jtf9KNqemV8Q%3D"}],"group":"cf-nel","max_age":604800}

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

server: cloudflare

cf-ray: 90708be24810e8fe-LHR

alt-svc: h3=":443"; ma=86400

server-timing: cfL4;desc="?proto=TCP&rtt=59748&min_rtt=41108&rtt_var=43898&sent=7&recv=8&lost=0&retrans=1&sent_bytes=3535&recv_bytes=789&delivery_rate=33797&cwnd=225&unsent_bytes=0&cid=e5052200af7e27a5&ts=145&x=0"

If you are seeing 301s logged on your end that is your site redirecting to another one.

There isn’t a way to see what a referring site did to do the redirect (301 or 302 or even a js redirect) in your logs. All you’ll see is (potentially) the Referer http header.

Presumably just throwing a 403 if they have this referrer is ok and won't have a weird SEO impact or something?

Couldn't the attacker evade that by sending Referrer-Policy: no-referrer with their redirect?

Good shout. Can always block based on origin header though (when under the assumption that it's a legit browser) since it's a forbidden header name.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Or...

Neither the Origin nor the Referer headers have anything to do with a 301 redirect.

I just tested on firefox and it doesn't send the "Origin" header when using referrerpolicy="no-referrer". It's also not present when navigating using the url bar directly.

Sounds like a security flaw that browsers honor this.

Referer is not a security mechanism.

I didn't say it was. Browsers display an alert when full-screen mode is activated. Full-screen mode isn't a security feature, but the browser does something the website developer can't control so that users can conclude that something fishy isn't going on. I think the ability for one website to hide that they've redirected to another is a vulnerability.

I'm inclined to agree that websites should know when they're the target of a redirect but that has nothing to do with Referer! That header does not work the way so many seem to think it does. As I've laid out elsewhere in this thread, HTTP redirects do not show up in Referer under any circumstances. Right now, one site doesn't have to do anything to "hide" that it's part of a redirect chain, since there's no tracking of that chain to begin with.

No, and the earlier you do the better.

Later it might have