My next website is going to have the path portion of the URL be a base64 encoded ASN.1 blob.

So long as it starts with a slash, go ahead! See how long it takes for someone to figure it out.

It’s your website. Have fun with it! Do dumb things! :-)

That would be broken software.

https://en.wikipedia.org/wiki///

Dismissing these as script kiddie attempts is no longer correct. This is a real industry now. It’s not like the large scale actors are going to pass up a valid unpatched vector just because it’s old hat.

They're skiddies if they're trying WordPress attacks on domains that have never hosted anything remotely close to a CMS before...

Imagine this; ~40% of public websites run wordpress. (based on some AI-gen summary, even if fewer it is still an important percentage).

So you might be spinning up a new instance with 40% probability. It makes sense in mass vulnerability explotation and detection to aim for highest success rate first.

Especially when the IPv4 space is so easy to scan nowadays. And you have services like Shodan that do just that daily.

yes, but how often otherwise would i get to use the word skiddie?

Hasn’t the statement “I’m an fbi agent” been POSTed to a server several times in the course of this thread?

Use/mention distinction

I’m an fbi agent

It is good that you have turned away from the regrettable days of your past

"ɢʀᴇᴇᴛɪɴɢs ғᴇʟʟᴏᴡ ғʙɪ ᴀɢᴇɴᴛ"

Interesting post. One detail I don’t see is how the ROE info actually tells you what currency to convert to. I see the exchange rate calculation but how do you know what the final units are?

I suspect it's this part:

"This ticket was priced in GBP, not INR. Because the journey originated in Manchester, the fare is denominated in the currency of the origin country: the United Kingdom."

So: the currency is the one for the country of origin.

The post is “here’s what I do”, not “here’s what you should do and then confront the team about the results.” It’s just showing you a quick way to get some insights. It’s not even guaranteeing it’s accurate, just showing you some things you might be able to draw some quick conclusions on.

I’m not sure why HN attracts this need to poke holes in interesting observations to “prove” they aren’t actually interesting.

It’s a bit reductive to call it poking holes. The author shared his valuable knowledge and I shared mine.

You said this analysis “isn’t strong enough” for an inadvisable scenario you completely invented.

Some of us have watched it ratchet up since the 80’s, when there were no such restrictions. The fact that some people hit a threshold and decide to stop putting up with it isn’t surprising.

To pick a nit, I highly doubt you bought your OS/2 hardware with euros. :D

If I used Escudos it would be useless for the folks reading my comment.

Not so, now I know the pre-EU denomination of Portguese currency

It’s ok. The pedantry was unavoidable.

My iCloud is full. Every once in a while my iPhone nags me to upgrade for a few days in a row and I tell it no and it goes away for 6 months or so. My Mac has never once nagged me about iCloud storage.

I think there’s debate (which I don’t want to participate in) over whether or not invisible characters have their uses in Unicode. But I hope we can all agree that invisible characters have no business in code, and banishing them is reasonable.

I wonder if any other men have your face and your name.