A state actor wouldn't even break a sweat getting around 2FA, individually or at scale, if the 2nd factor involves SMS (or the phone system in general) (which, for 99% percent of the 1% of people using it, it currently does):
I've changed the title to reflect the size but there is no story here without the link. What would you have done? I ask not to confront but rather to learn.
I didn't feel completely comfortable posting the link but thought it was better that it's out there (and it looks like it's not even new according to comments).
There appear to be no malicous/unsafe <scripts/> at the moment. No HTML tags.
Just one email per line, and a colon (:) delimiter for the password.
The MD5 hash is:
c1d5f3998459acea8d32937a4485c0b7
Availability is spotty. The server is refusing connections, probably due to high load.
The IP address resolved to:
81.4.110.159
I don't think the direct link is out of line. Some users might need guidance on how to safely inspect the file.
In terms of HN community conventions and common behaviors, people will often submit a question like "Ask HN: Lorem Ipsum..." and then provide follow-up details in the message body, including relevant information, such as the details I've provided above.
This way, if the owner of the resource at the address starts serving up malware, users can verify the content before consuming it.
These are merely community memes though. Not any sort of auspicious, high-minded "best practices as prescribed by experts" or anything. Just some stuff a bro might do around here.
Also, WHOIS info might be useful, if safety or malware is a concern...
This doesn't preclude the domain owner having been pwnt and used as a patsy. Or even whether that person might have a valid reason for hosting the file?
I was just about to post this. I run OMV at home, and haven't had any problems with it.
I've used both FreeNAS and OMV, and find the OMV community more welcoming and helpful than the FreeNAS one. The FreeNAS community has organized itself with the intent of focusing exclusively on very specific very corporate use case. If you don't fit they're use case, you are bad and should feel bad. OMV on the other hand is much more open and willing to help people use adapt it to their own needs.
With the notable exception of ZFS vs EXT4, they underlying software appears to be the same, which makes the community distinction every more cogent.
For the record, I wasn't thinking of Darude's Sandstorm when I named the project. :)
EDIT: What I was thinking, at the time, was "sandbox in the cloud". But these days I like to retcon the name to be about granularity. Sandstorm's major technological innovation is fine-grained containerization, which is described in detail here: https://sandstorm.io/how-it-works
Grains of sand in a cloud is a sandstorm. Storms and clouds coming in are both said by people a lot. Synonymous in some situations. Some talk about sandstorms. It's believable that the connection was made without knowing... whatever work you're referencing. Never heard of it.
Closest role might be architect. My team is 'technical strategy and incubation', looking for discontinuously better ways of doing things.
Your project has come up a few times, generally during debate about the practicality of capability based security.
Saw you post, checked your profile for email, pinged here to give you option to reach out.
// And yes, my profile mentions I'm hiring, as most of us should be. Per my comments or background or LinkedIn, you'll see I'm a founder / CTO not a recruiter.
