Hackernews Daily

The Podcast Collective

MasterCard's DNS blunder highlights cybersecurity risks as researcher steps in to save the day đź”’

1/23/2025

DNS Misconfiguration at MasterCard

A critical DNS misconfiguration at MasterCard allowed the domain "akam.ne" to be registered by security researcher Philippe Caturegli, preventing potential exploitation that could have led to credential leaks. MasterCard downplayed the threat, stating there was "never any real threat.” Caturegli's ethical security practices faced resistance, which raises concerns about organizational responses to vulnerabilities.

Improving WFH Lighting to Reduce Eye Strain

In "How to Improve Your WFH Lighting to Reduce Eye Strain," Russell Baylis discusses the impact of lighting on reducing eye strain in home work environments. He advocates for even, diffused lighting and suggests the 20/20/20 rule for breaks to mitigate discomfort. The article illustrates practical adjustments, such as utilizing natural light and ambient lamps, to enhance workspace comfort.

EdgeDB's Migration Issues with ARM64

Developers migrating EdgeDB's code from Python to Rust faced a crash on ARM64 CI runners due to C's non-thread-safe standard library. The use of getenv and setenv led to environment variable corruption, exposing multithreading flaws. The crash underscored the complexities of combining C libraries with Rust, prompting plans to transition to rustls for better thread management.

gRPC vs. OpenAPI vs. REST

Google Cloud's article outlines distinctions among gRPC, OpenAPI, and REST, emphasizing gRPC's performance for internal services despite its complexities. REST is favored for ease of debugging and integration. Developer feedback reflects a split opinion on gRPC—its efficiency praised alongside concerns about tooling and the steep learning curve it presents for teams.

Open-Source Laptop Development by Byran

Byran developed a fully open-source laptop named "anyon_e" over six months, featuring a 4K AMOLED display and a detachable mechanical keyboard. This project combines hardware and software expertise, showcasing perseverance in overcoming engineering challenges. Byran aims to democratize tech by making the laptop easily modifiable and accessible for DIY enthusiasts.


Mastercard DNS error went unnoticed for years

A significant cybersecurity incident recently came to light concerning MasterCard, where a DNS misconfiguration went unnoticed for nearly five years. The security researcher Philippe Caturegli discovered that the domain "akam.ne," meant to be "akam.net," remained unregistered and unprotected, allowing him to register it and prevent potential exploitations that could lead to data interception and credential theft. Despite the gravity of the error, MasterCard downplayed the situation, asserting there was "never any real threat," reflecting a potentially alarming attitude toward cybersecurity vulnerabilities.

The misconfiguration stemmed from a simple typographical error that persisted from June 2020 until early 2025. Caturegli acted swiftly to secure the domain for a nominal fee, subsequently monitoring the incoming DNS requests intended for MasterCard. His actions raised awareness about the broader risks associated with such oversights in domain management, emphasizing that a seemingly minor mistake can expose sensitive information and create substantial security flaws in major corporations' infrastructures.

Community responses reflected a mix of concern and disappointment regarding MasterCard's handling of the situation. Many commenters highlighted the need for organizations to take DNS management seriously, further noting that Caturegli’s approach to responsible disclosure was commendable. Critiques also pointed to MasterCard's communication style, suggesting it could discourage ethical security reporting, thereby further endangering the security landscape. As this incident demonstrates, even large entities can fall prey to simple, preventable mistakes, prompting discussions about increased vigilance and improved cybersecurity protocols.

How to improve your WFH lighting to reduce eye strain

Lighting plays a crucial role in reducing eye strain for those working from home. A recent piece by Russell Baylis discusses various approaches to optimizing lighting to enhance comfort and productivity in remote work environments. He emphasizes the importance of using even, diffused lighting to minimize glare and harsh contrasts that can lead to discomfort. Notably, he introduces the 20/20/20 rule—taking a 20-second break to look at something 20 feet away every 20 minutes—as a practice to help alleviate eye strain.

In his exploration, Baylis outlines the benefits of natural light coupled with quality artificial lighting, highlighting how proper window treatments and lamp placements can transform a workspace. He shares details of his own workspace adjustments, such as incorporating ambient lighting and window filters, leading to a notable improvement in daily comfort levels. The article merges technical insights with practical advice, aiming to make the information accessible to a broad audience seeking better home office conditions.

Community responses to the article reveal widespread engagement with the topic of eye strain in remote work setups. Readers shared personal anecdotes about their struggles with lighting and eye comfort, often resonating with Baylis's experiences. Some commenters emphasized the need to balance aesthetics with practicality in lighting choices, while others humorously noted the challenge of achieving the "perfect" lighting that accommodates both work needs and video conferencing demands. Overall, the dialogue underscores the relevance of workplace ergonomics in today's remote work culture.

C stdlib isn't threadsafe and even safe Rust didn't save us

In migrating EdgeDB's network I/O code from Python to Rust, developers faced a significant challenge on ARM64 architecture due to the non-thread-safe nature of the C standard library. Specifically, they encountered an elusive crash during testing that was traced back to concurrent usage of the getenv and setenv functions, which led to indefinite hangs in their Rust-based HTTP feature utilizing the reqwest library. The issue highlighted the complexities of working with C libraries from Rust in a multithreaded environment.

As the investigation progressed, the team initially speculated about deadlocks caused by the differing memory models of ARM64 and x86_64 systems. However, the root cause was revealed to be environment variable corruption due to the simultaneous execution of setenv and getenv in different threads. In response, the developers are planning to adopt rustls instead of leveraging the native TLS backend to avoid similar threading pitfalls in the future.

In the discussion on Hacker News, commenters underscored the inherent risks of utilizing non-threadsafe C libraries within multithreaded applications. Many highlighted the complexities involved in debugging such issues, with one noting that “setenv is not a safe function to call in a multithreaded environment.” The conversation sparked a deeper analysis of Rust’s safety guarantees in conjunction with C’s threading problems, reflecting a shared concern over ensuring proper memory management and thread safety in contemporary programming practices.

Understanding gRPC, OpenAPI and REST and when to use them in API design

The article provides a comprehensive analysis of gRPC, OpenAPI, and REST, outlining when to effectively utilize each technology in API design. It highlights gRPC as a strong candidate for high-performance internal service communication, particularly suited for microservices architectures. However, the article notes the complexities and steep learning curve associated with gRPC, which may lead to frustration among developers, especially in cases of integration with non-Google ecosystems.

In addition to gRPC's benefits, the article emphasizes REST and OpenAPI for their superior ease of use and integration capabilities. OpenAPI stands out as a robust documentation tool that enhances API understanding and management, making it an attractive choice for developers who prioritize simplicity and accessibility. The discussion points toward a balanced approach to API selection, encouraging consideration of each project's specific requirements, team capabilities, and the diverse technology environments in which APIs will operate.

The Hacker News comments reflect a mixture of experiences with gRPC, where some praise its efficiency but many acknowledge the challenges posed by its complexity. A recurring sentiment from users suggests that while gRPC can be powerful, developers new to the system often struggle, leading to a preference for REST in projects with varied client technologies. One commenter concisely stated, “if your API is REST, clients never have to understand the format of your URLs,” underscoring the practical advantages of REST’s accessibility over gRPC’s structured constraints.

Show HN: I made an open-source laptop from scratch

Byran's recent project of constructing a fully open-source laptop from scratch titled "anyon_e" showcases a compelling blend of technical skill and open-source philosophy. After six months of development, the laptop features impressive specifications such as a 4K AMOLED display, a Rockchip RK3588 processor, and a detachable mechanical keyboard. Byran's journey emphasizes persistence through numerous engineering challenges, ultimately aiming to provide a platform for community engagement and innovation in hardware development.

The article delves into the intricate design process, addressing the selection of components and the collaborative nature of open-source projects. Byran documents the hurdles faced along the way, from reverse-engineering display signals to integrating various systems within the laptop. This experience reflects not only technical ingenuity but also a commitment to making the design accessible for others interested in DIY projects, thus fostering a culture of creativity and sharing within the community.

Community reactions are notably appreciative, recognizing the project's complexity and Byran's personal narrative. Commenters express admiration for both the technical execution and the broader implications of creating open-source hardware. There is a lively discussion about the significance of accessible technology and the potential for encouraging similar initiatives. Many highlight the value of community resources while sharing their thoughts on the innovative possibilities that arise from collaborative efforts, embodying a spirit of mutual support in the tech community.