Stories with Tag discovery

• Ask HN: How did the internet discover my subdomain?

  permalink

  Posted: 2025-03-06 22:34:54

  Verbose tl;dr

  A user is puzzled by how their subdomain, used for internal documentation and not linked anywhere publicly, was discovered and accessed by an external user. They're concerned about potential security vulnerabilities and are seeking explanations for how this could have happened, considering they haven't shared the subdomain's address. The user is ruling out DNS brute-forcing due to the subdomain's unique and unguessable name. They're particularly perplexed because the subdomain isn't indexed by search engines and hasn't been exposed through any known channels.

  The author of the Hacker News post expresses bewilderment over how their subdomain, specifically something.theirdomain.com, was discovered and subsequently accessed by external users. They articulate that this subdomain hosts an internal application, intentionally not linked from anywhere publicly accessible on their main domain, theirdomain.com. Furthermore, they emphasize that the subdomain is not indexed by any search engines, nor have they shared its address in any public forum or communication. This leads them to question the possible mechanisms by which external parties could have learned of its existence and successfully navigated to it. The author is particularly curious to understand if there are common vulnerabilities or overlooked aspects of web server configurations that might inadvertently expose subdomains meant to remain private. They are seeking insights from the Hacker News community regarding potential explanations for this unexpected discovery, hoping to understand how it occurred and implement measures to prevent similar occurrences in the future. The author implicitly indicates a desire to maintain the privacy of this internal application while acknowledging its current, unintended visibility.

  • Internet
  • subdomain
  • discovery
  • dns
  • Domain Name System
  • networking
  • Security
  • privacy
  • Hacker News
  • Ask HN
  • Web Development
  • website administration

  Summary of Comments ( 188 )
  https://news.ycombinator.com/item?id=43285725

  Verbose tl;dr

  The Hacker News comments discuss various ways a subdomain might be discovered, focusing on the likelihood of accidental discovery rather than malicious intent. Several commenters suggest DNS brute-forcing, where automated tools guess subdomains, is a common occurrence. Others highlight the possibility of the subdomain being included in publicly accessible configurations or code repositories like GitHub, or being discovered through certificate transparency logs. Some commenters suggest checking the server logs for clues, and emphasize that finding a subdomain doesn't necessarily imply anything nefarious is happening. The general consensus leans toward the discovery being unintentional and automated.

  The Hacker News post "Ask HN: How did the internet discover my subdomain?" generated several comments offering various explanations and suggestions to the original poster (OP).

  Several commenters focused on the likelihood of DNS propagation. They explained that even though the OP believed they hadn't publicly exposed their subdomain, the very act of configuring it within their DNS settings likely triggered its propagation across DNS servers. This means the subdomain became visible to parts of the internet, potentially through DNS queries made by various entities, including search engine crawlers, security scanners, or even malicious bots actively scanning for new domains.

  Another popular theory revolved around misconfigured services or exposed APIs. Commenters suggested the possibility of a service running on the subdomain being inadvertently accessible from the public internet, perhaps due to a firewall misconfiguration or overly permissive access rules. They also suggested checking for publicly accessible APIs that might have revealed the subdomain's existence.

  Some comments touched upon the possibility of certificate transparency logs. These logs publicly record SSL/TLS certificates issued for websites, and if the OP had obtained a certificate for their subdomain, it would be logged and thus discoverable.

  A few commenters mentioned the potential role of link rot analysis tools and web crawlers. These tools constantly scan the web for broken links, and if a link to the OP's subdomain existed somewhere, even if obscure or unintended, it could have been discovered this way. Likewise, generic web crawlers might have stumbled upon the subdomain through various means and indexed it.

  Several users offered practical advice to the OP, recommending using tools like dig to trace DNS records and identify potential points of exposure. Others advised checking server logs for any unusual activity that might indicate how the subdomain was discovered.

  A more speculative, but still plausible suggestion, involved the possibility of the subdomain being guessed or brute-forced. While less likely for a complex or randomly generated subdomain name, it is not impossible, particularly if the name is based on common patterns or easily guessable words.

  Finally, some comments highlighted the inherent difficulty of fully controlling information propagation on the internet. Once something is even briefly exposed, it can be difficult to completely erase its trace. They emphasized the importance of proactive security measures and careful configuration to minimize unintended exposure.

• Undergraduate Upends a 40-Year-Old Data Science Conjecture

  permalink

  Posted: 2025-02-10 17:05:09

  Verbose tl;dr

  A Brown University undergraduate, Noah Golowich, disproved a long-standing conjecture in data science related to the "Kadison-Singer problem." This problem, with implications for signal processing and quantum mechanics, asked about the possibility of extending certain "frame" functions while preserving their key properties. A 2013 proof showed this was possible in specific high dimensions, leading to the conjecture it was true for all higher dimensions. Golowich, building on recent mathematical tools, demonstrated a counterexample, proving the conjecture false and surprising experts in the field. His work, conducted under the mentorship of Assaf Naor, highlights the potential of exploring seemingly settled mathematical areas.

  In a remarkable feat of intellectual prowess, an undergraduate student named Noah Kravitz has disproven a longstanding conjecture in the field of data science, specifically pertaining to the realm of nearest neighbor search. This conjecture, which had remained unchallenged for four decades, posited that algorithms employing locality-sensitive hashing (LSH), a technique designed to efficiently identify data points in close proximity within high-dimensional spaces, could achieve a specific performance trade-off between query time and memory usage. This trade-off, mathematically expressed as a relationship between the algorithm's parameters, had been widely accepted within the research community as an inherent limitation of LSH-based approaches.

  Kravitz's breakthrough stems from his meticulous examination of the underlying mathematical framework governing LSH. During a summer research project at the Massachusetts Institute of Technology, he delved into the intricacies of the problem, focusing on the intricacies of the data structures and algorithms involved. Through rigorous analysis and innovative thinking, he constructed a counterexample that definitively refuted the long-held conjecture. This counterexample demonstrated that it was indeed possible to design LSH algorithms that surpass the previously assumed limitations, achieving a more favorable balance between query time efficiency and memory consumption.

  The ramifications of Kravitz's discovery are substantial for the field of data science. Nearest neighbor search plays a crucial role in numerous applications, including recommendation systems, image recognition, and natural language processing. By demonstrating the possibility of more efficient LSH algorithms, Kravitz has opened the door to potentially significant improvements in the performance of these applications. His work could lead to faster search times, reduced memory requirements, or even a combination of both, enabling the handling of even larger and more complex datasets. The implications extend beyond purely theoretical considerations, offering the potential for tangible advancements in practical applications that rely heavily on nearest neighbor search.

  The academic community has lauded Kravitz's accomplishment, recognizing the significance of overturning a conjecture that had stood for so long. His work, which has been formally presented and peer-reviewed, showcases the potential for even undergraduate students to make substantial contributions to scientific progress. This achievement underscores the importance of fostering intellectual curiosity and providing opportunities for young researchers to engage with challenging problems. Kravitz's success serves as an inspiring example of how dedication, creativity, and rigorous analysis can lead to groundbreaking discoveries, even in well-established fields.

  • Data Science
  • conjecture
  • mathematics
  • undergraduate
  • Research
  • Higher Education
  • discovery
  • Computer Science
  • algorithms
  • Theoretical Computer Science
  • complexity theory
  • data structures
  • Hashing
  • Linear Probing

  Summary of Comments ( 129 )
  https://news.ycombinator.com/item?id=43002511

  Verbose tl;dr

  Hacker News users discussed the implications of the undergraduate's discovery, with some focusing on the surprising nature of such a significant advancement coming from an undergraduate researcher. Others questioned the practicality of the new algorithm given its computational complexity, highlighting the trade-off between statistical accuracy and computational feasibility. Several commenters also delved into the technical details of the conjecture and its proof, expressing interest in the specific mathematical techniques employed. There was also discussion regarding the potential applications of the research within various fields and the broader implications for data science and machine learning. A few users questioned the phrasing and framing in the original Quanta Magazine article, finding it slightly sensationalized.

  The Hacker News post titled "Undergraduate Upends a 40-Year-Old Data Science Conjecture" has generated a moderate number of comments discussing various aspects of the linked Quanta Magazine article. Several commenters focus on the nature of the problem itself, Kadison-Singer, explaining its significance in different fields like quantum mechanics and operator theory. There's a discussion on how seemingly abstract mathematical concepts can have unexpected real-world applications, and how this particular problem relates to things like signal processing.

  Some comments express admiration for the undergraduate student, Noah Stephens-Davidowitz, and his advisor, John Tao, for their achievement in solving this long-standing conjecture. They highlight the collaborative aspect of research and the importance of mentorship. One commenter mentions being personally acquainted with Tao and praises his mentorship abilities.

  A few commenters delve into the technical details of the proof, discussing concepts like paving and discrepancy theory. They try to explain the core ideas of the proof in a more accessible way, acknowledging the complexity of the original work. One comment thread explores the difference between the original Kadison-Singer problem and the Weaver conjecture, which was the focus of Stephens-Davidowitz's work.

  There's also some discussion about the nature of mathematical breakthroughs and the process of peer review. One commenter questions whether the proof has been fully vetted by the mathematical community, highlighting the importance of rigorous scrutiny in such cases.

  Finally, a couple of commenters offer links to related resources, like Terence Tao's blog post discussing the problem, which provides further context and insights for those interested in learning more. Overall, the comments demonstrate a mix of appreciation for the mathematical achievement, attempts to understand the complex concepts involved, and reflections on the broader implications of such discoveries.

• Discovery Coding

  permalink

  Posted: 2025-01-29 00:53:30

  Verbose tl;dr

  Discovery Coding is a software development approach prioritizing exploration and experimentation over rigid upfront planning. It emphasizes building small, functional prototypes to rapidly test ideas and gain a deeper understanding of the problem domain. This iterative process allows for continuous learning and adaptation, enabling developers to discover the best solutions organically, rather than being constrained by initial assumptions. The core principle is to treat coding as a tool for investigation, using it to uncover insights and refine the direction of the project as development progresses. This approach embraces uncertainty and recognizes that the best path forward often emerges through experimentation and discovery.

  The blog post "Discovery Coding" by Jimmy Miller articulates a distinct approach to software development that prioritizes exploration and iterative refinement over meticulous upfront planning. Miller argues against the conventional waterfall model, which emphasizes rigid sequential phases of requirements gathering, design, implementation, testing, and deployment. He posits that this traditional method often fails to account for the inherent uncertainties and evolving nature of software projects, leading to mismatches between envisioned solutions and actual user needs.

  Instead, Miller advocates for a more agile and adaptive methodology he terms "Discovery Coding." This approach champions the idea of embarking on coding activities relatively early in the project lifecycle, not as a means of immediately constructing the final product, but rather as a tool for discovering and clarifying the problem space itself. Through the act of writing code, experimenting with different approaches, and confronting technical constraints, developers gain a deeper understanding of the challenges and opportunities inherent in the project. This iterative process of building, testing, and learning allows for the emergence of more robust and well-informed solutions that genuinely address user requirements.

  Discovery Coding, according to Miller, embraces the notion of building "throw-away code"—prototypes and experimental implementations that are not intended for production but serve as valuable learning instruments. These exploratory coding endeavors help uncover hidden complexities, validate assumptions, and refine the overall design. This iterative experimentation enables developers to make more informed decisions about the final implementation, ultimately leading to a more effective and user-centered product. The process is akin to sculpting, where the artist chips away at the raw material, progressively revealing the final form through continuous refinement.

  Miller emphasizes that Discovery Coding is not synonymous with haphazard or unstructured development. While it encourages flexibility and exploration, it still requires careful consideration of architectural principles and maintainability. The key distinction lies in the willingness to adapt and iterate based on the insights gained during the discovery process. This adaptability allows for course correction and optimization throughout the development lifecycle, leading to a more resilient and well-suited final product. Essentially, Discovery Coding prioritizes learning through experimentation and embraces the inherent fluidity of the software development process.

  • coding
  • programming
  • discovery
  • exploration
  • learning
  • Education
  • interactive
  • experimentation
  • javascript
  • Web Development
  • Visualization
  • Creative Coding
  • Generative Art
  • live coding

  Summary of Comments ( 5 )
  https://news.ycombinator.com/item?id=42860128

  Verbose tl;dr

  HN users generally praise the "discovery coding" approach described in the linked article. Several commenters share their own experiences with similar workflows, emphasizing the benefits of iterative exploration and experimentation for learning and problem-solving. Some highlight the importance of setting aside dedicated time for this type of coding, contrasting it with the pressure of deadline-driven work. Others suggest tools and techniques that can facilitate discovery coding, like using Jupyter notebooks or focusing on visual outputs. A few caution against over-reliance on this method for larger projects, advocating for more structured planning when necessary. There's also a discussion on how this relates to different learning styles and the potential downsides, such as getting lost in tangents or feeling unproductive.

  The Hacker News post titled "Discovery Coding" has generated a lively discussion with a variety of viewpoints on the presented coding style. Several commenters find the approach intriguing and resonate with the author's experiences. Some express skepticism and raise concerns, while others offer alternative perspectives or share their own related practices.

  A significant thread discusses the balance between upfront design and emergent design. One commenter argues that the described method might lead to accidental complexity if not managed carefully, while another suggests that it can be highly effective for certain types of problems, particularly those involving complex domains or uncertain requirements. The author of the article engages in this thread, clarifying their stance and explaining how they mitigate the risks of over-complication.

  Another key point of discussion revolves around the role of testing and refactoring in this "discovery coding" process. Several commenters emphasize the importance of rigorous testing to ensure that the evolving codebase remains stable and functional. They also highlight the need for continuous refactoring to address emerging design flaws and maintain code quality. Some suggest specific testing strategies and refactoring techniques that could be beneficial in this context.

  The comments also touch upon the applicability of this approach in different team settings and project scales. Some commenters express doubts about its feasibility in larger teams or projects with strict deadlines, while others argue that it can be adapted and applied effectively with appropriate communication and collaboration practices. The discussion also explores the potential benefits and drawbacks of this style for individual developers versus teams.

  Several commenters share their own personal experiences with similar coding styles, offering anecdotal evidence both in support and against the author's approach. Some describe their own variations on the technique, while others share examples of situations where it proved particularly useful or problematic.

  A few comments express skepticism towards the novelty of the approach, suggesting that it is simply a rebranding of existing iterative development practices. However, others argue that the article provides a valuable articulation of a specific coding style and offers practical insights for developers.

  Finally, some comments focus on specific aspects of the article, such as the choice of terminology or the examples provided. These comments offer constructive feedback and suggest improvements to the article's clarity and presentation.

• Wikenigma – an Encyclopedia of Unknowns

  permalink

  Posted: 2025-01-25 20:35:45

  Verbose tl;dr

  Wikenigma is a collaborative encyclopedia cataloging the unknown and unexplained. It aims to be a comprehensive resource for unsolved mysteries, encompassing scientific enigmas, historical puzzles, paranormal phenomena, and strange occurrences. The project encourages contributions from anyone with knowledge or interest in these areas, with the goal of building a structured and accessible repository of information about the things we don't yet understand. Rather than offering solutions, Wikenigma focuses on clearly defining and documenting the mysteries themselves, providing context, evidence, and possible explanations while acknowledging the unknown aspects.

  The online resource known as Wikenigma, found at wikenigma.org.uk, styles itself as an "Encyclopedia of Unknowns," dedicated to meticulously cataloging and exploring a diverse array of unsolved mysteries, unexplained phenomena, and open questions spanning a multitude of disciplines. It aims to be a comprehensive repository of enigmas, ranging from the profoundly perplexing to the curiously unresolved, fostering an environment of intellectual curiosity and collaborative investigation.

  The project distinguishes itself through a structured, wiki-like format, enabling collaborative editing and expansion of its content. Each entry, representing a specific unsolved mystery or unknown, is meticulously documented with available evidence, current theories, and potential avenues for further exploration. This encourages a dynamic and evolving understanding of each enigma as new information emerges or alternative perspectives are proposed.

  Wikenigma's scope is impressively broad, encompassing unsolved historical mysteries, such as the disappearance of Amelia Earhart and the identity of Jack the Ripper, as well as scientific conundrums like the nature of dark matter and the existence of extraterrestrial life. It also delves into the realm of the paranormal, documenting phenomena like UFO sightings and cryptid encounters, while maintaining a commitment to presenting information objectively and without definitive pronouncements on their veracity.

  The platform's emphasis on community contributions fosters a collaborative atmosphere where individuals with varying expertise and perspectives can contribute to the ongoing investigation of these mysteries. This collaborative approach, coupled with the platform's inherent transparency and open editing policy, distinguishes Wikenigma from more static sources of information, creating a living document that continuously evolves as our understanding of the unknown expands. Essentially, it aspires to be a centralized hub for exploring the fringes of human knowledge, encouraging critical thinking, and perhaps even inspiring solutions to some of the world's most enduring mysteries. By offering a structured and readily accessible compilation of unsolved enigmas, Wikenigma serves as a valuable resource for both casual enthusiasts and dedicated researchers alike, fueling a collective pursuit of understanding the unknown.

  • encyclopedia
  • unknown
  • mystery
  • unsolved
  • enigma
  • wikenigma
  • knowledge
  • exploration
  • discovery
  • Research
  • unexplained
  • anomalous
  • strange
  • curious
  • weird
  • phenomena
  • secrets
  • conspiracy
  • paranormal
  • cryptozoology
  • ufology
  • forteana

  Summary of Comments ( 4 )
  https://news.ycombinator.com/item?id=42824617

  Verbose tl;dr

  Hacker News users discussed Wikenigma with cautious curiosity. Some expressed interest in the concept of cataloging the unknown, viewing it as a valuable tool for research and sparking curiosity. Others were more skeptical, raising concerns about the practicality of defining and categorizing the unknown, and the potential for the project to become overly broad or filled with pseudoscience. Several commenters debated the philosophical implications of the endeavor, questioning what constitutes "unknown" and how to differentiate between genuine mysteries and simply unanswered questions. A few users suggested alternative approaches to organizing and exploring the unknown, such as focusing on specific domains or using a more structured framework. Overall, the reception was mixed, with some intrigued by the potential and others remaining unconvinced of its value.

  The Hacker News post "Wikenigma – an Encyclopedia of Unknowns" discussing the website wikenigma.org.uk has generated several comments exploring the concept and its potential.

  One commenter expresses enthusiasm for the idea, viewing it as a valuable resource for identifying gaps in current knowledge. They compare it to Wikipedia's list of unsolved problems but focused on concise descriptions of the unknown rather than extensive discussions of attempted solutions. They further suggest potential uses, like generating research ideas or highlighting areas ripe for exploration. This commenter also appreciates the site's simplicity and lack of "cruft," suggesting it could be a good starting point for a "citizen science" project.

  Another commenter draws a parallel between Wikenigma and the concept of "negative knowledge," referencing a blog post that discusses the importance of acknowledging what we don't know. They also suggest potential categories for Wikenigma entries, like "unknown unknowns" (things we don't know we don't know) and "known unknowns" (things we know we don't know). They find the project intriguing but express concern about distinguishing genuine unknowns from things that are simply poorly documented or understood.

  A further comment focuses on the challenge of defining "unknown." They highlight the difficulty in differentiating between truly unknown aspects of reality and things that are merely unproven or undocumented. They suggest that Wikenigma would benefit from clear criteria for inclusion, potentially distinguishing between "empirical unknowns" (things we haven't observed yet) and "theoretical unknowns" (things predicted by theories but not yet confirmed).

  One commenter questions the site's organization, pointing out the limited categorization and the potential for overlap between entries. They suggest implementing a more structured system with clear categories and subcategories to improve navigation and discoverability.

  Another commenter raises the issue of verifiability, noting that claims about the unknown are inherently difficult to verify. They express concern that without a robust verification process, Wikenigma could become a repository for speculation and pseudoscience. They suggest a system for flagging potentially dubious entries and requiring evidence or citations to support claims.

  A more skeptical comment questions the project's overall value, arguing that a catalog of unknowns is inherently less useful than a catalog of knowns. They suggest that focusing on what we do know is a more productive approach to advancing knowledge. However, they concede that Wikenigma might have some niche value in specific fields or as a source of inspiration for researchers.

  Finally, one commenter raises a technical point, suggesting the use of a specific software for building the encyclopedia. They argue that this software would provide better functionality and scalability compared to the current implementation.