I didn't even notice it until you pointed it out, but I checked that account's comment history and it uses em dashes. Also, "the database history itself is the active distribution vector" Is just semantic nonsense.
I still have a basic assumption that if something I'm reading doesn't make much sense to me, I probably just don't understand it. Over the last few years I've had to get used to the new assumption that it's because I'm reading LLM output.
I've also always used em-dashes, it's not a very reliable indicator. That style is a dead giveaway, though. Some of its comments seem to be written by a human, but several definitely aren't.
I've been spending less and less time here, the moderation is obviously overwhelmed and is losing the battle.
As someone on the Wikipediocracy forums pointed out, basemetrika.ru does not exist. I get an NXDomain response trying to resolve it. The plot thickens.
I registered it about 40 minutes ago, but it seems the DNS has been cached by everyone as a result of the wikipedia hack & not even the NS is propagating. Can't get an SSL certificate .
I had looked into its availability too just out of curiosity itself before reading your comment on a provider, Then I read your comment. Atleast its taken in from the hackernews community and not a malicious actor.
Do keep us updated on the whole situation if any relevant situation can happen from your POV perhaps.
I'd suggest to give the domain to wikipedia team as they might know what could be the best use case of it if possible.
Not quite sure which channels I should reach out via but I've put my email on the page so they can contact me.
Based on timings, it seems that Wikipedia wasn't really at risk from the domain being bought as everything was resolved before NS records could propagate. I got 1 hit from the URL which would've loaded up the script and nothing since.
Its misinformation that the malicious script loaded that domain. The malicious script did have a url with that domain in it, but it wouldnt load javascript from it (possibly due to a programming mistake/misunderstanding by the author, its kind of unclear what the original intent was)
I'm not questioning whether or not they have Ukrainian employees, I'm questioning the statement "Namecheap is Ukrainian". That post+comment does not address that. McDonalds has employees in Vietnam but McDonalds is not Vietnamese.
Pretty sure it is, however, the reverse is actually illegal (for US citizens to provide professional services to anyone residing in Russia) as of like 2022-ish
Make sure you support LGBT rights by superimposing a rainbow over your rainbow, but only in the countries where LGBT people already have rights - it would be bad for business to do it in those other countries.
"In 2023, the United States imported U3O8 and equivalents primarily from Canada, Australia, Russia, Kazakhstan, and Uzbekistan. The origin of U3O8 used in U.S. nuclear reactors could change in the coming years. In May 2024, the United States banned imports of uranium products from Russia beginning in August, although companies may apply for waivers through January 1, 2028."
If anyone is genuinely curious about this, they were indeed letting Russian gas through and stopped in 2025:
> On 1 January 2025, Ukraine terminated all Russian gas transit through its territory, after the contract between Gazprom and Naftohaz signed in 2019 expired. [...] It is estimated that Russia will lose around €5bn a year as a result.
I don't think voting with your wallet constitutes virtue signaling, especially at a time when end user boycotting is one of the universally known methods of protest.
I am a pragmatist so maybe I will never understand this line of thinking. But in my mind, there are no perfect options, including doing nothing.
By doing nothing, you are allowing a malicious actor to buy the domain. In fact I am sure they would love for everyone else to be paralyzed by purity tests for a $1 domain.
All things being equal, yeah don’t buy a .ru domain. But they are not equal.
> Also the language that has made me millions over my career with no degree.
Well done.
> Also the language that allows people to be up and running in seconds (with or without AI).
People getting up and running without any opportunity to be taught about security concerns (even those as simple as the risks of inadequate input verification), especially considering the infamous inconsistency in PHP's APIs which can lead to significant foot-guns, is both a blessing and a curse… Essentially a pre-cursor to some of the crap that is starting to be published now via vibe-coding with little understanding.
PHP is a fine language. It started my career. That said, it has a lot of baggage that can let you shoot yourself in the foot. Modern PHP is pretty awesome though.
Yeah of course PHP isn't the only programming language you can write bugs in. I don't think you can make it impossible to shoot yourself in the foot, but PHP gives you more opportunities than some other languages, especially with older PHP standard library functions.
One thing I particularly hate is when functions require calling another function afterwards to get any errors that happened, like `json_decode`. C has that problem too.
Problems don't make it a _bad_ programming language. All languages have problems. PHP just has more than some other languages.
Yeah. It's funny how companies don't like to hire people that use tools correctly, but insist on creating tools that allow them to hire cheaper, less-qualified people.
PHP works fine, if you're a halfway decent programmer. Same with C++.
Try not to take criticisms of tools personally. Phillips head screws are shit for a great many applications, while simultaneously being involved in billions of dollars of economic activity, and being a driver that everyone has available.
Yep, that's the sad truth - a language popularity often has nothing to do with it's security properties. People will happily keep churning out insecure junk as long as it makes them millions, botnet and data compromises be damned.
I can't edit nor be bothered to reply to all of the negative responses so I'll put it here.
Pretty much all of you missed the larger point. PHP was what allowed me to not work in retail forever, buy a forever house, never have to worry about losing my job (this may change in the future with AI) or being at risk for redundancy, having chosen to only work for small, "normal" well run profitable businesses.
Unless you're building a hyper scale product, it does the job perfectly. PHP itself is not a security issue; using it poorly is, and any language can be used poorly. PHP is still perfectly suitable for web dev, especially in 2026.
I've not used PHP in anger in well over a decade, but if the general environment out there is anything like it was back then there are likely a lot of people, mostly on cheap shared hosting arrangements, running PHP versions older than that and for the most part knowing no better.
That isn't the fault of the language of course, but a valid reason for some of the “ick” reaction some get when it is mentioned.
> languages like nodejs are far worse due to dependency rot
Yep. Node-based projects sometimes get an “ick” reaction from me similar to PHP ones for that reason. In this case it also isn't really the languages fault, but the way people have built the ecosystem around it.
I don't know about Australia, but there's a page here detailing some of the sites that got shut down because of the OSA in the UK: https://onlinesafetyact.co.uk/in_memoriam/
A lot of the arguments I see in this thread are about whether modern mainstream social media are bad for young people. When the debate becomes about that, it's very easy to defend these types of Orwellian laws. It becomes "This is a problem, therefore the solution is good", without questioning the solution itself. I think this type of thinking is demonstrated, or perhaps exploited, very well by this article (I'm not implying the WEF is secretly behind everything, I'm just using this as an example):
The first part of that article is an absolutely scathing, on-point criticism of mainstream social media. I find myself agreeing with everything said, and then, suddenly, seemingly out of nowhere, the article pivots to "therefore we need completely 24/7 mass surveillance of everyone at all times and we need to eradicate freedom of speech". That article is like a perfect microcosm of this entire international shift in internet privacy.
People and their governments seem to agree that modern social media is a problem. The difference is why. The people think it's a problem because it harms people; governments think it's a problem because they don't control it.
I think that the root cause of this shift to mass surveillance is that people in democratic countries still have a 20th-century concept of what authoritarianism looks like. Mass surveillance is like a novel disease that democracies don't yet have any immunity to; that's why you see all these "it's just like buying alcohol" style false equivalences, because an alarming number of people genuinely don't understand the difference between normal surveillance and mass surveillance.
Australia is a Five Eyes country, with carte blanche access to data that the incumbent social media companies freely share with all the acronym deep-state authorities.
Could you elaborate further on how preventing a sizeable proportion of its citizens from communicating through these established spy-nets, causing them to disperse out to unpredictable alternatives they might not be able to control, increases mass surveillance?
That's definitely an interesting argument I haven't seen before.
I suppose it depends on how effective these types of measures actually are, and also on how many adults refuse to identify themselves. I would assume governments are more interested in spying on adults than under-16s, so the adults are probably more relevant here.
I hope you're right, though. Maybe there'll be a renaissance of smaller platforms. Probably not, but I can hope.
This legislation left it entirely up to the service providers to determine implementation, and so far they don't seem particularly motivated to disrupt my usage by asking me to prove my age.
My suspicion is that fairly simple heuristics of age estimation, combined with social graph inspection, are probably enough to completely disrupt the network effects of "social media" for kids, and achieve the stated objectives well enough that I never have to.
Maybe it turns out that I'm wrong, but why even risk it? If the true policy goal is extending mass-surveillance, why waste so much political capital on such a round-about approach which might yield nothing, or even set back your existing capabilities.
MyID (myid.gov.au) already exists, and could easily have been mandated, or "recommended", or even offered as a means of age verification now. But it wasn't.
Well, no one is suggesting 24/7 surveillance, we’re suggesting banning children from using social media, as it has demonstrably very harmful effects on their education and wellbeing.
It’s not Orwellian. If it were, then not allowing kids to vote or drink before they become adults would be Orwellian.
We are simply banning kids from a harmful activity until they are old enough to decide for themselves. The ban has to be at a social level decided by the democratic process, because there’s a coordination problem here: it’s not a harm that can be remedied at the level of the individual.
The real villains here are the social media companies that have profited from the misery and manipulation of children, to their ultimate harm.
I find it hard to believe anyone would argue in good faith against this ban. In tech circles there are a lot of vested interests that don’t want other governments to protect the children in their countries from harmful products. Shame on them.
You've basically just confirmed what I said at the end, that democracies have no immunity to mass surveillance. 24/7 surveillance may have been an exaggeration but not by much, really. Age verification, as it exists now, inevitably means mass surveillance, in particular tying real life identities to political beliefs and porn preferences on a mass, computerised scale. If you're too young to remember the Snowden leaks I can maybe understand why you'd think mass surveillance is not an inevitable consequence of age verification, but I'm old enough to remember them, so I think it is. The existence and impact of mass surveillance seem to be invisible to you.
> It’s not Orwellian. If it were, then not allowing kids to vote or drink before they become adults would be Orwellian.
To be clear: What do you think you're refuting? I don't think children should be on modern social media. I don't think anyone should be, but especially not children. There are plenty of ways of going about this. This is why I said:
> A lot of the arguments I see in this thread are about whether modern mainstream social media are bad for young people. When the debate becomes about that, it's very easy to defend these types of Orwellian laws. It becomes "This is a problem, therefore the solution is good", without questioning the solution itself.
You then claim that the tech industry, and by extension "tech circles", don't like this because it means they make less money. I'm not sure how forcing companies whose business model is based on surveillance capitalism to do even more surveillance would hurt them, but if it does, it's still not my concern anyway. And conflating random hackers like me with "big tech" seems to have become increasingly common recently.
> It becomes "This is a problem, therefore the solution is good", without questioning the solution itself.
This is a very simplified view. The topic has been disputed for years, and societies has tried to find alternative solutions. But turns out, there is no other well enough working solution at the moment, hence the nuclear option. And sometimes that is the only working option anyway.
Should be noted, this is not a first. Social Media has already been restricted to various degree for kids of certain ages in several countries. Australia is just raising the age from the usual 12, 13 up to 16.
> I find myself agreeing with everything said, and then, suddenly, seemingly out of nowhere, the article pivots to "therefore we need completely 24/7 mass surveillance of everyone at all times and we need to eradicate freedom of speech".
So it's a poor article, so what? These attempts are not new. There are regularly political attempts pushing towards stricter regulations and more surveillance. Some work, some not.
> That article is like a perfect microcosm of this entire international shift in internet privacy.
There is no shift. Those views have always been there, even before the internet. This is a normal part of societies, including democratic. There is a constant power-struggle between control and liberty in any society, and the balance is always shifting depending on how good or bad certain problems are at that moment.
But a certain thing which is missing here BTW is a complete ban of all open media, for everyone in all ages and groups. For Government, kids on social media are not a big problem, that will only bite them in the decades to come. But people now, today, who are getting radicalized against the standing order, those are a problem. And nobody demanding for a ban is good sign for a healthy enough democracy. Because think about in which countries this is not the case..
I believe their point was to illustrate the disconnect between the problem and the solution.
They agree with the problem, and experienced "whiplash" when the solution was described.
> For Government, kids on social media are not a big problem, that will only bite them in the decades to come.
In Australia the kids on social media are a problem for the government, today.
A 16 year old is less than two years away from voting.
Successive governments have laughed at the idea of lowering the voting age to 16 or 17.
The government has very little influence on social media -- this is different to older forms of media / communication.
I think this reflects one of the biggest fallacies behind LLM adoption; the idea that reducing costs for producers improves the state of affairs for consumers too. I've seen someone compare it to the steam engine.
With the steam engine, though, consumers made a trade-off: You pay less, and get (in most cases, I presume) a worse product. With LLMs and other machine learning technologies, maybe if you're paying for the software there's a trade-off (if the software is actually cheaper anyway), but otherwise it doesn't exist. It costs the same amount of money for you to read an LLM-generated article as to read a real one; your internet bill doesn't go down. Likewise for gratis software. It's just worse, with no benefit.
Hacker News is full of producers, in this sense, who often benefit from cutting corners, and LLMs allow them to cut corners, so obviously there are plenty of evangelists here. I saw someone else in this comment section mention that gamers who are not in the tech industry don't like "AI". That's to be expected; they're not the producers, so they're not the ones who benefit.
"This year, the UK also passed a mandate for age verification—the Online Safety Act—"
No we didn't. That was 2023, and it went into effect in multiple phases, the last of which I believe was July 25th this year.
Also, I can't help but wonder what young people now will think of these laws years later, as adults. In the UK, the OSA tries to prevent 17 year olds from watching porn, even though the age of consent here is 16. How will they remember contradictions like that?
I was incredibly surprised to find that this actually is a computer. Normally when you hear about a "computer" constructed in an unusual medium, it turns out to just be a binary adder or an analogue computer. I've learned to expect disappointment.
I still have a basic assumption that if something I'm reading doesn't make much sense to me, I probably just don't understand it. Over the last few years I've had to get used to the new assumption that it's because I'm reading LLM output.