29 comments

[ 2.5 ms ] story [ 69.0 ms ] thread
What is going on with this site?
Designer bros in skinny jeans sipping lattes wanting to disrupt reading because it's outdated.
Sorry to say that I had to give up on reading this because the scrolling animations were so distracting.
Why did they have to add the super slow scroll lag? That ruined the whole site.
I'm a big-time 'less is more' advocate. Please do not mess with my inputs unless you are making a video game, and even then...

To any designers out there, really ask yourself if you can engineer better scrolling than what is built into our devices already. Maybe 10 years ago you could have and it would be easy, but web browsers on every platform are pretty good right now in terms of handling our inputs.

I would love an HN "AMA" from someone who built one of these monstrosities, to understand how their company processes work/fail, resulting in a work product like this. Doesn't anyone at any point through design/development/deployment speak up and say "Uhh... am I the only one who can see how awful this is?"
(comment deleted)
Had no problems with JavaScript turned off.
I get that these animated articles are nice to look at, but please... STOP overriding my scroll speed!
Forced scroll speed, weirdly distracting font... but the story's good.
Not to mention turning your mouse pointer into some sort of fuzzy ball. Because that's exactly what you need in a pointer, fuzziness and imprecision.
This website lags on my MacBook Pro M1 Max. Who thinks this is acceptable?
Website crashes Safari on iPhone while scrolling.
I reverse engineered a sketchy link I got in an SMS. I opened up Tor, then went to a URL 'de-shortener' service. Furthermore, I saw an interstitial page with a JavaScript payload in it, and it was all obfuscated and obviously coded to hide what it was doing.

I could have gone further and unpacked the code, beautifying it to see what 0 day it was leveraging, but I didn't proceed further. Obviously, this was designed to take over my device. Luckily, my default browser is Firefox with JavaScript turned off, so it wouldn't have been able to execute if I did click on the link.

> then went to a URL 'de-shortener' service

To get the last URL in a redirect chain with `curl`:

  curl --silent --location --output /dev/null --write-out '%{url_effective}' 'URL HERE'
Does this make your device 'follow' that URL?

As someone who is responsible for abuse reports, one of the things I like about services such as hybrid-analysis, joe's sandbox, urlscan.io etc is that I can get some info about a link without having to worry about my local computer or maintain a sandbox.

Also, a lot of sketch URLs belong to 'booters' and exist only to collect the IP address of whatever connects to them so someone can ddos it later.

So in my case I don't want my IP exposed, so I used the Tor Browser Bundle and used something similar to URLEX which expands short links typically found in SMS links. More often than not, the links are benign and trying to phish you, but now and then you find a malicious payload.

[0] https://urlex.org/

IMO much more likely they're mining, phishing, or advertising than sending out 0-days to random phone numbers. Unless you're a far more influential bloke than you're letting on.
For fucks sake. This page is unreadable. Stop hijacking that danged scrollwheel.
This website is visually beautiful. But I hate it. Just let me read.
I started reading this, and felt like I was having a stroke. No I wouldn't click on citizen lab again.