The ISP would only see “encrypted video call”-like traffic between you and the people who connect to Tor through your snowflake.

How/why would a VPN be useful for this ?

This lets people use your computer as an entry point into the Tor network and camouflage the traffic as a video call between you and them (if the regular, publicly known, entry nodes are blocked by their ISP or gouvernement). The snowflake extension will then forward people’s traffic through the Tor network, and services they use will only see a tor exit node’s IP, not yours. As long as you trust Tor to be secure and anonymous (I personally have very high trust in its guarantees), you don’t have to worry about legal consequences or being blocked by services.

I used to run a few (public) tor relays (entry or middle nodes, not exit ones), including one from my home network and IP. Never had any issue except for one service which blocked everything that had anything to do with Tor. I reached out for their admin, who claimed Tor users can show up with any node’s IP (which they definetly can’t, only exit nodes will forward traffic to the regular internet)

I don’t know about other homeserver implementations but synapse kinda sucks. It used to randomly eat 100% of 1 or 2 CPU cores (including the database) until I tracked it down to 3 rooms having a messed up state which caused costly SQL queries. I removed the rooms from my server (using a third party admin panel because there’s no proper admin GUI built in, the documentation just mentions curl commands to hit the admin API, with placeholders to manually replace). It has been fine since I did it, but I’m the only user on my server. And I expect other issues to come up at any time…

It also eats a lot of storage, mostly the database. It grew very large quickly, but it’s more stable now

I found out about it while making a Jekyll plugin, the speed improvement is really noticeable

ImageMagick does the job but can be slow. libvips is à faster alternative

What I mean by “lower level” is that it has less abstractions built in

Systemd abstracts so much stuff away that it does not feel like learning Linux “from scratch” :/

(I like having it in my daily driver, but it’s sad LFS had to drop support for a “lower level” init system)

This thread was a fun read. The part where the author tries covering up their BS with force pushes is so messed up…

Looks interesting, but after reading through the readme, I still clueless about the gameplay. Why does it need a container ? Is this some kind of security CTF with a story ?

This is neat. I’ve intercepted trafic from a few apps in the past, and whenever cert pinning was enabled it was a massive pain to deal with

Blocking or allowing domains should not mess up SSL. Is there anything else filtering or intercepting the trafic ?

I believe Signal has already fixed it, while meta said they won’t fix this in WhatsApp.

This side channel can be used to infer more than a rough timezone, specifically, an attacker could continuously monitor :

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance

I’ve tested this on myself and can confirm all of this can be done reliably

https://lemmy.pierre-couy.fr/comment/2733652

This is not high effort. Starting from an open source WhatsApp client library, reproducing the attacks described in the research paper is trivial. There are even a few public github repos implementing PoCs of this.

Whether the reward should be considered high or low is ultimately subjective. What is objectively verifiable, however, is that an attacker can continuously (and silently) monitor several aspects of a target’s environment, including:

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance.

This would have been a (if not the only) good point to make in the article considering the title. But I guess this would have taken space away from ads

The headline is vert clickbaity : it does not affect VPN users (the law forbids age-gated websites from promoting VPNs as a circumvention), and the whole article is just an ad for VPNs

Here is a link to the adjust.h GitHub in case you don’t feel like watching a video

Is this some kind of virt-manager but with a TUI ?

https://github.com/atuinsh/atuin is a great tool to manage and search your shell history. I especially enjoy it being able to search commands based on the working directory I was in when I ran them.

It also has more features (which I don’t use) to manage dotfiles and sync shell history across hosts/devices.