HackerLangs
TopNewTrendsCommentsPastAskShowJobs

tryauuum

959 karmajoined il y a 8 ans

Submissions

[untitled]

1 points·by tryauuum·il y a 5 mois·0 comments

Tell HN: It's impossible to delete my GitHub account

4 points·by tryauuum·il y a 9 mois·2 comments

Review: Joan of Arc

astralcodexten.com
2 points·by tryauuum·il y a 9 mois·0 comments

Tell HN: Do not register .sh domains

5 points·by tryauuum·il y a 10 mois·4 comments

comments

tryauuum
·il y a 16 heures·discuss
come on guys, stop upvoting me and answer the question please
tryauuum
·hier·discuss
whoa, didn't expect a wall of text

When I said about "no mitigations except for the kernel updates" I meant exactly that. Some sysctl config to flip, some kernel module to unload. Apparently such thing doesn't exist in this one
tryauuum
·hier·discuss
Today they already analyze the SSL handshake and traffic patterns in Russia. And if your valid https traffic crosses the border but doesn't behave like https (I don't know how they do it. Frequency of TCP packets and their size and the delay between?) your IP-address will be blocked

I want to stress that I'm speaking from experience. I personally installed a telegram proxy project which aimed to mirror the pattern of traffic and fool the censors
tryauuum
·hier·discuss
> new technology that is designed to balance interests on all sides and actually enforce the guarantees IN CODE AND PROTOCOLS.

They will just call your code illegal in law. And if you will run it anyway, use deep packet inspection to drop your protocol packets, like they do in Russia
tryauuum
·hier·discuss
That's cool and all but looks like we are running out of good countries

And if they all have censorship, they are not failing (when comparing them to each other)
tryauuum
·hier·discuss
It's hard to compare US and EU internet freedom because a person usually spends most of their life in one place and is clueless about the life in other.

I've never lived in US, were there any cases of ISPs blocking websites in USA? Even DNS-level blocking counts
tryauuum
·il y a 3 jours·discuss
it's all so tiresome

so no mitigation except for kernel updates?
tryauuum
·il y a 4 jours·discuss
how dangerous is the vulnerability in practice? How hard is to actually achieve the KVM escape?
tryauuum
·il y a 4 jours·discuss
Not all device files, only /dev/kvm. I assume the logic was "with /dev/kvm access the user can ...allocate memory and execute code, which they already can, so why not allow it?". Could also make rootless isolation easier
tryauuum
·il y a 9 jours·discuss
"lock-in factor"?
tryauuum
·il y a 10 jours·discuss
> don't, like, invade their country

I did not invade any country

At least this app just displays the flags and not prints such accusations
tryauuum
·il y a 11 jours·discuss
this touches two pieces of my knowledge:

    - microsoft is evil, I cannot delete my github account, will never use anything by this company
    - if the attacker knows your *public* key they can enumerate the list of the servers you have access to https://github.com/benjojo/ssh-key-confirmer
tryauuum
·il y a 11 jours·discuss
wonder if anyone tried X over infiniband, latency would be so great
tryauuum
·il y a 12 jours·discuss
The ad companies I think would want the opposite

If they cannot distinguish real people from bots they can just charge more for more ads shown !
tryauuum
·il y a 12 jours·discuss
I would tell them to not give their children internet access at all until they think they are ready. Does it sound realistic? I don't know. From technical point of view certainly realistic, a child doesn't have money / devices of his own
tryauuum
·il y a 15 jours·discuss
I don't fully get you. Do you mean untrusted regex or untrusted data it operates on?

And to be honest, even if the regex is trusted (came from a developer) and the data as well (something predictable and structured) we are still not protected from the developer using extremely stupid regex and breaking everything
tryauuum
·il y a 17 jours·discuss
That's a real issue, took cloudflare down once...
tryauuum
·il y a 23 jours·discuss
They are willing to break some cloudflare-fronted websites. That's already a reality in Russia.

The government (any government) hates its citizens and the freedoms it had to allow them
tryauuum
·il y a 23 jours·discuss
Are you taking from the experience that this is not blockeable in Russia?

EDIT: I might be confusing vless/xray/reality but seems like there are no problems to block it based on ip reputation + tls fingerprint + amount of connections https://habr.com/ru/articles/1044396/

Of course this would block some valid websites but when has government cared about that
tryauuum
·il y a 23 jours·discuss
Like in Russia

    - drop wireguard / OpenVPN packets crossing the country border
    - analyze https traffic to detect traffic patterns not matching https fully and block such connections