HackerTrans
トップ新着トレンドコメント過去質問紹介求人

RL_Quine

no profile record

コメント

RL_Quine
·4 年前·議論
Thanks for the response. I had misinterpreted the communication from Tailscale to be adversarial rather than just that it wasn't something that had engineering focus. It's good to hear that there will be some progress towards making the mobile app better.
RL_Quine
·4 年前·議論
Yes, it's usable with every tailscale client (except for iOS). You provide an argument to make headscale your controller, and then it works much the same as the hosted Tailscale service, with some only minor differences in configuration.
RL_Quine
·4 年前·議論
There's a kind of WIP control server implementation, it's not production ready in my opinion but it's definitely usable.

https://github.com/juanfont/headscale
RL_Quine
·4 年前·議論
Unfortunately despite claiming that they would, they've never allowed their iOS application to allow configuration of the control server (every other client they have released does). Maybe some more funding will allow them to focus on the client quality.
RL_Quine
·4 年前·議論
Which is the source of some dumb deanonymization exploits!
RL_Quine
·4 年前·議論
If they're not checking everything, any sort of non-general modification of traffic will obviously go completely unnoticed. The bad exit flag really is only ever going to catch the most obvious, ham fisted bad behaviour.
RL_Quine
·4 年前·議論
The behaviour of not always using the same exit means that you, over time, will almost assuredly use a malicious exit should more than zero exist. It's reckless to suggest that anybody should be using this system, your situation is almost always going to be worse than not.
RL_Quine
·5 年前·議論
I mean, of all things this is pretty tame, the car otherwise includes a web browser which contains parser for every single file type you can imagine.

https://github.com/FalconChristmas/fpp/blob/master/docs/FSEQ...

This is the format being used by the system, which is not new and appears to be part of a maintained open source project.
RL_Quine
·5 年前·議論
Some systems do have two parity bits but obviously there’s efficiency loss there.
RL_Quine
·6 年前·議論
No? It’s not x86. Compatibility is emulated.
RL_Quine
·6 年前·議論
Do you not consent to space existing? You have far more exposure to all sorts of interesting radio frequencies from space every day than you'll ever see from a small radio.
RL_Quine
·6 年前·議論
When your device is trying to find networks its seen previously, it for some reason broadcasts the ESSID, the human readable name of the networks it knows about. A lot of these are globally unique, as many routers come with a default name which is based on their MAC address.

You walk past my house, I see you have connected to direct-roku-845-7e16d8. Great! I can go do a reverse lookup of that (say, based on information collected by SkyHooks or WiGLE), and I now know that you've at least authenticated to a network in downtown SF one time.

With a good sampling of these (many pieces of software send the last 4+ networks), I can get an idea of where you live, where you work, and where you've traveled. From your device details I can tell what brand of device you have, from the times of day I see you I can work out what your patterns and behaviors are, from your bluetooth connections I can get an idea of what sort of devices you own. I can even match this with real time video and directional antennas to match this with a picture of your face.

This is all things that an individual can do right now with off the shelf software, not something you need to be a company or a government agency to pull off. This is absolutely receive only, and does not interact with anybodies devices in any way. It is not illegal and you can not detect that someone is doing this sort of attack. Your only defense against this is to have as bland and as generic of a wifi point name as possible.
RL_Quine
·6 年前·議論
There's still commercial products that will track your wifi/bluetooth MAC, and probably ISMI as well. You're not preventing this sort of thing with that sort of behavior and just making things awkward for yourself. If I can find the home addresses of people walking past my house using reverse lookups of ESSID probes, you can be damn sure that everybody else is doing it too.
RL_Quine
·6 年前·議論
Put it in context, is it ever acceptable to have all your activity publicly logged? Keybase isn’t forward secure, so so disclosure of your keys later leads to complete availability of your cleartext.
RL_Quine
·6 年前·議論
It doesn’t have any mode that’s not encrypted.
RL_Quine
·8 年前·議論
For the models I was looking at a number of years ago, the options were through IPMI or via a USB Floppy Drive. Perhaps my memory is failing me here, but I seem to remember being quite enraged at the prospect and would have done a lot not to have to pay the license fee on principle.
RL_Quine
·8 年前·議論
That's a crazy module, I had no idea anything of that scale existed for Bluetooth radios.
RL_Quine
·8 年前·議論
This comment is specific to the parent talking about their experiences producing credit card terminals that ended up with PCBs implanted in them. Here it is appropriate.
RL_Quine
·8 年前·議論
Get an x-ray machine? They are surprisingly cheap pieces of hardware if you are willing to deal with a small area, low penetration image. Low penetration means no lead, which makes for something that's about as cumbersome as a large bar fridge.
RL_Quine
·8 年前·議論
SuperMicro hardware in particular always struck me as such. Asking users to pay a license fee to be able to update the BIOS on their devices (after paying tens of thousands for the hardware itself) is a kick in the teeth.

https://www.virtuallifestyle.nl/wp-content/uploads/2016/08/S...

http://www.supermicro.com/products/nfo/SMS_SUM.cfm