HackerTrans
TopNewTrendsCommentsPastAskShowJobs

RL_Quine

no profile record

comments

RL_Quine
·4 lata temu·discuss
Thanks for the response. I had misinterpreted the communication from Tailscale to be adversarial rather than just that it wasn't something that had engineering focus. It's good to hear that there will be some progress towards making the mobile app better.
RL_Quine
·4 lata temu·discuss
Yes, it's usable with every tailscale client (except for iOS). You provide an argument to make headscale your controller, and then it works much the same as the hosted Tailscale service, with some only minor differences in configuration.
RL_Quine
·4 lata temu·discuss
There's a kind of WIP control server implementation, it's not production ready in my opinion but it's definitely usable.

https://github.com/juanfont/headscale
RL_Quine
·4 lata temu·discuss
Unfortunately despite claiming that they would, they've never allowed their iOS application to allow configuration of the control server (every other client they have released does). Maybe some more funding will allow them to focus on the client quality.
RL_Quine
·4 lata temu·discuss
Which is the source of some dumb deanonymization exploits!
RL_Quine
·4 lata temu·discuss
If they're not checking everything, any sort of non-general modification of traffic will obviously go completely unnoticed. The bad exit flag really is only ever going to catch the most obvious, ham fisted bad behaviour.
RL_Quine
·4 lata temu·discuss
The behaviour of not always using the same exit means that you, over time, will almost assuredly use a malicious exit should more than zero exist. It's reckless to suggest that anybody should be using this system, your situation is almost always going to be worse than not.
RL_Quine
·5 lat temu·discuss
Some systems do have two parity bits but obviously there’s efficiency loss there.
RL_Quine
·6 lat temu·discuss
Do you not consent to space existing? You have far more exposure to all sorts of interesting radio frequencies from space every day than you'll ever see from a small radio.
RL_Quine
·8 lat temu·discuss
For the models I was looking at a number of years ago, the options were through IPMI or via a USB Floppy Drive. Perhaps my memory is failing me here, but I seem to remember being quite enraged at the prospect and would have done a lot not to have to pay the license fee on principle.
RL_Quine
·8 lat temu·discuss
That's a crazy module, I had no idea anything of that scale existed for Bluetooth radios.
RL_Quine
·8 lat temu·discuss
This comment is specific to the parent talking about their experiences producing credit card terminals that ended up with PCBs implanted in them. Here it is appropriate.
RL_Quine
·8 lat temu·discuss
Get an x-ray machine? They are surprisingly cheap pieces of hardware if you are willing to deal with a small area, low penetration image. Low penetration means no lead, which makes for something that's about as cumbersome as a large bar fridge.
RL_Quine
·8 lat temu·discuss
SuperMicro hardware in particular always struck me as such. Asking users to pay a license fee to be able to update the BIOS on their devices (after paying tens of thousands for the hardware itself) is a kick in the teeth.

https://www.virtuallifestyle.nl/wp-content/uploads/2016/08/S...

http://www.supermicro.com/products/nfo/SMS_SUM.cfm
RL_Quine
·8 lat temu·discuss
This sounds strange but it's commonplace to make parts like this. Some DCDC converter modules have silicon dies embedded into their PCBs to save physical footprint, most notably there's a family of Texas Instruments ones which use this technique.

https://www.electronicdesign.com/sites/electronicdesign.com/...
RL_Quine
·8 lat temu·discuss
It's not particularly magical, there's consumer chips around which are not a whole lot bigger (though obviously in a more standard package). You don't get a lot of resources, but you don't really need it if all the other frameworks are in place in other software. If this sort of thing is something you can buy on Mouser for a few cents, the espionage grade material is probably an order or magnitude more higher quality.

https://www.microchip.com/wwwproducts/en/ATtiny4

For scale, this alone is about the size of a large SMD capacitor and would basically be lost in most designs today.
RL_Quine
·8 lat temu·discuss
No. SuperMicro make some models which appear to be for government application which lack the ASIC completely, they were available on NewEgg with no further description of purpose at one point.

https://my.mixtape.moe/sorqql.jpeg
RL_Quine
·8 lat temu·discuss
In the parent I described a system which would be able to communicate through those restrictions to another compromised host (remember we're assuming everything is compromised for the sake of this article, which actually seems like a good assumption now).
RL_Quine
·8 lat temu·discuss
I've worked on systems deployed in the financial sector in high risk environments.

This sort of monitoring doesn't happen in the real world.
RL_Quine
·8 lat temu·discuss
Effectively nothing can be constrained by a whitelisting firewall if you have a sufficiently bored actor. You can smuggle data through a variety of benign looking protocols, things that wouldn't matter in the least generally. Your average server contacts hundreds of different public NTP servers, binary repositories, domain name servers every day. If the keys to the kingdom are a 32 byte ECDSA private key, you've lost if you think you can protect this from reaching the outside world.

A method that wouldn't show up on any firewall in the world is simply to delay or drop certain SYN packets. Even if you only intended to transmit a bit at a time through this, any unauthenticated host on the internet could use this without raising any suspicion or even printing log lines in most environments. As soon are you're making an assumption that you're trying to prevent what's inside from getting out things become substantially closer to impossible than anybody would like.