[object Object]

Everyone in Eastern Europe has a dedicated dashcam. They aren’t expensive.

That was in fact one of the original propositions of communism.

Languages accepted by the user is like the second header in http. It’s in all your requests.

“Are you in Hamas?”

I’m guessing things might’ve changed since then, as this story is pretty old. I doubt it that they gotten newer versions of Cellebrite to screw them again.

Vulnerable software is different from malware.

Iirc there was also the part of the story where the exploit for Cellebrite’s thing was included in Signal, and Marlinspike said that data on any device scanning Signal with Cellebrite software would be poisoned.

Israeli company Cellebrite sells a device to extract data from locked phones, both Android and iPhones afaik. So indeed I’m guessing their government knows some stuff about the security of both platforms.

Fun fact: comments mentioning Cellebrite get immediately shadow-hidden on Reddit, or at least in some of the main subs.

For me it reminds more of some rather spartan apps that are economic with their interface — namely RedReader for Reddit. No fluff in the UI. Which is why I like both these apps, however Voyager would be better if it was implemented natively instead of in React or whatever it uses.

There’s a problem that it seems to use a lot of memory, because it’s a web browser in disguise. As a consequence, any time another app needs memory, Voyager is killed by Android and starts again from the main page, forgetting what I was doing. Oftentimes it’s enough to switch to the actual browser and back again for Voyager to restart, which is ironic for a link-aggregator app.

Its animations are janky for the same reason, and get in the way of some functionality like collapsing comments.

Voyager’s UI is great, mainly because it’s not flashy, but a native app with that UI would be a lot better. RedReader for Reddit is much smoother to use.

My motivation to use Ansible is fueled by disdain for manual non-scriptable configuration. I’ve had to use Windows for a couple years lately, and the absence of programmatic access to many things annoyed me to no end.

Now, I get up in the morning and look to the east. I salute the sun and thank the fate for the chance to do proper configuration again. I don’t wade through dialogs for hours anymore. I don’t lose track of things that I’ve changed somewhere sometime. I’ll learn what the hell the difference between dconf and gsettings is, just to use one of them for all my desktop settings forever. I will have this config for years to come, and I will put more things in it bit by bit.

Now, if Ansible’s config language wasn’t a naive reinvention of Lisp, that would be great.

After all, the other Adolf is the one who sucked.

This here is the implementation of sha256 in the slow language JavaScript:

const msgUint8 = new TextEncoder().encode(message);
const hashBuffer = await window.crypto.subtle.digest("SHA-256", msgUint8);
const hashHex = new Uint8Array(hashBuffer).toHex();

You imagined that JS had to have that done from scratch, with sticks and mud? Every OS has cryptographic facilities, and every major browser supplies an API to that.

As for using it to filter out bots, Anubis does in fact get it a bit wrong. You have to incur this cost at every webpage hit, not once a week. So you can’t just put Anubis in front of the site, you need to have the JS on every page, and if the challenge is not solved until the next hit, then you pop up the full page saying ‘nuh-uh’, and probably make the browser do a harder challenge and also check a bunch of heuristics like go-away does.

It’s still debatable whether it will stop bots who would just have to crank sha256 24/7 in between page downloads, but it does add cost that bot owners have to eat.

The deterrent might work temporarily until the challenge pattern is recognised, but there’s no actual protection here, just obscurity.

Anubis uses a proof-of-work challenge to ensure that clients are using a modern browser and are able to calculate SHA-256 checksums. Anubis has a customizable difficulty for this proof-of-work challenge, but defaults to 5 leading zeroes.

Please tell me how you’re gonna un-obscure a proof-of-work challenge requiring calculation of hashes.

And since the challenge is adjustable, you can make it take as long as you want.