Oddbean new post about | logout
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +2 
 there is no nameserver.....
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag 
 it opens a port the same way as ngrok....
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 sigh...
ā–² ā–¼
VĪ”z | 3 months ago (raw) | root | parent | reply | flag +1 
 and we dont have password here!
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 and we're not paid by the pear people!
ā–² ā–¼
TheGuySwann | 3 months ago (raw) | root | parent | reply | flag 
 šŸ˜‚
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 šŸ˜‚
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 I am aware, that is why I am against both port forwarding and dynamic dns
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 it's a web server.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +1 
 The URLs , whoever control the relay domain / url , they control the web service.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 you don't understand how this works
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 There is a proxy in between, from your example: socks5h://relay.8333.space:8882

That transfers all the control to this proxy alone, they get to choose what and how they want to display šŸ‘€

If it is someone with malicious intent, they will do whatever they want.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 it's end to end encrypted, so no.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure

This command makes a request to relay.8333.space:8882 with a profile key; it is up to the server to decide if they actually want to serve the real content; they can just swap it out for something they run themselves (pretty much how pi-hole works by swapping DNS of ad agencies to trash), and the certs are self-signed.

You would never know if what you see is actually coming from your own host or has been altered.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +1 
 this is a demo. you can just as well download the cert and tell curl to use that to verify.
ā–² ā–¼
calle šŸ‘ļøāš”šŸ‘ļø | 3 months ago (raw) | root | parent | reply | flag +3 
 you'll be convinced once I demo an ssh session on nws
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag +2 
 how I do ssh:

https://github.com/bitfinexcom/hypertele
ā–² ā–¼
Nate | 3 months ago (raw) | root | parent | reply | flag +1 
 Holesail uses Hypertele but combines it into an importable npm package.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag +2 
 Actually no, it is inspired from hypertele but is a separate package with a lot more features.

To expose SSH just do: sudo holesail --live 22
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag +2 
 ha, posted at the same time lol
ā–² ā–¼
Xis10tial1 | 3 months ago (raw) | root | parent | reply | flag 
 you mean they create their own version of hypertele using DHTs, rather than hypertele directly?
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 Looking forward to it mate, no hard feelings I am just worried about the security issues with this system.
ā–² ā–¼
supersu | 3 months ago (raw) | root | parent | reply | flag 
 Even if it is a demo, it uses a relay which is a proxy. Proxies can change content, or the host itself