You can take this approach in personal projects - with teams you need to decide on this and then on-board people into your use of the language. This does not work.
But they don't - either through lack of knowledge or just can't be bothered to enforce it because they don't want to upset their kid. If parents were doing this already, the government wouldn't have to step in.
OpenVPN looks like a regular tls stream - difficult to distinguish between that and a HTTPS connection. WireGuard looks like WireGuard. But you can wrap WireGuard in whatever headers you might want to obfuscate it and the perf will still be better.
It's trivial to make WireGuard look like a regular TLS stream. It's probably not worth a 15 year regression in security characteristics just to get that attribute; just write the proxy for it and be done with it. It was a 1 day project for us (we learned the hard way that a double digit percentage of our users simply couldn't speak UDP and had to fix that).
Doesn't the Chinese firewall perform sophisticated filtering? Fake TCP should not be difficult to catch. I recall reading how the firewall uses proxies to initiate connections just to see whats up.
>OpenVPN looks like a regular tls stream - difficult to distinguish between that and a HTTPS connection.
I thought openvpn had some weird wrapper on top of TLS that makes it easily detectable? Also to bypass state of the art firewalls (eg. China's gfw), it's not sufficient to be just "tls". Doing TLS-in-TLS produces telltale statistical signatures that are easily detectable, so even simpler protocols like http CONNECT proxy over TLS can be detected.
Raw OpenVPN is very easy to distinguish, its handshake signature is very different from the regular TLS.
OpenVPN is fine if you want to tunnel through a hotel network that blocks UDP, but it's useless if you want to defeat the Great China Firewall or similar blocks.
What is possible today is one thing. Sure people debate the details, but at this point it's pretty uncontroversial that AI tooling is beneficial in certain use cases.
Whether or not selling access to massive frontier models is a viable business model, or trillion-dollar valuations for AI companies can be justified... These questions are of a completely different scale, with near-term implications for the global economy.
The Just in that sentence is wholly unjustified. There are plenty of cli/tui/console/shell shortcuts that are incredibly useful, yet they are wholly undiscoverable and do not work cross-platform, e.g. shell motions between macOS and reasonable OSes.
All the movement commands I know work the same in the terminal on a default install of macOS as it does in the terminal on various Linux distros I use.
Ctrl+A to go to beginning of line
Ctrl+E to go to end of line
Esc, B to jump cursor one word backwards
Esc, F to jump cursor one word forward
Ctrl+W to delete backwards until beginning of word
And so on
Both in current versions of macOS where zsh is the default shell, and in older versions of macOS where bash was the default shell.
Am I misunderstanding what you are referring to by shell motions?
Yea, but ctrl + arrows to move cursor between ‘words’ don’t work, especially sad when SSH’ing in from linux. It works fine when using terminal on macOS - you just use command + arrows.
It's hugely more efficient, if you're on a battery powered device it could mean hours more of play time. It's pretty insane just how much better it is (I go through a bit of extra effort to make sure it's working for me, hw decoding isn't includes in some distros).
A charitable explanation for what CxOs do is that they figure out their strategic goals and then focus really hard on ways to herd cats en masse to achieve the goals in an efficient manner. Some people end up doing a great job, some do so accidentally, other just end up doing a job. Sometimes parroting some linkadink drivel is enough to keep the ship on course - usually because the winds are blowing in the right direction or the people at the oars are working well enough on their own.
under the doctrine that software "trust" is needed YOU are the attacker. It's entirely about stripping your control (thus ownership) from the hardware you paid for (see the safetynet shitshow).
There's a second use whereby I somehow bind my own OS hash to my own data encryption key, so nobody who changes the OS can read the data. The technical distinction between this and the previous: if it's designed for the device owner's protection, the device owner can reset the system.
Just like with HTTPS, you can enrol your own keys in the TPM module, or sign your binaries with a key thats already trusted by your system.
This is just establishing chain of trust, and does not prevent you from doing anything on your system.
True, this could be hypothetically extended to disallow booting third party binaries, but I would say that's just extrapolation for now and not reality.
Even with IPv6 you still might have stateful firewalls allowing only for outbound connection at both ends (e.g. a CPE a.k.a. “WiFi router”) and to establish communication you’d need to punch a hole in those firewalls.
IPv6 still allows proper NAT (prefix translation), but even then finding your global address wouldn’t need TURN, just STUN, actually not even that, just a service like “What’s My IP.”
It does allow it in the sense that it's possible, and even useful in some scenarios, but then you're on a weird experimental network and not a normal one.
That's how it works in ipv6. If your network doesn't give you an address, it's broken. We do not assume unfiltered since we are talking about hole punching.
I thought TURN was for symmetrical PAT, not for proper NAT (which just needs STUN for address determination) or full/restricted cone PATs (which need STUN for address and port determination, and then, in case of restricted cone, performs a hole punch).
Standard-conforming IPv6 at most allows prefix translation (i.e., proper NAT, not PAT), which wouldn’t need it.
reply