overview for cypherpunks

Novel attack against virtually all VPN apps neuters their entire purpose in c/security@lemmy.ml

[–] cypherpunks@lemmy.ml 2 points 9 months ago (1 children)

The vast majority of LANs do not do anything to prevent rogue DHCP servers.

Just to be clear, a "DHCP server" is a piece of software which can run anywhere (including a phone). Eg, if your friend's phone has some malware and you let them use the wifi at your house, someone could be automatically doing this attack against your laptop while they're there.

Novel attack against virtually all VPN apps neuters their entire purpose in c/security@lemmy.ml

[–] cypherpunks@lemmy.ml 0 points 9 months ago (3 children)

VPNs have several purposes but the big two are hiding your traffic from attackers on the local area network and concealing your location from sites that you visit.

If you're using a VPN on wifi at a cafe and anyone else at the cafe can run a rogue DHCP server (eg, with an app on their phone) and route all of your traffic through them instead of through the VPN, I think most VPN users would say the purpose of the VPN has been defeated.

Randomness on Apple Platforms: "I’m sure the people working on this know what they’re doing, so it’s probably all very reasonable" in c/programmerhumor@lemmy.ml

[–] cypherpunks@lemmy.ml 2 points 9 months ago

because i thought the situation described by the post was tragicomic (as was somewhat expressed by the line from it quoted in the post title)

bore, cli tool written in Rust - alternative to localtunnel and ngrok in c/opensource@lemmy.ml

[–] cypherpunks@lemmy.ml 1 points 9 months ago

You can use Wireshark to see the packets and their IP addresses.

https://www.wireshark.org/download.html

https://www.wireshark.org/docs/

A word of warning though: finding out about all the network traffic that modern software sends can be deleterious to mental health 😬

bore, cli tool written in Rust - alternative to localtunnel and ngrok in c/opensource@lemmy.ml

[–] cypherpunks@lemmy.ml 2 points 9 months ago* (last edited 9 months ago) (2 children)

I do have wireguard on my server as well, I guess it’s similar to what tailscale does?

Tailscale uses wireguard but adds a coordination server to manage peers and facilitate NAT traversal (directly when possible, and via a intermediary server when it isn't).

If your NAT gateway isn't rewriting source port numbers it is sometimes possible to make wireguard punch through NAT on its own if both peers configure endpoints for eachother and turn on keepalives.

Do you know if Yggdrasil does something similar and if we exchange data directly when playing over Yggdrasil virtual IPv6 network?

From this FAQ it sounds like yggdrasil does not attempt to do any kind of NAT traversal so two hosts can only be peers if at least one of them has an open port. I don't know much about yggdrasil but from this FAQ answer it sounds like it runs over TCP (so using TCP applications means two layers of TCP) which is not going to be conducive to a good gaming experience.

Samy Kamkar's amazing pwnat tool might be of interest to you.

bore, cli tool written in Rust - alternative to localtunnel and ngrok in c/opensource@lemmy.ml

[–] cypherpunks@lemmy.ml 2 points 9 months ago (4 children)

I have a device without public IP, AFAIK behind NAT, and a server. If I use bore to open a port through my server and host a game, and my friends connect to me via IP, will we have big ping (as in, do packets travel to the server first, then to me) or low ping (as in, do packets travel straight to me)?

No, you will have "big ping". bore (and everything on that page i linked) is strictly for tunneling which means all packets are going through the tunnel server.

Instead of tunneling, you can try various forms of hole punching for NAT traversal which, depending on the NAT implementation, will work sometimes to have a direct connection between users. You can use something like tailscale (and if you want to run your own server, headscale) which will try its best to punch a hole for a p2p connection and will only fall back to relaying through a server if absolutely necessary.

bore, cli tool written in Rust - alternative to localtunnel and ngrok in c/opensource@lemmy.ml

[–] cypherpunks@lemmy.ml 5 points 9 months ago (6 children)

See https://github.com/anderspitman/awesome-tunneling for a list of many similar things. A few of them automatically setup letsencrypt certs for unique subdomains so you can have end-to-end HTTPS.

A helpful graphic about writing alt text in c/memes@lemmy.ml

[–] cypherpunks@lemmy.ml 2 points 9 months ago

Color can provide useful context. For example, in the case of this image, imagine if in a thread about it there was some discussion of the ripeness of the yuzu fruit.

Selfhosted messenger/community software like discord in c/selfhosted@lemmy.world

[–] cypherpunks@lemmy.ml 7 points 9 months ago* (last edited 9 months ago)

Mattermost isn't e2ee, but if the server is run by someone competent and they're allowed to see everything anyway (eg it's all group chat, and they're in all the groups) then e2ee isn't as important as it would be otherwise as it is only protecting against the server being compromised (a scenario which, if you're using web-based solutions which do have e2ee, also leads to circumvention of it).

If you're OK with not having e2ee, I would recommend Zulip over Mattermost. Mattermost is nice too though.

edit: oops, i see you also want DMs... Mattermost and Zulip both have them, but without e2ee. 😢

I could write a book about problems with Matrix, but if you want something relatively easy and full featured with (optional, and non-forward-secret) e2ee then it is probably your best bet today.