itnuts
VPN considered insecure
general practice for VPN, is to prioritize itself via defining more specific routing rules, which take priority over the default gateway. the attacker, however, can spin up another DHCP server, and use rule 121 to push some new routes to the client. Importantly, if the routes are more specific than the ones defined by the VPN, they will take over, and unencrypted traffic directed to the VPN interface will end up on the attacker’s machine.
the golden standard to avoid this vulnerability is using network namespaces: https://www.wireguard.com/netns/#the-new-namespace-solution
Categories of hype
Engineering is magic
Terry Pratchett, «Equal Rites»
Digging deeper into fish shell
I discovered that in fish, process substitution <() works via temporary files, and >() is not supported at all (maybe because it looks like fish?)
Relevant discussion since 2014, and still active now: https://github.com/fish-shell/fish-shell/issues/1786
On shells
RSS is not dead 2024
Bluesky has launched RSS feeds https://openrss.org/blog/bluesky-has-launched-rss-feeds
Python projects beyond Python packages
https://peps.python.org/pep-0735/
This PEP is still a draft, but has already matured a lot. When accepted, it will change the trend, allowing Python projects to declare dependencies without declaring themselves Python packages.
Discussion threads:
Moving microblogs to the Cave
This post was published outside https://vindex10.micro.blog .
A new microblog chamber in the cave is the new place for microposts! Old posts soon will appear there as well.
🎉 🎉 🎉
#itnuts
If you thought you were invincible, behold, git reset --hard in automation scripts will get you!
(luckily I had a plain text output of the git diff printed in my terminal)