1. 6

    Working on a more efficient backend architecture for AnonymityBot leveraging Cloudflare Workers.

    So far I had to write several open source libraries to do this:

    • cfw-jwt - Sign JWTs from Cloudflare Workers.
    • cfw-pubsub - Publish to a PubSub topic from Cloudflare Workers.
    • workers-kv - Access Cloudflare Workers KV from Node.js.

    I intend to also work on Slack and Firestore APIs for Cloudflare Workers (will open source it when its done :) )

    1. 3

      Working on an Anonymity bot for Slack - https://anonymitybot.com.

      Editing a video from a recent event we held for Israeli Indie Hackers.

      1. 1

        I did this course while studying at the Hebrew University. Couldn’t recommend it more - for beginners that’s the ultimate connector of dots.

        1. 3

          Working on Israel’s Indie Hackers Chapter - indietlv.com (pretty much basic right now) and a DNS over TLS library and client for Node.js:

          1. 2

            Working on a Node.js dns-over-tls library - https://github.com/sagi/node-dns-over-tls and a command line client that uses it.

            1. 1

              In StrangeLoop 2016, Dan Luu had an awesome talk about BitFunnel and search performance:

              Talk: https://www.youtube.com/watch?v=80LKF2qph6I

              Transcripts: http://bitfunnel.org/strangeloop/

              1. 3

                Nice write-up, especially the fix analysis at the end.

                How did you find the bug to begin with?

                1. 3

                  I’m sorry for the late response. I only noticed your comment now.

                  Not much of a war lore. I simply searched for problematic copy_from_user() cases :)

                  1. 2

                    Thanks! Too bad I can’t edit.

                    1. 1

                      Ask a mod to change it - @kyle @Irene or @jcs

                      1. 3

                        done

                  1. 2

                    Julia Evans is awesome! Definitely one for the RSS feed.

                    1. 6

                      Sounds like they’re trying to burn as many exploits used in expensive surveillance suites as possible. Good for them for having the budget to host this :)

                      1. 4

                        Yup! I’m thrilled to see the exploit-chains that are submitted.

                        Their requirements are high:

                        1. attack vectors: email rendered by gmail app, SMS opened by messenger app.
                        2. remote code execution should elevate privileges to (at least) system security context.
                        3. exploit-chain should work on both nexus 6p and nexus 5x (an attempt to eliminate vendor-specific threats).

                        I recon that we’re about to see an exploit-chain that starts with the baseband-modem (i.e. messing with GSM / CDMA stuff).

                        Exciting times :)