1. 2
    • Add a free tier for educational institutions for AnonymityBot. To do so, I created a library that detects if an email domain belongs to an educational institution https://github.com/AnonymityBot/is-educational-email-domain.
    • Continue to read Nassim Taleb’s “Skin in the Game”. I’m half way through and till now it’s packed with insightful, realistic, contrarian (but hidden in plain sight) thoughts. If you like Naval, you would probably love Taleb - “Naval is Taleb for the masses”.
    • Setup a Raspberry PI 4 to farm Chia.
    1. 6

      Working on a more efficient backend architecture for AnonymityBot leveraging Cloudflare Workers.

      So far I had to write several open source libraries to do this:

      • cfw-jwt - Sign JWTs from Cloudflare Workers.
      • cfw-pubsub - Publish to a PubSub topic from Cloudflare Workers.
      • workers-kv - Access Cloudflare Workers KV from Node.js.

      I intend to also work on Slack and Firestore APIs for Cloudflare Workers (will open source it when its done :) )

      1. 3

        Working on an Anonymity bot for Slack - https://anonymitybot.com.

        Editing a video from a recent event we held for Israeli Indie Hackers.

        1. 1

          I did this course while studying at the Hebrew University. Couldn’t recommend it more - for beginners that’s the ultimate connector of dots.

          1. 3

            Working on Israel’s Indie Hackers Chapter - indietlv.com (pretty much basic right now) and a DNS over TLS library and client for Node.js:

            1. 2

              Working on a Node.js dns-over-tls library - https://github.com/sagi/node-dns-over-tls and a command line client that uses it.

              1. 1

                In StrangeLoop 2016, Dan Luu had an awesome talk about BitFunnel and search performance:

                Talk: https://www.youtube.com/watch?v=80LKF2qph6I

                Transcripts: http://bitfunnel.org/strangeloop/

                1. 3

                  Nice write-up, especially the fix analysis at the end.

                  How did you find the bug to begin with?

                  1. 3

                    I’m sorry for the late response. I only noticed your comment now.

                    Not much of a war lore. I simply searched for problematic copy_from_user() cases :)

                    1. 2

                      Thanks! Too bad I can’t edit.

                      1. 1

                        Ask a mod to change it - @kyle @Irene or @jcs

                        1. 3


                    1. 2

                      Julia Evans is awesome! Definitely one for the RSS feed.

                      1. 6

                        Sounds like they’re trying to burn as many exploits used in expensive surveillance suites as possible. Good for them for having the budget to host this :)

                        1. 4

                          Yup! I’m thrilled to see the exploit-chains that are submitted.

                          Their requirements are high:

                          1. attack vectors: email rendered by gmail app, SMS opened by messenger app.
                          2. remote code execution should elevate privileges to (at least) system security context.
                          3. exploit-chain should work on both nexus 6p and nexus 5x (an attempt to eliminate vendor-specific threats).

                          I recon that we’re about to see an exploit-chain that starts with the baseband-modem (i.e. messing with GSM / CDMA stuff).

                          Exciting times :)