Em Adespoton

  • 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 4th, 2023

help-circle


  • I feel your pain. I have maintainer roles for a few projects where things could be slowed down by a week or more if I didn’t have direct commit access. And I do use that access to make things run faster and smoother, and am able to step in and just get something fixed up and committed while everyone else is asleep. But. For security critical code paths, I’ve come to realize that much like Debian, sometimes slow and secure IS better, even if it doesn’t feel like it in the moment (like when you’re trying to commit and deploy a critical security patch already being exploited in the wild, and NOBODY is around to do the review, or there’s something upstream that needs to be fixed before your job can go out).





  • It’s worth noting that a sizeable number of Tor exit nodes are actually run by the German government. Meaning: they know exactly what’s going through those nodes.

    So all they need to do to unmask a Tor source IP is control the first hop too. They’re in a position where they can narrow searches down to activity they’re actually interested in without significantly decreasing the privacy of other Tor users, and then they can peel back the onion.

    This has been the case since shortly after Tor was created.