More

saljam · 2025-09-29T14:13:33 1759155213

the arabic writing is also crazy, so i have no idea what author was going for.

saljam · 2025-09-29T14:11:31 1759155091

have you actually looked at the map?

there a whole inset panel for israel, and not a single mention of palestine.

FuriouslyAdrift · 2025-09-29T14:52:16 1759157536

Because it's from before the Six-Day War.

saljam · 2025-09-22T22:14:55 1758579295

i used to slip mine in a manilla envelope whenever i needed to take it home from the office and i hadn't brought my backpack with me. our stationary cupboard was well stocked with these!

saljam · 2025-03-13T11:03:56 1741863836

i'm the author. i keep a close eye on it for any security issues but i'm not adding any new features, hence the lack of commits.

i also obviously maintain the instance on https://webwormhole.io/.

latexr · 2025-03-13T14:45:30 1741877130

It wasn’t the lack of commits which made me think this was abandoned, but everything else (outdated instructions, issues and pull requests open with no reply, giant warning at the top of the README…).

https://news.ycombinator.com/item?id=43351944

johnisgood · 2025-03-13T15:32:18 1741879938

Yeah, the installation instructions should probably be updated at the very least, and perhaps that warning should be adjusted as well.

makeworld · 2025-03-13T12:13:14 1741867994

Thanks for maintaining it! You might want to update the CLI instructions to use "go install" as the current command doesn't work.

remram · 2025-03-14T21:52:44 1741989164

Yours is the only tool I found that supports both web + command-line use. But it seems very dead.

At the very least you should update those instructions if you want people to think otherwise.

johnisgood · 2025-03-13T14:29:47 1741876187

That is what I thought. Thank you for clarifying.

saljam · 2025-02-21T21:11:23 1740172283

i mainly use apple devices, but never put anything on icloud before adp came out.

saljam · on Jan 17, 2025

> You can mitigate this by including PCRs that sign the kernel and initrd

nope! the trick the article is describing works even if the kernel and initrd is measured. it uses the same kernel, initrd, and command line.

the reason this trick works is that initrds usually fall back to password unlock if the key from the tpm doesn't work. so the hack replaces the encrypted volume, not the kernel, with a compromised one. that is:

1. (temporarily) replace encrypted volume with our own, encrypted with a known password.

2. boot the device.

3. the automated tpm unlock fails, prompting for a password.

4. type in our password. now we're in, using the original kernel and initrd, but it's our special filesystem, not the one we're trying to decrypt.

5. ask the tpm again for the key. since we're still using the original kernel, initrd, and command line, we should now get the key to unlock the original encrypted volume.

the way to fix this is to somehow also measure encrypted volume itself. the article points to suggestions of deriving a value from the encryption key.

dist-epoch · on Jan 17, 2025

> 3. the automated tpm unlock fails, prompting for a password.

> 4. type in our password.

In a serious security conscious setup this should be a big red flag to investigate. Any unexpected boot password prompt.

saljam · on Jan 17, 2025

yes of course - but in this case the "unexpected" prompt is presented to the attacker, not the user.

saljam · on Jan 3, 2021

some years ago i played around with something similar: https://sa.lj.am/sun/

source is linked at the bottom. much of it was written in elm and i no longer understand how any of it works.

saljam · on April 30, 2020

I developed it mainly on Firefox on macOS. I'd love to figure out why it didn't work for you. Do you get anything on about:webrtc while trying to connect?

bscphil · on April 30, 2020

Thanks for the reply. I did the following for you:

1. Opened about:webrtc, clicked "start debugging".

2. Opened a WebWormhole on one tab.

3. Copy / pasted the code into WebWormhole on another tab. Got something like "invalid key".

4. Try again steps two and three. Got endless "connecting" message this time.

5. Stop debugging. No log file /tmp/WebRTC.log was created, so I clicked "save page". Used sed to replace my public IP address with x.x.x.x and uploaded here for you:

https://ipfs.io/ipfs/QmTM1ZSRk1xqfMd2FF23YzWxHpqjJ2B6kGFQqPd...

I hope this gives you enough information to fix the problem. I'd like to be able to use these tools too. I suppose it could be addon related, but another user confirmed the problem for Firefox / Linux. It would be useful to be able to detect various problems and report them to the user instead of hanging on "connecting".

saljam · on April 30, 2020

The command line version shouldn't have any trouble with large files. There's https://github.com/saljam/webwormhole/issues/4 to fix the web version. :)

andred14 · on April 30, 2020

ok will give it a try :)

saljam · on April 29, 2020

The QR code is generated client side.

jchook · on April 30, 2020

Why do I see a network transaction for it?

ascorbic · on April 30, 2020

Chrome shows "blob:" URLs as network transactions, but they're not.