More

"Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]."

The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely

It does not mention anyone using ECH to bypass GFW

Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use

ranger_danger · 2025-08-30T17:21:29 1756574489

Yes, but SNI is not ECH.

allset_ · 2025-06-22T02:29:49 1750559389

> AFAIK the proprietary server can glean your IP, your phone number, who you talk to, and when you talk to them. This type of metadata is valuable information.

To the best of my knowledge, so can matrix.org or whatever servers you connect and federate to. This is required to route messages between users. What is your point?

allset_ · 2025-04-26T04:52:21 1745643141

OK now do a small hatchback.

allset_ · 2025-03-31T02:53:12 1743389592

allset_ · 2025-03-28T05:19:28 1743139168

And every tutorial you could find on how to use PHP with a database was a tutorial on how to add SQL injection to your site.

girvo · 2025-03-28T06:59:31 1743145171

That was the bigger problem, IMO, in that even once PDO existed and the MySQL extension was "fixed" to have prepared statements, so much of the documentation still did it wrong.

And yet similar classes of bugs still pops up today, even with what I would've assumed to be safe defaults? I'm guessing its non-standard databases or DB clients or something?

This case is more just a pure lack of sanitisation, but it's fascinating to see in 2025 still :)

allset_ · 2025-03-22T16:22:13 1742660533

The underlying library that does most of the work is MIT.

https://github.com/landlock-lsm/go-landlock

allset_ · 2025-03-08T03:54:01 1741406041

Which you should absolutely do when the company storing your seed phrase gets hacked.