Sarah Jamie Lewis
Sarah Jamie Lewis
Hi! I spent some time last night diving into some nes test roms for my fuzzer, and uncovered the following small issues. With these issues fixed games like Mega Man...
Today I had a conversation with someone regarding deniability and the way ricochet currently does client authentication in the protocol. They proposed we replace our current challenge-response protocol (https://github.com/ricochet-im/ricochet/blob/master/doc/protocol.md#authhiddenservice) with...
I'm currently building out some tools where I would like to use the feature negotiation part of the ricochet control channel. Currently this aspect is mostly undefined in the protocol,...
On the face of it, this one is kind of silly, but also points at a potential big underlying problem in the way the app is managing input. Through fuzzing...
We currently only check known IRC ports we don't do much in the way of confirmation. We should connect (and in the case of IRCS pull the X.509 certificate). We...
OnionScan has grown pretty large since it's inception, and now has many features and not the best UX. I'm going to use this issue to track some of the larger...
Overriding the `Hostname` header can often result in different content being sent from the server - usually relating to the default configured site - this can be used to test...
My personal choice here is to go with `vendor/` and explicitly force a dependency on go >= 1.6. We also need better documentation surrounding installing everything the first time. And...
The current build of OnionScan attempts to update each relationship it comes across....turns out this is *really not-performant* - You don't really notice it for small scans, but for scann...
This is caused by webui looking up the user relationships twice once for `} else if utils.IsOnion(rel.From) {` and once for `} else if rel.Type == "user-relationship" {` This can...