It says it can’t be decrypted with passive means due to a proper ECDH key exchange, but if they are not doing any sort of verification that theor server sent or created the key, then it would be possible to do an active attack like MITM that manipulates the key exhcnage. What I mean is, your MITM proxy would substitute the real key with one that you have the keypair to and hand that to the target application. The target application then encrypts using the key you provide, your MITM proxy decrypts and reencrypts with the real key and all seems legit from both sides.

If there are server validation of some sort, signature checks or whatever, then it would require extra work like patching out or otherwise modifying those checks in the application, extracting the key from the application’s memory, or something like this.

I guess myvpoint is, if you’re motivated enough, you can make it happen.

Years ago i was looking for EV kits and found several people out there selling them. Idk what the current availability is, how much tech they have, or how open they are. The ones I saw were pretty low tech (lacking regen braking and such). Think accelerator pedal controls motor speed and a battery pack is about all they were. Again this was a while ago when I was looking (like 2010ish).

You could offer kits for older vehicles, but considering the cost of the kid and installation cost/effort, does it make sense to start with an older car that may have other issues coming soon?

So what’s the alternative? Start with a new car and throw out the ICE? Sure, but a bit wasteful and even more expensive than an older car or you could find an existing manufacturer (idk like Lotus) who will basically provide you the car without the ICE related components (aka a glider). ;)

I had some bad g.skill DDR4 last year. I assumed it was out of warranty. Thanks for the tip!

No reason it can’t be done on 120v (from a technical level). In fact, most solar inverters in the US could do this at a technical level as they basically do the same thing, just on a larger scale (higher current and therefore are wired in to electrical panels rather than through outlet as outlets have lower current limits). All you need is the inverter to synchronize its AC output to match grid. If you had a smaller inverter, you could just connect it to an outlet (ignoring building codes, insurance, and other non technical reasons). So the choice is then to have centralized larger inverters or smaller inverters per panel or 2. If you live in a very densely populated area where you can only pit a panel or 2 on a balcony or you don’t have control of your electrical panel, then the small inverter method makes sense.

I think you’re on to something, but sort of accidentally. A couple replies to you are saying it’s not possible, but I think they’re making an assumption that is not correct in many cases.

The replies is saying it’s not possible because the layers are flattened before passed to the compression, thus the uncensored/unredacted data is not part of the input to the compression and therefore cannot have any impact on its output. This is true assuming you are starting with an uncompressed image.

Here’s a scenario where the uncensored/unredacted parts of the image could influence the image: someone takes a photo of their ID, credit card, etc. It’s saved in a lossy compressed format (e.g. JPEG), specifically not a lossless format. They open it in an image editing tool to 100% black out some portion, then save it again (doesn’t actually matter the format). I feel lile someone is going to think I’m misunderstanding if I don’t explain the different output scenarios.

First is the trivial case: amultilayer output with the uncensored/unredacted data as its own layer. In this case, its trivial to get the uncensored/unredacted data as it is simply present and visible of you use a tool that can show the individual layers, but the general assumption is that this is not the case – that the output is a single layer image, in which we have 2 scenarios.

Second case: lossy compressed original, lossless censored. Consider that this censored/redacted image is flattened and saved as a lossless format such as PNG. Certainly there will be no compression artifacts of the uncensored/redacted data both because it is lossless (no artifacts added by PNG) and that it was flatted prior to being passed to PNG. However, the uncensored/unredacted artifacts remain in the uncensored/unredacted portions of the image. These were introduced by the compression that was applied prior to the censoring (e.g. the JPEG compression that contained the pre censored image). I suspect this is actually a common case.

Third case: lossy compressed original, lossy compressed censored: same as second case, except now you have additional artifacts, in particular you bow have artifacts from the censored portion, and the artifacts of the previous lossy compression are also adding additional artifacts. This is probably more difficult, but the point is that the original uncensored/unredacted artifacts are still present.

I agree unless the backend server is including it in the response/response headers for some reason, which wouldn’t make a tool like this work in the general case. I thought maybe there was a Cloudflare API that would inadvertently leak the origin IP in an error response in some special case or something of that nature, but I’d assume they would have patched that rather quickly. I’m very curious if this tool ever worked and if so, how.

If you had a single specific host you were trying to find the origin server for, you could basically scan their ASN and well known data center, particularly the big cloud provider, IPs by sending requests to them with the desired host header to try to find an entry point (load balancer, reverse proxy, web server), but I don’t think that’s practical, particularly with a free API that (presumably) responded in a reasonable amount of time. The underlying API used by the linked script is no longer available, so I don’t know if it worked or response times.

Furthermore, a well configured system should ignore requests not originating from Cloudflare’s IPs (or use a tunnel) to prevent bypassing Cloudflare, although I’ve seen plenty not do this. Cloudflare even publishes the subnets you should allow. Easy to integrate that in to a cron type job, terraform, or other way to keep rules updated even though they’ve very rarely changed.

They’re not actually bad. It’s just a joke that nearly everyone plays along with kind of like Americans using imperial measurements. Americans don’t actually use imperial. Sure, the products may list both measurements, but just for historical reasons. TV shows and movies use them as just another trope, which helps with keeping the illusion up. Anyway, I’m gonna go buy a pound of candy corns and eat the shit out of them.

I was curious as to how it’s done unfortunately that repo won’t answer. All it’s doing is calling a separate http api that returns the IP. I looked quickly and didn’t find a repo for that other API.