frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Unlocking Free WiFi on British Airways

https://www.saxrag.com/tech/reversing/2025/06/01/BAWiFi.html
92•vinhnx•13h ago

Comments

qwertytyyuu•2h ago
Hmmm can you hide vpn traffic this way?
avidiax•2h ago
A TOR dev gave a recent talk at DEFCON [1], and described this as one of the ways that attempts at nationwide blocks to the TOR network are implemented. I'm not sure that it's exactly the same as domain fronting, since that might involve a CDN, but the technique is very close.

[1] https://youtu.be/djM70O0SnsY

nonethewiser•2h ago
I wonder how generalizable this is to other airlines
rootsudo•2h ago
iodine is just easier in general, but since many airlines use the same vendor - probably the same.
niij•1h ago
> Something along the lines of arbitrary subdomains which represent the request payload, and a custom nameserver that returns responses via the TXT record or something. Anyway…).

This is iodine. https://github.com/yarrick/iodine

sammy2255•1h ago
That's really cool I never thought about having your own host and then faking the SNI.

I find it pathetic that vendors and ISPs are snooping SNI headers to block things, looking at you, UK.

Also, I wonder what will happen if those instant messaging apps move to Encrypted SNI (ECH), will they just not work, or is there fallback?

heavyset_go•1h ago
If you use Lyrebird not only can you obfuscate your traffic behind various transports, it does domain fronting by default. Don't have to jump through this many hoops.

Also, allegedly, MAC spoofing of already authenticated clients can bypass many of these paywall-gated hotspots :)

gorgoiler•55m ago
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-...

…in case anyone else needed a link.

heavyset_go•46m ago
Thanks. That README is a bit out of date from when the project just implemented a single transport, this is more accurate[1]. It's what's used in the latest Tor Browser.

[1] https://support.torproject.org/tbb/lyrebird/

fiatpandas•1h ago
Eventually airlines will just whitelist IP ranges for free messaging-only access.
SomaticPirate•1h ago
Wonder how long it is before it’s taken down. A previous post about a cruise was threatened with legal action
markasoftware•25m ago
I have a friend who did similar tunneling a while ago. It also works on cruise ships.

He discovered that on some airlines (I think American?), they use an advanced fortinet firewall that doesn't just look at the SNI -- it also checks that the certificate presented by the server has the correct hostname and is issued by a legit certificate authority.

My friend got around that restriction by making the tunnel give the aa.com SNI, and then forward a real server hello and certificate from aa.com (in fact I think he forwards the entire TLS 1.2 handshake to/from aa.com). But then as soon as the protocol typically would turn into encrypted application data, he ignores whatever he sent in the handshake and just uses it as an encrypted tunnel.

(The modern solution is just to use TLS 1.3, which encrypts the server certificate and hence prevents the firewall from inspecting the cert, reducing the problem back to just spoofing the SNI).

The Swift SDK for Android

https://www.swift.org/blog/nightly-swift-sdk-for-android/
401•gok•8h ago•156 comments

Unlocking Free WiFi on British Airways

https://www.saxrag.com/tech/reversing/2025/06/01/BAWiFi.html
92•vinhnx•13h ago•12 comments

People with blindness can read again after retinal implant

https://go.nature.com/48JVwrv
30•8bitsrule•3d ago•5 comments

Valetudo: Cloud replacement for vacuum robots enabling local-only operation

https://valetudo.cloud/
191•freetonik•4d ago•48 comments

What Is Intelligence?

https://mitpress.mit.edu/9780262049955/what-is-intelligence/
35•sva_•3h ago•25 comments

First shape found that can't pass through itself

https://www.quantamagazine.org/first-shape-found-that-cant-pass-through-itself-20251024/
285•fleahunter•14h ago•64 comments

Context engineering is sleeping on the humble hyperlink

https://mbleigh.dev/posts/context-engineering-with-links/
37•mbleigh•1d ago•8 comments

I invited strangers to message me through a receipt printer

https://aschmelyun.com/blog/i-invited-strangers-to-message-me-through-a-receipt-printer/
186•chrisdemarco•5d ago•69 comments

Harnessing America's Heat Pump Moment

https://www.heatpumped.org/p/harnessing-america-s-heat-pump-moment
106•ssuds•8h ago•232 comments

Deepagent: A powerful desktop AI assistant

https://deepagent.abacus.ai
13•o999•2h ago•1 comments

Advice for New Principal Tech ICs (I.e., Notes to Myself)

https://eugeneyan.com/writing/principal/
11•7d7n•2h ago•2 comments

How to make a Smith chart

https://www.johndcook.com/blog/2025/10/23/smith-chart/
112•tzury•11h ago•20 comments

Study: MRI contrast agent causes harmful metal buildup in some patients

https://www.ormanager.com/briefs/study-mri-contrast-agent-causes-harmful-metal-buildup-in-some-pa...
111•nikolay•7h ago•80 comments

Code Like a Surgeon

https://www.geoffreylitt.com/2025/10/24/code-like-a-surgeon
118•simonw•13h ago•70 comments

Public Montessori programs strengthen learning outcomes at lower costs: study

https://phys.org/news/2025-10-national-montessori-early-outcomes-sharply.html
265•strict9•2d ago•141 comments

Twake Drive – An open-source alternative to Google Drive

https://github.com/linagora/twake-drive
311•javatuts•18h ago•178 comments

Modern Perfect Hashing

https://blog.sesse.net/blog/tech/2025-10-23-21-23_modern_perfect_hashing.html
80•bariumbitmap•1d ago•9 comments

Why formalize mathematics – more than catching errors

https://rkirov.github.io/posts/why_lean/
165•birdculture•5d ago•61 comments

The fix wasn't easy, or C precedence bites

https://boston.conman.org/2025/10/20.1
5•ingve•2d ago•0 comments

Conductor (YC S24) Is Hiring a Founding Engineer in San Francisco

https://www.ycombinator.com/companies/conductor/jobs/MYjJzBV-founding-engineer
1•Charlieholtz•7h ago

Carmack on Operating Systems (1997)

https://rmitz.org/carmack.on.operating.systems.html
65•bigyabai•3h ago•39 comments

Mesh2Motion – Open-source web application to animate 3D models

https://mesh2motion.org/
186•Splizard•17h ago•34 comments

Underdetermined Weaving with Machines (2021) [video]

https://www.youtube.com/watch?v=on_sK8KoObo
8•akkartik•2h ago•3 comments

Why can't transformers learn multiplication?

https://arxiv.org/abs/2510.00184
126•PaulHoule•3d ago•69 comments

Debian Technical Committee overrides systemd change

https://lwn.net/Articles/1041316/
170•birdculture•18h ago•172 comments

New OSM file format: 30% smaller than PBF, 5x faster to import

https://community.openstreetmap.org/t/new-osm-file-format-30-smaller-than-pbf-5x-faster-to-import...
84•raybb•6h ago•8 comments

Typst 0.14

https://typst.app/blog/2025/typst-0.14/
549•optionalsquid•16h ago•146 comments

Interstellar Mission to a Black Hole

https://www.centauri-dreams.org/2025/10/23/interstellar-mission-to-a-black-hole/
131•JPLeRouzic•19h ago•95 comments

TextEdit and the relief of simple software

https://www.newyorker.com/culture/infinite-scroll/textedit-and-the-relief-of-simple-software
79•gaws•8h ago•84 comments

'Attention is all you need' coauthor says he's 'sick' of transformers

https://venturebeat.com/ai/sakana-ais-cto-says-hes-absolutely-sick-of-transformers-the-tech-that-...
361•achow•23h ago•184 comments