lol there are apparently Nix users that have their cache upstream configured as http:// because "the NARs are signed, what could go wrong" and "that way transparent proxies can work better".
Who wants to set up a MITM at next NixCon serving GHSA-h4vv-h3jq-v493 payloads? :>
Pierre Bourdon
npub18a…p5v5z
2024-09-09 21:53:47 UTC
Author Public Key
npub18ahux7c4r7aqhclxuy2778m63akafyle42y5n7k4n8m9hnre9n8qdp5v5zSeen on
wss://relay.momostr.pinkPublished at
2024-09-09 21:53:47 UTCEvent JSON
{
"id": "50fed9f790137b61608c95109be66cac3928c3d46e93286016a1f255830752ba",
"pubkey": "3f6fc37b151fba0be3e6e115ef1f7a8f6dd493f9aa8949fad599f65bcc792cce",
"created_at": 1725918827,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.delroth.net/@delroth/113109816257177168",
"web"
],
[
"proxy",
"https://mastodon.delroth.net/users/delroth/statuses/113109816257177168",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.delroth.net/users/delroth/statuses/113109816257177168",
"pink.momostr"
],
[
"-"
]
],
"content": "lol there are apparently Nix users that have their cache upstream configured as http:// because \"the NARs are signed, what could go wrong\" and \"that way transparent proxies can work better\".\n\nWho wants to set up a MITM at next NixCon serving GHSA-h4vv-h3jq-v493 payloads? :\u003e",
"sig": "9fae1bb469bfd9704186d041a9e3d7070bf6b355f53d61f511307084775ef2787aaf49b8f2e3a864eae4229fb26fcbd629fcef84403c805684658ee9379bc8bb"
}