One thing I really miss in HN is having a tagging system to filter content better. Sometimes, the things I want to follow or ignore don't have any clear hints in their titles. Having tags would really help customize the content for each user.
https://lobste.rs/ has a tag system. I asked some months ago why HN doesn't. The answer was that it adds complexity and is hard to remove if not worth it. They want to protect HN's minimalism.
A vulnerability was observed on Incognet VPS (and potentially other providers such as kyun.host and buyvm), where photorec can recover files belonging to other customers. Thousands of unrelated images, databases, and executables were discovered. Incognet downplayed the issue. As a result, anyone could potentially extract other users’ sensitive data, indicating that VPS virtualization does not protect against this method of file recovery.
We responded to your original ticket in 20 minutes. Your ticket, titled, "fix your fucking vuln"
You submitted it: Posted on Sunday 16th February at 15:08
We responded: Posted on Sunday 16th February at 15:28
We never heard back.
Weeks later, you post on Twitter.
We respond to your ticket again, having not heard from you. We express a desire to review this in greater detail.
We provide two additional, lengthy, detailed responses of what we did and how you can replicate it to test.
In the end, on a fresh OS install on a fresh VPS, what we were able to "recover" was documentation and manpage files related to the OS. As mentioned, this was assumed to be from the OS images provided by Virtualizor. (Will run the same tests on the new stack we're testing since they use cleaner, more minimal OS images)
By your admission you reinstalled your OS from an active XMPP server. There is a reasonable assumption that the files you have recovered are simply the files your XMPP users have sent/received to one another. You can not access data from other users with this method. This is similar to reinstalling the OS on your laptop only to realize you forgot to backup the photos of your wedding, so you run a data recovery tool to see what you can get.
I even offered you another VPS for you to test, so that you could replicate my steps to see if the results were the same. You continue to not respond to the ticket and misrepresent the situation.
In any case, as announced weeks ago, we're in the process of updating and upgrading all of our VPS nodes. If there is something we can do beyond the industry standard practices to make things more private, we absolutely will.
DivestOS announces its final update. It and its apps (Hypatia, Carrion) will not receive any further updates. Non-mobile Divested projects (e.g., Brace, D-WRT, real-ucode, and DNS blocklists) will continue to be maintained. Forum threads will be closed, and the DivestOS XMPP chat rooms will also be turned off. Donations will no longer be accepted, and all recurring donations will be cancelled.
Unfortunately for Netscape, U.S. regulations prohibit the export of products incorporating strong cryptography. In order to distribute an international version of its browser overseas, Netscape had to weaken the encryption scheme to use keys of just 40 bits, leaving only a million million possible key values.
This comes up often, so just to reiterate. This law only ever affected American citizens. It's why products like PuTTy had warnings about not being allowed to use the product unless you were American, the developers were protecting their own asses. As a European (or Mexican, Australian, Japanese, etc) citizen you could obviously use the product without repercussions, the developer just had to make an effort to not make it accessible.
And, as mentioned by OP, these restrictions were greatly relaxed ages ago to only really affect DoD and US govt specific encryptions.
