[HN Gopher] Hysteria: a powerful, fast and censorship resistant ...
___________________________________________________________________
Hysteria: a powerful, fast and censorship resistant proxy
Author : keepamovin
Score : 73 points
Date : 2023-10-26 15:19 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| vinceguidry wrote:
| > Hysteria is a powerful, fast and censorship resistant proxy
|
| What a statement.
| baal80spam wrote:
| They add one more at the homepage:
|
| And probably the cutest, too.
| Twisol wrote:
| Heh, and that subtitle is a link to a page that says:
|
| > Meet Ayaha Hideri, the official anime mascot of Hysteria
|
| I'm sure this would grate on many people, but honestly, I'm
| here for it.
| lmkg wrote:
| A proxy for _what_? What type of communication or persuasion
| are you trying to accomplish?
|
| _clicks link_
|
| Ooooh, you made a software named "hysteria."
| nine_k wrote:
| A worthy entry among names like git, gimp, bash, subversion,
| duplicity, jail, kill and other everyday fare of smart,
| tongue-in-cheek names in software.
| an_aparallel wrote:
| cockos has joined the chat.
| nine_k wrote:
| Ah, yes, CockroachDB.
| devmor wrote:
| For real! Reading the title I assumed I was going to read about
| using social media outrage as a method for dissemination of
| counterintelligence information to the public.
| JohnMakin wrote:
| installation:
|
| bash <(curl -fsSL https://get.hy2.sh/)
|
| nah.
| not_your_vase wrote:
| I just started to write a reply along the lines of
| > at least it doesn't start with "sudo bash", which is a very
| minor step into the right direction
|
| But then I looked into the script, and changed my mind. I love
| blindly running Chinese shell scripts with sudo.
| sschueller wrote:
| Chinese or any other state doesn't mean it's bad. What is bad
| is piping stuff into bash even if the source 100 percent
| trusted.
| theossuary wrote:
| As apposed to downloading a binary, chmoding it, and
| running it as your user? I honestly don't see the
| difference unless you only want packages in auditable
| flatpaks or snaps.
| sschueller wrote:
| That is one of many methods of installing and this bash crap
| has been popular for a while so although I don't like it it
| doesn't mean the project is bad.
| greentea23 wrote:
| bash <(curl -fsSL https://raw.githubusercontent.com/apernet/hys
| teria/7135f04fa...)
|
| There I fixed it. If you go through github (trusted server url-
| integrity-wise) and use the commit hash, and you reviewed the
| code first, it's much safer to do this because it's
| deterministic/versioned.
| JohnMakin wrote:
| I'm kind of flabbergasted people are downvoting this. You
| shouldn't pipe anything from a random curl'd link into bash, no
| matter how much you trust it. And if you actually bother to
| inspect this script, there are a lot of reasons to raise
| eyebrows.
|
| Or, you can just keep doing this and I'll keep making money
| from security consulting...
| 0xdeadbeefbabe wrote:
| Is it safe to raise both eyebrows at once?
| chowells wrote:
| What's the security difference between running a compiled
| application from a site vs running curl|bash with a script
| hosted on the same site?
| fiddlerwoaroof wrote:
| Yeah, the curl|bash approach is approximately as safe as
| basically any other software installation method, if you
| trust the owner of the URL as much as you trust the
| maintainers of NPM, Pypi, etc.
| robertlagrant wrote:
| The maintainers of those are not checking packages. You
| have to inspect the source code to check what it's doing.
| Same as a script you curl.
| fiddlerwoaroof wrote:
| Package registry maintainers do often do some things that
| make it a bit safer than just using things from a random
| person online: e.g. preventing someone from deleting a
| popular package, which would enable various sorts of
| squatting attacks. But, you're generally right.
| JohnMakin wrote:
| you are at the mercy of whatever that link decides to
| resolve to, which makes it vulnerable to squatting, cache
| poisoning attacks, etc.
| itishappy wrote:
| Installation
|
| Like any proxy software, Hysteria consists of a server and a
| client. Our precompiled executables includes both modes on all
| platforms. You can download our latest releases using one of
| the following options:
|
| * Executable files
|
| * GitHub Releases
|
| * Deployment script for Linux servers
|
| * Arch Linux AUR
|
| * Docker images
|
| * Use 3rd-party apps
|
| * Build from source
| kelthan wrote:
| The README starts with "Powered by a custom QUIC protocol", which
| raises some concern. When looking at the protocol doc, I see
| "standard QUIC transport protocol RFC 9000 with Unreliable
| Datagram Extension [(RFC 9221 Draft Proposal])."
|
| Is that the extent of the "custom" QUIC protocol?
| PinkRidingHood wrote:
| This is made for people in China under censorship I think. I've
| used it personally in China and it's a welcome alternative to
| shadowsocks (it even uses a similar flow of a local socks5
| server) if you have an unblocked server you have access to (China
| fingerprints normal socks5 traffic).
|
| It's slightly better in terms of robustness (since its less used)
| but eventually the firewall realizes you're only connecting to
| one server so it blocks outgoing large amounts of traffic to any
| IP. I've found using shadowsocks on one IP, using hysteria on
| another, and using proxy.pac to intersperse the two works best.
|
| I'm surprised at all the negative comments here, its clear that
| the context of the project was not understood.
| tux3 wrote:
| Could this work as a pluggable transport for Tor in China?
|
| An advantage is you wouldn't be connecting to a single proxy,
| but a (small, configurable) number of bridges
___________________________________________________________________
(page generated 2023-10-26 23:01 UTC)