> The way we have set things up is that we live and practice together on a bit over a hundred acres of land. In the mornings and evenings we chant and meditate together, and for about one week out of every month we run and participate in a meditation retreat. The rest of the time we work together on everything from caring for the land, maintaining the buildings, cooking, cleaning, planning, fundraising, and for the past few years developing software together.
> During one period, when the microcode and logic were glitching at the nanosecond level, one of the overworked engineers departed the company, leaving behind a note on his terminal as his letter of resignation: "I am going to a commune in Vermont and will deal with no unit of time shorter than a season."
EDIT: typos and slight wording changes
By no mean am I trying to hint towards some conspiracy, or to say that all cults are equally bad (or good); Just to say that sometimes the word cult simply means "a less popular way of life than the one most people around me live by".
Under this definition, for example, Catholic nuns are decidedly not a cult. They know what they are in for when the join, and may leave the convent any time they wish. Most Amish communities are _probably_ not cults. I am undecided about Mormons but leaning towards maybe.
I don't know what kind of cult you grew up in (and you have my empathy if it was painful) but "society" by definition cannot be a cult.
> Under this definition, for example, Catholic nuns are decidedly not a cult.
That might not be the case for all convents, and there are subsets of the church where the local community develops in a controlling manner that could be considered cult-like. Within any large organisation (and the Catholic Church can be thought of as a huge organisation) subsets can end up being cult-ish even if other parts, or the whole, do not.
If someone leave Scientology, they're shunned by the rest of their friends and family who are still in Scientology. Not the same for Catholocism.
https://en.wikipedia.org/wiki/Disconnection_(Scientology)
Also see these schemes:
>Under this program, Scientology operatives committed infiltration, wiretapping, and theft of documents in government offices, most notably those of the U.S. Internal Revenue Service.
https://en.wikipedia.org/wiki/Operation_Snow_White
>Operation Freakout, also known as Operation PC Freakout, was a Church of Scientology covert plan intended to have the U.S. author and journalist Paulette Cooper imprisoned or committed to a psychiatric hospital.
Not officially across the whole church, at least not these days, but it certainly happens in some small subsets of the Catholic community and has happened in larger subsets in the not-to-distant past. Any large enough religion tends to develop localised sub-cults.
Stepping away from the Catholics and considering other Christian groups, it definitely happens in small-town America. While there is often some extra factor (daring to be different in some other way), there isn't always, and when there is the extra factor is usually framed as being against the religion or its deit{y|ies}. Sometimes the extra factor itself results in ostracisation from the local church community, so people end up in the same position through a different ordering of the same steps and/or different levels of voluntaryness.
You may believe that society is broken in whatever way you chose but saying, "society is bad, and cults are bad, therefore society is a cult" is utterly broken logic.
While I cannot judge them outright, their article "Cyborgs Need a Trustworthy Religion" can appear cultist as they try to intertwine technology and religion.
> The four types of 'artificial intelligence' since the cognitive revolution 70,000 years ago
> How AI is conscious, suffering, and not separate from us
Feel like I should tip https://retreat.guru/be/quantum-retreats that they need a new category "AI retreats".
See also https://www.skepticspath.org/podcast/70-bitcoin-and-buddhism...
> One view of Bitcoin’s value aligns with the Buddhist view of emptiness.
(I wonder if they can do a package deal so we can get a crypto-AI-quantum retreat?)
Silicon Valley didn't take it far enough.
I think it's an indicator of just how weird the times we're currently living in really are, that this part actually makes perfect sense...
(whether or not it's a good idea or will lead to the results they envision is another question)
ChatGPT gives out surprisingly solid advice and feedback. It is a bad look that ChatGPT is more emotionally intelligent than her friends.
Shitty humans are forever.
Regardless, I have an extremely hard time imagining that LLMs as they stand are capable of delivering anything but the most shallow of support.
If I showed you the transcripts you too would be impressed! I can assure you of that.
The mix of tech and meditation would appeal to me. Maybe the idea does (actually doing it is probably hard!).
It seems like a "Buddhist Recurse"
Yes, it's true, actually doing it is hard, but to be honest not as hard as a lot of other stuff (getting a phd for example, or goodness gracious buying a house in San Francisco). I love getting up early. I love living out in nature. I love chanting and eating meals together and making a version of Buddhism for AI systems!
If you're interested in what it's like, we have written a bunch of very short few-paragraph stories about our time at MAPLE here: https://tales.monasticacademy.org/
httptap -- python -c "import requests; requests.get('https://monasticacademy.org')"
---> GET https://monasticacademy.org/
<--- 308 https://monasticacademy.org/ (15 bytes)
---> GET https://www.monasticacademy.org/
<--- 200 https://www.monasticacademy.org/ (5796 bytes)
especially if it doesn't require proxy configuration
It does require trusting a local CA, or apps away from the browser being configured not to validate CAs (or trust the new CA) if they don't push responsibility for that to the OS-level support.
I'm not sure it would be a good idea for the non-technical public: teaching them how to setup trust for a custom CA and that it is sometimes a good thing to do, would lead to a new exploit route/tool for phishers and other black-hats because many users are too naively trusting or too convenience focussed to be appropriately careful. How many times have we seen people install spyware because of claims that it will remove spyware? It could also be abused by malicious ISPs, or be forced on other ISPs by governments “thinking of the children”.
That is the kind of example that completely disproves your point. How many times do we have to fall into 'just lock everything down for safety' pit and end up with being forced to look at even more ads as a result before we learn?
The only way to be safe is to be informed, 'just works' doesn't exist. Don't trust anyone but yourself.
Unfortunately getting everyone into an informed state is a massive and so far unattainable task, and those not well-informed are not just a potential danger to themselves but to the rest of the network, so we need fail-safe protections in place and to not encourage people to disable them for the sake of convenience.
> Don't trust anyone but yourself.
But do encourage people to trust a CA they have no knowledge how to verify? That CA could also sign things that happen in the background so trusting is potentially trusting a huge portion of the Internet with no further stopping points for the user to verify trust. Your point seems to be internally contradictory.
But the problem with it is that you have to configure proxy in the app (they do got transparent and wireguard modes but there's still quite a bit of configuration).
https://blog.wireshark.org/2010/02/running-wireshark-as-you/
Also, can Wireshark/libpcap decrypt SSL/TLS traffic this easily?
I'm more interested in the HTTPS part. I see that it sets some common environment variables [1] to instruct the program to use the CA bundle in the temporary directory. This seems to pose a similar issue like all the variants of `http_proxy`: the program may simply choose to ignore the variable.
I see it also mounts an overlay fs for `/etc/resolv.conf` [2]. Does it help if httptap mounts `/etc/ca-certificates` directory with the temporary CA bundle?
[1] https://github.com/monasticacademy/httptap/blob/cb92ee3acfb2...
[2] https://github.com/monasticacademy/httptap/blob/cb92ee3acfb2...
It's true that httptap mounts an overlay on /etc/resolv.conf. This is, as you'd expect, due to the also-sort-of-frustrating situation with respect to DNS resolution in which, like CA roots, there isn't a truly reliable way to tell an arbitrary process what DNS server to use, but /etc/resolv.conf is a pretty good bet. As soon as you put a process into a network namespace you have to provide it with DNS resolution because it can no longer access localhost:53, which is the systemd resolver, which is the most common setup now on desktop linux systems.
I do think it might help to mount /etc/ca-certificates as an overlay. When I started looking into the structure of that directory I was kind of dismayed... it's incredibly inconsistent from one distro to the next. Still, it's doable. Interested in any knowledge you might be able to share about how to add a cert to that directory in a way that would be picked up by at least some TLS implementations.
That also doesn't require any elevated privileges (as opposed to other methods of syscall interception) and is likely much easier to do. It has the added benefit of being robust against applications either pinning certificates outright or just being particular about serial numbers, client certificates, and anything like that.
Why run strace when you can just patch libc?
As a proof by counterexample, imagine malware that uses TLS for communication and goes to great lengths to obfuscate its compiled code. It could be a program that bundles a fixed set of CA certificates into its binary and never open any files on the filesystem. It can still create valid, secure TLS connections (at least for ~10 years or so, until most root CA certificates expire). TLS is all userspace and there's no guarantee that it uses OpenSSL (or any other common library), so you can't rely on hooking into specific OpenSSL functions either. If the server uses a self-signed certificate and the client accepts it for whatever reason, it's worse.
With that said, it's definitely possible to handle 99% of the cases reliably with some work. That's better than nothing.
I'm building something called Subtrace [1] but it can intercept both incoming and outgoing requests automatically. Looks like we converged on the same interface for starting the program too lol [2]. Subtrace's purpose is kinda different from httptap's though (more observability / monitoring for cloud backend services, hence the emphasis on both incoming and outgoing). Also, it uses a different approach -- using Seccomp BPF to intercept the socket, connect, listen, accept, and ~10 other syscalls, all TCP connections get proxied through Subtrace. We then parse the HTTP requests out of the TCP stream and then show it to the user in the Chrome DevTools Network tab, which we repurposed to work in the browser like a regular webapp.
Any fun stories there from running programs under httptap? Who phones home the most?
Very cool project, would love to learn more and happy to chat more about it.
- eBPF requires root privileges or at least CAP_BPF. Subtrace uses seccomp_unotify [1], so it works even in unprivileged environments.
- eBPF requires using eBPF maps as the data channel + weird restrictions in the code because of the eBPF verifier. IMO these two things make it way harder to work with for the kind of networking logic that both httptap and Subtrace have in userspace. Everything is perfectly possible, just harder to reason about and debug.
>half-finished attempt of the same thing for the firefox network tab
Hahahah this is incredible. Something something great minds.
Just add the podman run option
--network=pasta:--pcap,myfile.pcap
Pasta then records the network traffic into a PCAP file that could later be analysed.
I wrote a simple example where I used tshark to analyse the recorded PCAP file https://github.com/eriksjolund/podman-networking-docs?tab=re...
I also thought about doing something like this for any program, but never really investigated how to do it. Nice to see someone out there created it :)
You need the kind of CA certificate trick that httptap uses. It comes with its own set of caveats (e.g. certificate pinning), but it can be made to work reliably in most practical scenarios.
I've spent an unjustifiable amount of time thinking about this specific problem building Subtrace [1], so I'm genuinely very interested in a simpler / more elegant approach.
The downside is this doesn't work with anything not using OpenSSL, there are projects like https://github.com/gojue/ecapture which have interceptors for many common libraries, but the downside is that needs different code for each library.
I think providing a TLS certificate is fine for the use cases of the tool; most tools won't be doing certificate pinning, but ecapture does support Android where this is more likely.
There are eBPF tools which will work, for example https://inspektor-gadget.io/docs/latest/gadgets/trace_ssl
However, even in the case of general developers, it isn't true. Companies do restrict exec abilities, but we don't. Many startups are the same, because developers are expected to also troubleshoot and debug production issues. If you don't allow shells in pods, you are really binding the hands of your devs.
To be clear, I am not disagreeing with you. You are correct in many cases. But there are a number of exceptions in my experience.
Anyway the more options we have, the better.
The GitHub profile points to https://www.monasticacademy.org/about which I have no particular opinion on but it did leave me wondering what the connection is between their monastic training retreat and their projects on GitHub.
Edit: Oh, I didn’t go to the bottom of the readme https://github.com/monasticacademy/httptap?tab=readme-ov-fil...
https://github.com/monasticacademy/httptap?tab=readme-ov-fil...
My MITMProxy flow, if anyone is interested: https://gist.github.com/chanux/e87bd91ea2d4a76cb0b872ff79699...
I have a suggestion regarding the "How It Works" section. When reading it, I initially thought you had implemented your TCP/IP stack from scratch. Later, I discovered through the comments that you're using gVisor. Perhaps you might consider mentioning this explicitly in the documentation?
As an interesting side note, gVisor's netstack is also used in the Tailscale client, enabling features like connecting a machine to multiple tailnets without requiring special privileges.
It would be very interesting to get something that can actually hook into the most common ssl libraries and/or decryption functions, and tries to dump things on the fly. Sure it'll still be blocked if there's tampering detection, but at least it could give some real transparent insight on calls done by some apps at times.
That's not true for local capture mode: https://mitmproxy.org/posts/local-capture/linux/. :)
Fun reading about the authors too.
Thank you for sharing !
Questions:
- What's the performance impact?
- Does it allow payload/headers inspection?
Haven't measured performance at all. However when I decided on the approach I looked at the performance benchmarks from tun2socks, which uses the same gVisor code that httptap uses, and it seems that pretty great performance is possible with that code. Still need to do the work of actually achieving comparable performance.
Payloads and headers can be dumped with --body and --header respectively. There is an example in the readme of doing this (just search for --body) and I'll work more on documenting this in the coming days.
[1] https://github.com/frida/frida/wiki/Comparison-of-function-h...
How does that work with the AWS certs? How does the program not reject whatever this tool is doing to pull it off?
https://github.com/monasticacademy/httptap/commit/4288a89504...
2. How it works is explained in the last two paragraphs of the "How It Works" section of the readme:
> When a client makes an HTTPS request, it asks the server for evidence that it is who it says it is. If the server has a certificate signed by a certificate authority, it can use that certificate to prove that it is who it says it is. The client will only accept such a certificate if it trusts the certificate authority that signed the certificate. Operating systems, web browsers, and many other pieces of software come with a list of a few hundred certificate authorities that they trust. Many of these pieces of software have ways for users to add additional certificate authorities to this list. We make use of this.
> When httptap starts, it creates a certificate authority (actually a private key plus a corresponding x509 certificate), writes it to a file on the filesystem visible only to the subprocess, and sets a few environment variables -- again only visible to the subprocess being run -- that add this certificate authority to the list of trusted certificate authorities. Since the subprocess trusts this certificate authority, and httptap holds the private key for the certificate authority, it can prove to the subprocess that it is the server which which the subprocess was trying to communicate. In this way we can read the plaintext HTTP requests.
I know I'd have to run firefox with --no-remote.
Very cool idea though, love tools with this sort of UX. I look forward to a V1 release in the future.
I did try this with firefox but it doesn't work right now due to (I think) the user namespace messing with user IDs. I think I should be able to fix this, though. I will have to try it with other desktop apps soon too...
Correction: the readme claims it will work without requiring root, but it does need to manage network namespaces, which afaik may only be available to root users depending on system configuration.
> To run httptap you do not need to be the root user. ... It makes use of linux-specific system calls -- in particular network namespaces ...
2025 will now definately be the year of the Linux desktop :-)
You do need write access to /dev/net/tun. This is standard for all users for the distros that I've looked into, but it is ultimately a distro-specific thing.
FWIW there is also the excellent tun2socks (https://github.com/xjasonlyu/tun2socks), which was a significant inspiration for this project, and is specifically designed to forward traffic from a TUN device to a SOCKS proxy.