Stories with Tag Discord

• Revolt: Open-Source Alternative to Discord

  permalink

  Posted: 2025-03-06 08:47:32

  Verbose tl;dr

  Revolt is a free and open-source alternative to Discord, offering a similar feature set with a focus on user privacy and community control. It features text and voice channels, direct messaging, file sharing, rich text editing, and voice chat, all hosted on its own servers. Revolt aims to provide a transparent and extensible platform, allowing users to self-host or contribute to its development. Its client is available on desktop and web, with mobile apps planned for the future. The project prioritizes community involvement and customization, giving users more control over their communication experience.

  Revolt presents itself as a robust, open-source alternative to the popular communication platform, Discord, emphasizing user freedom and control. The project aims to provide a fully-featured chat experience comparable to Discord, but with the added benefits of transparency and community-driven development inherent in open-source software. Revolt boasts a comprehensive set of features, including direct messaging, server creation with customizable roles and permissions, voice and video calling capabilities, file sharing, and rich text formatting. Furthermore, the platform prioritizes user privacy and data security, offering end-to-end encryption options and self-hosting possibilities, empowering users to maintain complete control over their communication data. This self-hosting option allows individuals and communities to operate their own Revolt instances, independent of any centralized authority, further solidifying the principle of decentralization.

  The platform's open-source nature facilitates community contributions, allowing developers and users to contribute code, identify and fix bugs, and propose new features. This collaborative approach fosters a dynamic environment where the platform can continually evolve and adapt to the needs of its users. Revolt also champions customizability, offering a range of themes and plugins to personalize the user interface and extend functionality. This allows users to tailor the platform to their specific preferences and integrate with other services. The project aspires to create a viable and thriving alternative to proprietary communication platforms, providing a community-owned and controlled space for online interaction, collaboration, and community building, all while maintaining a high level of performance and feature parity with established alternatives. By prioritizing open access, community involvement, and user autonomy, Revolt seeks to establish a new paradigm for online communication that prioritizes freedom and control in the hands of the users.

  • Revolt
  • Discord
  • Alternative
  • open-source
  • Chat
  • Messaging
  • Communication
  • instant messaging
  • VoIP
  • group chat
  • Community
  • privacy
  • self-host
  • Federation
  • Matrix
  • XMPP
  • Decentralized

  Summary of Comments ( 264 )
  https://news.ycombinator.com/item?id=43277918

  Verbose tl;dr

  Hacker News users discussed Revolt's potential as a Discord alternative, praising its open-source nature and commitment to user privacy. Several commenters expressed interest in self-hosting, viewing it as a significant advantage. Some questioned Revolt's long-term viability and ability to compete with Discord's network effects and feature set, while others pointed to Matrix as a more established alternative. Concerns were also raised about moderation challenges and potential abuse on a decentralized platform. A few users shared their positive experiences using Revolt, highlighting its performance and clean interface, though acknowledging it's still under development. Overall, the comments reflect cautious optimism about Revolt, with many hoping it succeeds but recognizing the hurdles it faces.

  The Hacker News post titled "Revolt: Open-Source Alternative to Discord" sparked a discussion with a moderate number of comments, primarily focusing on Revolt's potential, its comparison to Discord and Matrix, and the challenges of building a successful open-source community platform.

  Several commenters expressed interest in Revolt as a viable alternative to Discord, praising its open-source nature and potential for greater user control and privacy. Some voiced frustration with Discord's perceived shift towards commercialization and centralization, seeing Revolt as a promising solution. However, many also acknowledged the significant network effect enjoyed by Discord, questioning whether Revolt could realistically compete with such an established player.

  A recurring theme in the discussion was the comparison between Revolt and Matrix. Some commenters argued that Matrix, with its decentralized architecture and existing user base, offered a more robust and mature alternative to Discord. They questioned the need for another similar platform, suggesting that efforts might be better spent contributing to the Matrix ecosystem. Others countered this by pointing to perceived usability issues with Matrix and its steeper learning curve, arguing that Revolt's simpler, more Discord-like interface could attract a wider audience.

  The challenges of building a thriving community were also discussed, with commenters emphasizing the importance of moderation, feature development, and user experience. Some expressed concerns about potential moderation difficulties and the risk of Revolt becoming a haven for undesirable communities if not managed carefully. Others highlighted the need for consistent development and a clear roadmap to build trust and attract users.

  Several technical aspects of Revolt were also touched upon, including its use of technologies like Rust and Postgres, with some commenters praising these choices while others raised questions about scalability and performance.

  Overall, the comments reflected a mixture of cautious optimism and pragmatic skepticism about Revolt's prospects. While acknowledging its potential and the appeal of an open-source alternative to Discord, many commenters recognized the significant hurdles faced by any new platform attempting to compete in this space. The discussion highlighted the importance of community building, user experience, and careful consideration of existing alternatives like Matrix.

• Discord client that works on Win95*, Win98 and above

  permalink

  Posted: 2025-02-03 11:49:49

  Verbose tl;dr

  DM is a lightweight, unofficial Discord client designed to run on older Windows operating systems like Windows 95, 98, ME, and newer versions. Built using the Delphi programming language, it leverages Discord's web API to provide basic chat functionality, including sending and receiving messages, joining and leaving servers, and displaying user lists. While not offering the full feature set of the official Discord client, DM prioritizes minimal resource usage and compatibility with older hardware.

  This GitHub repository, titled "Discord Messenger (dm)," houses a project dedicated to creating a Discord client compatible with older versions of Microsoft Windows, specifically targeting Windows 95, Windows 98, and subsequent releases. The project aims to provide users of these legacy operating systems with access to the Discord communication platform. While Discord's official client has evolved with modern operating system advancements, leaving behind compatibility with earlier Windows versions, this project seeks to bridge that gap. It attempts to recreate the core Discord experience within a framework that can function on the limited resources and older architecture of these systems. The technical details within the repository likely involve utilizing compatible libraries and potentially employing strategies to optimize performance on less powerful hardware. This allows users who maintain these older systems, whether due to preference, necessity, or specific technical constraints, to connect with communities and individuals on Discord. The project represents a significant undertaking, addressing the challenges of software compatibility and ensuring the functionality of a modern platform on aged operating systems.

  • Discord
  • Client
  • Windows
  • Win95
  • Win98
  • Retrocomputing
  • Vintage
  • Legacy
  • Operating System
  • Messaging
  • Chat
  • Community
  • Software
  • Application
  • Open Source
  • GitHub

  Summary of Comments ( 133 )
  https://news.ycombinator.com/item?id=42917268

  Verbose tl;dr

  Hacker News users discuss the Discord client for older Windows systems, primarily focusing on its novelty and technical ingenuity. Several express admiration for the developer's skill in making Discord, a complex modern application, function on such outdated operating systems. Some question the practical use cases, while others highlight the potential value for preserving access to communities on older hardware or for specific niche applications like retro gaming setups. There's also discussion around the technical challenges involved, including handling dependencies and the limitations of older APIs. Some users express concern about security implications, given the lack of updates for these older OSes. Finally, the unconventional choice of Pascal/Delphi for the project sparks some interest and debate about the suitability of the language.

  The Hacker News post about the Discord client for older Windows systems generated a moderate amount of discussion, with several commenters expressing interest and appreciation for the project.

  Many comments focused on the technical aspects. One user questioned the choice of using Electron for the client, arguing that a native application would offer better performance, particularly on resource-constrained older hardware. They suggested exploring alternatives like using a minimalist GUI framework or even a terminal-based interface for improved efficiency. This sparked a small back-and-forth with other users about the trade-offs between development ease (favoring Electron) and performance.

  Another commenter praised the project for its potential to bring modern communication tools to older systems, highlighting the value in keeping older hardware functional and accessible. They pointed out that many people might still have working older machines and could benefit from having access to Discord.

  Several users expressed curiosity about the project's compatibility with specific older operating systems and hardware configurations. One asked about support for Windows ME, while another inquired about performance on systems with limited RAM. The developer responded to some of these queries, clarifying supported operating systems and offering insights into performance considerations.

  A few commenters shared their personal experiences with older hardware and software. One recounted their fondness for Windows 98 and expressed interest in trying the Discord client on an old machine. Another mentioned using older systems for retro gaming and expressed appreciation for projects that breathe new life into vintage hardware.

  Some comments touched upon the security implications of using a modern application on older operating systems. One user raised concerns about the potential vulnerabilities of older systems and the risks associated with running software that might not be fully compatible with the security features of these platforms.

  Overall, the comments reflect a positive reception to the project, with many users expressing interest in its potential and appreciating the effort to bring modern software to older hardware. There's also a notable thread of technical discussion regarding the choice of Electron and its performance implications. Finally, some users touched upon the nostalgia and practical value of keeping older systems functional.

• 0-click deanonymization attack targeting Signal, Discord, other platforms

  permalink

  Posted: 2025-01-21 14:59:44

  Verbose tl;dr

  A security vulnerability, dubbed "0-click," allowed remote attackers to deanonymize users of various communication platforms, including Signal, Discord, and others, by simply sending them a message. Exploiting flaws in how these applications handled media files, specifically embedded video previews, the attacker could execute arbitrary code on the target's device without any interaction from the user. This code could then access sensitive information like the user's IP address, potentially revealing their identity. While the vulnerability affected the Electron framework underlying these apps, rather than the platforms themselves, the impact was significant as it bypassed typical security measures and allowed complete deanonymization with no user interaction. This vulnerability has since been patched.

  A newly disclosed vulnerability, dubbed the "0-click deanonymization attack," poses a significant threat to user privacy on several popular communication platforms, including Signal, Discord, and others employing WebRTC, a real-time communication technology. This attack exploits a subtle flaw in the way these platforms handle IP address leaks within WebRTC connections, allowing a malicious actor to uncover the IP address of a target user without any interaction from the target—hence the "0-click" designation.

  The exploit leverages Session Traversal Utilities for NAT (STUN) and Interactive Connectivity Establishment (ICE) servers, integral components of WebRTC's functionality. These servers facilitate the establishment of peer-to-peer connections by assisting clients in discovering their public IP addresses and traversing network address translation (NAT) gateways. Normally, these IP addresses are exchanged between communicating parties. However, the vulnerability arises from the fact that these platforms inadvertently expose IP addresses to STUN/ICE servers even before a connection is fully established, and crucially, even if the target user declines or ignores a call.

  The attacker initiates a WebRTC connection request to the target user. Even if the target doesn't accept the call, the target's client still interacts with the STUN/ICE servers, revealing its IP address in the process. The attacker, by controlling or monitoring the STUN/ICE server, can passively intercept this communication and capture the target's IP address. This allows for deanonymization, linking the target's online identity on the platform to their real-world location and potentially revealing their true identity.

  This vulnerability is particularly insidious because it requires no action from the target user. Merely receiving a connection request, even an ignored or rejected one, is sufficient for the attack to succeed. This bypasses traditional defenses against IP address leaks, such as disabling WebRTC entirely or using VPNs, as the leakage occurs before these protective measures can effectively intervene. While VPNs might mask the true IP address, the timing correlation between the call attempt and the observed IP address on the VPN server could still provide valuable information to a determined attacker.

  The technical details of the exploit involve manipulating the JavaScript execution within the target's browser to control the flow of WebRTC negotiation and observe the STUN/ICE server interactions. The author of the disclosure emphasizes the simplicity of the attack and its broad applicability to any platform utilizing WebRTC without adequate safeguards. The potential consequences of this vulnerability are serious, ranging from targeted harassment and doxing to large-scale surveillance and privacy breaches.

  • signal
  • Discord
  • deanonymization
  • privacy
  • Security
  • Vulnerability
  • attack
  • metadata
  • 0-click
  • Exploit
  • IP address
  • online privacy
  • communication platforms
  • messaging apps

  Summary of Comments ( 294 )
  https://news.ycombinator.com/item?id=42780816

  Verbose tl;dr

  Hacker News commenters discuss the practicality and impact of the described 0-click deanonymization attack. Several express skepticism about its real-world applicability, noting the attacker needs to be on the same local network, which significantly limits its usefulness compared to other attack vectors. Some highlight the importance of the disclosure despite these limitations, as it raises awareness of potential vulnerabilities. The discussion also touches on the technical details of the exploit, with some questioning the "0-click" designation given the requirement for the target to join a group call. Others point out the responsibility of Electron, the framework used by the affected apps, for not sandboxing UDP sockets effectively, and debate the trade-offs between security and performance. A few commenters discuss potential mitigations and the broader implications for user privacy in online communication platforms.

  The Hacker News post titled "0-click deanonymization attack targeting Signal, Discord, other platforms" generated a significant discussion with a variety of comments. Several commenters focused on the technical aspects of the exploit, highlighting how seemingly innocuous features like generating link previews could be manipulated to leak IP addresses. There's a strong consensus that the core issue stems from servers fetching content from user-supplied URLs without proper safeguards.

  Some commenters questioned the "0-click" nature of the attack, arguing that a user still needs to engage with a message containing a malicious link, even if they don't explicitly click it. Others pointed out that the practicality of the attack is limited by the need for the attacker to control a server capable of logging IP addresses connecting to it.

  The discussion also touched upon the responsibility of different platforms. Some commenters argued that platforms like Signal and Discord should have implemented better protections against this type of attack, while others emphasized that the underlying issue lies with the broader ecosystem of link previews and the lack of standardized security measures.

  A few commenters provided technical insights into potential mitigations, including the use of proxy servers for fetching previews and stricter validation of URLs. The feasibility and potential downsides of these solutions were also debated.

  Some users shared anecdotal evidence of similar attacks or vulnerabilities they've encountered in the past, reinforcing the concern about the potential for abuse of link preview functionality.

  Finally, there was some discussion about the ethical implications of researching and disclosing such vulnerabilities, with opinions varying on the responsible approach to handling such sensitive information. The overall sentiment seems to be one of concern about the potential privacy implications of this attack vector and the need for a broader industry response to address the underlying issues.