Is there any more news on the Jacob Appelbaum situation? It seems like he's disappeared off of the face of the Earth after the allegations. I find the fact that multiple witnesses have come out against the stories that were told on their behalf disturbing.
>Website comes out with a bunch of rape allegations >Appelbaum denounces the allegations >Appelbaum is effectively exiled from the free software community despite the lack of a trial >multiple witnesses come out saying that the allegations made in their name were false, or at best heavily misinterpreted >Even if all of the witnesses declare that Jake is innocent, his reputation is forever destroyed
>"if you boldly and righteously declare to people in a position of significant governmental power that they should leak sensitive internal intelligence information about immoral government activity that should be in the public realm, then are flabbergasted and elated to find that they do so; or if you are involved in any serious research which is inconvenient or dangerous to the security state; >or if you target any individual in the chain of political hierarchy and they get wind of what you’ve done; then >the great Eye of Sauron >feels entitled to, and does, make a point of of trying to know every single thing you do, say and think, 24 hours out of every day, 7 days a week.
This from the article above is also true, everyone knows the Assange thing is bullshit. Now that he's a cold corpse, it's time to admit that he just did "the boyfriend maneuver" and only faggots would object because they have no interest in normal things like pussy. Assange RIP, may have been a Zio tool but he will shine chrome, eternal, for his love of midnight snack. Fully allowed within the lines play.
>everyone knows the Assange thing is bullshit I searched the blockchain when that happened but found nothing. The only thing that still bothers me is the idea that the pre-commit hashes were for the "decrypted data", but that's known to be an inferior technique, as describe in both https://stribika.github.io/2015/01/04/secure-secure-shell.html (under "Message authentication codes") and https://lwn.net/Articles/681616/. I can't imagine Assange fucking up like that. It haunts me to this day.
>!!! Attention government sponsors of cyber warfare and those who profit from it !!!!
>How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
>>6278 xxx@vps:~/bla/tools$ unzip EQGRP-Auction-Files.zip Archive: EQGRP-Auction-Files.zip End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of EQGRP-Auction-Files.zip or EQGRP-Auction-Files.zip.zip, and cannot find EQGRP-Auction-Files.zip.ZIP, period.
I have a whole free week on my hands and i want to make most of it by installing a fresh new distro. Since i value /tech/'s opinion, tought i'd ask you guys.
Been using Linux Mint fot a year, but now i want a distro that is clean and not full of software i don't need (like Mint is). Can't decide between Debian or Arch, help me maybe? I kinda have a life, so if Arch is really that high maintenance, it's out of the picture.
>>7876 Sure, Linux has reasons to be larger while sticking to the same philosophy, but not to this extent. It's also much larger because it's so filled with features. Its size is also the result of its very different design philosophy. And I don't think that's a bad thing, but I do think that it invalidates arguments that are just "this one other part of the system doesn't follow the unix philosophy either, therefore it's shit".
Also Manjaro offers official OpenRC support and it's developed as a user-friendly distro while offering more or less the same power as archlinux. The core team clearly lacks an understanding in security, but it's the best we have that has the potential to grow as ubuntu/mint and "reach the masses"
>>7934 Google Hangouts https://hangouts.google.com/ >Hangouts bring conversations to life with photos, emoji, and even group video calls for free. Connect with friends across computers, Android, and Apple devices.
Oh great, let's take Jabber, and shove it into HTML! Federated systems are great from a technical standpoint, and nerds like me will always use them just fine. But if we want encryption to actually move out of the hands of the massives after only nerds having it for 50 years then it needs to be on fully distributed systems. Dealing with servers and configuration does not make any sense to normal people. I've tried to get my friends to use Jabber but when the "app" is called Jitsi and the sign up form is at "hot-chili.net" and add account menu says "XMPP" and I tell them to add me at firstname.lastname@example.org then they get confused and give up. The app, the protocol, the website are all just one amorphous thing to tech illiterate people. Which is to say, everyone who is not us. Something like Tox is way better.
>>218 No idea, I was big into mixtape trading back in the 90s. Had ads in magazines, met other traders irl and so on. Last year I was kinda blown away that some people still relase tapes with actual music instead of the experimental noise shit you find from time to time. So for me it's mostly a nostalgia thing now to listen to one once in a while, also I like to support the artist and get some physical item for it. So why not.
For most people i think it's just some weird vaporwave high af hipster thing though.
Endware is a suite of programs geared towards internet privacy, security, and anonymity.
Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.
Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.
Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.
Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.
iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.
spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.
alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.
mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.
>>827 Yeah sure. I'll start working on that next friday.
I also have a script that annotates proxies with the protocol but it's not much. I'll add the headers to it and release it next week.
>>826 I also just added --headers-on flag to endtube to turn on the hardcoded headers and overide the defaults. So this in principal returns the full functionality of the previous versions, but defaults to the defaults.
This is not a security product. It currently opperates in clearnet, but I'll advertize this here as well.
This is a live streaming application using mpv and youtube-dl but operates in the Clearnet (No Tor). This can be modified to do so if you think that streaming is fast enough behind tor, which I have found to be tedious and unuseable. You can use this on a media center computer connected to a large screen tv, or for personal desktop use. Currently it is only grabbing streams from youtube, However if you make some suggestions of other live streams that work with mpv and youtube-dl, I will add them in later releases.
I have added more channels. Some of these streams go dead after a day. But I'm sure some of these will stabalized over time. Go ahead and add your own streams from 121-140. If you know any other sources or good streams post below. Thanks.
I've made several changes to endstream.sh including requiring firejail. I've stablized the channel listing, and I'll update this maybe once a week to remove dead streams, but I'm not going channel hunting anymore. If there is something really good to add as a stream suggest it below. I've added streams from youtube, dailymotion and twitch.
There are about 175 channels hardcoded into it now. Bear in mind that using this in the open (Clearnet) will reveal your channel preferences to the surveillance agency. I only recomend using this on a segregated network on a media center computer setup, and only if you don't care if your streams or viewership is logged. It's a cheap media streaming multi-language cable package.
>>827, >>828 I'll work on that next Friday/Saturday, but I have midterms and assignments due over the next two weeks or so, so it might take longer to get to. Place Comments, Suggestions, Bug Reports, New Product Ideas below. Thanks.
If you are an American, you can thank these two senators (John Mccain and Fritz Hollings) for censoring a large portion of the internet and preventing people from gaining knowledge and learning.
>"Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy that includes technology protection measures. The protection measures must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors). Before adopting this Internet safety policy, schools and libraries must provide reasonable notice and hold at least one public hearing or meeting to address the proposal."
It is because of them that filtering software such as IBoss exists and why schools have google integrated within their computers to force students to use their services and to use a filtered search.
>>8071 I'm not for censorship but i get what he's saying, school networks are for school and not for playing games, watching porn etc. And the reason why they force students to use Chrome is likely that the lazy admin isn't foolish enough to require users to use IE, and makes use of Windows GPO to set up stuff like proxies and custom certificates (Chrome uses Windows' settings, Firefox doesn't trust Windows and has its own way of configuring this).
>>8056 Who cares if the geniuses are multitasking and playing games while you give an inefficient slow lecture, or hand out pointless crossword puzzels as busy work which everyone will cheat on. If the sumb-fucks are not gonna study when it matters, simply hold them back and flunk them until they shape up or drop out.
Back when I was in high school 4chan was blocked for CP. I thought it was pretty funny. iBoss can be bypassed if you manage to get into the default iboss account on the school system; in mine, I just searched it up on the active directory and guessed the password. Administrators almost had me arrested lmao
Either way, fuckit. It only applies to school kids and even then only 8 hours of the day. For computer dorks it provides a fun game of trying to break it. As long as they don't extend it out to the "real world" and make a filter for all ISPs, I don't exactly give a shit
>>8077 >school networks are for school School is for indoctrination. Free yourself. >>8080 is right in that it ought to be their choice whether they misuse resources and fail because of it, but let them choose.
I'm trying to do something but I don't know the right tool for it.
I want to get the page number from lsw and store it in a file. In this case number 96
This is an example output.
0x180000a the.pdf - 96/181 (96 dpi)
I'm thinking of grep and regex but I've never properly used grep and seems like something too big for such a simple task.
Does anybody know what happened to serax? I was using to as my default searcher (even though it is slower than most) but it seems to be down. I'm not sure what to use in the meantime, what do you use? Unrelated image.
>CyberX has confirmed at least 70 victims successfully targeted by the operation in a range of sectors including critical infrastructure, media, and scientific research. The operation seeks to capture a range of sensitive information from its targets including audio recordings of conversations, screen shots, documents and passwords. Unlike video recordings, which are often blocked by users simply placing tape over the camera lens, it is virtually impossible to block your computer’s microphone without physically accessing and disabling the PC hardware.
>Most of the targets are located in the Ukraine, but there are also targets in Russia and a smaller number of targets in Saudi Arabia and Austria. Many targets are located in the self-declared separatist states of Donetsk and Luhansk, which have been classified as terrorist organizations by the Ukrainian government.
judging by the targeted countries i wonder who would benefit from something like this...
change sdx to your interface.
If you are paranoid about your system being infected, you should reinstall your system and reflash your BIOS...
But since you don't know how to use dd to format a disk, you probably have many other security problems that doesn't include your friend's software. Encrypt your disk if you want more security/privacy.
does anyone know the archive.is operators? someone needs to tell them to remove the pointless captcha (I hear this can be done by unblocking the country T1 (tor) in cuckflare settings). they probably don't know it's enabled because they never visited their site through tor (or maybe they're morons and actually believe the captcha accomplishes anything more than blocking legitimate users, i don't know)
How difficult would it be to archive clearweb webpages onto an onion website?Zeronet? I2P? Not using archive.is or web.archive.org/save/ from tor rather making a tor-based clearweb archive? That would be ideal for the archival of information to diversify.It is a natural response to the increasing allowence to censor news based on subjective standards of credibility.
A lawsuit being heard by the US Court of Appeals for the District of Columbia Circuit seeks to answer the question of whether foreign governments can hack Americans with impunity. In the case of Kidane v. Ethiopia, lawyers for the Electronic Frontier Foundation (EFF) and the law firm of Jones Day and Robins Kaplan are representing a man from Maryland, who is going by the pseudonym of Mr. Kidane, in a lawsuit where Mr. Kidane alleges the government of Ethiopia infected his computer with spyware. The lawsuit alleges that the secret malware, known as FinSpy, allowed the government of Ethiopia to conduct wiretaps on his Skype calls and monitor everything he and his family did on the computer for a period that lasted months. The court has allowed the man to use a pseudonym that he had used in the Ethiopian community, because the Ethiopian government has a history of punishing the family members of people who dare to oppose it. Mr. Kidane was born in Ethiopia and moved to the United States 20 years ago, where he sought asylum and became an American citizen. Kidane became infected with the spyware after he opened a Word document that was sent to him by agents of the Ethiopian government. After opening the document, FinSpy was secretly downloaded onto his computer from a server with an IP address located in Ethiopia. All activities, including Skype calls, keystrokes, passwords, e-mails, chats, and web browsing was monitored, recorded, and uploaded to a command and control server with an IP address located in Ethiopia and controlled by the Ethiopian government. FinSpy is developed and marketed by FinFisher, formerly known as Gamma International, a company based in the United Kingdom. It is part of a line of “IT intrusion” software made by FinFisher, which are only sold to government agencies. Their software is frequently used to spy on activists around the world. Kidane continues his lawsuit, which is being appealed. Recently, attorneys for Mr. Kidane argued before a 3 judge panel that the lawsuit should be allowed to continue. Under the Foreign Sovereign Immunities Act, foreign governments are only liable for acts committed within the United States. Kidane’s attorneys argued that his computer was located in Maryland and remained there the entire time it was being spied upon. Attorneys for Ethiopia argued that they should not be held liable because they did not have a human agent who was physically located within the United States. One of the judges on the panel asked the attorneys representing Ethiopia if they believed that they could be held liable for mailing a letter bomb to the United States, or for remotely hacking a self driving car in the United States and causing it to crash. The attorneys for Ethiopia responded to the judge’s question by saying that they believed they could not be sued for such actions. Kidane was spied on from at least late October of 2012 until March of 2013. The lawsuit was originally filed in February of 2014. Previously in the case, a federal court ruled that foreign governments could not be held liable for wiretapping American citizens within the United States. The DC Circuit Court is expected to rule on the appeal within a few months.
Edited last time by Endwall on 02/23/2017 (Thu) 20:15:32.
>>8091 >but it is the same amount of trust involved >How so? >I'm not saying that by using a >'nix OS you dont have to trust >anyone, you do
Yeah like automatically downloading every damn thing you need a la sudo? I mean I used it when I was told to, sure I know how to remote into unix blade in retail stores and navigate all these fake ass virtual systems, yeah, it's fucking exciting as all fuck, don't get me wrong. I am fully vested in social security, I worked my whole fuckin life in IT, and I can live on < 1000 dollars a month. I live in a /pol/ based mentality, this tech board cannot understand, forgive me for abusing this thread. I pray OP will delete my posts.
>there's still mostly proprietary >hardware if nothing else, BUT >there's definitely not the same >amount of trust involved when >you're using Windows.
After I wrote the above posts, I realized that, I love being baited by a snipey comment like that, "fuckin windows users" I have heard it my whole life from the old days. But see, when baited, I just eat the bait, the fisherman, everything. It's fun for me. Yet, not so much fun for the fishers.
but thy have to slum for work like all editors and end up cutting dome fag pr0n eventually, oh the horror stories I hear from career editors. Is video or audio engineering really even an actual job that people get paid for? Wow, that's awesome I guess. But the suffering of editing other people's worst video work, is painful, so, maybe pain taken, factors into this equation? We can assume faggoty means weak and petty and not an allusion to sexual prefs.
>>8094 That is being over dramatic. You would not be surprised how little some of these musicians know about technology. If you can quickly compliment thee clients desired sound then you are acting as that artists foundation and can control that artist completely for that en-devour. is the artistic intent that they pay you to captain. That is the feeling of power. Now when someone wants you to do something that is artistically bankrupt a lot of these guys fill it in with their kikeling virtue memeing.Disrupting that dynamic by whatever means necessary is the pleasure that is received.
Hmm, not webm related but that was some good stuff. but
> kikeling virtue memeing.
WTF either you are a kike or you have virtue. I don't buy into recent faggy terms or chanisms, like virtue signal etc, means jack shit to me.
This is kinda fitting tho that we have a cross spectrum thread on tech board about webms and windows versus unix old farts, music engineer versus musician, heh, reminds me of that skrillex song with some dude talking about how no one is a musician if you can't play guitar. I mean, I am bout as good at guitar as I am at nixy stuff, but still, can I play along, yes, can I set up a BF2 server yes. Can I make and upload a webm? Hmm only just recently, thanks to some germans.
I'm trying my best to remeber dealing with power when I was working at Intel, so bear with me.
The 'power' directory is for runtime power management and coresponds to a device going into a sleep state when it is idle (this is *not* the same as suspend to RAM). This directory exists for most devices (I was mostly fiddling with USB devices). In this case a sleep state makes sense for a device such as USB keyboard or mouse, since the device may not be being used and should enter a sleep state (but it's usually fucky and misses the first keypress or motion so it's usually disabled), but I have no idea what it would mean for a monitor. I'm guessing that changing that brightness doesn't count as entering a different *state*, so any power savings from changing the brightness is automatically done by the component; the only time runtime power management states may come into play is when your monitor shuts off due to inactivity (this is my guess, not confirmed).
>>834 I didn't use GRUB because of the claims behind being easily accessible through hitting backspace a specific number of times to being the password. I don't have 100% FDE also because of that claim. I'm also worried that if I update to a newer version of GRUB some time in the future that it won't be compatible with Libreboot. To ease my paranoia, I made myself use syslinux instead, but of course, it's no real solution either.
>>8027 You are welcome to mail Walrus <email@example.com> and ask why he misconfigured the donate page.
reCAPTCHA is effective, easy for end users, has a good noscript fallback, and has a good API. Naturally not everyone has the same captcha preference as me and that is why I've made it as easy as possible (technically and license-wise) for you to fork tokumei-recaptcha and make it use a different captcha implementation.
>>8028 >reCAPTCHA is effective, easy for end users no. fuck off with this shit. your site was completely broken shit when you spammed it on 8ch/tech/, with beliefs like this no wonder. since you can't even stray from coding "user friendly" bullshit like HN UX hipsters do, your site will never be useful to anyone who cares about privacy or security
>>8051 Once again, I am not Walrus. My site was not broken, and I did not spam /tech/.
reCAPTCHA *is* effective enough. Google offers a difficulty slider when you generate an API keypair and the maximum difficulty is enough for nearly any site (I can barely solve them as a human). The minimum is quite good too; in practice even a dumb captcha whose answer is always the same keeps out nearly all spam.
reCAPTCHA *is* easy for end users. Many just need to click on a check box.
Obviously a captcha can't be perfectly effective and easy for end users at the same time, but reCAPTCHA's difficulty slider lets individual Tokumei sites decide what balance they want.
I write user-friendly software with good UX not because I am a hipster (I personally hate material design) but because I am selling my software to users. For most users, material design is friendly. For the rest, I provide an excellent API so you can post from the command line or write your own interface. The material web interface also provides an easy way to install custom CSS to strip material bits you don't like. I don't know what else you want.
If you think Tokumei is HN hipstershit, you have not read a line of code.
>>8059 So, why then you would give your users website visit info to Google if dumb captcha with fixed answer is enough (and unless someone goes after spamming your very specific site it holds true)? Why not make locally generated captcha like this website does? I dislike how exactly captcha is implemented here (see lynxchan thread, >>7569), but it is many times better than privacy-invading Google's "service".
>>8065 >So, why then you would give your users website visit info to Google
Unless users ignore our recommendation to use TBB, we are not giving any useful info to either the Tokumei site host or to Google.
In the edge case that a user trusts a Tokumei host enough to access a site over the clearnet (either the site is served over the clearnet directly or they use a gateway) but does not trust Google, you have a point.
>if dumb captcha with fixed answer is enough
For Tokumei sites where this is enough, indeed this should be used over the tokumei-recaptcha apps.
>Why not make locally generated captcha like this website does?
Because captcha is complex and Tokumei is not HN shit. This nodeshit website depends on fucking ImageMagick.
But for clearnet hosts that want to avoid pinging Google and don't care about back end complexity, sure, a local captcha app would be good.
>>5643 It's not real. I've seen terrible things on the internet, but stuff that's truly important is kept hidden extremely well. If the US military for example were to have something similar to Tor but more secure and someone like you found out about it, they'd burn it to the ground and use whatever backup technology they had in case of such an event. If there are super secret organizations or sites out there, you will never find them. I've been digging for years, and I've found some really spoopy shit, but still nothing that truly shocked me.