/tech/ - Technology

Brought to you by archive.org

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

(90.45 KB 640x360 cloud.jpg)
Cloud Encryption Best Practices? Anonymous 08/23/2017 (Wed) 23:28:21 [Preview] No. 10882 [Reply] [Last 50 Posts]
Say I need to store private files on some public cloud service because reasons. I'm going to encrypt the shit out of it, I want that crypto to hold up against reasonable opportunistic adversaries, and I want it to hold up for the foreseeable future.

"Reasonable opportunistic adversaries" means I don't expect to be the personal target of a well-funded spook agency. Law enforcement dragnets, opportunistic hackers and snooping providers are all relevant however.

"Foreseeable future" should be decades.

My instinct is to rely on something straightforward and established like gpg --symmetric, but it doesn't feel nearly autistic enough to be truly secure.

Should I consider non-standard ciphers? AES has theoretical attacks now, but 2^256 -> 2^254.4 is barely scratching it. Twofish and Serpent have only been attacked with reduced rounds. All are already over a decade old but nothing truly new seems to be on the horizon. Quantum comp apparently isn't the huge threat here that it is to public key.

Is it worthwhile cascading ciphers like Veracrypt does? Can this be done competently with gpg/other tools? I see mixed opinions out there about the benefits vs the risk to new attacks.

Is it worth obfuscating the ciphertext? Would using non-standard cipher settings, memorizing them then stripping headers protect the data in practice even if the cipher becomes weak in the future? Would wrapping it in other containers make it look more innocent to an adversary find/grepping for "interesting" files to analyze?

Tell me how wrong I am, /tech/.

Anonymous 08/24/2017 (Thu) 00:44:56 [Preview] No. 10883 del
>Should I consider non-standard ciphers?
No. Use AES-256 from a good library like libsodium. It's resistent from even quantum attacks.

I'd suggest:
- Set up a openbsd server
- Close all connections using pf(4), except the SSH port
- Change securelevel(7) to level 2 (so the pf rules can't be changed):

- Encrypt files on your computer with reop or gpg (reop uses AES256 by default)
- Use scp(1) to transfer files:

Anonymous 08/24/2017 (Thu) 07:52:49 [Preview] No. 10887 del
>Set up a openbsd server

OP is premised on the data being stored by someone else, in an uncontrollable environment. You're right that this would be easy otherwise.

Anonymous 08/24/2017 (Thu) 15:26:05 [Preview] No. 10890 del

The best practice would be not to store your data in "the cloud" in the first place.

But if you insist, use AES-256.

>Should I consider non-standard ciphers?


Other ciphers, like Camellia and Serpent, probably offer similar security, but Rijndael (the cipher in AES) has been subjected to a lot more cryptanalytic effort _because_ it was chosen for AES, and it remains unbroken.

>Quantum comp apparently isn't the huge threat here that it is to public key.

Mostly correct. A quantum computer that is able to run Shor's algorithm efficiently will be able to quickly recover the private key for data encrypted with a public-key cryptosystem that relies on the factorization of large integers or the discrete logarithm problem. There are public-key cryptosystems that are not based on these problems, and are not vulnerable to Shor's algorithm, but they are not in common use. All of the ones in common use (e.g. in SSL/TLS and PGP) are vulnerable, so it's important to note that quantum computing is currently projected to be a threat to some kinds of public-key encryption, not _all_ public-key encryption per se.

The PQCrypto group is currently refining a number of public-key cryptosystems that will remain secure even if efficient quantum computing is realized.

Message too long. Click here to view full text.

Web servers/ async programming Anonymous 08/23/2017 (Wed) 15:48:45 [Preview] No. 10881 [Reply] [Last 50 Posts]
I've been practicing network programming lately and was reading about the different web servers, how they work and so on.
I was wondering how Windows and windows based web servers perform compared to Linux since it has no epoll/kqueue. It turned out it has I/O Completion Ports. Then I searched for web server benchmark comparisons but there were no credible ones. Why has nobody compared these products yet?

This one implies that IIS outperforms nginx in every way and if that is true I want to know how it does that.

This one implies that g-wan is the fastest one (obviously, it's their product, therefore isn't a credible source).

That one also shills for IIS, but it's probably fake since the author doesn't mention anything about hardware or server configuration.

So my questions are:
- Does Windows' IOCP perform better than epoll/kqueue and if so - why? And why don't we implement it for *nix?
- Does IIS outperform nginx/apache and if so - how does it do it and is it related to the IOCP?

I cannot find credible sources and I hope someone here has more experience than me.

Message too long. Click here to view full text.

Anonymous 08/24/2017 (Thu) 01:04:38 [Preview] No. 10884 del
I don't have enough knowledge about http servers to answer you. But, I don't think performance is the only thing that matters.
And, it's also affected by many other configurations, such as where your cache is being written (this will depend on your disk write speed and your filesystem).
Open source unix-based systems have more flexibility to work with. You can compile linux, for example, to the bare minimum to work with and the resource usage will be trivial. Not like windows, where you can't disable low level stuff and need to have useless memory usage.
Morpheus with rwasa, for example, will give you very good performance:

Or, use NuttX. It's a realtime OS, and has it's on http server on base system:

(60.64 KB 350x350 NFPRP1-350x250.jpg)
Anonymous 08/18/2017 (Fri) 18:19:10 [Preview] No. 10827 [Reply] [Last 50 Posts]
Is there any way I can block google recapcha in hosts ? I appears on some 4chan archives and it drives me nuts because for some reason webkit uses like 40% of my cpu to render that shit
7 posts and 2 images omitted.

Anonymous 08/20/2017 (Sun) 11:54:44 [Preview] No. 10854 del

I don't want a trojan on my computer. But I guess that as a windows user, you have a limited understanding about why you should never ever use a close source program.

Anonymous 08/20/2017 (Sun) 19:15:10 [Preview] No. 10862 del
You can't block an entire domain in /etc/hosts, unless you have an entry for every single host, but that's not doable for something the scope of google. But you can block all of *.google.com if you run a local DNS server. For example, I have this entry in /var/unbound/etc/unbound.conf, since I don't want to have anything to do with fb ever:
local-zone: "facebook.com." refuse
I would do the same with google exept that I actually use their gmail service, and at one point they started to require you to "login to your google account" instead of just loging into the gmail.com domain.
They also have some other domains like googleapis.com, googlesyndication.com, and so forth. Probably best to get your browser to log everything and then check what other stuff needs blocking.
Also the hosts file from http://winhelp2002.mvps.org/hosts.htm is useful but doesn't cover everything.

Anonymous 08/21/2017 (Mon) 00:47:48 [Preview] No. 10863 del
My apologies, I don't know why I thought you were running windows. You should be able to do the same conceptual thing though - watch outbound DNS lookups - with tcpdump or whatever packet capturing utility you've got on your OS. I'll second 10862 - run a local DNS server.

Don't be a conclusion-jumping condescending douche. You've actually inspected the source code of a miniscule fraction of a percent of everything you are running right now, and if you think having source covers all your security bases, you're doing security wrong and relying on an unrealistic world view. Take inventory of all the proprietary tech and embedded systems you actually deal with on a daily basis. I'm pretty sure you aren't inspecting the source code running the ABS of nearby cars before crossing the street.

Anonymous 08/22/2017 (Tue) 22:51:50 [Preview] No. 10877 del

I founds this but I don't understand chink. Might be useful.

Anonymous 08/22/2017 (Tue) 22:55:48 [Preview] No. 10878 del
If a small bash script, I reckon you can extract the lines related to google in another file, change the ip to to each one and then append the resulting file to your hosts file. This should solve your problem op.

USSR home computer programs on tape Anonymous 07/09/2017 (Sun) 22:06:43 [Preview] No. 9625 [Reply] [Last 50 Posts]
Does anyone on /tech/ know how to get programs for old computer from audio cassette? What emulators can run that? Rips are on http://25dxotevqkqyhqgi.onion/
2 posts omitted.

Anonymous 07/09/2017 (Sun) 22:07:28 [Preview] No. 9629 del
If it is 8 bit computer produced by USSR it might be Agat. Their early edition came with cassette tape reader.


The processor of Agat was clone of MOS 6052 so you might want to check out emulators written for it.



Anonymous 07/09/2017 (Sun) 22:07:40 [Preview] No. 9630 del

but even if you dump the programs encoded in cassette it would be bunch of boring games and programming utilities.

Anonymous 08/21/2017 (Mon) 17:36:33 [Preview] No. 10868 del
Screenshot on Wikipedia page is an almost 100% evidence emulator exists.

Link no worky.

Anonymous 08/21/2017 (Mon) 21:37:46 [Preview] No. 10872 del
I suppose, you equip yourself with some kind of translation software and google for [Computer name + emulator] in Russian.
This is what quick search for Микро 80 эмулятор gave me:
As per games, you can feed wav audio directly to emulators.

(2.10 MB 3200x2368 g mustard rice 2.jpg)
Best version of windows for fucking with Anonymous 08/20/2017 (Sun) 08:12:04 [Preview] No. 10848 [Reply] [Last 50 Posts]
Hey guys, I don't like using windows but I had an itch to fuck with it a little.

I was thinking of taking a windows image, stripping the shit out of it with ntlite, then replace a bunch of stuff with versions from reactos and a different shell like blackbox.

Maybe windows 10? Anyone remember how to strip all the botnet shit from there?
12 posts and 1 image omitted.

Anonymous 08/21/2017 (Mon) 01:04:19 [Preview] No. 10864 del
Jesus Fuckin' Christ, buncha goddamned stuckup children here. Fuck your "not using windows is the most basic thing you can do" attitude. I've got two windows boxes, four *nix boxes, a mac, a pi, and a handful of other small machines within eyeshot. I use all of them. One of them is a slackware box that's been going since the late 90s. Lemon suckers going "ewwww! you're not using the right style of computator!" can be dismissed as closed-minded cunts. If it's Turing Complete then it's useful. Carry on, OP. I salute fucking with windows and everything else. *That's* freedom.

Anonymous 08/21/2017 (Mon) 02:24:12 [Preview] No. 10865 del

Thanks for participating in the ruin of freedom and privacy.

Anonymous 08/21/2017 (Mon) 06:18:48 [Preview] No. 10866 del
What a load of fucking shit, OP never stated that their main OS was windows or they used windows for sensitive tasks. Good for them if they are having fun and tinkering with an OS which in turn allows them to learn and become more fond of the inner workings of an OS.

Anonymous 08/21/2017 (Mon) 19:19:32 [Preview] No. 10869 del
Who made your hard drive? Is the firmware on its controller card proprietary or open source? How about your graphics card? Do you use thumbdrives?

It's not hypocrisy when an "Open Source or Nothing!" person disses me for "ruining freedom and privacy" while half the shit they use is proprietary, it's just ignorance. Stop thinking that you're special on the freedom and privacy issues. We're all in the same boat there.

Anonymous 08/21/2017 (Mon) 19:51:54 [Preview] No. 10870 del
>everyone gets a participation trophy
Get out of here. If op wants to tinker he can go to numerous other tinkering forums.

There is only one reason to tinker with Windows, and if it was OP's reason he would be more direct about it.

Anonymous 06/23/2017 (Fri) 22:32:50 [Preview] No. 8590 [Reply] [Last 50 Posts]
>VDPAU on my card doesn't support 10 bit profiles for h264
>my processor is too slow for software decoding scenes where there's a lot of action

is this Daiz's fault?

Anonymous 07/09/2017 (Sun) 23:15:10 [Preview] No. 9935 del

Anonymous 08/21/2017 (Mon) 17:10:21 [Preview] No. 10867 del
Nothing on consumer marker supports 10 bit profiles for H.264.

AFAIR, Daiz does not belong to that group of x264 authors that is openly gay loving anime.

Nokia 8 Anonymous 08/19/2017 (Sat) 20:01:59 [Preview] No. 10839 [Reply] [Last 50 Posts]
This smartphone will physically train people to record video...

in landscape mode!

Anonymous 08/17/2017 (Thu) 18:35:36 [Preview] No. 10802 [Reply] [Last 50 Posts]
So Jim (an ex-Gamer Gay fag and an old /pol/ sweetheart) made a new video recently, and in the face of the centralized clearnet's censorship schemes becoming ever expanded he has made the suggestion of going MAD against the clearnet giants. As some have pointed out though, this is a dangerous gambit due to Google Fiber expanding very quickly and them having the money to bide their time while they expand. Not just that but handing the internet to the ISPs is a bad idea since ISPs are much more HEAVILY centralized than web services and communities.

However I want to hear endchan's opinion on the matter, is this a feasible strategy, or did Jim as the vid's thumbnail/graphics suggests, drink a few too many vodka bottles in a stupor of depression?
12 posts omitted.

Anonymous 08/17/2017 (Thu) 21:45:10 [Preview] No. 10818 del
>Reported for bullying, this type of speech is not tolerated on this website!
Stop this. We are not going to make this place into what lainchan mod's did there. The usage of ad hominem or name calling, when necessary, should be allowed. Even if this not necessary (as in the case of the anon above), just ignore it. If we start to apply these shit rules here I'll get out (again).

Anonymous 08/17/2017 (Thu) 22:36:41 [Preview] No. 10820 del
I was being ironic, but freedom of speech is extremely important and must be cherished and preserved, and censorship to prevent hurting ones feelings is weak.

Anonymous 08/17/2017 (Thu) 23:23:44 [Preview] No. 10821 del
Oh, got it. The point is that I've seem the kind of behaviour of locking down threads just because it does not follow ridiculous rules. And, not just on lainchan, also here in endchan.
Let's not have this "political correctiness" bullshit here.

ps. they (lainchan) don't even know that their thoughts about these 'rules' came from myself, from discussions about the bad quality of posters on the boards, but they stretched my ideas into something completely extremist. So suggestible to everything, these people. The word here is: discernment. Stop and think about what is your thoughts on the subject, through various perspectives, don't simply accept them as a unified structure.

Anonymous 08/18/2017 (Fri) 01:56:40 [Preview] No. 10824 del
Some anons such as the ones found on /int/ (It is called /int/, /intl/, etc. but they are all the same) have taken the freedom of speech right so far that they don't delete spam threads or CP because they consider deletion to be anti-free speech. Only time posts should be deleted is if they are spam posts, posts containing illegal content to fuck us over, etc. Even shitty posts should be allowed to stay, just hide them and have a button to reveal them. This concept exists on a website known as Meguca and posts aren't truly deleted, they are hidden and anyone can open them by pressing a button.

Anonymous 08/18/2017 (Fri) 03:14:44 [Preview] No. 10825 del
>Only time posts should be deleted is if they are spam posts, posts containing illegal content to fuck us over, etc.
I totally agree.

(9.07 KB 261x202 annoyed_tom.jpg)
FLOSS and licensing Anonymous 07/31/2017 (Mon) 16:22:43 [Preview] No. 10510 [Reply] [Last 50 Posts]
Hello /tech/,

I'm not so familiar with software licenses so I started reading about the subject. At one point the question 'How does one profit from floss software?' popped in my head and these are some articles I came upon (quite outdated, but they still have a point). So GPL prevents companies from making proprietary software with your piece of software. BSD, on the other hand, does not (that's the case with Apple's kernel). Turns out the only way a company can profit from GPL license is by donations, offering support, teaching or dual licensing. Dual licensing seems like the most used option.


>But there is a net effect on software development. Who makes money off GPL code? We go back to Novell and Red Hat, who test and package this software. And we see a trend–GPL code helps software testers make money. It helps QA people. It helps the people who answer the support phones. It helps everybody except software developers. Oh, maybe Google will pay them a salary as a goodwill gesture. But it’s really, really hard to make money from developing FOSS. You can make money supporting it. You can make money testing it. But no money developing it.

So my question is - does free software actually benefit the developer?
7 posts omitted.

Anonymous 08/02/2017 (Wed) 14:59:10 [Preview] No. 10536 del
Those are actualy fair points which answer my question. Thanks, anons

Anonymous 08/07/2017 (Mon) 03:39:38 [Preview] No. 10576 del
Stop spreading lies. You can sell GPL software, you just have to also provide source code. https://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney

Anonymous 08/07/2017 (Mon) 10:04:44 [Preview] No. 10577 del
Much more importantly, you also have to grant the right to redistribute it all. The GPL makes it harder to make money. That shouldn't be controversial.
He never said it doesn't allow selling software.

Anonymous 08/07/2017 (Mon) 16:17:27 [Preview] No. 10578 del
>The GPL makes it harder to make money.

That seems a little like saying that you're going to be hungrier because mom added a side of broccoli to dinner. The existence of GPL software adds to the options that you have if you are developing software and want to make money. I don't think it makes anything harder.

Perhaps the core idea there is that the GPL doesn't make it as easy to make money as a license that allows you to take someone's code and resell it as your own does. I agree with that. For example, the zlib license is easier to make money with than the GPL license because you can use it in a commercial product and not release the source. That doesn't seem like a reason for me to complain about GPL software that benefits me and sometimes does what I want in other ways though.

What's the bottom line beef here anyway? If you are opposed to GPL licensed code and, like me, don't include in your development projects when you don't want to release under GPL, then don't use it. Problem solved. I use it when it makes sense and I want to give code that keeps on giving away and I don't use it when it doesn't.

Anonymous 08/16/2017 (Wed) 01:29:12 [Preview] No. 10731 del
If making FLOSS software meant helping actual competent and interesting programmers and computer engineers/scientists, then I would disregard money for the most part. I don't believe individuals/groups make FLOSS software for profits in the first place, if they wanted profits, it would be more efficient to write proprietary closed-source software for large companies or massive groups of computer users.

There are plenty of benefits of being a FLOSS software developer:
>You are more likely to be recognized by FLOSS communities which tend to be populated with highly intelligent and competent individuals.
>You are helping fight proprietary, non-free, and closed-source software by distributing and creating FLOSS software.
>You can very easily use your own software to your advantage and have an extra highly strong layer of security by using your own software that wrote.
>Your software has a higher chance of being used in OS distributions and software bundles (Look at Chrome OS). If you don't like your software being used against your will, maybe it shouldn't be free and open-source in the first place.
>You are seen as a trustworthy person and will be useful in the fight against surveillance and unwanted data-collection.

It also seems to be a misconception that once can only program either FLOSS or proprietary software and not both. You can make some of your software FLOSS and other software proprietary.

Communication best practices Anonymous 07/31/2017 (Mon) 02:09:16 [Preview] No. 10507 [Reply] [Last 50 Posts]
I would like to open this thread to discuss the best practices of communication, essentially the three forms: archive sharing, text/image and voip (video conference).

The software has to be:
- Decentralized or distributed
- End to End encrypted
- Open Source

Prefered if:
- Audited / Formal methods (proof/verification)
- Anonymous
- Don't leak much matadata
- Good coding practices (privsep, sandboxing, etc).

For archive sharing:
- Retroshare
- Tahoe-LAFS

Message too long. Click here to view full text.

49 posts and 7 images omitted.

Anonymous 08/13/2017 (Sun) 20:29:46 [Preview] No. 10711 del
- Simple code. No bloat. Do one thing and do it right (unix philosophy)
- Good security practices (no unnecessary permissions)
- Uses libsodium, a modern and stable crypto lib with well revised code. Uses AES-256.
- Leaks less metadata on pubkey
- Smaller pubkey.

I think they also have added pledge(2) to the reop ports on openbsd.

- No support for GUI tools, like for Thunderbird
- No support anywhere, really
- It's not maintained anymore (not exactly a problem, because the code is considered "done" by the author. No bugs found)
- Not audited by third-party

Message too long. Click here to view full text.

Anonymous 08/13/2017 (Sun) 21:18:57 [Preview] No. 10712 del
Ohh cool. Thanks for making a summary.

Anonymous 08/14/2017 (Mon) 15:19:03 [Preview] No. 10715 del
(595.36 KB 1306x1691 1491460607843.jpg)

>So why is reop better again ?

It's not. It's abandonware that nobody gives a shit about. Nobody uses the public-key functionality of reop, and the AES-256 functionality is redundant. There are plenty of options for AES-256 encryption on common operating systems that are either already available, or can be readily installed without having to compile from scratch (unlike reop).

The one person on this board (and on the planet) shilling reop was challenged to demonstrate the superiority of reop's AES-256 functionality against other implementations by referencing the relevant source code, but he failed to do so.

Anonymous 08/15/2017 (Tue) 02:52:42 [Preview] No. 10723 del
(736.54 KB 1280x640 1471700571618.png)

There's nothing in that list about the gnupg implementation of AES-256 file encryption or the reop implementation of AES-256 file encryption.

The one person on this board (and on the planet) shilling reop was challenged to demonstrate the superiority of reop's AES-256 functionality against other implementations by referencing the relevant source code, but he failed to do so. Again.

If you are having difficulty locating the source code in question, I would be happy to provide you with a link. Just say the word!

Also, although it doesn't matter, because that link demonstrates absolutely nothing that's relevant to this discussion, I would note that that list goes back 11 years and has only one critical (remote) bug.

I'd call that "Only one remote hole in the default install, in a heck of a long time!" Hmm, that sounds familiar.