/tech/ - Technology

Brought to you by archive.org

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

(21.56 KB 500x500 sxj9bJ7.jpg)
Anonymous 09/01/2017 (Fri) 02:18:04 [Preview] No. 10971 [Reply] [Last 50 Posts]
>email provider offers onion imap and smtp
>the certificate doesn't include the onions
What's her name /tech/ ?
2 posts and 1 image omitted.

Anonymous 09/01/2017 (Fri) 21:48:02 [Preview] No. 10978 del
What about the the part between the exit node and the server ?

Anonymous 09/01/2017 (Fri) 22:38:23 [Preview] No. 10981 del
Wow rude.

Anonymous 09/01/2017 (Fri) 23:14:35 [Preview] No. 10982 del
Tor hidden services do not use exit nodes. They are within the Tor network and do not need to exit from it. Therefore, no exit node.

What's rude is making an OP that is nearly incomprehensible and contributes nothing to the board.

Anonymous 09/02/2017 (Sat) 01:14:56 [Preview] No. 10984 del
OP here, I just realized I'm retarded. Sorry everyone.

Anonymous 09/02/2017 (Sat) 04:03:58 [Preview] No. 10986 del
It's alright, bro. We're with you. We all do dumb shit sometimes.

For example, I got married.

Steem Anonymous 08/16/2017 (Wed) 20:47:05 [Preview] No. 10768 [Reply] [Last 50 Posts]
Thoughts on Steem?

Post/curate content -> get upvoted -> get cryptocurrency.
8 posts and 3 images omitted.

Anonymous 08/25/2017 (Fri) 15:34:34 [Preview] No. 10893 del
>Pseudonymous identity is needed when you want your readers to follow your publications and posts without settling down to stylometry or some obscure sekrit klub shit because ordinary people, you know, are accustomed to trusting an authority rather than random anonymous especially when they see him in the first time.
These people are oblivious to the benefits of the anonymous imageboard, judging a post based on it's quality rather than the creator behind it. It doesn't matter if posts on here are made by bots, intelligent users, shills, etc., they are all perceived as the same and will be interpreted accordingly.

>Of course it does some job on profiling this identity to le ebil gubmints much easier, but they have more advanced ways on tracking you, like packet flow and time correlations which doesn't really make a difference whether you post anonymously, pseudonymously or with your state ID and photo as profile pic.
While they may have more advanced tools and tactics for identifying website visitors and users, it doesn't mean I should go ahead and make it a little easier for them by creating an account just because they already possess the tools to reveal my identity. Higher level tools don't make the seemingly weaker dangers of an account trivial, they all have the potential to fuck you over, and protecting your identity means eliminating as many risks as possible.

>Anon you really don't understand why web 2.0 javascript memery is in action, well it's because web servers don't have unlimited powers and bandwidth to serve every animation as css style and give out full html on every page for 500000 users every second, this is what cdns and (((le ebil cloud))) are used for combined with dynamic page content. It is easier for server to give out 1KB pointer to js library on amazon cdn and a 20KB script, then feed you with small portions of text 100KB each on demand, instead of giving you 1MB page every time you click a button, because internet overall is shit too, but sure, it works out for little imageboards like this one, and still tinyboard doesn't display post replies without javascript, ask devs and admins why.
Perhaps I didn't thoroughly explain what I meant by "enhance the appearance". Websites are moving towards animated and bloated pages with loads of "features" and drop down menus to appeal to mainstream website frequenters, and as a consequence, static web pages are being phased out. Why fix something that isn't broken? The static web page worked perfectly and can be interpreted by the majority of browsers, including extremely light text only browsers, and they don't overload your computer in the process. I shouldn't need a modern computer (Which is basically a supercompuer when compared to technology around 10-15 years ago) to view websites.

>let me guess, you are 20-35 years old, right? Then stop larping, okay, you ARE millenial.
I am not, and my age is not relevant to this discussion. It is evident that the new animated websites with unnecessary "features" are aimed towards the groups who typically only frequent a few select mainstream websites, and these groups are typically composed of individuals classified as "millenials". The internet for the average person is only around 20-30 websites, they only seen a few trees in the massive forest that is the internet.

Anonymous 08/26/2017 (Sat) 16:11:30 [Preview] No. 10894 del
>judging a post based on it's quality rather than the creator behind it
It is much easier for a newcomer to judge posts by creator because he can clearly see the posting history, ordinary people are accustomed to pseudonymous identities which they understand.
There must be some sort of identity if you want to gain credibility and trust also.
Users will be turned off when they see a bunch of trolling slide inane comments with corporate spam like there is on fourchan for example.

>Websites are moving towards animated and bloated pages
Well, you were the one who said this website's target audience are redditors, and reddit is not an "animated website with unnecessary "features"", it is rather old-fashioned and sometimes cryptic. All fashionable animations you see there are usually present in rare subreddits and done with pure html5 css, which simple graphic browsers (what web was actually designed for, markup and graphics) like Dillo support very well (oh, don't tell me that you have an urgent need to read entertainment web sites in links framebuffer mode because your X server is down again :^)
Web was not meant to be universally accessible, first web browser didn't have support for Apple II or IBM 5150 and was rather bloated compared to gui gopher/bbs clients. As I said, modern web clients are fast on average, mobiles even have javascript hardware acceleration, there is no need for most webdevs to fire up their neurons and write super efficient code if they can launch a site in 15 minutes with preconfigured frameworks and themes. Human nature is laziness. However, it doesn't mean there are no good static webpage sites, it means they can afford to be static because their servers/internet connection are fast and their audience is not that big.

>tfw my average internet is 20-30 imageboards and irc channels

Oh, by the way we both use le reddit spacing as they call it on 8ch, probably because text is too tiny and lack of tabulations. This board clearly needs some good modern styles, a markdown support and drop-down menus :^)

Anonymous 08/27/2017 (Sun) 00:58:19 [Preview] No. 10901 del
>There must be some sort of identity if you want to gain credibility
>Users will be turned off when they see a bunch of trolling slide inane comments with corporate spam like there is on fourchan for example.
Trying to gain credibility is as bad as trolling, both are relapses to a normalfag pattern of behaviour where it has become a hindrance simply due to force of habit. Both handle the new internet environment as a novelty that is only to be crushed like windows in a bus stop until you get bored and return to your real life as a cuck for the jew.

Anonymous 08/27/2017 (Sun) 01:22:42 [Preview] No. 10904 del
Not the dude you're replying to, but the original web was in fact usable by someone on an Apple II or IBM 5150. All you needed was a modem and a Unix shell account from which you could run Lynx, Pine/Elm, Tin, ircII, and so forth.
Now it's no longer the case, because many pages are non-functional without javascript. Even the wayback machine (web.archive.org) has gone in that direction, which is pretty ironic.
I think the web is too far gone to save at this point, so I'm abandoning it for the most part. I no longer login to the old web forums I used to frequent, especially after they changed to become more "modern". And I don't even bother to fill out captchas, so the popular chans are written off. Anyway those things don't work in a plain vt220 console.

Anonymous 08/30/2017 (Wed) 17:02:08 [Preview] No. 10939 del
>Even the wayback machine (web.archive.org) has gone in that direction, which is pretty ironic.
I hate that the wayback machine needs JavaScript now.
I tried using a browser with JavaScript for the wayback machine and it is no better than before, just slower and shinier.

MOZILLA SELLS OUT! Anonymous 08/16/2017 (Wed) 00:02:50 [Preview] No. 10727 [Reply] [Last 50 Posts]
Mozilla To Build New Browsers That Conform To Internet Censorship


In November of 1737, decades before America officially declared its independence from the king of England, a young Benjamin Franklin published an essay in The Pennsylvania Gazette entitled, “On Freedom of Speech and the Press.” In it, Franklin wrote, “Freedom of speech is a principal pillar of a free government; when this support is taken away, the Constitution of a free society is dissolved, and tyranny is erected on its ruins.” Franklin went on to write, “An evil magistrate entrusted with power to punish for words, would be armed with a weapon the most destructive and terrible.”

Although this was written in an article published more than two and a half centuries ago, Franklin’s words are quite possibly more relevant today than they ever have been. Indeed, there is an ongoing effort by the progressive left and extremists such as George Soros to silence speech that doesn’t align with the liberal agenda. This effort to effectively gut the First Amendment is taking place virtually everywhere you look, from the mainstream media, to Hollywood, to college campuses, and perhaps most frequently, across the Internet.

Recently, the popular Internet web browser Mozilla Firefox announced that it plans on joining the fight against what it considers to be “fake news,” a term that to leftists means nothing more than news that is written by conservatives. Mozilla said that it was “investing in people, programs and projects” in an effort to “disrupt misinformation online.”

The first question that every constitutionalist and liberty-loving American should be asking is as follows: How does Mozilla define “fake news?” Are they only talking about suppressing radical websites such as sites run by white supremacists, or are they talking about any news that comes from conservatives? At the very least, it should worry you that companies like Mozilla are often reluctant to thoroughly define “fake news” – it is highly unlikely that this is unintentional.

Furthermore, what exactly gives Mozilla the right or the authority to determine what is misinformation and what is not? The United States Constitution is the law of the land, and the freedom of speech is an inalienable right from God. The fact that Mozilla thinks it has sweeping authority to select which speech is censored and which speech is not runs contrary to everything that America was founded upon.

With the assault on independent media getting increasingly aggressive, many Internet bloggers and website owners are desperately looking for ways they can continue voicing their opinions without being harassed, suppressed or silenced. If you are one of these people, you may want to consider using “Brave,” a relatively new web browser founded by former Mozilla CEO Brendan Eich.

On its website, Brave states that its goal is “to transform the online ad ecosystem with micropayments and a new revenue-sharing solution to give users and publishers a better deal, where fast, safe browsing is the path to a brighter future for the open web.”

Message too long. Click here to view full text.

27 posts and 7 images omitted.

Anonymous 08/29/2017 (Tue) 01:21:47 [Preview] No. 10928 del

>I heard that in hacking contest, they don't even dare try to hack firefox because of how easy it is.

I heard your mother has put the lot lizards at the local truck stop out of business because she loves sucking strange, sweaty dicks so much that she takes on all the truckers for free.

Looks like we both heard some stuff.

Anonymous 08/29/2017 (Tue) 08:16:56 [Preview] No. 10932 del
OP is a useless bundle of sticks
I followed the links from the retarded NN he started with and ended up with

Still shit but not as dramatic

Anonymous 08/29/2017 (Tue) 12:32:34 [Preview] No. 10934 del
He's not talking completely out his ass.
They did come back in 2017 though

Anonymous 08/29/2017 (Tue) 19:18:42 [Preview] No. 10936 del
It was in a video about pwn2Own that I heard that, indeed.

Fortran Anonymous 08/29/2017 (Tue) 07:13:59 [Preview] No. 10930 [Reply] [Last 50 Posts]
Let's talk Fortran. It has been around since 1957, and has gone through numerous revisions. The first version was designed by John Backus at IBM. The most recent standard is Fortran 2008 (see attachment).

Fortran is reputed to be excellent for a number of science and math applications, from crunching numbers for weather simulations to linear algebra.

Here's one guy's take on Fortran as a modern computing language: https://bitbucket.org/eric_t/modern-fortran/wiki/Home

The example on that page compiles so fast with gfortran, even on my 2010-era system, that I thought there must have been some silent error when I compiled it, because it couldn't have compiled that fast. But, no, it was just that fast, even with bounds checking enabled.

Anyone else interested in Fortran here? Have any good tutorials? I've found _a lot_ of material about updating your skills from Fortran 77 to Fortran 90/95 or 2003/2008, but not much for the non-novice programmer who doesn't already do Fortran in some form.

Anonymous 08/29/2017 (Tue) 07:16:43 [Preview] No. 10931 del
Though I did find this F95-oriented tutorial.

(204.38 KB 806x709 question.jpg)
Anonymous 08/28/2017 (Mon) 00:51:34 [Preview] No. 10912 [Reply] [Last 50 Posts]
Does Kali Linux offers tools for Phreaking? If not, where can I get tools for testing security of mobile phones, SIM Cards, etc?

Anonymous 08/28/2017 (Mon) 02:25:31 [Preview] No. 10914 del
It does, but most of us here would not suggest you use it. Instead, use Debian and install the tools from apt-get. You can get the list of tools from Kali website.
Also, protect yourself. Do not scan devices using your real IP. Use a public wifi and/or Tor.

Anonymous 08/28/2017 (Mon) 02:36:35 [Preview] No. 10916 del
Thanks for the advices. Yes, I don't use kali as main distro, just plug USB and start it. Can you tell me some programs it contains for this purpose?

Anonymous 08/28/2017 (Mon) 02:41:35 [Preview] No. 10917 del
(23.65 KB 400x400 xmas-14.jpg)

>It does, but most of us here would not suggest you use it

O RLY? "Most of us" being 4 of the 6 people who use this board?


I wouldn't use Kali as my main system, but I'd use it for pentesting. There's no reason to install something else then try to replicate a Kali environment, like >>10914 is suggesting. Waste of time.

Anonymous 08/28/2017 (Mon) 06:46:22 [Preview] No. 10919 del
>"Most of us" being 4 of the 6 people who use this board?
Yes, you got the point.


Anonymous 08/28/2017 (Mon) 20:45:21 [Preview] No. 10924 del

Quality other quantity.

(115.40 KB 1600x900 douglas_rushkoff.jpg)
List of Security and Privacy Best Practices Anonymous 08/16/2017 (Wed) 08:52:20 [Preview] No. 10740 [Reply] [Last 50 Posts]
Following the other thread, here's the first version of the list:
- Tor hidden service: http://hjvx7xg3n4ejezmh.onion/
- 'Clearnet' Mirror (no styles): https://hjvx7xg3n4ejezmh.onion.cab/

If you want to contribute, post here on this thread.
Thanks to "Endwall" to host it.
45 posts and 12 images omitted.

Anonymous 08/26/2017 (Sat) 17:21:28 [Preview] No. 10895 del
Why do you even need dnscrypt if you don't use vpns ?

Anonymous 08/26/2017 (Sat) 18:36:15 [Preview] No. 10896 del
DNS poisoning, DNS spoofing. If your government censors the web you'll know what I mean.

btw, DNS does leak a substantial amount of metadata. ofc, encrypting DNS alone helps your nothing, but it's good to do so as defense-in-depth.

And a bonus, my local DNS server saved me twice, I accidentally queried ".onion" and ".i2p" domains I wanted to access while surfing the clearnet...blocked by my DNS.

Anonymous 08/27/2017 (Sun) 16:47:58 [Preview] No. 10909 del
What about local hoarding of zone transfers or distributed DNS systems like DNSchain?
Also, why would you trust single DNSCrypt resolver when anybody can make one and claim to keep no logs and serve legit queries? It would be better to fail-proof with multiple server queries at least.

Anonymous 08/27/2017 (Sun) 17:14:32 [Preview] No. 10910 del
>- Randomize Mac Address (in case you're using public wifi):
>calomel.org ever
Or use:
ifconfig $interface lladdr random

Anonymous 08/27/2017 (Sun) 17:16:14 [Preview] No. 10911 del
I forgot to mention that is for OpenBSD

(90.45 KB 640x360 cloud.jpg)
Cloud Encryption Best Practices? Anonymous 08/23/2017 (Wed) 23:28:21 [Preview] No. 10882 [Reply] [Last 50 Posts]
Say I need to store private files on some public cloud service because reasons. I'm going to encrypt the shit out of it, I want that crypto to hold up against reasonable opportunistic adversaries, and I want it to hold up for the foreseeable future.

"Reasonable opportunistic adversaries" means I don't expect to be the personal target of a well-funded spook agency. Law enforcement dragnets, opportunistic hackers and snooping providers are all relevant however.

"Foreseeable future" should be decades.

My instinct is to rely on something straightforward and established like gpg --symmetric, but it doesn't feel nearly autistic enough to be truly secure.

Should I consider non-standard ciphers? AES has theoretical attacks now, but 2^256 -> 2^254.4 is barely scratching it. Twofish and Serpent have only been attacked with reduced rounds. All are already over a decade old but nothing truly new seems to be on the horizon. Quantum comp apparently isn't the huge threat here that it is to public key.

Is it worthwhile cascading ciphers like Veracrypt does? Can this be done competently with gpg/other tools? I see mixed opinions out there about the benefits vs the risk to new attacks.

Is it worth obfuscating the ciphertext? Would using non-standard cipher settings, memorizing them then stripping headers protect the data in practice even if the cipher becomes weak in the future? Would wrapping it in other containers make it look more innocent to an adversary find/grepping for "interesting" files to analyze?

Tell me how wrong I am, /tech/.

Anonymous 08/24/2017 (Thu) 00:44:56 [Preview] No. 10883 del
>Should I consider non-standard ciphers?
No. Use AES-256 from a good library like libsodium. It's resistent from even quantum attacks.

I'd suggest:
- Set up a openbsd server
- Close all connections using pf(4), except the SSH port
- Change securelevel(7) to level 2 (so the pf rules can't be changed):

- Encrypt files on your computer with reop or gpg (reop uses AES256 by default)
- Use scp(1) to transfer files:

Anonymous 08/24/2017 (Thu) 07:52:49 [Preview] No. 10887 del
>Set up a openbsd server

OP is premised on the data being stored by someone else, in an uncontrollable environment. You're right that this would be easy otherwise.

Anonymous 08/24/2017 (Thu) 15:26:05 [Preview] No. 10890 del

The best practice would be not to store your data in "the cloud" in the first place.

But if you insist, use AES-256.

>Should I consider non-standard ciphers?


Other ciphers, like Camellia and Serpent, probably offer similar security, but Rijndael (the cipher in AES) has been subjected to a lot more cryptanalytic effort _because_ it was chosen for AES, and it remains unbroken.

>Quantum comp apparently isn't the huge threat here that it is to public key.

Mostly correct. A quantum computer that is able to run Shor's algorithm efficiently will be able to quickly recover the private key for data encrypted with a public-key cryptosystem that relies on the factorization of large integers or the discrete logarithm problem. There are public-key cryptosystems that are not based on these problems, and are not vulnerable to Shor's algorithm, but they are not in common use. All of the ones in common use (e.g. in SSL/TLS and PGP) are vulnerable, so it's important to note that quantum computing is currently projected to be a threat to some kinds of public-key encryption, not _all_ public-key encryption per se.

The PQCrypto group is currently refining a number of public-key cryptosystems that will remain secure even if efficient quantum computing is realized.

Message too long. Click here to view full text.

Web servers/ async programming Anonymous 08/23/2017 (Wed) 15:48:45 [Preview] No. 10881 [Reply] [Last 50 Posts]
I've been practicing network programming lately and was reading about the different web servers, how they work and so on.
I was wondering how Windows and windows based web servers perform compared to Linux since it has no epoll/kqueue. It turned out it has I/O Completion Ports. Then I searched for web server benchmark comparisons but there were no credible ones. Why has nobody compared these products yet?

This one implies that IIS outperforms nginx in every way and if that is true I want to know how it does that.

This one implies that g-wan is the fastest one (obviously, it's their product, therefore isn't a credible source).

That one also shills for IIS, but it's probably fake since the author doesn't mention anything about hardware or server configuration.

So my questions are:
- Does Windows' IOCP perform better than epoll/kqueue and if so - why? And why don't we implement it for *nix?
- Does IIS outperform nginx/apache and if so - how does it do it and is it related to the IOCP?

I cannot find credible sources and I hope someone here has more experience than me.

Message too long. Click here to view full text.

Anonymous 08/24/2017 (Thu) 01:04:38 [Preview] No. 10884 del
I don't have enough knowledge about http servers to answer you. But, I don't think performance is the only thing that matters.
And, it's also affected by many other configurations, such as where your cache is being written (this will depend on your disk write speed and your filesystem).
Open source unix-based systems have more flexibility to work with. You can compile linux, for example, to the bare minimum to work with and the resource usage will be trivial. Not like windows, where you can't disable low level stuff and need to have useless memory usage.
Morpheus with rwasa, for example, will give you very good performance:

Or, use NuttX. It's a realtime OS, and has it's on http server on base system:

(60.64 KB 350x350 NFPRP1-350x250.jpg)
Anonymous 08/18/2017 (Fri) 18:19:10 [Preview] No. 10827 [Reply] [Last 50 Posts]
Is there any way I can block google recapcha in hosts ? I appears on some 4chan archives and it drives me nuts because for some reason webkit uses like 40% of my cpu to render that shit
7 posts and 2 images omitted.

Anonymous 08/20/2017 (Sun) 11:54:44 [Preview] No. 10854 del

I don't want a trojan on my computer. But I guess that as a windows user, you have a limited understanding about why you should never ever use a close source program.

Anonymous 08/20/2017 (Sun) 19:15:10 [Preview] No. 10862 del
You can't block an entire domain in /etc/hosts, unless you have an entry for every single host, but that's not doable for something the scope of google. But you can block all of *.google.com if you run a local DNS server. For example, I have this entry in /var/unbound/etc/unbound.conf, since I don't want to have anything to do with fb ever:
local-zone: "facebook.com." refuse
I would do the same with google exept that I actually use their gmail service, and at one point they started to require you to "login to your google account" instead of just loging into the gmail.com domain.
They also have some other domains like googleapis.com, googlesyndication.com, and so forth. Probably best to get your browser to log everything and then check what other stuff needs blocking.
Also the hosts file from http://winhelp2002.mvps.org/hosts.htm is useful but doesn't cover everything.

Anonymous 08/21/2017 (Mon) 00:47:48 [Preview] No. 10863 del
My apologies, I don't know why I thought you were running windows. You should be able to do the same conceptual thing though - watch outbound DNS lookups - with tcpdump or whatever packet capturing utility you've got on your OS. I'll second 10862 - run a local DNS server.

Don't be a conclusion-jumping condescending douche. You've actually inspected the source code of a miniscule fraction of a percent of everything you are running right now, and if you think having source covers all your security bases, you're doing security wrong and relying on an unrealistic world view. Take inventory of all the proprietary tech and embedded systems you actually deal with on a daily basis. I'm pretty sure you aren't inspecting the source code running the ABS of nearby cars before crossing the street.

Anonymous 08/22/2017 (Tue) 22:51:50 [Preview] No. 10877 del

I founds this but I don't understand chink. Might be useful.

Anonymous 08/22/2017 (Tue) 22:55:48 [Preview] No. 10878 del
If a small bash script, I reckon you can extract the lines related to google in another file, change the ip to to each one and then append the resulting file to your hosts file. This should solve your problem op.

USSR home computer programs on tape Anonymous 07/09/2017 (Sun) 22:06:43 [Preview] No. 9625 [Reply] [Last 50 Posts]
Does anyone on /tech/ know how to get programs for old computer from audio cassette? What emulators can run that? Rips are on http://25dxotevqkqyhqgi.onion/
2 posts omitted.

Anonymous 07/09/2017 (Sun) 22:07:28 [Preview] No. 9629 del
If it is 8 bit computer produced by USSR it might be Agat. Their early edition came with cassette tape reader.


The processor of Agat was clone of MOS 6052 so you might want to check out emulators written for it.



Anonymous 07/09/2017 (Sun) 22:07:40 [Preview] No. 9630 del

but even if you dump the programs encoded in cassette it would be bunch of boring games and programming utilities.

Anonymous 08/21/2017 (Mon) 17:36:33 [Preview] No. 10868 del
Screenshot on Wikipedia page is an almost 100% evidence emulator exists.

Link no worky.

Anonymous 08/21/2017 (Mon) 21:37:46 [Preview] No. 10872 del
I suppose, you equip yourself with some kind of translation software and google for [Computer name + emulator] in Russian.
This is what quick search for Микро 80 эмулятор gave me:
As per games, you can feed wav audio directly to emulators.