Catalog of /tech/

Bottom

Mode: Thread

Max file size: 350.00 MB

Max files: 5

Remember to follow the rules

Max message length: 4096

R: 225 / I: 40 / P: 1

/tech/ - Technology

Welcome to /tech/, a technology board. This board is for discussion of technology, both software and hardware.

Wiki: https://wiki.installgentoo.com/
IRC: #/tech/, #InfinityNow and #endchan on irc.rizon.net - https://qchat.rizon.net/

NSFW files are only allowed if they are spoilered. Tech support, consumer advice and desktop/ricing threads are all allowed for now.

All rules and policies are open for discussion in this thread.

Related boards:
>>>/cyber/ - Cyberpunk & Science Fiction
>>>/lv/ - Libre Vidya
>>>/markov/ - bot hell
>>>/os/ - Online Security
>>>/t/ - Torrents/trackers

R: 5 / I: 0 / P: 1

HP keylogger

>TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).

https://zwclose.github.io/HP-keylogger/

R: 2 / I: 0 / P: 1

Who allocated time to give birth to this image?
Who exactly is the subject talking to?
Why is the subject wearing dress attire?
Why did he choose to use seven proxies instead of, say, six?
Why did he use proxies instead of other methods of anonymity?
What actions did he commit to warrant hiding behind seven proxies?
If he wasn't hiding behind seven proxies, what would he be subjected to?
Is his clear display of confidence a sign that he is certain his identity is safe? Perhaps his adversary is incompetent?
Why did he refer to his location relative to the proxies as "behind"?
Is the capitalization of all the text a method for conveying the fact that he is yelling?
How did this particular image gain popularity and root itself into the minds of the viewers?

All the questions that will most likely remain unanswered.

R: 2 / I: 0 / P: 1

Wishlist for hardware that probably doesn't exist

all I want for christmas is a keyboard like Psion 5 that writes plain ASCII into memory and is easy to import onto other devices.

R: 1 / I: 0 / P: 1

paging the local openbsd/reop nut
is this shit as good as it sounds ?
https://www.tedunangst.com/flak/post/miniwebproxy
bless you

R: 17 / I: 1 / P: 1

Hi tech, i'm tired of windows.

I will go to linux, but I need know which linux i will usage.

I am in doubt between the backbox and Kali Linux, if you have more recommendations, I accept (debian priorizer).

I have a 4GB pendrive, is it enough to change the operating system?
Open

R: 15 / I: 0 / P: 1

Discord sucks

You know what sucks about discord is you can't use TOR to register a username anonymously. Sure you can use it, but as soon as you change IPs once they send an e-mail verification and then demand mobile verification before you can continue to use discord.
Open

R: 7 / I: 4 / P: 1

Phosphor Display

green
amber
white
Which one is best?

R: 10 / I: 1 / P: 1

Is this the true power of technology TM ?

R: 14 / I: 3 / P: 1

A new Net Neutrality debate should begin. No matter who you are, whatever your political preference, whether you support or do not support Net Neutrality, I'd like to hear from all of you!

Why Do Major Corporations - Who Are Known For Censoring Their Social Platforms - Want Net Neutrality?

>>>/news/3886
https://archive.fo/https://endchan.xyz/news/res/3886.html (I'll be archiving the debate as it unfolds)

This thread documents and exposes the censorship behind three major tech companies that support Net Neutrality.

Now we really want to figure out WHY and what you anons think about all of this.

R: 4 / I: 1 / P: 2

Newb programming question

>>>/lv/391

Hey guys, I wanted to write a script that will halve hex colour values and add together all possible combinations from 16 colours, making 256 colours. I suppose I could just halve the values to begin with, so really all I need to do is add hex value together to create all possible combinations. I have some python experience but still muddling through. Rare pepe for troubles.

R: 4 / I: 0 / P: 2

Has anyone used the netrunner browser started by /g/ ? Can I replace links2 -g with it ?

R: 118 / I: 9 / P: 2

nntpchan devshit thread, banned from 8/tech/ edition

explanation:

it's decentralized imageboard federation thing, works great, join today.

source:

https://github.com/majestrate/nntpchan
https://github.com/majestrate/srndv2

nodes:

https://nsfl.tk/
https://i2p.rocks/ib/
http://oniichanylo2tsi4.onion/
http://ucavviu7wl6azuw7.onion/
(your node here?)
Open

R: 10 / I: 1 / P: 2

sshtalk

>"Remember good ol' talkd/ntalk? sshtalk is our security-minded update to the same basic idea."

Cool:
https://2ton.com.au/sshtalk/

R: 59 / I: 14 / P: 2

List of Security and Privacy Best Practices

Following the other thread, here's the first version of the list:
- Tor hidden service: http://hjvx7xg3n4ejezmh.onion/
- 'Clearnet' Mirror (no styles): https://hjvx7xg3n4ejezmh.onion.cab/

If you want to contribute, post here on this thread.
Thanks to "Endwall" to host it.

R: 65 / I: 29 / P: 2

/g/ is building an OS
http://boards.4chan.org/g/thread/61110805

It's a riced out, gentoo based desktop distro
https://cloveros.ga/

Has a nice low ram footprint

irc.rizon.net #cloveros
Open

R: 6 / I: 2 / P: 2

Modernized $CRT/$ Terminal

Has anyone here used a monochrome phosphor CRT with a modern machine? Say, a monitor with a 9-pin serial/re9/rs232 cable with a more modern PC. Also, this will just be a terminal screen. Possibly with w3m images. Here are some options I've thought up. I haven't picked out a monitor yet.

VGA/serial adaptor
These adapters are common. Don't know if they would work.
CGA video card output or other period correct, oem matched card
Don't know how the fuck I would use this on a modern board.
Some other 9 pin display video output
''Maybe there is an old PC with Core Duo or Pentium with serial display? I was born in '96, so I'm not too savvy on 20 year old graphics hardware'

I know that the green Macintosh CRT's are pretty cheap and use a 9-pin, but the pin out is proprietary. Chime in if you have experience with these things! Am I over thinking this?
Open

R: 27 / I: 8 / P: 2

GNU OS

Anyone else excited about the coming full realisation of the GNU OS? Soon GuixSD will ship with Hurd and the original GNU vision will be a usable system.

After that all they need is all the software using GNU licenses and RMS can die fulfilled. If they then rewrite everything in scheme RMS will become a saint in heaven.

R: 81 / I: 13 / P: 2

ideas for saving /tech/ general

We're about halfway through October and about two weeks out from our most esteemed /tech/nician's autistic tantrum over on /operate/:

>>>/operate/7122 it's good reading, he came in with a balloon knot and left with a rectum that you could park a utility van in

so it seems like a good time to reassess the state of the board.

Since October 1st, there have been 0.6 original posts per day on /tech/. I use the term "original" with some reservation, as some of them are just verbatim reposts from 8/tech/. There have been an average of 8.13 replies per day, but most of them were one-line comments or barbs without substance, or memes, or corrections to a previous post. We're averaging about 1 substantive reply per day. Two on a good day. I didn't feel like digging into the numbers any further, but it's my impression that these averages don't even reflect how dire the situation is, as there was a burst of activity at the beginning of the month that has tapered off significantly.

/tech/ is not dead, but it's on life support, and, ironically, none of its denizens seems to know how to service the life support machine.

It would be a shame for this alternative to pigchan and Hiroshima's /g/ to wither through neglect.

Let's brainstorm ideas for keeping this place alive.

R: 7 / I: 1 / P: 2

Major update

Hey /tech/, I've updated the list. Many changes (I did no changelog, sorry):
https://gist.githubusercontent.com/anonymous/e278380ef6f2eddcfa5d18cbbdd161d3/raw/7a8bbc80d560ac50162550b0b9e0d82fdcba6fc3/gistfile1.txt

Any comments are welcome.
Let's wait for "Endwall" to update. If you want to spread it to other communities, please post it here too, so we can keep following the criticism and improving it.

As for the other thread ( >>11660 ), I'll share my 'research' (nothing big, really) on this thread, but there's too many information to put on the list, so I thought it would be better to just discuss it here first.
Open

R: 3 / I: 0 / P: 3

discord

Reasons its shit:

1) IP logging
2) Posts are forever
3) Avatar fagging
4) If you change your IP it demands a phone number or you can't use the same username again if you registered.
5) Full of status messages: I'm paying fallout 4
5) It's catching on with faggots and now every chan and forum wants you to join their discord for that board. Irc didn't ever have 1-4 and wasn't as popular as discord is becoming.

Web 3.0 really will be a fucking chat room on every site.
Open

R: 10 / I: 0 / P: 3

HTML5 to have full DRM, no compromise

Open

R: 31 / I: 11 / P: 3

Must-watch /tech/ movies?

Hey, thought about film recommendation with /tech/ related content. These are mine favorites. I've organized it by order that I thought was better to watch if you haven't yet. If you want to suggest others, just post on this thread.

01 - Gattaca (1997)
02 - Akira (1988)
03 - The Conversation (1974)
04 - Network (1976)
05 - Blade Runner (1982)
06 - The Lives of Others (2006)
07 - 2001: Space Odyssey (1968)
08 - Interstellar (2014)
09 - Wall-e (2008)
10 - Minority Report (2002)
11 - Nineteen Eighty-Four (1984)
12 - Brazil (1985)
13 - THX 1138 (1971)
14 - Ghost in the Shell (1995)
15 - Ghost in the Shell 2: Innocence (2004)
16 - Paprika (2006)
17 - A.I. (2001)
18 - Psycho-Pass (2012)
19 - Neon Genesis Evangelion and The End of Evangelion (1995)
20 - Ergo Proxy (2006)
21 - The Matrix (1999)
22 - Serial Experiments Lain (1998)
23 - 964 Pinocchio (1991)

R: 7 / I: 1 / P: 3

Search Engines

The majority of them are garbage.

Has anyone discovered or created a search engine that allows the user to set parameters to exclude certain websites? The massive majority of search engines have little features and space for user input (Searx is probably the closest to what is ideal).

General search engine/ideas thread.

R: 55 / I: 31 / P: 3

/g/'s building a web browser
http://boards.4chan.org/g/thread/61078788

OSX Fork (pic related)
https://gitgud.io/odilitime/netrunner

dicsuss

R: 6 / I: 2 / P: 3

What happened to IRC?

Why did it go out of style and are there any active communities left?

R: 16 / I: 4 / P: 3

Wizards Assemble!

Advanced users of GNU/Linux (and I mean advanced), remember to try Source Mage GNU/Linux. True source-based distribution, and (in contrast with Gentoo and Arch) is:
Free from obfuscated and pre-configured code.
Fully committed to GPL, uses only free software (as in freedom) in their main package.
With even the documentation licensed as FDL.
Without 3rd party patches, sensible defaults or masked packages.
Doesn't need obfuscated python libraries, only bash.
No systemd (they've implemented their own init scripts system http://sourcemage.org/Init).
Uses clean dependencies as they came from upstream developers, which by the same provides instant updates.
Can heal broken installs.
Can also use flags.

Do you like Arch Linux's AUR? Do you like Gentoo's portage (or ports-like) package manager? With SMGL's "sorcery" you get all that. Making new spells (package build files) not found in the grimoire (repository of spells) is easy http://sourcemage.org/Spell/Book

Bash hackers welcome! Come and join http://sourcemage.org/

Installing SMGL is easy, here's the simplified process:
>boot a live Ubuntu (or whatever) USB drive
>go to SMGL website and download compressed archive of the base system
>partition and mount partition(s)
>extract the archive onto the new partition(s)
>chroot, set root passwd, hostname, configure network and locale, write fstab, install grub/lilo
>reboot
>compile a kernel (preferably the newest stable one from kernel.org)
>update sorcery, grimoires and the build toolchain
>rebuild the system (hold spells you've already built, so you don't build them twice)
The install guide will hold your hand through the whole process http://sourcemage.org/Install/Chroot
Do the chroot method, since the regular live ISO method guide is out of date currently.

Here's a list of common commands: https://pastebin.com/i4DALaNV

R: 0 / I: 0 / P: 3

Virtual Distro Hopping

Let's see what's the state of the Linux desktop in the current year of the Linux desktop. For this purpose I setup a virtual machine with qemu. You'll find more details on the arch wiki: https://wiki.archlinux.org/index.php/QEMU - I create some dedicated space to install the distro and download or torrent legally the NET install ISO from the distro's homepage.
qemu-img create -f qcow2 fedora27.cow 20G

I run qemu with sudo, so I can use kvm. kvm allows you to use your whole CPU. You can use kvm as non-privileged user, by creating a new group in your udev rules. But I'm too lazy for that.
sudo qemu-system-x86_64 -enable-kvm -m 4G -cdrom /path-to-your-folder/fedora27_x86_64.iso -boot order=d -drive file=fedora27.cow

First Distro I'm trying is Fedora 27. Installation is quick, you need to click on some options, but that's it, the rest is done in the background. If you want more control, you need to find the options first though. It uses wayland as standard. No more screen tearing, but without GPU passthrough to the virtual machine, it uses the CPU to render the graphics. 3D graphics and wayland slow down the whole thing and CPU is constantly over 50%. To test wayland better another test from a live image would be necessary. The bars on top are not as big as they used to be. The software looks uniform. Accessing software with the activities tab and then searching through very big icons is not practical. There is not so much software, but the installation size is still big. Firefox and LibreOffice take a lot of space. You can't rice or adapt much of the desktop, but you can download different styles.
My impression is that Gnome looks clean and can be used out of the box as is. It hides as much as possible from the user. It has the best touch screen and wayland support so far. I don't like the usability concept with the hidden software, it's too much optimized for touch devices in the mind. It might be interesting for someone who has a 2-in-1 device or likes the look and feel of Gnome to really use this as desktop. Fedora is a bit strange as distribution, as they ship classic releases with stable software from a due date, but also ship the latest kernel. The perfect distribution for Linus Torvalds, but not for the imageboard neckbeard.
Open

R: 4 / I: 0 / P: 3

What's your favourite Linux distro?

R: 11 / I: 2 / P: 3

Microsoft and universities

Hello /tech/. What is that? You have similar stuff in your university too? Any implications?

R: 10 / I: 0 / P: 4

WPA2 protocol attack

https://www.krackattacks.com/

>We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

>The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The Q&A is worth reading, and has information on attack mitigations. Unfortunately, if you are using an Android smartphone that isn't receiving updates anymore, your WiFi security on that device is probably null.
Open

R: 24 / I: 3 / P: 4

DIY, Modular, Open source Laptop

Laptop form factor open source hardware design, built from off the shelf components for DIY, modular, open source computing.

CPU, RAM, graphics: 1x single board computer
FSB, ports: 2x powered USB hub
Battery: 1x USB powerbank, >5000 mAh, >2A
Input: 1x USB keyboard
Input: 1x USB trackpad
Storage: 1x USB flash drive
Network: 1x USB WiFi dongle
Audio: 1x USB sound card/headset
Display: 1x USB powered HDMI monitor
Case: 3D printed or DIY glued wooden case

Features:
-Completely modular, customizable, upgradeable and repairable
-User serviceable by all users
-Universal, modular battery and charger. Can swap battery when depleted
-Low cost
-Completely open source

Suggestions for the display? It is the least commonly available component. USB DisplayLink would be more convenient, but it is not open source.

R: 9 / I: 4 / P: 4

This machine before your eyes is extremely powerful, a machine that grants its user access to all of the information conceived by the human species. It is capable of performing highly complicated mathematical calculations thousands, possibly millions of times faster than your typical human, and can store massive amounts of information, perhaps a library filled with thousands of books stored on this little machine, too massive for a measly individual to read in their lifetime, is reality.

When these sophisticated and wondrous machines had begun to appear in the 80's and 90's, the savvy individuals saw them for what they were, highly capable machines that would greatly change the world. They had taken advantage of this, and they became the first hackers, people armed with these extremely powerful tools. Companies and marketers observed this new medium and knew they could gain great wealth using it, and the mainstream mediums with the purpose of entertaining were born.

If only people knew just how powerful that little "phone" in their hand truly was. What a great time to be alive, so many ignorant fellows bickering about the problems in the world and how the past was such a great era, with no knowledge of what is truly happening at this moment.

R: 6 / I: 0 / P: 4

All shall fall

>2017
>In last couple of years Red Hat forces systemd and other cancerous software in free software world.
>Microsoft joins linux foundation
>UNIX way totally fucked up
>RMS still pursuing free software endorsement all over the software world
>RMS lives for couple of decade/s
>RMS dies
>FSF falls to corruption
>FSF no longer defends free software values
>Freedom is no more, community is the only freedom givers, those who have stayed true to the end
>Linus Torvalds keeps kernel backdoor-free
>Linus Torvalds dies and some dipshit takes over the kernel, maybe one person or maybe a foundation.
>Freedom is no more
>Stupid fucking distros adopt systemd, majority of them, to touch as many distros as possible.
>Remember hearthbleed, only one mistake in one line of code on smaller program.
>Systemd is huge piece of shit, imagine how many shits would be there in that source code.
>Red Hat joins FSF
>Microsoft joins FSF
>GNU dies to corruption
>Linux dies to corruption
>FreeBSD is meme
>OpenBSD even more
>plan9 unusable
>templeos is meme

Fork fucking HURD and save yourselves while there is still time, true community is only shit that can save freedom. Build our WEB, build our HARDWARE build OUR SOFTWARE. We are in most dangerous times anon, freedom heroes cannot endure forever, they are human. Humans are corrupt, after great leader has died nobody is going to continue that tradition in original sense.

PLAN educate as much people as possible about free software.

Stay true anon, stay true.

Keep the UNIX philosophy, keep the UNIX way, keep the freedom. Keep the sanity.

Adun toridas.

R: 13 / I: 5 / P: 4

I have a massive assortment of software ideas that I desire to articulate into reality, but I have very little knowledge regarding computer programming. I desire to learn C/C++ as they appear to be most suitable to my needs, and I would like some advice as to where I can begin and what existing software programs/Operating systems will be most useful to me.

Are the books written by Dennis Richie/Bjarne Stoustrup my best bet?
Open

R: 13 / I: 3 / P: 4

Tip

I did a correlation between the major Ad networks and have found that they converge to unique autonomous networks used for this purpose. Can you guess who controls it?

In order:
1. AS16509
2. AS15169
3. AS14618
4. AS54113
5. AS13335
6. AS14061

You can look for yourself on radb.net or using whois(1).
If you want to block those, use this command and put on your router firewall:

$ whois -h whois.radb.net -- '-i origin ASxxxxx' | grep ^route

R: 3 / I: 2 / P: 4

Electronics

This thread is for discussion about electronics and other related topics.

Literature to get you started in the hobby of electronics:
Getting Started in Electronics Forrest Mims III
The Art of Electronics by Paul Horowitz and Winfield Hill

Is reading literature not something you enjoy doing? You can learn about electronics by watching many of electronics YouTube channels instead:
eevblog
mikeselectricstuff
w2aew
Mr Calrson's Lab
Kerry Wong
Marco Reps

Interested in creating a PCB?
Visit http://kicad-pcb.org/ install KiCad EDA software (GPL) and read "Getting Started" guide.

Interested in simulating digital or analog circuits?
Install SPICE simulation software (BSD) and proceed to study https://www.allaboutcircuits.com/textbook/reference/chpt-7/introduction-to-spice/
Once you become familiar with SPICE, install one of the many GUI front ends available to make working with large circuits easier.

Having problems with your circuit? Can't decide which oscilloscope to buy? Why is there smoke coming out of my voltage regulator?
Ask us those and other questions in this thread. We will try helping you solve your issue no matter how large it is.

R: 0 / I: 0 / P: 4

R: 2 / I: 1 / P: 4

Why do you have colored blobs in your captcha when you could remove them with CSS?

#captchaImage {
filter: url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 height=%220%22><filter id=%22rmblobs%22><feColorMatrix type=%22matrix%22 values=%221 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 0%22/></filter></svg>#rmblobs");
}

R: 0 / I: 0 / P: 4

Otter Browser (Pre) RC 2 released

Second release candidate has been released!
Please note that we have not entered feature freeze yet, some stuff will still go in but we are going to focus on improving stability and fixing issues from now on.

Most important changes since RC 1:
- improved support for styling tab bar text;
- added support for deleting User Scripts in Addons Manager;
- restored inline URLs completion;
- added action for peeking tab contents;
- multiple bug fixes and stability improvements.

https://otter-browser.org/
Open

R: 1 / I: 0 / P: 5

http://time.com/4998189/iphone-x-privacy-apple/

I can't wait to get my new iphone.

R: 24 / I: 2 / P: 5

How do you store your data/backups?

Hie, I'm trying to find a good solution to never get out of storage on my HDDs, for my backups and my regular use.
What is your data storage solution?
I want, if possible, a solution that is the most freedom compliant.
There is the usb HDDs, 3/4 plugged on a rasp.
There is the NAS with 3.5' HDDs in it.
Maybe a cheap 20$ computer with the HDDs in it with linux installed...

What should be the best? What HDD to buy (there are these backdoors, even though I don't think I can find any without)

Thanks you!

R: 18 / I: 1 / P: 5

Acrobat Reader Alternative

Are there any alternatives for browsing pdfs in browser that don't require Adobe Acrobat? The main problem is having to allow it each time in Firefox because it's apparently not secure.

R: 3 / I: 0 / P: 5

cracking

Respawn of a good thread

Learning:

http://www.securitytube.net/

http://creator.wonderhowto.com/occupythewebotw/

http://n0where.net/

http://www.offensive-security.com/metasploit-unleashed

http://www.exploit-db.com/

http://resources.infosecinstitute.com/

http://www.windowsecurity.com/articles-tutorials/

http://www.securitysift.com/

http://www.sans.org/reading-room/

http://packetstormsecurity.com/files/

https://www.corelan.be/index.php/articles/

http://routerpwn.com/

http://opensecuritytraining.info/Training.html

https://www.blackhat.com/html/archives.html

http://magazine.hitb.org/hitb-magazine.html

News:

https://threatpost.com/

http://www.deepdotweb.com/

Wargames:

http://overthewire.org/wargames/

https://www.pentesterlab.com/

http://www.itsecgames.com/

https://exploit-exercises.com/

http://www.enigmagroup.org/

http://smashthestack.org/

http://3564020356.org/

http://www.hackthissite.org/

http://www.hackertest.net/

Distros:

https://www.kali.org/

http://sourceforge.net/projects/metasploitable/

https://tails.boum.org/

http://www.wifislax.com/

>Where to start

https://youtube.com/watch?v=gPNnXmTezak [Embed] [Embed]

https://youtu.be/pB0WvcxTbCA [Embed]

>Learning material

https://www.codecademy.com/

https://programming-motherfucker.com/

https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md

https://www.theodinproject.com/

>Frontend development

https://github.com/dypsilon/frontend-dev-bookmarks

>Backend development

https://en.m.wikipedia.org/wiki/Comparison_of_web_application_frameworks

[Gist] backendDevelopmentBookmarks.md

>Useful tools

https://pastebin.com/q5nB1Npt/

https://libraries.io/ - Discover new open source libraries, modules and frameworks and keep track of ones you depend upon.

>NEET guide to web dev employment

https://pastebin.com/4YeJAUbT/

>How I Got a Job in Web Development

http://elliotec.com/how-i-got-a-job-in-web-development/

https://w3challs.com/

https://www.hellboundhackers.org/

http://io.smashthestack.org/

p=probs">http://pwnable.krp=probs

http://overthewire.org/wargames/




https://tuts4you.com/

http://woodmann.com/

http://www.openrce.org/articles/

http://search.lores.eu/indexo.htm

http://phrack.org/index.html

Input data - https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.txt

Presentations:
DEF Con Media server - https://media.defcon.org/
Carolina Con Presentations - https://www.youtube.com/user/CarolinaConVideos/videos

Tutorials:
Windows escalation - http://www.fuzzysecurity.com/tutorials/16.html
Linux escalation - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Courses/Study:
How To Hack and Defend Your Website In 3 Hours - http://course.hyperiongray.com/vcourse/
Opensecurity - http://opensecuritytraining.info/Training.html

CTF/Practice:
List of CTFs - http://captf.com/practice-ctf/
Vulnhub - https://www.vulnhub.com/

Cracking/Hash lookup:
Hashfinder - http://finder.insidepro.com/
Hashkiller - https://hashkiller.co.uk/
Hashes.org (Leaked lists) - https://hashes.org/public.php

Info Gathering:
Yandex – www.yandex.com
Website source search engine - https://nerdydata.com/search

Lockpick Guide - http://www.lysator.liu.se/mit-guide/MITLockGuide.pdf

OPSEC - http://grugq.github.io/

https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

R: 10 / I: 2 / P: 5

Requirements for Secure Clock Synchronization

https://arxiv.org/abs/1710.05798

This paper establishes a fundamental theory of secure clock synchronization. Accurate clock synchronization is the backbone of systems managing power distribution, financial transactions, telecommunication operations, database services, etc. Some clock synchronization (time transfer) systems, such as the Global Navigation Satellite Systems (GNSS), are based on one-way communication from a master to a slave clock. Others, such as the Network Transport Protocol (NTP), and the IEEE 1588 Precision Time Protocol (PTP), involve two-way communication between the master and slave. This paper shows that all one-way time transfer protocols are vulnerable to replay attacks that can potentially compromise timing information. A set of conditions for secure two-way clock synchronization is proposed and proved to be necessary and sufficient. It is shown that IEEE 1588 PTP, although a two-way synchronization protocol, is not compliant with these conditions, and is therefore insecure. Requirements for secure IEEE 1588 PTP are proposed, and a second example protocol is offered to illustrate the range of compliant systems.

R: 7 / I: 2 / P: 5

Headphones

Yes, they are consumerist bullshit and there are dozens of corporations attempting to market them to potential buyers, but one cannot truly appreciate classical music until they have listened to it in real life or with high quality headphones with sound of that seen in real life.

https://en.wikipedia.org/wiki/Headphones (Wikipedia article for quick brief and general information, look to the references for further information...)
http://graphs.headphone.com/ (Compare different headphones and look at variables such as Frequency Response, Isolation, Etc.)
https://wiki.installgentoo.com/index.php?title=Headphones (Highly detailed article on headphones and Amplifiers/DACs)

Do NOT buy Beats By Dre, Skull Candy, Bose, or headphones within large stores with no information on them available.

R: 6 / I: 6 / P: 5

lowRISC: another year bites the dust?

http://www.lowrisc.org/faq/

>When can I buy a lowRISC SoC?
>As with most tech projects, the most accurate answer is “When it’s ready”.
>We are expecting to crowdfund an initial instantiation of the lowRISC platform during the course of 2017.

I'm pretty sure the lowRISC FAQ said 2016 last year. It didn't happen, obviously, and it was changed to 2017, but we're running out of that, too. Ten weeks left, boys. Is a lowRISC SoC vaporware for another year?

At what point do we start looking to the J-x processors based on Hitachi's SuperH architecture? The last SH-4 patents are expiring this year.

http://j-core.org/roadmap.html

R: 0 / I: 0 / P: 5

How far can you get in solving their puzzles?

R: 22 / I: 5 / P: 5

Vote against tranny LibreOffice mascot.

https://survey.documentfoundation.org/665628

R: 3 / I: 0 / P: 5

How long before we exclude white people from software development ? People like Linux Torvalds should not be left unchecked for much longer.

The kernel needs more diversity in order to mirror the multicultural distribution chain.

R: 29 / I: 10 / P: 6

Following a suggestion from a painfully autistic (although well intentioned) user posting on /tech and /operate, this board now has a desktop thread.

Show off your desktops, phones, ricing, rigs and stations here.

Anyone posting must also offer advice to others and help the beginners.

To honour the tradition the desktops in this post are all over ten years old.
Open

R: 23 / I: 4 / P: 6

Instagram is listening to you

https://lobste.rs/s/smmjku/instagram_is_l
istening_you_scary

Interesting. I've noticed this too when I see a friend connect to his facebook while we are working. Sometimes I talk about a random subject and minutes later facebook shows an ad about this uncorrelated data.
I don't think they are actually using microphone, but I think it's almost certain that they correlate the data/metadata about the users with such precision, at the point to build a oracle sybil ad system.
Can anyone here understand how this is very dangerous? They can control everything using this.

R: 17 / I: 1 / P: 6

I'm looking to build a PC ($700 - 1000), and was wondering what would be a good build for gaming?
Open

R: 9 / I: 2 / P: 6

OpenIKED vpn alternative

What do you think of OpenIKED?
Is it a viable alternative to Openvpn?

http://www.openiked.org/
https://github.com/reyk/openiked
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/

R: 3 / I: 1 / P: 6

Learning

How did/does everyone continue their learning endeavours? I think most of us are self-taught and autodidacts around here, but there might be some formally taught.

I recently found the joy of academic websites by professors. The first is a nice computer security basics for the stack and how to exploit it by Wenliang Du of Syracuse New York: http://www.cis.syr.edu/~wedu/education/buffer_overflow.html

If you mess around with the URL, you can traverse different directories and see more resources by him and his department. Of not is this page where he has labs and videos for OS sec and exploitation: http://www.cis.syr.edu/~wedu/education/

I've found myself greatly under-educated to understand some of the more advanced issues like injection and return-to-libc, but that is being remedied after I found MIT's open courseware: https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/

There's a lot of courses with guidelines to learn specific topics that could be useful to patch up the holes in someone's knowledge. I know there isn't enough time in most of our lives, unless you're set and have the time which I would be jealous of, so it's imprudent to go at learning everything. I know I've skimmed the CS basics (6.00SC) to brush up what being a self-taught "coder" has left me wanting. A deeper look into recursion and algorithm times was cool, but I don't think it would be useful for anything at the current moment, so I've put it off into a "rainy day" tab to go back to whenever I don't have enough brain power to focus on pressing tasks, but don't want to waste the time on entertainment or idle tasks. Most of the undergraduate classes I believe have video lectures, which can be nice to just play on a mobile device and passively absorb too.

I found both links only by chance and using a proxy from a different country (American networks don't show edu sites as often?), but I can reproduce it on Google using "'TOPIC OF INTEREST' site:*.edu" where single quotes is just a string literal of interest and site portion specifics to return all sites that are .edu domains only.

It'd be best if you could share only things that were personally useful to you and how. There is too much stuff floating around and too little time to waste on personally verifying them.

On a more personal note, if anyone has sources for vulnerability research (exploitation development, assembly code auditing, etc.) I'd be grateful.

R: 12 / I: 2 / P: 6

Realtime chinese surveillance system

Scary shit:
https://twitter.com/0XDEDBEEF/status/912026226658652160

Remember to protect your privacy. Or, you can just keep listening to your Hardvapour/Fashvapour while everyone looses it's mind and... wait, what reality really is? You postmodernist degenerate fuck.

R: 26 / I: 7 / P: 6

Degeneracy

Now even lobste.rs(openbsd-like version of hackernews) fall into the idiocracy of battlestations, the last place I would like to watch this shit:
https://lobste.rs/s/uyw4pq/lobsters_battlestations_screenshots

Where are we going dudes? Fucks sake.

R: 8 / I: 2 / P: 6

Anything interesting on EuroBSDCon?

Anything new this year?
Open

R: 5 / I: 1 / P: 6

Wanna have a bad day ?
Skim through some of these comments:
https://news.ycombinator.com/item?id=15354114

R: 0 / I: 0 / P: 6

New Xiph sound noise suppression

>This demo presents the RNNoise project, showing how deep learning can be applied to noise suppression. The main idea is to combine classic signal processing with deep learning to create a real-time noise suppression algorithm that's small and fast. No expensive GPUs required - it runs easily on a Raspberry Pi. The result is much simpler (easier to tune) and sounds better than traditional noise suppression systems (been there!).

https://people.xiph.org/~jm/demo/rnnoise/

R: 49 / I: 9 / P: 7

WWW alternatives

With W3C now folding to DRM and the web already being crushed under the weight of JS I think we need a discussion.

What are some alternatives to the web? I remember GNUNET implements something like websites. Basically I think we should ditch web browsers all together. BBS? Gopher?

R: 23 / I: 8 / P: 7

Improving software and security

Hello my good fellows!

It is evident that the majority of mainstream software programs are shit, and while audits and the creators of a specific software program can tell one much about the quality of said software, audits can be fabricated and the user should look at the program itself instead of looking at who made it and where it came from. If more individuals studied computer engineering/science and programming and were able to audit programs, we would become stronger, and one could rest assured that their computer was tested to perfection. I have begun to notice that a major problem with auditing code is the fact that some software programs are massive and require teams to finish in a practical amount of time (Or one individual with ultimate dedication...), and this can be fixed by advocating for single purpose programs with lean code and minimal features with room for the user to build and add to it. Computers are amazing machines, and every individual with a laptop and a great mind can achieve amazing feats! One could build a self driving car with the power of programming and advanced mathematics, one can program a self-learning AI that they can interact with, one can program drones or small satellites to take pictures of the earth and predict weather patterns, and the list goes on and on.
I am here to encourage you to begin making your own single purpose programs by yourself or with close friends and a passion to teach others about programming and auditing simple software programs. I don't believe there is a government plan to keep us all down and steal our data to destroy us, but your information is worth money, and data mining allows companies to look at the big picture and advertise products.

Free(Possibly) and open source software with a single defined purpose made as minimal as possible with space to allow for building onto it and improving it.
Open

R: 6 / I: 1 / P: 7

Fun with filters

I had a thought about petitioning ring or someone to put some filters on here. There are only a few of us so we can have some fun.

Rules:
Suggest words for replacement in the following format
word > replacement
Then quote the suggestion in a reply post, which acts as a vote in support.
Mods can see ID's and IP's so don't bother same fagging.

R: 13 / I: 0 / P: 7

LynxChan 1.9

LynxChan 1.9 is about to enter beta and introduces a very important feature: JIT caching.

JIT caching is caching pages once they are requested, instead of caching when their content is changed.

This feature should allow for not only a significant reduced CPU usage but also for a more responsive experience for users.

Other from that, this version will also add a few features:
File search on media management
Maintenance images
Ability to restart the unix socket from a GUI
Subject editing
Board locking
Better global board moderation
SSL can be made mandatory
Mass bans directly from ips

I have a small instance running it over http://lynxhub.com and a list of chans running it can be found at http://lynxhub.com/lynxchan/res/285.html
Open

R: 2 / I: 1 / P: 7

I have a Playstation 3, but I don't really know what to do with it. Jailbreaking it is impossible, and this sucks. Right now it is hooked up to my CRT tv, since it is the only thing i had in house that had an analogue vudeo output, and i use it to watch netflix, Youtube, Chrunchyroll, and some old cartoons, like Rugrats, Griffin, things like that. But I feel like I've never used it at its full potential. I own it since 2013, unfortunately, before i did not own enough money to buy it by myself, so I was able to get one only by then. And I feel like I've never used too much, in the first time, I've used it a lot, but after some time, i got myself a gaming pc, so now what can I do with this ps3? I think it could be do more than just streaming movies, should I buy some games? Even if I can buy the same game on pc at less price and have it with better graphics only for the sake of having a disc?

R: 29 / I: 7 / P: 7

Amazon destroyed Seattle

I like this editorial about how Amazon has destroyed the culture of Seatle. It's a good warning: large companies destroy the culture of interesting cities and make everything generic, corporate, and dull. I wouldn't want Google's HQ in my city either.

R: 12 / I: 2 / P: 7

Human experimentation should be legal?

What do you think tech?
Should we be able to experiment with human genetic modification (CRISPR/Cas9)? Should we be experimenting with eugenics?
The child development should taken with neurogenic drugs, such as Dihexa and NSI-189? Psychedelic drugs, like Psilocybin? The effect of nutrition, as with the use of iodine, EPA/DHA and uridine?

R: 5 / I: 1 / P: 7

New FinFisher surveillance campaigns: Internet providers involved?

New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement.

FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments. FinFisher is marketed as a law enforcement tool and is believed to have been used also by oppressive regimes.

We discovered these latest FinFisher variants in seven countries; unfortunately, we cannot name them so as not to put anyone in danger.

https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/

tl;dr Finfisher is back, is more resilient than before, and is being deployed via ISP MITM in some countries via redirecting downloads of popular software like WhatsApp, Skype, Avast, WinRAR, VLC Player (list not exhaustive).
Open

R: 0 / I: 0 / P: 7

eqgrp

anyone yet has some infos on the scripts form the eqgrp breach?
will that stuff break out of my vm?
how careful you have to be? any info on whats doing what? anyone assembled them, any research available?

R: 15 / I: 2 / P: 7

Secure Smartphone?

What does /tech/ think about this:

https://puri.sm/shop/librem-5/

It's not perfect, but it sure looks like it's taking steps in the right direction.
Open

R: 10 / I: 2 / P: 8

Unsigned Code Execution on Intel ME 11.x

People still call us "conspiracy theorists":
https://lobste.rs/s/xc9juv/unsigned_code_execution_on_intel_me_11_x

R: 3 / I: 0 / P: 8

Unprecedented: World Wide Web Consortium (W3C) Moves To Destroy Our Current Open Internet, Greenlights DRM for the Web

Unprecedented: World Wide Web Consortium (W3C) Moves To Destroy Our Current Open Internet, Greenlights DRM for the Web

https://archive.is/h26nk
https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web

Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions (EME)—a DRM standard for web video—with no safeguards whatsoever for accessibility, security research or competition, despite an unprecedented internal controversy among its staff and members over this issue.

EME is a standardized way for web video platforms to control users' browsers, so that we can only watch the videos under rules they set. This kind of technology, commonly called Digital Rights Management (DRM), is backed up by laws like the United States DMCA Section 1201 (most other countries also have laws like this).

Under these laws, people who bypass DRM to do legal things (like investigate code defects that create dangerous security vulnerabilities) can face civil and criminal penalties. Practically speaking, bypassing DRM isn't hard (Google's version of DRM was broken for six years before anyone noticed), but that doesn't matter. Even low-quality DRM gets the copyright owner the extremely profitable right to stop their customers and competitors from using their products except in the ways that the rightsholder specifies.

EFF objects to DRM: it's a bad idea to make technology that treats the owner of a computer as an adversary to be controlled, and DRM wrecks the fairness of the copyright bargain by preventing you from exercising the rights the law gives you when you lawfully acquire a copyrighted work (like the rights to make fair uses like remix or repair, or to resell or lend your copy).

On March 12, the final vote for publishing EME closed, and members ranging from the German National Library to the UK Royal National Institute for Blind People to the cryptocurrency startup Ethereum, to Brave, a new entrant to the browser market -- along with dozens more—rejected the idea of publishing EME without some protections for these equities (the numbers in the vote are confidential by W3C's own membership requirements, but all the members mentioned here have given permission to have their votes revealed.)

It was the most controversial vote in W3C history. As weeks and then months stretched out without a decision, another W3C member, the Center for Democracy and Technology, proposed a very, very narrow version of the covenant, one that would only protect security researchers who revealed accidental or deliberate leaks of data marked as private and sensitive by EME. Netflix's representative dismissed the idea out of hand, and then the W3C's CEO effectively killed the proposal.
Open

R: 4 / I: 0 / P: 8

CCleanup: A Vast Number of Machines at Risk

The article points as Periform/Avast had no idea about this malware... I don't think so. I don't think it's impossivel that this is an malware sponsored by agencies, since CCleaner is used on so many normie computers today:

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

R: 0 / I: 0 / P: 8

Adobe Accidentally Publishes One of its Private PGP Keys

>Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account***both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

https://soylentnews.org/article.pl?sid=17/09/23/0053227

R: 8 / I: 5 / P: 8

NSA trying to push bad standards

Oh, hey, look the NSA doing it again. First Clipper chip, then IPsec, now the "Simon and Speck":

>An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.
>More than a dozen of the experts involved in the approval process for Simon and Speck feared that if the NSA was able to crack the encryption techniques, it would gain a "back door" into coded transmissions, according to the interviews and emails and other documents seen by Reuters.

http://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV
Open

R: 6 / I: 3 / P: 8

Tor: help test next-gen onions

>this is an email for technical people who want to help us test next-gen onion services.
>The current status of next-gen onion services (aka prop224) is that they have been fully merged into upstream tor and have also been released as part of tor-0.3.2.1-alpha
>We are still in a alpha testing phase and when we get more confident about the code we plan to release a blog post (probs during October).

https://lists.torproject.org/pipermail/tor-project/2017-September/001449.html
Open

R: 16 / I: 2 / P: 8

It Seems China is Shutting Down its Blockchain Economy

eh:

>[...] it might have been the start of something more ambitious: a coordinated campaign to shut down use of cryptocurrency in the Middle Kingdom.
>The full extent of the Chinese crackdown isn't clear yet, in part because key decisions have only been communicated privately to Chinese Bitcoin exchanges.
>But a couple of Bitcoin exchanges have now announced that they are shutting down.
>And leaked documents suggest that the rest will be required to do so before the end of the month.

http://7rmath4ro2of2a42.onion/article.pl?sid=17/09/17/0743255

R: 28 / I: 9 / P: 8

Youtube just went full javashit.
What now ?
Open

R: 0 / I: 0 / P: 8

LoFive RISC-V

>LoFive is a lightweight SiFive Freedom E310 open source SoC evaluation kit.
>The E310 leverages the Free and Open RISC-V Instruction Set Architecture

https://groupgets.com/campaigns/353-lofive-risc-v
Open

R: 4 / I: 0 / P: 8

Open Everything Film Festival

Very cool:

>The apertus Association, aykit and q/uintessenz are proud to announce that Vienna’s only international libre/open film festival, “Open Everything – Privacy and Security” takes place in the course of the Linuxwochen Wien.
>The focus is on privacy, surveillance and security, as well as topics like DIY, the Maker Movement, Creative Commons, Open Hardware, Free Software, Copyleft and free and open creative/artistic processes and communities.

https://openeverythingfilmfestival.com/

R: 12 / I: 2 / P: 9

What about dis? Goodbye to ads.

https://coin-hive.com/

R: 12 / I: 0 / P: 9

the real open source alternative to Discord?

Discuss.
there's Riot https://archive.is/7jPpt
Tox, Matrix.

R: 0 / I: 0 / P: 9

Enemy At the Gateways: A Game Theoretic Approach to Proxy Distribution

A core technique used by popular proxy-based circumvention systems like Tor, Psiphon, and Lantern is to secretly share the IP addresses of circumvention proxies with the censored clients for them to be able to use such systems. For instance, such secretly shared proxies are known as bridges in Tor. However, a key challenge to this mechanism is the insider attack problem: censoring agents can impersonate as benign censored clients in order to obtain (and then block) such secretly shared circumvention proxies.
In this paper, we perform a fundamental study on the problem of insider attack on proxy-based circumvention systems. We model the proxy distribution problem using game theory, based on which we derive the optimal strategies of the parties involved, i.e., the censors and circumvention system operators.
That is, we derive the optimal proxy distribution mechanism of a circumvention system like Tor, against the censorship adversary who also takes his optimal censorship strategies.
This is unlike previous works that design ad hoc mechanisms for proxy distribution, against non-optimal censors.
We perform extensive simulations to evaluate our optimal proxy assignment algorithm under various adversarial and network settings. Comparing with the state-of-the-art prior work, we show that our optimal proxy assignment algorithm has superior performance, i.e., better resistance to censorship even against the strongest censorship adversary who takes her optimal actions. We conclude with lessons and recommendation for the design of proxy-based circumvention systems.

R: 13 / I: 3 / P: 9

Android phone

What is a good android for under $200?
Open

R: 2 / I: 0 / P: 9

Bluetooth new vulnerability

Open

R: 2 / I: 0 / P: 9

Crash Firefox on Linux via Notification API

R: 14 / I: 0 / P: 9

(((Intel))) is RIP

https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/

AMD told us in their AMA on reddit yesterday that they'd consider Coreboot/Libreboot support. We should do something to let them know we're interested, because this would be a game changer.

R: 1 / I: 0 / P: 9

Had to move my desk to the other side of the room and now everything feels cramped, awkward and unergonomic as fuck and my autism is flaring up.

How long will it take me to relearn how to comfortably use my computer?
Open

R: 1 / I: 1 / P: 9

Privacy of DNA Testing

Would you do it?
https://youtube.com/watch?v=U3EEmVfbKNs

I wouldn't, but seems really interesting for nutrigenomics:
https://en.wikipedia.org/wiki/Nutrigenomics
Open

R: 14 / I: 4 / P: 9

Learning the PE Header, Malware Detection with Minimal Domain Knowledge

Many efforts have been made to use various forms of domain knowledge in malware detection. Currently there exist two common approaches to malware detection without domain knowledge, namely byte n-grams and strings. In this work we explore the feasibility of applying neural networks to malware detection and feature learning. We do this by restricting ourselves to a minimal amount of domain knowledge in order to extract a portion of the Portable Executable (PE) header. By doing this we show that neural networks can learn from raw bytes without explicit feature construction, and perform even better than a domain knowledge approach that parses the PE header into explicit features.

An interesting approach to malware detection. For the next McAfee. Hey, when you're down in Guatemala in your jungle mansion, banging supple Latina teenagers, remember me, ok?
Open

R: 3 / I: 0 / P: 10

What do you use for temporary anonymous file hosting? I'd like something like pantsu used to be.

R: 9 / I: 2 / P: 10

DolphinAtack: Inaudible Voice Commands

Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.

R: 49 / I: 10 / P: 10

Hax0r Thread

R: 10 / I: 2 / P: 10

Linux has been pozzed

LINUX POZZED

A stand-idn mascot that has appeared in the latest Linux kernel isn’t intended to push out the traditional penguin named Tux but to benefit the plight of the Tasmanian devil.

A meat-eating marsupial, the devil is bordering on extinction as the animal has been ravaged over the past decade by a transmittable cancer, one of only two known in the world. The devil is found only in the Australian island state of Tasmania.

Tuz was the mascot for January’s Linux conference in Australia, which was held in Tasmania and where the show’s annual charity auction was dedicated to raising funds to research devil facial tumor disease (DFTD).

DFTD over the past decade has wiped out up to 50% of devils, known for their offensive odor when under stress and their loud and disturbing screech.

https://www.networkworld.com/article/2265522/applications/linux-penguin-mascot-gives-way-to-tuz.html

R: 6 / I: 1 / P: 10

In a move to increase diversity in the bitcoin community, bitcoin.org updates its branding to include images of goat people. One of the latest moves in what /pol/ is calling, "a clampdown on the internet".

R: 7 / I: 3 / P: 10

>email provider offers onion imap and smtp
>the certificate doesn't include the onions
What's her name /tech/ ?

R: 13 / I: 3 / P: 10

Steem

Thoughts on Steem?

Post/curate content -> get upvoted -> get cryptocurrency.

R: 32 / I: 9 / P: 10

MOZILLA SELLS OUT!

Mozilla To Build New Browsers That Conform To Internet Censorship

https://web.archive.org/web/20170815234815/http://www.naturalnews.com/2017-08-15-censorship-alert-mozilla-planning-kill-shot-for-entire-independent-media-by-blocking-all-non-approved-news-in-the-firefox-browser.html#

In November of 1737, decades before America officially declared its independence from the king of England, a young Benjamin Franklin published an essay in The Pennsylvania Gazette entitled, “On Freedom of Speech and the Press.” In it, Franklin wrote, “Freedom of speech is a principal pillar of a free government; when this support is taken away, the Constitution of a free society is dissolved, and tyranny is erected on its ruins.” Franklin went on to write, “An evil magistrate entrusted with power to punish for words, would be armed with a weapon the most destructive and terrible.”

Although this was written in an article published more than two and a half centuries ago, Franklin’s words are quite possibly more relevant today than they ever have been. Indeed, there is an ongoing effort by the progressive left and extremists such as George Soros to silence speech that doesn’t align with the liberal agenda. This effort to effectively gut the First Amendment is taking place virtually everywhere you look, from the mainstream media, to Hollywood, to college campuses, and perhaps most frequently, across the Internet.

Recently, the popular Internet web browser Mozilla Firefox announced that it plans on joining the fight against what it considers to be “fake news,” a term that to leftists means nothing more than news that is written by conservatives. Mozilla said that it was “investing in people, programs and projects” in an effort to “disrupt misinformation online.”

The first question that every constitutionalist and liberty-loving American should be asking is as follows: How does Mozilla define “fake news?” Are they only talking about suppressing radical websites such as sites run by white supremacists, or are they talking about any news that comes from conservatives? At the very least, it should worry you that companies like Mozilla are often reluctant to thoroughly define “fake news” – it is highly unlikely that this is unintentional.

Furthermore, what exactly gives Mozilla the right or the authority to determine what is misinformation and what is not? The United States Constitution is the law of the land, and the freedom of speech is an inalienable right from God. The fact that Mozilla thinks it has sweeping authority to select which speech is censored and which speech is not runs contrary to everything that America was founded upon.

With the assault on independent media getting increasingly aggressive, many Internet bloggers and website owners are desperately looking for ways they can continue voicing their opinions without being harassed, suppressed or silenced. If you are one of these people, you may want to consider using “Brave,” a relatively new web browser founded by former Mozilla CEO Brendan Eich.

On its website, Brave states that its goal is “to transform the online ad ecosystem with micropayments and a new revenue-sharing solution to give users and publishers a better deal, where fast, safe browsing is the path to a brighter future for the open web.”

If we are truly committed to one day restoring America to its constitutional roots, then we need to embrace initiatives like Brave and reject the political censorship that seems to now be running rampant across the country. Failure to do so will result in exactly what Benjamin Franklin warned about back in 1737 – the erosion of the Constitution and the establishment of tyranny.

R: 1 / I: 1 / P: 10

Fortran

Let's talk Fortran. It has been around since 1957, and has gone through numerous revisions. The first version was designed by John Backus at IBM. The most recent standard is Fortran 2008 (see attachment).

Fortran is reputed to be excellent for a number of science and math applications, from crunching numbers for weather simulations to linear algebra.

Here's one guy's take on Fortran as a modern computing language: https://bitbucket.org/eric_t/modern-fortran/wiki/Home

The example on that page compiles so fast with gfortran, even on my 2010-era system, that I thought there must have been some silent error when I compiled it, because it couldn't have compiled that fast. But, no, it was just that fast, even with bounds checking enabled.

Anyone else interested in Fortran here? Have any good tutorials? I've found _a lot_ of material about updating your skills from Fortran 77 to Fortran 90/95 or 2003/2008, but not much for the non-novice programmer who doesn't already do Fortran in some form.

R: 5 / I: 1 / P: 10

Does Kali Linux offers tools for Phreaking? If not, where can I get tools for testing security of mobile phones, SIM Cards, etc?

R: 3 / I: 1 / P: 11

Cloud Encryption Best Practices?

Say I need to store private files on some public cloud service because reasons. I'm going to encrypt the shit out of it, I want that crypto to hold up against reasonable opportunistic adversaries, and I want it to hold up for the foreseeable future.

"Reasonable opportunistic adversaries" means I don't expect to be the personal target of a well-funded spook agency. Law enforcement dragnets, opportunistic hackers and snooping providers are all relevant however.

"Foreseeable future" should be decades.

My instinct is to rely on something straightforward and established like gpg --symmetric, but it doesn't feel nearly autistic enough to be truly secure.

Should I consider non-standard ciphers? AES has theoretical attacks now, but 2^256 -> 2^254.4 is barely scratching it. Twofish and Serpent have only been attacked with reduced rounds. All are already over a decade old but nothing truly new seems to be on the horizon. Quantum comp apparently isn't the huge threat here that it is to public key.

Is it worthwhile cascading ciphers like Veracrypt does? Can this be done competently with gpg/other tools? I see mixed opinions out there about the benefits vs the risk to new attacks.

Is it worth obfuscating the ciphertext? Would using non-standard cipher settings, memorizing them then stripping headers protect the data in practice even if the cipher becomes weak in the future? Would wrapping it in other containers make it look more innocent to an adversary find/grepping for "interesting" files to analyze?

Tell me how wrong I am, /tech/.

R: 1 / I: 0 / P: 11

Web servers/ async programming

I've been practicing network programming lately and was reading about the different web servers, how they work and so on.
I was wondering how Windows and windows based web servers perform compared to Linux since it has no epoll/kqueue. It turned out it has I/O Completion Ports. Then I searched for web server benchmark comparisons but there were no credible ones. Why has nobody compared these products yet?

>https://www.rootusers.com/linux-vs-windows-web-server-benchmarks/
This one implies that IIS outperforms nginx in every way and if that is true I want to know how it does that.

>http://gwan.com/benchmark
This one implies that g-wan is the fastest one (obviously, it's their product, therefore isn't a credible source).

>https://www.webperformance.com/load-testing-tools/blog/2011/11/what-is-the-fastest-webserver/
That one also shills for IIS, but it's probably fake since the author doesn't mention anything about hardware or server configuration.

So my questions are:
- Does Windows' IOCP perform better than epoll/kqueue and if so - why? And why don't we implement it for *nix?
- Does IIS outperform nginx/apache and if so - how does it do it and is it related to the IOCP?

I cannot find credible sources and I hope someone here has more experience than me.

Some interesting reads I came across:
http://kegel.com/c10k.html -
http://bulk.fefe.de/scalability/ - FreeBSD/OpenBSD/NetBSD/Linux(2.4, 2.6) benchmark (quite old)

>inb4 windows is closed source botnet

R: 12 / I: 2 / P: 11

Is there any way I can block google recapcha in hosts ? I appears on some 4chan archives and it drives me nuts because for some reason webkit uses like 40% of my cpu to render that shit

R: 7 / I: 0 / P: 11

USSR home computer programs on tape

Does anyone on /tech/ know how to get programs for old computer from audio cassette? What emulators can run that? Rips are on http://25dxotevqkqyhqgi.onion/

R: 17 / I: 1 / P: 11

Best version of windows for fucking with

Hey guys, I don't like using windows but I had an itch to fuck with it a little.

I was thinking of taking a windows image, stripping the shit out of it with ntlite, then replace a bunch of stuff with versions from reactos and a different shell like blackbox.

Maybe windows 10? Anyone remember how to strip all the botnet shit from there?

R: 2 / I: 0 / P: 11

>VDPAU on my card doesn't support 10 bit profiles for h264
>my processor is too slow for software decoding scenes where there's a lot of action

is this Daiz's fault?

R: 0 / I: 0 / P: 11

Nokia 8

This smartphone will physically train people to record video...

in landscape mode!

R: 17 / I: 0 / P: 11

So Jim (an ex-Gamer Gay fag and an old /pol/ sweetheart) made a new video recently, and in the face of the centralized clearnet's censorship schemes becoming ever expanded he has made the suggestion of going MAD against the clearnet giants. As some have pointed out though, this is a dangerous gambit due to Google Fiber expanding very quickly and them having the money to bide their time while they expand. Not just that but handing the internet to the ISPs is a bad idea since ISPs are much more HEAVILY centralized than web services and communities.

However I want to hear endchan's opinion on the matter, is this a feasible strategy, or did Jim as the vid's thumbnail/graphics suggests, drink a few too many vodka bottles in a stupor of depression?

R: 58 / I: 18 / P: 11

There seem to be a lot of privacy conscious people on this board.
Provided we can actually find a way to communicate, would anyone be interested in making our own alternative to privacytools.io ?

R: 12 / I: 0 / P: 11

FLOSS and licensing

Hello /tech/,

I'm not so familiar with software licenses so I started reading about the subject. At one point the question 'How does one profit from floss software?' popped in my head and these are some articles I came upon (quite outdated, but they still have a point). So GPL prevents companies from making proprietary software with your piece of software. BSD, on the other hand, does not (that's the case with Apple's kernel). Turns out the only way a company can profit from GPL license is by donations, offering support, teaching or dual licensing. Dual licensing seems like the most used option.

https://www.linuxjournal.com/article/5935
http://sealedabstract.com/rants/why-the-gpl-sucks/

>But there is a net effect on software development. Who makes money off GPL code? We go back to Novell and Red Hat, who test and package this software. And we see a trend–GPL code helps software testers make money. It helps QA people. It helps the people who answer the support phones. It helps everybody except software developers. Oh, maybe Google will pay them a salary as a goodwill gesture. But it’s really, really hard to make money from developing FOSS. You can make money supporting it. You can make money testing it. But no money developing it.

So my question is - does free software actually benefit the developer?
Open

R: 54 / I: 9 / P: 12

Communication best practices

I would like to open this thread to discuss the best practices of communication, essentially the three forms: archive sharing, text/image and voip (video conference).

The software has to be:
- Decentralized or distributed
- End to End encrypted
- Open Source

Prefered if:
- Audited / Formal methods (proof/verification)
- Anonymous
- Don't leak much matadata
- Good coding practices (privsep, sandboxing, etc).


For archive sharing:
- Retroshare
- Tahoe-LAFS
- IPFS

For messaging:
- Ricochet
- Briar
- Matrix
- XMPP with OMEMO

For VOIP/Video conference:
- Jitsi


Signal Protocol, ZRTP and WireGuard Protocol seems to be the best choices. But Signal Protocol has poor implementations and uses XMPP (leaks metadata).
Feel free to point better solutions...
Open

R: 3 / I: 1 / P: 12

Visual cryptography

https://en.wikipedia.org/wiki/Visual_cryptography
This is pretty cool. Wish I had e a program that could help me print things that can only be decoded with another transparent layer.

R: 6 / I: 2 / P: 12

About fake social media accounts

Should you not use any social media or use a faked, sanitized social media accounts?

I ask this question as I look at these new predictive algorithm. They analyse your facebook account, and gives some score to the police, to help them take a decision. There is plenty of different methods, and different means using that. Social media analysis is pretty much widespread.

I personaly don't use any social media, even though I have to say that I used them a little bit when I was younger (I quickly removed them though, nothing more than 2/3 years).

The problem with these kind of algorithm, or simple human verification (because it's pretty much automatic today to go verify your social media account, even in case of getting a job), is that it's gonna automatically mark you as suspect, since just a few don't use them.

So what do you think, should you try to fake out an account, with the risk of actually giving too much even though you try to fake it out (or if you use a bot, to be easely spotted), or should you simply go full boycott?
Soon, we'll be forced to pay with our smartphone, and so use a recent one with the app who allows you to pay. Now, there are people not getting hired because they don't have any social media account... I'm mostly afraid of the latter.

Thanks.


PS: Maybe is it too much effort, since your ISP by looking at the keywords you enter in the search engine, can know everything about you... I don't trust https.
I'm more and more afraid that without an enormous effort from your part, and huge technical capabilities, you can't do shit.

R: 18 / I: 0 / P: 12

HAHHAHAAHHAHAHAHHAHAHAHAHAHAHAHAAHAHAHA
Open

R: 18 / I: 1 / P: 12

Is Signal a threat to Free Software?

https://blog.grobox.de/2016/is-signal-a-threat-to-free-software/

My opinion: the guy from LibreSignal was using the Signal servers, consuming their energy, and using their marketing. This is not right.
About the Signal requirement to have google shit, it's very unfortunate. Though, people should just use other thing and stop all this buzz.

R: 75 / I: 18 / P: 12

Suddenly Bruce Perens doesn't want to talk to me.

Suddenly Bruce Perens doesn't want to talk to me.

What happened? This was out of the blue:

https://lists.debian.org/debian-user/2017/07/msg00830.html

>OK, I apologize to all who were involved in this conversation. I will block further emails from "aconcernedfossdev" and no longer encourage him.
>
> Bruce

R: 21 / I: 0 / P: 12

Why is there still a 8/tech and no one is here? I thought your group were smart and cared about privacy.

R: 0 / I: 0 / P: 12

"Advertising is the new coal"

Advertising ruined the internet. It kills creativity.
Open

R: 0 / I: 0 / P: 12

OpenBSDNow

Cool, I use OpenBSD for about 1 year and half, never heard about this until now. Dicided to share here since some folks here also use openbsd and may not know:
http://openbsdnow.org/

R: 6 / I: 2 / P: 12

repost from 8/tech/ pls no bully if this isnt how you format spoilers

https://fedoraproject.org/wiki/Red_Hat_contributions
http://www.sourceware.org/projects.html
https://en.wikipedia.org/wiki/Freedesktop.org

Poettering (a Red Hat employee) is not the source of the problem in the modern Linux ecosystem. Red Hat is the problem. Red Hat has almost complete control over freedesktop.org (xorg, DRI, cairo, mesa, wayland, systemd, dbus, PulseAudio, Gstreamer, xft) and GNOME (this includes all its applications and GTK+) and has a massive influence over the Linux Foundation and many GNU projects. Red Hat is a for-profit corporation so any action they take will only be for their own benefit and NOT yours. Regardless of whether their software is "FOSS" or not, they've slowly been redesigning the core design of Linux so that they could restrict your usage of it to their products, making you dependent on them. GNU/Linux should be renamed Red Hat OS, as it's essentially impossible to escape their tentacles on it.

R: 0 / I: 0 / P: 13

How do people install their payloads into an android phone? There must be a clever way instead of just making the target to download an infected APK, only noobs would fall for that...

R: 2 / I: 0 / P: 13

HELP with drivers

Hi Windows users.
Has anyone managed to install Nvidia Quadro drivers on a GTX board? Both uses the same processors, the only difference are on the drivers, but Quadro costs much more because of that. I'd want to try those, because I need more performance on video edditing softwares and I don't play games.
I did a basic search, found some tips[1], but I thought it would be better to ask on imageboards, because the autistic people from here are (generally) smart on those topics...
Also, if you have any advice on configurations for better performance, I would like to hear that (I'll try to install Windows Server instead of Win7, just to see if memory consumption drops, since Win7 has a lot of bloatware shit).


P.S: Yes, I need Windows for this, can't run all the software on Wine yet. Looking to switch my workflow to Flowblade instead of Premiere Pro, but I can't do After Effects animations on any open source software (Blender or Natron could do it, but I'd need to learn them and I don't have enough time now).


[1] https://www.vegascreativesoftware.info/us/forum/nvidia-quadro-drivers-instead-of-gtx-drivers--93439
Open

R: 2 / I: 1 / P: 13

Alternative to dictionary attack

I recently saw this wifi-cracking github:
https://github.com/brannondorsey/wifi-cracking

I don't think dictionary attacks is a efficient way to do it, though. Does anyone know if there's some tool that I can input information that I got through social engineering and then this tool generate a custom dictionary?
Example:

- The informations on a file:



$ cat foo.txt

name=Richard
age=32
house=1337
pet=John



- Then input on "tool":



$ sudo tool -i foo.txt -o bar.txt



- The generated bar.txt would be a custom dictionary based on many informations from foo.txt. It could even use some neural networks.
I don't know how to program this thing, but I don't think it's complex and I think that someone already did it (that's why I'm asking here).

R: 7 / I: 0 / P: 13

Hey techies, my idiot friend and I want to make a simple game.

What are some nice language choices for us? Bare in mind we are both fairly retarded with little interest in programming and no intention of becoming good.

Not so interested in "game engines" as that seems like learning something more than we need.

Python and Gambas look good.

R: 7 / I: 2 / P: 13

I saw this imageboard called chanpink being posted around here.
What are your thoughts on real time imageboards? Are they the future?

R: 13 / I: 8 / P: 13

Hello

Is anyone there? 4chan and 8chan are compromised and have been filled to the brim with unintelligent and naive normalfags, and the bunkers are empty with lainchan being wiped.

I am getting tired of this ride.
Open

R: 4 / I: 0 / P: 13

Great, can't search on github anymore

How great, can't search on github anymore with Tor:

Whoa there!
You have triggered an abuse detection mechanism. Please wait a few minutes before you try again.

Great job these people are doing.
Can someone tell me why they are doing a campaing to block GET with Tor? I can understand bocking POST, but block GET is just rediculous.

R: 2 / I: 1 / P: 13

Anyone want to talk about programming on an open source voip client?

Address: mumble-us.cleanvoice.ru 50688

Current discussion: Python / Bash / Node / Networking

Try to ignore the few /v/ users

R: 1 / I: 0 / P: 13

What's the cheapest msata ssd I can replace my x220 drive with ?

R: 0 / I: 0 / P: 13

Amazon buys whole foods and officially becomes new conglomerate like Walmart

It's official. I've gone back in time to warn you not to let this company buy out more companies and grow any bigger or WW3 will be between conglomerates and the government.
http://www.reuters.com/article/us-wholefoods-m-a-breakingviews-idUSKBN19Z22Q
Open

R: 6 / I: 0 / P: 14

binctr

"Create fully static, including rootfs embedded, binaries that pop you directly into a container. Can be run by an unprivileged user."

Seems interesting:
https://github.com/jessfraz/binctr

Someone should apply this on an entire system, like openbsd team did with pledge(2).

R: 1 / I: 0 / P: 14

When will endchan get updated to newer versions of lynxchan ?

R: 4 / I: 0 / P: 14

What the gay shit was called that early software design concept, that forms these looping patterns of pixels out of a rule algorithm? Something like there's an endless sequence of turns, and you paint a set of pixels, and every turn those pixels that are on turn off and pixels next to them turn on. Certain combinations end up canceling themselves out, so you end up bein able to create these intricate looping pixel waves that don't do shit but they are pretty neat. I think it's called 'a-somebody's game'.

R: 49 / I: 2 / P: 14

NSAflare fails

I was using archive.is to get a better view on sites that rely on javascript and now they've enabled CloudFlare which require javascript.

Is there any alternative to it ?
Open

R: 7 / I: 1 / P: 14

DOS a Browser using Gzip trick

https://blog.haschek.at/post/f2fda

Cool. It compresses a 10Gb file with Gzip, and then sends it using PHP when the site is being "attacked".

R: 7 / I: 0 / P: 14

IRC MADNESS

irc://2hu-ch.org/overchan

irc server with no names just anon

also on tor: irc://allyour4nert7pkh.onion/overchan

server source code: https://github.com/majestrate/urc.py/

>tfw tech ircs are dead af
Open

R: 7 / I: 0 / P: 14

Threads are currently being restored from the Wayback machine. When that's finished, all the threads that were pushed down will be bumped. I might be asleep by that time.
The threads from the first ten pages of https://web.archive.org/web/20170603040401/http://endchan.xyz/tech/catalog.html have been restored. If you'd like to have another thread recovered, request it here.

R: 4 / I: 1 / P: 14

/sp/ GET

NERRRRRRRRRRRRRRRRRRRRRRRDS
Open

R: 1 / I: 0 / P: 14

Is this censored or what?

Open

R: 18 / I: 2 / P: 14

end/tech/ archive

https://web.archive.org/web/20170603033845/http://endchan.xyz/tech/

All of the hundreds of threads just deleted from end/tech/ are available there.

R: 3 / I: 1 / P: 15

Windows 7 pleb here, how do I reduce the amount of data that gets cached in my ram? Currently I'm using 4gigs of ram and have 4 gigs of data cached, with about 100-50mb free.
Open

R: 0 / I: 0 / P: 15

Avoid OS detection on OpenBSD

https://blog.cagedmonster.net/avoid-os-detection-openbsd/


# vi /etc/pf.conf

match all scrub (no-df random-id)

# pfctl -f /etc/pf.conf

R: 7 / I: 0 / P: 15

This is an attempt to slide. This is totally not a tor test

R: 4 / I: 0 / P: 15

Help test OpenBSD

From undleadly:

"on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets."

"To ensure this security feature works great in the 6.2 release, please test snapshots. By working well, I mean it should work invisibly, without any glitch such as a broken kernel or anything. If there are ugly glitches we would like to know before the release"

http://undeadly.org/cgi?action=article&sid=20170701170044

R: 3 / I: 0 / P: 15

Anyone here using omemo on a daily basis on desktop ? What clients are you using and what are your experiences ? I'm thinking of dropping tox since I need offline messages and no scripting a workaround with tox is not what I want.

R: 15 / I: 2 / P: 15

can't download files to disk from sankakucomplex

Kind /tech/nologists

A week or so ago I can't download images with the Tor Browser from sankakucomplex.

How is this even possible?

I can load the full size image in my browser, so it is in the memory, but when I try to download it to disk, it just creates a ~5.5kB broken file. Is this some new Firefox browser feature? How can the server owner have the right what I do with data that's already in my RAM? Is this some kind of new DRM? Please enlighten me. You can be as technical as you want to be, I'm a gentooman, I'm just not up to date about browser technology.

I await your answers with interest and a held beck REE if my worst fears prove to be right.

p.s.: on a second thought is this a Cloudlare-wide thing?

p.s.2: I can still download images from other Cloudflared sites like 4chan, 8ch
Open

R: 8 / I: 0 / P: 15

Remove feature = fix a bug

http://lwn.net/Articles/705896/
>did not remove metadata from images embededed in PDF documents
>been fixed in version 0.5.2-3+deb8u1. This update disables PDF support in MAT entirely.
ayy
Open

R: 3 / I: 1 / P: 15

https://youtu.be/HN_SzFRLUVI

What the fuck I've just watched

R: 30 / I: 2 / P: 15

Linus Torvalds: Free Software Foundation "insane crazy people"

https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003580.html

We all knew it. Now Linus said it.

In a mailing list discussion about GPL enforcement, Torvalds touches on the pitfalls of involving lawyers in GPL disputes and argues for the superiority of the open source approach, stating: "the people who have created open source and made it a success have been the developers doing work - and the companies that we could get involved by showing that we are not all insane crazy people like the FSF."

Thoughts? Butthurt?

R: 2 / I: 0 / P: 15

I'm using bspwm. I already have sxiv and I don't want to install feh just so I can set up a desktop background. Is there any way I can set it with X alone ?

Top