/tech/ - Technology

Brought to you by archive.org

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


(53.86 KB 730x595 tx1200xe.jpg)
Improving software and security Anonymous 08/11/2017 (Fri) 20:29:06 [Preview] No. 10688
Hello my good fellows!

It is evident that the majority of mainstream software programs are shit, and while audits and the creators of a specific software program can tell one much about the quality of said software, audits can be fabricated and the user should look at the program itself instead of looking at who made it and where it came from. If more individuals studied computer engineering/science and programming and were able to audit programs, we would become stronger, and one could rest assured that their computer was tested to perfection. I have begun to notice that a major problem with auditing code is the fact that some software programs are massive and require teams to finish in a practical amount of time (Or one individual with ultimate dedication...), and this can be fixed by advocating for single purpose programs with lean code and minimal features with room for the user to build and add to it. Computers are amazing machines, and every individual with a laptop and a great mind can achieve amazing feats! One could build a self driving car with the power of programming and advanced mathematics, one can program a self-learning AI that they can interact with, one can program drones or small satellites to take pictures of the earth and predict weather patterns, and the list goes on and on.
I am here to encourage you to begin making your own single purpose programs by yourself or with close friends and a passion to teach others about programming and auditing simple software programs. I don't believe there is a government plan to keep us all down and steal our data to destroy us, but your information is worth money, and data mining allows companies to look at the big picture and advertise products.

Free(Possibly) and open source software with a single defined purpose made as minimal as possible with space to allow for building onto it and improving it.


Anonymous 08/11/2017 (Fri) 21:58:55 [Preview] No. 10690 del
> I don't believe there is a government plan to keep us all down and steal our data to destroy us

I don't understand why people are afraid of going against their government. I don't understand why they blindly follow the propaganda saying the government and ultimately the power upon us as purely incompetent, unable to face the challenges, the market.
Seriously. That's the same retards that thinks that the market is some kind of uncontrolled beast, a beast we have to manage as must as we can.

You need to start to understand that Trump is not the power. The so called government are just managers, applying a policie which does not come from them.
YES, the power in place, whatever name you call it, the big capital, the shadow government, wants to monitor everything about us, and they know exactly what they're doing. YES, they're gonna at the end insert a chip in us. It's maybe not the RFID, even though it's starting in some companies there and there, but just look at what Elon Musk is saying, look at Neurolace.

They're not incompetent. The market is not a blind uncontrollable beast. Most of what is happening is intended. Ofc, there is some uncontrollable things that happening, that you have to pass though, but the goal is the same.

About the security, I'm in no way a professional, but what I could try to guess is that most of the security flaws are gonna be fixed in the future, and the power is gonna keep its backdoors. What I'm afraid of is that the actual security will be so high that only very high entities will be able to do anything (big mafia hacker group, secret services, R&D of big companies etc..) . We're not gonna be able to do shit anymore. The myth of the all mighty security researcher is gonna end. Everything is gonna be lock down. That's why we NEED to mark our path before it happens. If we don't do anything, then nothing will be possible after that. The exemple I can give, is the bank security. Today, it's literaly impossible to rob a bank.

I truly have a very very dark vision of the future. I think that we don't feel it yet because the stats don't actually use their totalitarian tools yet, and because even if a terrorist attack would occur, the information is such controlled today that they can wipe the crime scene very fast, and stifle any noise going on the wire (yeah, because the best way to counter any attack against the power is to make full silence about the terrorist act, that why you're never gonna know is a terrorist attack happened against the actual president). But I can attest that in europe, looking at how they're destroying rights, the great dystopia is very close (for exemple, in france, the state of emergency is now in the law. Cops can come in your home without warrants; they have customs right, so they can search your car; they have forced every ISP to put their computer in the middle of the network etc...).
Never forget that giving a phone or anything electronic to a kid will give EVERYTHING to them. Even someone who would want to stand up would simply get shut down, because everything is known before even wanting to do anything.

Just to finish, everything is backdoored. That's why China have fought very hard to build their own hardware. Without none backdoored hardware (including HDD firwares etc..)... Everything is so much harder.
I think that some people have solutions for all of that, but they can't make their solution public, to not give it out to the concerned peoples...


Anonymous 08/11/2017 (Fri) 23:40:16 [Preview] No. 10692 del
>>10690
The human species, civilization, the planet, etc. is extremely extremely complicated, and it would require dedicated teams of THOUSANDS of people with strong technological tools to even gain a grasp as to what is happening around the world and how it ties into everything else, it is all connected, what happens in one place causes a chain reaction somewhere else, similar to the production process:
>Engineers finally draft schematics for new machine
>Company sets out to hire factories in china to supply raw materials
>Raw materials sent to another factory to be constructed
>New machine now sent to various warehouses in different countries
>Warehouses distribute products to buying stores
>Stores see how well product is selling, and report back to main company

The one who knows how the world works can predict the future.


Anonymous 08/12/2017 (Sat) 09:12:46 [Preview] No. 10693 del
(54.77 KB 554x830 1502409897755.jpg)
I don't know what psychedelic RCs you guys have managed to acquire, but I know Sasha would have been impressed.

>>10688

>this can be fixed by advocating for single purpose programs with lean code and minimal features

It can't, really. While I think there's a lot of truth in C.A.R. Hoare's quip here:

http://harmful.cat-v.org/software/

the fact is, people want complex behavior from software, and they want software that is simple for them to use in order to be able to do it. Software that looks simple but performs complex actions invariably hides a great deal of engineering complexity underneath. Take the example of web browsing. Very few people want to type in a command to fetch a URL, then pipe it to a command to (conditionally) handle the TLS handshake, then pipe that to a program to handle the parsing of the result, then pipe that to a program to interpret the Javascript, then pipe that back to the DOM parser, then pipe that to a program to decode the media container the video they want to watch uses, then pipe that to a program to actually decode the codec, then pipe that to a program to launch a GUI window to display the result. Frankly, you lost 90%+ of people at "type in a command" of any kind. They don't even want to type in "firefox". They want to click an icon, or, better yet, tap it on a touchscreen. They don't want to type a URL. They want to tap on the Facebook thumbnail that pops up in their browser (which they launched with a tap) and go immediately to their Facebook feed or homepage (or whatever it's called), because they don't even log out when they set their tablet or phone down.

And the example above, as ridiculous as it is, is only one level of granularity. How do you define "single-purpose"? Should fetching a URL, performing a TLS handhake, then handling the further symmetric encryption all be handled by the same program, or should that be three separate programs? After all, negotiating the connection is one task, handling the TLS handshake is another, and handling the symmetric encryption is yet another.

>with room for the user to build and add to it.

The most realistic outcome would not be people building a bunch of unique, simple, auditable solutions, but most people building nothing. Most people have neither the interest nor the ability to implement even simple algorithms. Even ostensibly educated computer programmers sometimes fail simple whiteboard interviews where they're asked to implement a simple algorithm in pseudocode.

Even if some unusual surge in interest in the kind of programming you're talking about were to occur, the result would be tons of buggy, inefficient, incompatible implementations.

>every individual with a laptop and a great mind

Unfortunately, laptops are far more numerous than great minds.

>One could build a self driving car with the power of programming and advanced mathematics, one can program a self-learning AI that they can interact with, one can program drones or small satellites to take pictures of the earth and predict weather patterns

All of these are tasks which all of the evidence we have suggests are extraordinarily complex. You won't be creating satellites that can predict weather patterns by piping simple single-purpose programs into each other.

>I don't believe there is a government plan to keep us all down and steal our data to destroy us

If you think that powerful, wealthy countries are not gathering vast amounts of information on their own citizens, as well as those of other countries, you are uninformed. This is a fact. The NSA data storage facility in the desert in Utah is not there to store BBQ recipes.

If you think that powerful, wealthy countries will not use the data they have gathered to "keep us all down", if they feel it becomes necessary, you are naive.

If you think that powerful, wealthy countries would never use the data they have gathered to destroy us, you lack imagination. Vast amounts of stored encrypted communications that are currently infeasible to decrypt will be rapidly decrypted in


Anonymous 08/12/2017 (Sat) 09:20:19 [Preview] No. 10694 del
(66.58 KB 512x768 1502410418867.jpg)
(CIA nigger imageboard software cut off my post. But dis nigga's been burned b4, so I save a copy of long posts until they go through)

>>10693

a few decades, when quantum computers that can efficiently and reliably run Shor's algorithm become available to the wealthiest governments. At the same time, the world's population will have increased by several billion, climate change will have caused geopolitical instability due to extreme weather events and famine, and unemployment in "developed" nations will be extremely high because of nearly omnipresent automation.

The starving masses of the future aren't going to take up keyboards to write simple, auditable, single-purpose programs. They're going to be taking up whatever arms they can get a hold of and improvise.

And the governments of the world, sitting on oodles of advanced technology and decades of surveillance data fed through sophisticated ML programs, are not going to pursue only what is ethical and legal. They are going to brutally suppress any threat to their authority and the well-being of the plutocrats.

>>10690

>most of the security flaws are gonna be fixed in the future

As long as new hardware and software are being created, there will be new flaws.

>Just to finish, everything is backdoored.

Skepticism is healthy. Caution is warranted. Abject paranoia is unhelpful, and is a sign that you might need your meds adjusted.

Incidentally, "everything is backdoored" is exactly what the likes of GCHQ, the NSA, etc. would like you to believe. They'd like you to think to yourself, why use Tor? The hardware is backdoored anyway. Why use a secure chat program? Everything is backdoored anyway.

But if the Snowden leaks proved anything, it's that NOT everything is backdoored, and even the best-funded signals intelligence agencies in the most powerful nation-states in the world are not omnipotent.

So, again, skepticism is healthy. Caution is warranted. But when you give in to defeatism, they win.


Anonymous 08/12/2017 (Sat) 10:51:28 [Preview] No. 10695 del
No need for auditing the software, if you use formal methods along the way. For example, built-in specification constructs, dependent-type language and also techniques like object capability based syntax and capability-based SE.
Logic languages, generally, also have a better safety (see lambda-prolog and Twelf), although they can be limited.
If automated theorem proffers ever became simple enough to use and go mainstream, we could see better software.
But, really, the basis of computing is already "wrong", even on processor level. Maybe the future could be a NISC computer, where there's no separation between firmware, BIOS, payload, bootloader or operating system. It's everything a single compiler, where this compiler apply formal proofing to software running and report errors. Without fixing those errors, your software will not run. This would also allow better sandboxing and better performance.
But I'm not an specialist and don't understand nothing of this, really.

https://en.wikipedia.org/wiki/No_instruction_set_computing


Anonymous 08/12/2017 (Sat) 11:12:02 [Preview] No. 10696 del
(65.25 KB 575x602 privacy.jpg)
>>10694

I'm not being defeatist.
I'm just saying that security will be a matter of organised groups, because of its complication.
When I say that everything is backdoored, I'm not saying that every piece of hardware, every piece of software is backdoored. I'm saying that if you right now use most of the hardware produced by big companies, it's backdoored. I mean, there always will be a flaw to fuck you up. That's why they don't need to kill encryption. It's so easy to get around. Even though the high instances can fuck any regular encryption, since they're now using quantic encryption at the high state level.
All I'm saying is that hacking is gonna get harder and harder.
And I'm pretty sure that they're gonna find a solution, for the bugs. Maybe a trained AI who correct them, maybe some kind of (easy) method to prove that a program is sure etc...

>>10692

I would say that it mostly require money.
Give me one billion, and a state secret service, and I'll hire the biggest scientists out of college, build a base in antartica and make them create tech 20 years ahead.
It's pretty easy to conceive. A secret service is a mafia. They handle drug traffic, weapons traffic, wars etc... I don't thing that a DARPA kind of companies somewhere with a false name is that hard to make for them.

And please, stop with the paranoid meme. If you have a smartphone, then you're fucked. If you use any intel proc, then you're fucked. There is not paranoia in this. Tor never ever was designed to counter a traffic analysis attack. So it does not protect you from mass surveillance. Maybe it could be a piece in the process, but certainly not an end in itself.

Btw, I highly think that Snowden is actually an american agent. He haven't actually revealed much that the professional, even considered paranoid, didn't know back then. But that's mostly speculation. The why would be a big psyops attack on the world, making everyone fear the NSA capabilities, and make them be implicitly totaly transparency towards the government.


Anonymous 08/12/2017 (Sat) 19:07:06 [Preview] No. 10698 del
(822.55 KB 900x900 1501580580130.jpg)
>>10695

"Formal methods" are not a panacea. There is no guarantee that a formal specification takes into account all of the behaviors that could present a security risk. In addition, the software that is commonly used for these sorts of tasks--Isabelle/HOL, Coq, Agda, etc.--is _software_. It can contain bugs. There's no guarantee that the software correctly proves that a given piece of software correctly implements the specification, which, again, may be imperfect itself.

Even seL4, which you repeatedly shill on this board, even though it's useless to most of the people here (and 99.99999% (repeating) in the real world), comes with a trainload of caveats.

>What are the proof assumptions?
>The brief version is: we assume that in-kernel assembly code is correct,
!
>hardware behaves correctly,
!
>in-kernel hardware management (TLB and caches) is correct, and boot code is correct. The hardware model assumes DMA to be off or to be trusted.
!
>The security proofs additionally give a list of conditions how the system is configured.

So before the proof can even be considered, all of these assumptions have to be taken into account. To take just one, the part about no or trusted DMA is basically a killer for using seL4 on real hardware, as _any_ PCI device has DMA. Your video card, Ethernet card, wireless chip, SD card reader, etc. If your computer has any of those, the assumptions no longer hold, and you can toss out the proof.

And, of course, even with all of these caveats, the proof is incredibly complicated. IIRC, while seL4 is only a few thousand lines of C code, the proof is over 100,000 lines of code.

How long would the proof for a modern web browser be? 100,000,000 lines? More? The code for the browsers themselves runs to several million lines of code, so if the ratio from seL4 holds, it might actually take over a billion lines of proof code for a browser.

As I pointed out to you months ago, you are overconfident about the potential for "formal methods" to create secure software, partially because you don't fully understand what's involved (as when you confused verification of the Wireguard protocol with the Wireguard code), and partially because you don't seem to realize that people are not going to give up complex software and, instead, sit at their computers typing "ls" over and over on a stripped-down machine running seL4, and that the vast majority of complex software will probably never be formally verified. It would take a science and engineering effort equivalent to the Apollo program to formally verify even one major web browser. It's not happening.

Any sufficiently advanced technology is indistinguishable from magic. You have a very magical view of "formal methods."

>>10696

Your post contains a number of factual errors so basic that I don't see any point in engaging with it. One example:

>Even though the high instances can fuck any regular encryption, since they're now using quantic encryption at the high state level.

To the extent that I can decipher this sentence, it is clear you have no idea what you're talking about.


Endwall 08/12/2017 (Sat) 19:25:45 [Preview] No. 10699 del
For people who don't care about their online anonymity, their computer privacy or their computer security, they're doing fine, they don't care about this issue because it isn't affecting their lives, so forget them, let them use whatever. It would be nice if everyone did safe computing and routinely encrypted their messages but this isn't likely to happen with your standard non technical Windows user sending emails in plain text.

Unfortunately when you have to interact with one of these "non technical" people by email you're forced to expose yourself to plain text email by being the couterparty to their communications. I get drawn into plain text clearnet surveillance in the course of living my daily life.

So you are forced to have a "double life", a face for the public and a then your "private" , "anonymous" online communication behaviour.

So what I'm saying is that I don't think there is a solution for the mass market, as was mentioned here >>10693 , people just want to click a button and for it to work. Too complex but let them have it. As technology marches forward people want more and more. They want high definition video streaming over wifi with a single button click, and a shiny fancy GUI. That needs serious computing power and broadband highspeed internet, so you need to get the latest and greatest 4.0Ghz Intel 20 core processor for it to work seemlessly.

Now for people who do care about security, and who want to communicate securely, there is an answer to this problem. Simplicity. We need to go back to the 8bit computer and the simplicity of single tasking, and programs running on basic. Think Commodore 64, Apple ][, Tandy TRS 80. People used that back in the 80s to access BBS services over the phone line so why can't we do this again but this time better? Turn the computer on and its clean ready to take instructions, turn it off and it dumps the memory and your restart. Don't trust the BASIC ROM? Then swap the chip out with your own hands/tools.

A 1Mhz processsor should be enough for sending email over ethernet, or for posting to a message board by HTTP.

I've seen so many 8 bit retro computer projects so this is doable on a personal level and a commercial offering/project could be made available with some effort.


Anonymous 08/12/2017 (Sat) 21:15:29 [Preview] No. 10700 del
Your argument is based on:
https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%3F
The only two things I agree with your post:
>>[depends that] hardware behaves correctly
That's why I've said NISC *could* be a solution.
Here, let me quote for you:
>"we could see better software."
>"could"
But:
>because you don't fully understand what's involved [and then you give a cherry picking example]
Agreed. Not ironically, I've even said that for myself. Let me quote again:
>"But I'm not an specialist and don't understand nothing of this, really."
You seem you're so desperately trying to "debunk" me that you don't even read anymore my commends, you just follow your confirmation bias. Is that some problem you have with your personal life, like you have some issues with authority (father)? This is not a competition.

>Any sufficiently advanced technology is indistinguishable from magic.
https://en.wikipedia.org/wiki/Horn_clause

If you want to this path:
https://en.wikipedia.org/wiki/Infinite_regress
https://en.wikipedia.org/wiki/M%C3%BCnchhausen_trilemma
https://en.wikipedia.org/wiki/Non-classical_logic
https://en.wikipedia.org/wiki/G%C3%B6del%27s_incompleteness_theorems


Anonymous 08/12/2017 (Sat) 22:01:23 [Preview] No. 10701 del
(70.98 KB 335x335 bigjuicybobs.jpg)
>>10700

From irrelevant links to Wikipedia to bizarre accusations of my having a problem with authority (even though you're not an authority over anything, or on anything), your post runs the gamut from garbage to shit.

Let me break this down for you: When you say stupid shit, I point out that you have said stupid shit. That's it. It's really that simple. I don't have any personal vendetta against you. You just say a lot of stupid shit.

Also the whole "I never claimed to be an expert" line is getting tiresome. You're perfectly content to speak as though you know what you're talking about until you get BTFO, then you're back to simpering about how you never actually claimed to be an expert, or to be well-versed in whatever. It's pathetic. When you say something like:

>No need for auditing the software, if you use formal methods along the way.

there's no "maybe", or "I think", or "Some stuff I've read leads me to believe that" or "in certain situations". Nothing conditional. It's a confident statement with no qualifiers that reveals the depth of your ignorance about the limitations of formal verification.

And you make these kinds of ridiculous assertions all the time.

Basically, if you want to cease experiencing daily asshurt over having your wild, inaccurate, and unrealistic claims challenged on this board you can:

1. Make claims that are less wild, inaccurate, and unrealistic, OR
2. Wait for me to get tired of correcting an ineducable autistic to the point that I find something better to do with my time and leave again for half a year.

I'm getting pretty bored with you again, so you might want to just wait for 2.


Anonymous 08/12/2017 (Sat) 22:41:28 [Preview] No. 10702 del
>>10701
Give me the run down on bob here


Anonymous 08/13/2017 (Sun) 04:46:23 [Preview] No. 10705 del
>>10693
The initial reason I advocated for light single-purpose programs was to minimize the probability of bugs and an easier code to audit or review. If one wanted to minimize bugs and have a clearly defined path for a process to go, various single-purpose programs working together as a net would be ideal, however, this is inefficient and calls for work that many are not willing to put in.

>but most people build nothing
I should have changed that sentence to say "with room for savvy and inventive users with to build and add onto it"

>satellites that can predict weather patterns w/ single-purpose programs
It is possible, but not ideal, this is an instance where single-purpose programs would not be ideal.

>you are uninformed
I am aware of the data collection.

>you are naive
I have yet to see cold hard evidence of oppression by wealthy countries, but this may be due to my incompetence when it comes to investigating into issues.

>you lack imagination
I have pondered various paths that the present may take, and I typically see collected data being used to advertise towards the people being datamined. Most companies collect data without a purpose as a contingency plan in case said data becomes of use to them. Quantum computers may have already been invented, I have absolutely no idea, this entire reality could be my mind toying with itself, all of my true senses cut off with my mind rendering this world to put itself to use.

I never trusted snowden from the start, could have very easily been employed by the government to say everything, they are unpredictable, and if you think that they made a wrong move by exposing people to the datamining, it could have benefited them.

I seek a teacher to aid me on my journey to become enlightened, and this thread is full of em.


Anonymous 08/13/2017 (Sun) 13:09:38 [Preview] No. 10707 del
>>10698

>Even though the high instances can fuck any regular encryption, since they're now using quantic encryption at the high state level.

Deciphering algorythm using regular computation is linear, where algorithm using quantum computing is logarithmic. That means that everything encrypted with the regular encryption algo can be broken by quantum algo, no matter what is the length of the key, since it's logarythmic.

I'm not a native english speaker, so maybe am I using the wrong words. Moreover, I'm certainly not a quantum specialised physicist.
But I personaly consider the current encryption as broken.
It's maybe expansive to do so, but if I remember well, the services keep anything encrypted, waiting to later decypher it when it's cheaper anyway.
As I said, they don't need to bruteforce most of the time. I don't find it back, but a guy in a conference explained that the standard for encryption implementation haven been made so complicated that you can't code anything without exploit.

That's for all these reason, that I said that if you want to do anything serious here, you can't do shit alone. You need an organisation.

The main goal of free software/open source is to meet the requirement of the basic engineer worker; he needs a motive, he needs to feel having his skill sharpen. That's why a lot of companies actually encourage their worker to work in open source. It's very good for productivity. It was certainly not the original motive, but it certainly is now.


Anonymous 08/13/2017 (Sun) 13:28:54 [Preview] No. 10708 del
>>10701
This poster must be what trolls start off as like until they start to underachieve on imageboards as hard as they underachieve in real life.


Anonymous 08/13/2017 (Sun) 14:58:07 [Preview] No. 10709 del
>>10708
Extremely intelligent and dedicated trolls are funny as fuck and actually achieve what they desire and do it with a passion, the massive majority of trolls are idiots who think that wasting someones time and pissing them off for a few minutes is trolling.

Based on my observations, it seems that the majority of "idiots" are incapable of learning or becoming more intelligent in life, those who appeared to be idiots and later became highly intelligent may have never been idiots in the first place, just victims to peer influence and a blurry outlook on life and their purpose. I never understand why people try so very hard to prove themselves correct when their arguments are easily refuted with better alternatives to their recommendations (Better at performing the original softwares job). Is it a fear of being proven wrong? Is it egotism at work not allowing the individual to accept defeat and the fact that they were wrong for once? Is it a sad attempt at trolling that was flipped to target the original troll?

A large part of intelligence and "evolving" or becoming "enlightened" is to not allow egoism to consume you and striving to remain open minded (There are no levels of open-mindedness, you either are or aren't). People need to throw out their old beliefs if new better ones are acknowledged, even if an individual dedicated large amounts of mental power and time into the old beliefs.

I openly welcome any individuals on here to refute the points I have made in this post and to correct me if I have made any incorrect or false claims.


Anonymous 08/14/2017 (Mon) 15:07:28 [Preview] No. 10714 del
(80.40 KB 588x437 fuckhornleghorn.jpg)
>>10704

Unangstfag status: blown the fuck out.

>>10707

>That means that everything encrypted with the regular encryption algo can be broken by quantum algo

You have no idea what you're talking about. Go read up on:

Public-key encryption
Symmetric encryption
The integer factorization problem
The discrete logarithm problem
Shor's algorithm
Grover's algorithm


Anonymous 08/14/2017 (Mon) 21:48:40 [Preview] No. 10718 del
>>10714

If regular encryption is not dead, why every rich coutries use quantum computing to secure their com?


Anonymous 08/15/2017 (Tue) 02:50:32 [Preview] No. 10722 del
>>10718
""""""""""""""""""""""FUTURE PROOFING""""""""""""
(aka the lockmart strategy, buzzwords and vertical integration mixed with government contracts is an easy way to build wealth, i.e. stable investment or money laundering)


Anonymous 08/15/2017 (Tue) 04:10:59 [Preview] No. 10725 del
>>10718

You have no idea what you're talking about. Go read up on:

Public-key encryption
Symmetric encryption
The integer factorization problem
The discrete logarithm problem
Shor's algorithm
Grover's algorithm



Top | Return | Catalog | Post a reply