/tech/ - Technology


Posting mode: Reply

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images

(318.16 KB 1024x1400 1468989659852-2.jpg)
Essential Software Thread Anonymous 03/24/2018 (Sat) 20:24:11 [Preview] No. 12520
Can we get a /software/ thread going? Preferably something better than pic related, which is total bullshit.

Anonymous 03/24/2018 (Sat) 21:53:42 [Preview] No.12521 del
Crosspost from 8chan but whatever.

>Web Browser
If you geniunely prefer Chrome then your ideal choice would be ungoogled-Chromium by eloston for its privacy enhancing features, followed by Iridium. Available for Windows, MacOS, and GNU/Linux.

If you hate Firefox-based browsers, then Qupzilla for GNU/Linux is not a bad option, if you like the Qt toolkit. It is multi-process like Chromium but has decent customizability despite what I suppose to be a lack of extensions.

If you want a text-based browser just in case, I personally prefer Links, which can be used in the terminal (but excludes images), or with its own GUI and image support. Its default colorscheme is black and white in terminal, but in its own GUI you can change the color scheme however you like. Elinks (appears to be terminal-based, as I have never used it) is more colorful and more closely reproduces the actual look of websites but it lacks image support (I think) and has not been updated since 2012.

Finally, for Firefox-based browsers (my personal choice), you have a decent number of options. Firefox is out of the question---removing features kills half of what it was superior at, and adding botnet kills the other half. The lack of responsiveness to user concerns just adds to justified Mozilla hate. Wouldn't recommend Mozilla's Firefox at all---it's bloated and slow.
If you are on Windows and want an actual FF browser, your best choice is Waterfox, which is based on version 56 before the switch to Quantum with 57, and the developer plains to keep to 56 while backporting updates from mainline. If you can build from source, IceCat is even better than Waterfox in my experience. Because no one has bothered compiling Windows binaries, the latest version available pre-built is 38.8.0. If you are using GNU/L, IceCat may be a better choice. I am currently on Fedora and it was in at least one repository, whereas Waterfox was not. As for performance, I have seen Waterfox (multi-process disabled) very often consume more memory than IceCat. However, I run uMatrix on IceCat and nothing on Waterfox, so it could just be bloated Javascript demanding more resources on Waterfox. Honestly, download both as soon as you can, and make sure you have extensions from the soon-to-die Addon Repository that will work with both browsers; it's not clear how long IceCat and Waterfox will be kept alive, so have both on hand.
Finally, Seamonkey. It's an okay browser. It does more than you probably need it to, but it uses far less memory than FF-based browsers while still having some addon support. I keep it around right now for contingency, as I haven't found a use case for it yet.

Anonymous 03/24/2018 (Sat) 22:08:30 [Preview] No.12522 del
>Media Player
I used to use VLC but then I tried MPV and on my immediate first comparison, VLC desynced the video and had pixellation and such. I also gave them both very intensive video that requires more resources than my laptop could provide, and MPV managed to struggle through and give me more frames than VLC, which would give me a snapshot like every ten seconds followed by a freeze frame for the duration of that time. MPV is a better video player than VLC but the UI is crap in my opinion---to get at features that are right there in the GUI for VLC, I probably have to read the manual for MPV. For example, the default volume control is either audio on or mute---no option to increment.

>Network Manager
Wicd is great. It lets you set a whole bunch of different configurations to allow you to connect to any network you want. My school's wireless is PEAP with GTC, and I was able to very easily set up my password and connect. Wangblowz never let me do that. Unlike Wangblowz, I could also see multiple channels for my school network, that allowed me to connect to whichever gave the best signal strength at my location. And finally, whenever you happen to disconnect, it will reconnect you to a working channel, so you don't have to.

Network Manager from the sucksomedicks system in comparison is trash. Whenever I am disconnected, it lets me stay disconnected. I can't see multiple channels, so I have to let it just connect me to whichever it feels like, even if the channel is suboptimal, which I would know since I have Wicd installed along side it---unfortunately, Network Manager prevents me from actually connecting to things with Wicd.

Anonymous 03/24/2018 (Sat) 22:12:34 [Preview] No.12523 del
>No Windows Equivalents for GNU/Linux
ShareX for screenshotting, SumatraPDF for PDF viewing, and AIMP for music playing. I tried Wine for ShareX and it didn't work, but I didn't try hard to get it working. I found this software called KShare which might do the job but it doesn't offer an RPM package and I haven't learned how to build from source on this system yet.

Anonymous 03/25/2018 (Sun) 11:51:18 [Preview] No.12527 del

- mupdf
- Links2
- Tor
- youtube-dl
- mpv or ffplay
- tmux or ion3 (window manager)
- transmission or btpd
- newsbeuter (or newsboat, the newer fork)
- xclip
- Basic unix tools (vi, man, ls, cp, mv, grep, cat, etc)

Needed sometimes:
- ffmpeg (it's required my mpv and ffplay anyway)
- imagemagick (file convertions)

Anonymous 04/07/2018 (Sat) 00:38:45 [Preview] No.12550 del
for sharex try sharenix

Anonymous 04/07/2018 (Sat) 18:53:47 [Preview] No.12553 del
Anyone have any good, free (freedom-wise and price-wise) p2p software? Don't know anything about p2p, and I need to prepare for the internet censorship that seems likely in the future.

Anonymous 04/08/2018 (Sun) 00:22:27 [Preview] No.12555 del
Let me help you /news/fag, check out the links in the bottom right of this website: http://theunhivedmind.com/UHM/

Anonymous 04/08/2018 (Sun) 06:05:34 [Preview] No.12557 del
I'm not a /news/fag, I'm just very paranoid about the government (which I suspect most people on this board are). I'll admit, though, I do go there occasionally, and I probably was thinking about /news/ article #367893857647389487564738475 about internet censorship "totally coming tommorow for reelz." Considering how much /tech/ cares about privacy, I don't trust that link considering that a /tech/ anon posted it in http:/. Makes me suspicious.

Anonymous 04/08/2018 (Sun) 06:51:24 [Preview] No.12558 del
How pathetic, you probably won't hear of any argument against the whole pro HTTPS nonsense in the following link: http://n-gate.com/software/ just because it's in http, so you would rather say, use an archival system that lets you view a website in https. Guess what, there's nothing stopping you from using http on endchan unless you have something installed that forces https connections. Here's basically the same webpage https://https-gate.com/software/ your argument isn't so concrete. Don't trust me? Archive that other website with a web archival and compare the differences for yourself.

Anonymous 04/09/2018 (Mon) 16:20:26 [Preview] No.12567 del
Nothing stops a government or ISP that enforces Internet censorship to block all peer-to-peer traffic within it's jurisdiction. Bittorrent was easy, i2p is too. Most of current p2p networks are just an extended academic projects larp or cypherpunk circlejerks. Yes, some of them provided server/user anonymity, others give content distribution, but in the end they all rely on wires put by your ISP and heavily monitored by your government. If you are afraid of spooks, you'll have to lay your own physical networks from the scratch. I talk about underground meshnets and things like that.
Here is a list better than shady reptile jews lmao based putin brics is not another globalist polar trick amirite maga dog bless hitler did nothing wrong kind of cianigger d&c website that proposes to use Yandex browser and Deepin as alternative to Google and Microsoft products:

Anonymous 04/09/2018 (Mon) 16:26:16 [Preview] No.12568 del
How can they block Peer to Peer (node to node) though? Wouldn't that require a lot of work, including sabotaging critical internet infrastructure?

Anonymous 04/09/2018 (Mon) 16:40:40 [Preview] No.12569 del
Forbid all residential IPs to connect to other residential IPs for example.
Users will have to buy a more expensive "Business" package to become a "content provider" so others can connect to them within ISP infrastructure boundaries or rent a "cloud" vps that can be easily monitored by a hosting company.

Anonymous 04/09/2018 (Mon) 16:58:39 [Preview] No.12570 del
So many people would quite using the internet then, I think this would tank tech companies' stocks and profits in a major blowback, similar to the cable cutter movement. I hope they are not stupid and belligerent enough to do such a thing I say HOPE because I have little to no trust or respect for our authority figures today.

Anonymous 04/09/2018 (Mon) 17:50:44 [Preview] No.12571 del
Your average "Internet user" accesses only big-company websites and services from his pocket device that barely works longer than 12 hours on battery, not everyone even has a home PC or a laptop, let a "home server" that would justify the unthrottled connection, public IP address and access to neighborhood LAN. There will be no outrage, only "weird" guys host things at home and use p2p networks for file sharing and communication when Netflix subscription costs as much as 3 cups of Mocha Fappuccino Chai in Starbuxa and Facebook still works. Worked for China, Russia, Worst Korea and UK, will work in US.

Anonymous 04/09/2018 (Mon) 18:26:53 [Preview] No.12572 del
God damn it we are so fucked. I plan on living off-grid then, luckily I have have some outdoor experience because I am one of those "crazy" preppers. Not that I'll bugging innawoods, I'll just be living my own life offline thats all.

Anonymous 04/10/2018 (Tue) 07:36:31 [Preview] No.12578 del
(115.59 KB 1293x599 botnet definition.png)
>Anyone have any good, free (freedom-wise and price-wise) p2p software?
Could you explain a bit more what you're asking for here? Do you want anonymous filesharing? Distributed web? Effective search engine? P2P is a nebulous term.

Anonymous 04/10/2018 (Tue) 07:39:09 [Preview] No.12579 del
Don't listen to that retard. Using HTTPS is important; only an irresponsible shitter would share an HTTP link that could have easily been secured.

Anonymous Board owner 04/10/2018 (Tue) 20:05:33 [Preview] No.12585 del
Here's the joke pipsqueak, your ISP will know which links you've clicked on on HTTPS and HTTP.

Link for dumb pussies not using proxies https://archive.li/mv9uZ

Anonymous Board owner 04/10/2018 (Tue) 20:11:36 [Preview] No.12586 del
Better off sharing something like weboas.is than a damn Wordpress blog :P

Anonymous 04/10/2018 (Tue) 20:20:35 [Preview] No.12587 del
I use HTTPS everywhere, noscript (manually re-configured for my browsing habits), Random Agent Spoofer, Tin Foil (well some of the options, not in full mode), disabled most chromium vulnerabilities with about:config and also use a private VPN (w/ encryption), and I use a Linux OS... am I safe at this point?

Anonymous 04/10/2018 (Tue) 20:27:01 [Preview] No.12588 del

Anonymous 04/10/2018 (Tue) 21:19:28 [Preview] No.12591 del
>let me put on my board owner trip for extra credibility points
I figured you were the one I was calling a retard.

And what point does that prove? Yes, they can see what links you visit. They cannot see however the content as you receive it under HTTPS, as they can under HTTP. They can't snoop on the content.

Now answer me this: what do you have to lose by adding an 's' to links before you share them, when such a link exists? Is it really that much effort, for no significant benefit?

Safe from what? I've read anons in the past who reminded us that there's a difference between privacy, and security, and anonymity. Which are you going for? What bases does your setup cover? You have to get clear on that.

Anonymous Board owner 04/10/2018 (Tue) 22:40:15 [Preview] No.12592 del
They (the CA Issuer) can just revoke the certificate and flag a site "insecure", and BAM!, the website's inaccessible to multiple modern compromised web browsers that blocks all http content. You wouldn't trust GoDaddy to not mess with your super controversial and popular website would you? Let's Encrypt is only marginally better than the other CAs but it is still a third party. Of course a shut down of a domain is more often than not what's usually done instead of revoking certificates and being added to a CRL. An unnecessary layer of obfuscation that can and had been used to take people down. Of course http is dirty, but there's much lost info in http sites run by incompetent people that has competent noteworthy information on it which if you're too chicken to click, that's your own problem. Such websites can be dealt with using web proxies, webpage archival, website archival, etc., but some websites block all robots and crawlers despite running on http. If you're afraid of getting 0wn3d, check the website link on some random online antivirus link checker that you think is reliable to see if it has something bad in it. Just because a website uses https doesn't mean it's safe. I don't blame those who use http on their websites, the problem is most often the person behind the keyboard, not the web host, not even the ISP, though there are some blame on datamining sites. The only reason to use HTTPS is really not for privacy but for security, but you don't need to secure what you don't need to send private information to and from the site you're accessing. You can't log into an endchan account and moderate without using https, but you can post and reply on the http site.

Anonymous Board owner 04/10/2018 (Tue) 22:46:56 [Preview] No.12593 del
tl;dr, just because you can use https doesn't mean you need to use https, you'll be better off using a VPN so that your ISP have no idea what links you're even clicking if you care about privacy more than security.

Anonymous 04/10/2018 (Tue) 23:18:22 [Preview] No.12594 del
>Safe from what? I've read anons in the past who reminded us that there's a difference between privacy, and security, and anonymity. Which are you going for? What bases does your setup cover? You have to get clear on that.

I consider privacy = security. As long as my activity remains anonymous and is (at least very difficult) to trace back to me then I consider myself secure. So I use multiple obfuscation methods (security add-ons for my browser as mentioned), avoid corporate social media, forward secrecy and use a private VPN (in which I change the IP address routinely). I'm wondering if that keeps me safe enough?

Anonymous 04/10/2018 (Tue) 23:38:03 [Preview] No.12595 del
quick response for now: I'm not talking about those cases where no https version exists.

Anonymous 04/10/2018 (Tue) 23:48:44 [Preview] No.12596 del
The more security you have, the more layers of obfuscation you have, the more points of failure, the more maintenance required. Some security is necessary for some privacy at a certain layer to deliver certain private information to other systems or people using the same protocols, but it's just to assure a certain level of communication that one trusts and feels that it is necessary to hide private information from those that look for it. Online privacy is information that's to be separated from the public that you don't want to be accessed by the public but only a secure connection between one or more people that nobody else knows about. If those that you privately contact chose to betray you, they can leak confidential private information to the public or to others privately. One can use a secure channel but say nothing of private confidential information. The front end of a website is what's publicly accessible which should never have private confidential information that shouldn't be publicly accessed. Security is a means for privacy but is not privacy in and of itself. Using a VPN for example hides what you do from your ISP but it doesn't hide what you from the ISP of what the VPN uses, so even securing the VPN connection doesn't mean privacy, just a layer of security. Let's say the FBI goes to your home and asks you to decrypt your hard drive or else they'll break your bones. You are the ultimate key to all of your data that's at least accessible by you. Multi signing is a higher level of security, but if some secret or public organization gets the private keys of all of the people responsible for its creation, it's compromised. Privacy deals with trust management which uses security but is not merely security. True anonymity probably doesn't truly exist online, only obfuscation of identity is real.

Just because some websites have https doesn't mean it's properly implemented https and so doesn't redirect its users to its https site but instead its http site because that's what the people running the site wants you to use their site the way they want you to. If you refuse, go complain to the people running that website without accessing it's http website somehow. Poorly implemented https sites are all over the place, and if they really properly set up https, they will redirect all http requests to https because most people that set up https tend to also care about SEO scores.

Anonymous 04/13/2018 (Fri) 00:40:51 [Preview] No.12605 del
(407.08 KB 1000x625 1521318969907.jpg)
Yeah, I stand by my response here >>12595

I'm not saying never share or visit HTTP links. I'm saying that HTTPS is better than HTTP when available (and that means, taking into account also your countercase, you aren't just being redirected away from the HTTPS site). Your response doesn't say anything against that.

On using a VPN, you need to distinguish between using a home VPN and commercial VPN. Commercial VPN is better for privacy than a home VPN when you trust the provider, because they give you an IP Address that isn't your own.
HTTPS is better than HTTP because the data is encrypted, can't be easily snooped on.

So, obviously, HTTPS with VPN would be best from a privacy and security standpoint, but this isn't what I was talking about.

Alright, alright. Going off your conception of this then, let's look again at your setup.
>I use HTTPS everywhere, noscript (manually re-configured for my browsing habits), Random Agent Spoofer, Tin Foil (well some of the options, not in full mode), disabled most chromium vulnerabilities with about:config and also use a private VPN (w/ encryption), and I use a Linux OS... am I safe at this point?
I'll need to break it down.
What you want is for it to be as stripped down as ungoogled-chromium, which is a distribution of chromium with anti-google patchsets from Iridium and Inox applied, as well as eloston (the founder's) own fixes, if you aren't just going to use ungoogled-chromium itself. I don't think anybody is quite sure to what extent Chromium is Googled, so removing as much as you can from what has been found out is good practice. Just fiddling with about:config is not enough.
>Private VPN
A home VPN? You want a commercial VPN like AirVPN which is going to give you a different IP address than your own, is highly unlikely to divulge your data to 3rd parties, and in fact keeps little to no data about you at all. Paid VPN is the only way to go if you care about the Government spying on you.
>Linux OS
Depends on which one. Better than Windows, surely, but that's a low bar. Ubuntu has recently started data collection, and they had that Amazon integration; Mint is a hack of different pieces that would be easy to exploit; systemd hasn't been audited and its development has been driven by a company which receives funding from the NSA, and for some strange reason unknown to me, has even become a dependency for TOR (to be more specific, lib-systemd). Systemd has now become the standard init+ system in most of the major distributions, so if this is concerning, then a lot of those, including Debian and Fedora, are off the table as far as being "safe" or trustworthy.
All this to say, it depends on which distribution of Linux you're using.
uMatrix is strictly better if you know how to use it, but Noscript is eh, better than nothing.

One thing to be aware with browsers is that there is this mechanism, Canvas fingerprinting, by which sites can identify you. They can use the data of how your browser responds to page request to determine which browser you are actually using, even if you spoof the user agent; I've also heard that how many extensions you have or what extensions are installed could also be used to identify you. /g/ used to have threads about it, and link to fingerprinting websites that show you whether you are safe or not, and how so. I'd look up 'browser fingerprinting test' and see whether you can be identified with your setup (like it tells you how unique your browser is compared to the millions of other users out there).

Not quite safe, there's more to consider and to do if you treat Privacy+Security+Anonymity as the end-all-be-all.

Anonymous 04/13/2018 (Fri) 00:51:50 [Preview] No.12607 del

Anonymous 04/13/2018 (Fri) 01:55:05 [Preview] No.12608 del
There's some websites that improperly loads from a http site into the https front end, not truly secure, AKA: mixed content. Websites that are slower when using https instead of it's regular http site has more often than not mixed content not from same origin.

Your so called argument has to take into multiple variables, it was a loaded question and so there's no simple yes or no answer to it and so there's no definitive "yes" or "no", it must consider all of the variables, while your loaded question was used in response to my previous points like how the ISP (any ISP) will know what links you've clicked and the various concerns in using a third party between you, the web host, and the domain host (if they're not one and the same) that can at any moment revoke certificates willingly or unwillingly from the web browser side or the certificate issuers which sometimes try to mess with the certificates used by the web browser, making certain websites inaccessible that way.

If an https site has the locked green padlock it's safer than https site without the padlock. https://www.whynopadlock.com/

Even assuming a website has some A+ score on observatory.mozilla.org (which mind you, my own personal website has an A+ score), absolutely any layer of security isn't guaranteed privacy. Your nit picking on about me not specifying specific types of VPNs is avoiding the core failure of you needing to trust protocols upon protocols yet my point is that any layer of security opens up more variable points of failure that you merely assume that you can circumvent before it is exploited when really that can't be done, nobody knows the future. Securing the most direct path from point A to B is better than securing point A-Z, while there's more trust in the information the less filters it has to go through. Have you ever played telephone or chinese whispers? The more people that have to pass the message verbally, the more distorted the original message becomes until it's totally indecipherable at the end of the chain.

All I'm saying is that no single protocol should ever gain 100% of your trust, neither one or the other, so everyone is wrong if they answer yes or no to the whole trusting https over http thing because that's not how it works in real life. I would trust a letter with a tamper evident seal on the envelope more than I trust any protocol that connects me to the internet.

Top | Return | Catalog | Post a reply