/tech/ - Technology

Brought to you by archive.org

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

(115.40 KB 1600x900 douglas_rushkoff.jpg)
List of Security and Privacy Best Practices Anonymous 08/16/2017 (Wed) 08:52:20 [Preview] No. 10740 [Reply] [Last 50 Posts]
Following the other thread, here's the first version of the list:
- Tor hidden service: http://hjvx7xg3n4ejezmh.onion/
- 'Clearnet' Mirror (no styles): https://hjvx7xg3n4ejezmh.onion.cab/

If you want to contribute, post here on this thread.
Thanks to "Endwall" to host it.
45 posts and 12 images omitted.

Anonymous 08/26/2017 (Sat) 17:21:28 [Preview] No. 10895 del
Why do you even need dnscrypt if you don't use vpns ?

Anonymous 08/26/2017 (Sat) 18:36:15 [Preview] No. 10896 del
DNS poisoning, DNS spoofing. If your government censors the web you'll know what I mean.

btw, DNS does leak a substantial amount of metadata. ofc, encrypting DNS alone helps your nothing, but it's good to do so as defense-in-depth.

And a bonus, my local DNS server saved me twice, I accidentally queried ".onion" and ".i2p" domains I wanted to access while surfing the clearnet...blocked by my DNS.

Anonymous 08/27/2017 (Sun) 16:47:58 [Preview] No. 10909 del
What about local hoarding of zone transfers or distributed DNS systems like DNSchain?
Also, why would you trust single DNSCrypt resolver when anybody can make one and claim to keep no logs and serve legit queries? It would be better to fail-proof with multiple server queries at least.

Anonymous 08/27/2017 (Sun) 17:14:32 [Preview] No. 10910 del
>- Randomize Mac Address (in case you're using public wifi):
>calomel.org ever
Or use:
ifconfig $interface lladdr random

Anonymous 08/27/2017 (Sun) 17:16:14 [Preview] No. 10911 del
I forgot to mention that is for OpenBSD

(90.45 KB 640x360 cloud.jpg)
Cloud Encryption Best Practices? Anonymous 08/23/2017 (Wed) 23:28:21 [Preview] No. 10882 [Reply] [Last 50 Posts]
Say I need to store private files on some public cloud service because reasons. I'm going to encrypt the shit out of it, I want that crypto to hold up against reasonable opportunistic adversaries, and I want it to hold up for the foreseeable future.

"Reasonable opportunistic adversaries" means I don't expect to be the personal target of a well-funded spook agency. Law enforcement dragnets, opportunistic hackers and snooping providers are all relevant however.

"Foreseeable future" should be decades.

My instinct is to rely on something straightforward and established like gpg --symmetric, but it doesn't feel nearly autistic enough to be truly secure.

Should I consider non-standard ciphers? AES has theoretical attacks now, but 2^256 -> 2^254.4 is barely scratching it. Twofish and Serpent have only been attacked with reduced rounds. All are already over a decade old but nothing truly new seems to be on the horizon. Quantum comp apparently isn't the huge threat here that it is to public key.

Is it worthwhile cascading ciphers like Veracrypt does? Can this be done competently with gpg/other tools? I see mixed opinions out there about the benefits vs the risk to new attacks.

Is it worth obfuscating the ciphertext? Would using non-standard cipher settings, memorizing them then stripping headers protect the data in practice even if the cipher becomes weak in the future? Would wrapping it in other containers make it look more innocent to an adversary find/grepping for "interesting" files to analyze?

Tell me how wrong I am, /tech/.

Anonymous 08/24/2017 (Thu) 00:44:56 [Preview] No. 10883 del
>Should I consider non-standard ciphers?
No. Use AES-256 from a good library like libsodium. It's resistent from even quantum attacks.

I'd suggest:
- Set up a openbsd server
- Close all connections using pf(4), except the SSH port
- Change securelevel(7) to level 2 (so the pf rules can't be changed):

- Encrypt files on your computer with reop or gpg (reop uses AES256 by default)
- Use scp(1) to transfer files:

Anonymous 08/24/2017 (Thu) 07:52:49 [Preview] No. 10887 del
>Set up a openbsd server

OP is premised on the data being stored by someone else, in an uncontrollable environment. You're right that this would be easy otherwise.

Anonymous 08/24/2017 (Thu) 15:26:05 [Preview] No. 10890 del

The best practice would be not to store your data in "the cloud" in the first place.

But if you insist, use AES-256.

>Should I consider non-standard ciphers?


Other ciphers, like Camellia and Serpent, probably offer similar security, but Rijndael (the cipher in AES) has been subjected to a lot more cryptanalytic effort _because_ it was chosen for AES, and it remains unbroken.

>Quantum comp apparently isn't the huge threat here that it is to public key.

Mostly correct. A quantum computer that is able to run Shor's algorithm efficiently will be able to quickly recover the private key for data encrypted with a public-key cryptosystem that relies on the factorization of large integers or the discrete logarithm problem. There are public-key cryptosystems that are not based on these problems, and are not vulnerable to Shor's algorithm, but they are not in common use. All of the ones in common use (e.g. in SSL/TLS and PGP) are vulnerable, so it's important to note that quantum computing is currently projected to be a threat to some kinds of public-key encryption, not _all_ public-key encryption per se.

The PQCrypto group is currently refining a number of public-key cryptosystems that will remain secure even if efficient quantum computing is realized.

Message too long. Click here to view full text.

Web servers/ async programming Anonymous 08/23/2017 (Wed) 15:48:45 [Preview] No. 10881 [Reply] [Last 50 Posts]
I've been practicing network programming lately and was reading about the different web servers, how they work and so on.
I was wondering how Windows and windows based web servers perform compared to Linux since it has no epoll/kqueue. It turned out it has I/O Completion Ports. Then I searched for web server benchmark comparisons but there were no credible ones. Why has nobody compared these products yet?

This one implies that IIS outperforms nginx in every way and if that is true I want to know how it does that.

This one implies that g-wan is the fastest one (obviously, it's their product, therefore isn't a credible source).

That one also shills for IIS, but it's probably fake since the author doesn't mention anything about hardware or server configuration.

So my questions are:
- Does Windows' IOCP perform better than epoll/kqueue and if so - why? And why don't we implement it for *nix?
- Does IIS outperform nginx/apache and if so - how does it do it and is it related to the IOCP?

I cannot find credible sources and I hope someone here has more experience than me.

Message too long. Click here to view full text.

Anonymous 08/24/2017 (Thu) 01:04:38 [Preview] No. 10884 del
I don't have enough knowledge about http servers to answer you. But, I don't think performance is the only thing that matters.
And, it's also affected by many other configurations, such as where your cache is being written (this will depend on your disk write speed and your filesystem).
Open source unix-based systems have more flexibility to work with. You can compile linux, for example, to the bare minimum to work with and the resource usage will be trivial. Not like windows, where you can't disable low level stuff and need to have useless memory usage.
Morpheus with rwasa, for example, will give you very good performance:

Or, use NuttX. It's a realtime OS, and has it's on http server on base system:

(60.64 KB 350x350 NFPRP1-350x250.jpg)
Anonymous 08/18/2017 (Fri) 18:19:10 [Preview] No. 10827 [Reply] [Last 50 Posts]
Is there any way I can block google recapcha in hosts ? I appears on some 4chan archives and it drives me nuts because for some reason webkit uses like 40% of my cpu to render that shit
7 posts and 2 images omitted.

Anonymous 08/20/2017 (Sun) 11:54:44 [Preview] No. 10854 del

I don't want a trojan on my computer. But I guess that as a windows user, you have a limited understanding about why you should never ever use a close source program.

Anonymous 08/20/2017 (Sun) 19:15:10 [Preview] No. 10862 del
You can't block an entire domain in /etc/hosts, unless you have an entry for every single host, but that's not doable for something the scope of google. But you can block all of *.google.com if you run a local DNS server. For example, I have this entry in /var/unbound/etc/unbound.conf, since I don't want to have anything to do with fb ever:
local-zone: "facebook.com." refuse
I would do the same with google exept that I actually use their gmail service, and at one point they started to require you to "login to your google account" instead of just loging into the gmail.com domain.
They also have some other domains like googleapis.com, googlesyndication.com, and so forth. Probably best to get your browser to log everything and then check what other stuff needs blocking.
Also the hosts file from http://winhelp2002.mvps.org/hosts.htm is useful but doesn't cover everything.

Anonymous 08/21/2017 (Mon) 00:47:48 [Preview] No. 10863 del
My apologies, I don't know why I thought you were running windows. You should be able to do the same conceptual thing though - watch outbound DNS lookups - with tcpdump or whatever packet capturing utility you've got on your OS. I'll second 10862 - run a local DNS server.

Don't be a conclusion-jumping condescending douche. You've actually inspected the source code of a miniscule fraction of a percent of everything you are running right now, and if you think having source covers all your security bases, you're doing security wrong and relying on an unrealistic world view. Take inventory of all the proprietary tech and embedded systems you actually deal with on a daily basis. I'm pretty sure you aren't inspecting the source code running the ABS of nearby cars before crossing the street.

Anonymous 08/22/2017 (Tue) 22:51:50 [Preview] No. 10877 del

I founds this but I don't understand chink. Might be useful.

Anonymous 08/22/2017 (Tue) 22:55:48 [Preview] No. 10878 del
If a small bash script, I reckon you can extract the lines related to google in another file, change the ip to to each one and then append the resulting file to your hosts file. This should solve your problem op.

USSR home computer programs on tape Anonymous 07/09/2017 (Sun) 22:06:43 [Preview] No. 9625 [Reply] [Last 50 Posts]
Does anyone on /tech/ know how to get programs for old computer from audio cassette? What emulators can run that? Rips are on http://25dxotevqkqyhqgi.onion/
2 posts omitted.

Anonymous 07/09/2017 (Sun) 22:07:28 [Preview] No. 9629 del
If it is 8 bit computer produced by USSR it might be Agat. Their early edition came with cassette tape reader.


The processor of Agat was clone of MOS 6052 so you might want to check out emulators written for it.



Anonymous 07/09/2017 (Sun) 22:07:40 [Preview] No. 9630 del

but even if you dump the programs encoded in cassette it would be bunch of boring games and programming utilities.

Anonymous 08/21/2017 (Mon) 17:36:33 [Preview] No. 10868 del
Screenshot on Wikipedia page is an almost 100% evidence emulator exists.

Link no worky.

Anonymous 08/21/2017 (Mon) 21:37:46 [Preview] No. 10872 del
I suppose, you equip yourself with some kind of translation software and google for [Computer name + emulator] in Russian.
This is what quick search for Микро 80 эмулятор gave me:
As per games, you can feed wav audio directly to emulators.

(2.10 MB 3200x2368 g mustard rice 2.jpg)
Best version of windows for fucking with Anonymous 08/20/2017 (Sun) 08:12:04 [Preview] No. 10848 [Reply] [Last 50 Posts]
Hey guys, I don't like using windows but I had an itch to fuck with it a little.

I was thinking of taking a windows image, stripping the shit out of it with ntlite, then replace a bunch of stuff with versions from reactos and a different shell like blackbox.

Maybe windows 10? Anyone remember how to strip all the botnet shit from there?
12 posts and 1 image omitted.

Anonymous 08/21/2017 (Mon) 01:04:19 [Preview] No. 10864 del
Jesus Fuckin' Christ, buncha goddamned stuckup children here. Fuck your "not using windows is the most basic thing you can do" attitude. I've got two windows boxes, four *nix boxes, a mac, a pi, and a handful of other small machines within eyeshot. I use all of them. One of them is a slackware box that's been going since the late 90s. Lemon suckers going "ewwww! you're not using the right style of computator!" can be dismissed as closed-minded cunts. If it's Turing Complete then it's useful. Carry on, OP. I salute fucking with windows and everything else. *That's* freedom.

Anonymous 08/21/2017 (Mon) 02:24:12 [Preview] No. 10865 del

Thanks for participating in the ruin of freedom and privacy.

Anonymous 08/21/2017 (Mon) 06:18:48 [Preview] No. 10866 del
What a load of fucking shit, OP never stated that their main OS was windows or they used windows for sensitive tasks. Good for them if they are having fun and tinkering with an OS which in turn allows them to learn and become more fond of the inner workings of an OS.

Anonymous 08/21/2017 (Mon) 19:19:32 [Preview] No. 10869 del
Who made your hard drive? Is the firmware on its controller card proprietary or open source? How about your graphics card? Do you use thumbdrives?

It's not hypocrisy when an "Open Source or Nothing!" person disses me for "ruining freedom and privacy" while half the shit they use is proprietary, it's just ignorance. Stop thinking that you're special on the freedom and privacy issues. We're all in the same boat there.

Anonymous 08/21/2017 (Mon) 19:51:54 [Preview] No. 10870 del
>everyone gets a participation trophy
Get out of here. If op wants to tinker he can go to numerous other tinkering forums.

There is only one reason to tinker with Windows, and if it was OP's reason he would be more direct about it.

Anonymous 06/23/2017 (Fri) 22:32:50 [Preview] No. 8590 [Reply] [Last 50 Posts]
>VDPAU on my card doesn't support 10 bit profiles for h264
>my processor is too slow for software decoding scenes where there's a lot of action

is this Daiz's fault?

Anonymous 07/09/2017 (Sun) 23:15:10 [Preview] No. 9935 del

Anonymous 08/21/2017 (Mon) 17:10:21 [Preview] No. 10867 del
Nothing on consumer marker supports 10 bit profiles for H.264.

AFAIR, Daiz does not belong to that group of x264 authors that is openly gay loving anime.

Nokia 8 Anonymous 08/19/2017 (Sat) 20:01:59 [Preview] No. 10839 [Reply] [Last 50 Posts]
This smartphone will physically train people to record video...

in landscape mode!

Anonymous 08/17/2017 (Thu) 18:35:36 [Preview] No. 10802 [Reply] [Last 50 Posts]
So Jim (an ex-Gamer Gay fag and an old /pol/ sweetheart) made a new video recently, and in the face of the centralized clearnet's censorship schemes becoming ever expanded he has made the suggestion of going MAD against the clearnet giants. As some have pointed out though, this is a dangerous gambit due to Google Fiber expanding very quickly and them having the money to bide their time while they expand. Not just that but handing the internet to the ISPs is a bad idea since ISPs are much more HEAVILY centralized than web services and communities.

However I want to hear endchan's opinion on the matter, is this a feasible strategy, or did Jim as the vid's thumbnail/graphics suggests, drink a few too many vodka bottles in a stupor of depression?
12 posts omitted.

Anonymous 08/17/2017 (Thu) 21:45:10 [Preview] No. 10818 del
>Reported for bullying, this type of speech is not tolerated on this website!
Stop this. We are not going to make this place into what lainchan mod's did there. The usage of ad hominem or name calling, when necessary, should be allowed. Even if this not necessary (as in the case of the anon above), just ignore it. If we start to apply these shit rules here I'll get out (again).

Anonymous 08/17/2017 (Thu) 22:36:41 [Preview] No. 10820 del
I was being ironic, but freedom of speech is extremely important and must be cherished and preserved, and censorship to prevent hurting ones feelings is weak.

Anonymous 08/17/2017 (Thu) 23:23:44 [Preview] No. 10821 del
Oh, got it. The point is that I've seem the kind of behaviour of locking down threads just because it does not follow ridiculous rules. And, not just on lainchan, also here in endchan.
Let's not have this "political correctiness" bullshit here.

ps. they (lainchan) don't even know that their thoughts about these 'rules' came from myself, from discussions about the bad quality of posters on the boards, but they stretched my ideas into something completely extremist. So suggestible to everything, these people. The word here is: discernment. Stop and think about what is your thoughts on the subject, through various perspectives, don't simply accept them as a unified structure.

Anonymous 08/18/2017 (Fri) 01:56:40 [Preview] No. 10824 del
Some anons such as the ones found on /int/ (It is called /int/, /intl/, etc. but they are all the same) have taken the freedom of speech right so far that they don't delete spam threads or CP because they consider deletion to be anti-free speech. Only time posts should be deleted is if they are spam posts, posts containing illegal content to fuck us over, etc. Even shitty posts should be allowed to stay, just hide them and have a button to reveal them. This concept exists on a website known as Meguca and posts aren't truly deleted, they are hidden and anyone can open them by pressing a button.

Anonymous 08/18/2017 (Fri) 03:14:44 [Preview] No. 10825 del
>Only time posts should be deleted is if they are spam posts, posts containing illegal content to fuck us over, etc.
I totally agree.

(114.98 KB 350x350 R-10699452-350x250.jpg)
Anonymous 08/18/2017 (Fri) 01:13:17 [Preview] No. 10822 [Reply] [Last 50 Posts]
Has anyone used the netrunner browser started by /g/ ? Can I replace links2 -g with it ?

Anonymous 08/18/2017 (Fri) 01:29:08 [Preview] No. 10823 del
>Can I replace links2 -g with it ?
No (yet).