I have Tor Browser which runs its own Tor instance. I also have Tor explicitly installed on my Linux system. Should I start up and run the Tor service in addition to using the Tor Browser, even though I technically don't need to? Is this more secure and robust and, if so, why?
Edited last time by _ on 08/05/2019 (Mon) 18:21:34.
>>13516 >buy amd rig expecting it to "just werk" >amd fanboys insist it's the best for opensors >don't work for shit >graphics card regularly outputs ugly image that tears every fucking second with black boxes all over the screen >sound on the mother board doesn't work at all >cpu is consistently slow as ass and can't even out perform my thinkpad >internet hits the shitter This is consistant across every linux distro be it fully customized gentoo install that has been compiled with both generic or custom kernel configs... Or with a just werks distro like manjaro or ubuntu.
It's all the same shit.
Now the question is if this is a defect in hardware or just linux not being made with amd in mind.
So i installed windows... and it all just werked. Disgusting.
I really regret this purchase..
>>13516 You listened to cianiggers shilling x86 botnet. I only ever recommended some of the more open ARM boards (the ones with Cortex-A7 and A-53 processors, but not ones like RPi that need binary blob in VideoCore to even boot). If you must use GPU, some of the i.MX boards are the way to go. See here:
https://www.fsf.org/resources/hw/single-board-computers The open source Lima driver for Allwinner boards is progressing also, but that one is not 100% complete. On Armbian forum they're talking about packaging it in new releases, since it's good enough to run desktop stuff. I run A20 and A64 boards without GPU acceleration for now. Will test new driver when they release.
The x86 CPUs need closed firmware, and you're never going to get away from that on x86. On ARM you can though. The code is here: https://github.com/ARM-software/arm-trusted-firmware
In this thread we will discuss cryptography, cryptosystems, crypt-analysis, and tools for cryptography such as gpg and other tools. If you work in this field or hear of some relevant news about this field feel free to contribute. Use hyperlinks and source citations to back up any claims made if necessary.
>>1439 Shale usually contains trace amounts of the elements Uranium, Thorium, and Potassium, as radioactive isotopes. Go to the mountains or wherever you can find rock outcrops and bring a hammer and a burlap sack. Smack off some shale and sandstone from the rocks, and then bring them home. Smash these up with the hammer using protective eye wear in the back yard. Place the rock chips into your burlap sack. This will serve as the radioactive source. Your Geiger counter will go into the bag and connect via RS-232 to your 8-bit computer. The accumulation count of gamma ray / decay event detection in a 5 second window, will be counted every 5 seconds. If the 5 second decay count is even store a 0, if the count is odd store a 1. Every 40 seconds a random byte will be created. Write these in sequence to a 1.44MB A:\ floppy disk. This is either your key for your one time pad or a random seed to use for pseudo random number generation.
Uranium Random Number Generator https://youtube.com/watch?v=A7FiVn776eY [Embed] Demo of the device configured for a 4-bit random number based on events detected from a Geiger counter excited by Uranium.
Published : 12 Apr 2019 Duration : 01:20 Random Number Generating Geiger Counter https://youtube.com/watch?v=T0r6XocVHyo [Embed] Team Chub's senior design project
Published : 04 Apr 2011 Duration : 02:18 Raspberry Pi Geiger Counter and Random Number Generator https://youtube.com/watch?v=yfOV9Ex47pE [Embed] Duration : 04:05 Published : 26 Dec 2012 "This is a quick video showing the Mighty Ohm Geiger counter i got for Christmas. I have interfaced it with the
Raspberry pi so it can also act as a random number generator.
The Python code for interfacing with Cosm: https://docs.google.com/open?id=0B1i26IugaGQbWFh6X1Bodmc3eUk (I have regenerated my API key so don't bother trying to post to my stream :)
The Python code for Random Number Generation: https://docs.google.com/open?id=0B1i26IugaGQbYTRKRUl5aFhMZFU My Cosm feed: https://cosm.com/feeds/94794
Radioactive Random Number Generator https://youtube.com/watch?v=agvcduNRxKg [Embed] Duration : 14:37 Published : 26 Jul 2018 Ever want to generate random numbers? Radioactivity is the way to go! This Counter is compatible with the Arduino so you can make one yourself!
Endware is a suite of programs geared towards internet privacy, security, and anonymity.
Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.
Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.
Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.
Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.
iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.
spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.
alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.
mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.
Wasn't someone on this board (endchan) complaining about wanting to hack a satellite broadcast to drop truth bombs or something... way easier to set up a stream. I'll add it to endstream if it's any good. In fact I expect post 1488 to be a post in this thread that links to this truth bomb stream. You have exactly 68 posts left to set it up and test it...get cracking.
>>1420 Hey Adolf, I'll place this new channel of yours right between Newsmax and Freespeech TV, so like on channel 26. It should be called TruthMax or something else equally nifty like polTV or something. Get on it, hire your best H4x0rs to get it up and running, then run 24/7 truth streams in 720p...then shill the endstream playlist everywhere and people will tune in for sure...
On a side note, I totally watched Fiddler on the Roof the other day on BYUTV, and I wondered if they were sending that out for us here at Endchan... I watched the whole thing too, Tradition! Tradition! Tradition! The Papa!! The Mamma! Tradition!...When Tavia's second daughter (Hodel) ran off with the gay commie guy I was like "Tavia lock that bitch up, hand cuff her to her bed", but Tavia was all like "I like him he is a good man..." and let his daughter go to Siberia to be with the gay commie guy. But then when his young redhead daughter wanted to go with the blond haired masculine German/Ukrainian gentile guy Tavia blew a fit, and I was like "No Tavia, this is good for your gene pool...", but Tavia was having none of it and disowned is daughter...a tragedy really...very sad...
>>1421 I'm literally watching this black dude on MNN2 dropping some truth bombs and drinking sun kissed grape flavor purple drank. This could be you...
Earlier I watched some nasty fat black girls grinding and booty shaking to rap music naked on MNN 3. Clearly whatever you have to say couldn't be more edgy or offensive than that...
Stream through twitch, or set up something independent , wear a mask and connect through a VPN, or get a proxy to host the show. I think channel 26 is too close to the top, but definitely there's a spot for this kind of content/ info right after MNN. Channel 66 is all yours. Make it happen. Rally your top talent, set up some kind of proxying, and connect the proxies to twitch or to something self hosted and stream it, with Power Point presentations, readings from Mein Kampf etc., whatever you want. Tape a 5 hour show 3 times a week and put it in a continuous loop. I'm pro free speech on the internet. Make it happen, post the link and I'll add it as a channel in endstream.
I'm back in school, so things are going to go slow until December. I'll fix up the endstream.m3u8 playlist over the next two weekends or so, so that it conforms with the current version of endstream.sh . I'll be around but I'll be busy with school. Leave comments or suggestions for Endware below, leave off topic comments in the Discussion II thread. Thanks.
Last one I had up on 8ch is down so I'll make one here. Post pictures and discuss old technology and your projects.
Computer software, hardware, audio equipment, electronics etc. all welcome.
I visited an electronics swap meet today in my are for the first time. I wish I'd been sooner, up to now I had no idea I could find this stuff at such a good price. I was able to get a docking station for a newer thinkpad of mine, but I'm still looking for one for my x20 which as it turns out, is a huge pain to install an OS onto.
Also hoping to get a record player soon, most likely something from Technics just because I think it's good. Any brand recommendations or things to look for?
If I were to get a vintage serial terminal or something like that, would it be reasonable to assume that one could program another computer to serve serial data to the terminal and thereby allow the old terminal to access the Internet?
not sure how hard it would be but I thought it would be neat to have a small modern computer which could, for example, access a web page, and then have a program written that send out the data in such a way that it can be easily displayed on a terminal display.
>>13552 extremely easy with Linux, it's pretty much made for this. You can also easily use old computers to remote login into a newer linux machine in order to harness it's processing power while staying in the comfy old computer GUI. An often used combination I've seen in Retro affectionado circles is old computer+ARM SBC. In many cases, you can probably easily fit the ARM sbc in the case of the newer computer and connect it internally to it's serial port and power supply.
I dug out my Amiga 600 I still have to repair (had leaking caps, removed them already years ago and cleaned the board, just never got around to put it back together) and I just marvel at what an elegant machine it is. Many people hated it back then because It brought nothing new to the table when everyone already had an A500 and it was missing the numpad, and that was actually quite valid critique for it's time but it doesn't matter now.
I have a small RAM expansion for it and was thinking to add an 68010 as CPU (desoldered the old 68000 to clean capacitor gunk) and turn it into a comfy digitial typewriter/serial terminal/gaming machine complete with IDE DOM. I have a Framemeister and a small 12" 800x600 screen which is just perfect. I also have two Eizos 1280x1024 which are in great condition (at least one of them can even take the 15 kHz signal natively) Just need to make the time. I've got tons of other Amiga stuff too.
Also yes, modern tech sucks because of idiot hipsters and soyboys who don't harness what the stuff could do if it was just used correctly, also linux cancer. Aforementioned SBCs could be amazing, they have tons of processing and GPU power. Simply nobody does something with it, everyone is content with circlejerking on social media for likes/upvotes/whatever.
I was often thinking about writing an Intuition-like primitive window manager/GUI engine to bring a non X11/Wayland dependent GUI to them that can be used by application writers and maybe makes direct use of the Hardware of a targeted ARM SOC (Allwinner A20 seemed attractive for this) but it feels like lots of work for little gain in the end and the legacy sunxi kernel code of the A20 that deals with stuff like G2D is just awful to look at.
Sigh, I miss the activity of the old 8ch thread. I think it's safe to say it's not coming back. Where did most of /tech/ go?
Which lists these points why latest tech sucks ass; 1. Introduction of sensors everywhere in everything 2. Removal of the hardware buttons 3. Subscription based software 4. Paper elimination 5. The removal of useful options/features from the devices and the unwanted introduction of new ones 6. Digital virtual currency (Cashless) 7. Everything automated (Driverless cars, trying to remove drivers from driver seat) 8. The complete sealing/enclosed frames of the new devices (strong glue used instead of screws)
No lurking allowed!! Let's kick some shitposting off here, we need posts before we can fuss over content quality.
In all honesty, why hasn't man invented a realistic blow job machine so he can be pleasured whilst at his desk? Is a human tongue that difficult to mimic? We can have fully emersive augmented reality, but no blowjob machine? Come the fuck on Japan, wake up!
>>13512 This is the greatest tragedy of the modern computer age, nothing can be saved except for enterprise server BS that costs way too much. In a lot of cases it's cheaper to buy the shitty gaymen RGB edition than some actually normal version. THEY MAKE YOU LOOK LIKE SHIT It's all their fault for pushing this shit damn it.
My opinion: the guy from LibreSignal was using the Signal servers, consuming their energy, and using their marketing. This is not right. About the Signal requirement to have google shit, it's very unfortunate. Though, people should just use other thing and stop all this buzz.
Just communicate by vibrating air particles. This is also known as talking face to face. Features include:
-Absolutely no botnet
-Safe from CIAniggers (unless you talk to a CIAnigger)
-Audited and mathematically proven
-Messages are scrubbed the moment they are delivered
-Best security ever
And optional benefits:
-Satisfying the natural, human exposure quota
8chan has been killed by retarded schizophrenic Q-tards, so I guess this is my new home. Looking around I see more of the same. What is the bot to human ratio here? How many schizos are taking their meds verses not? What are the humans working on?
>8chan has been killed by retarded schizophrenic Q-tards, If that is true then the only way it could have been shut down was if Q is in fact real or a threat to the cabal imo. And its the opposite of schizophrenia if the entire fucking censoring of 8chan was a result of madness or meaning? I am weighing on meaning. Your post has no meaning unless you validate that which you try to qualify as invalid to begin with. The way you try to invalidate it is by validating it. That is all.
Welcome to /tech/, a technology board. This board is for general discussion of technology.
Rule 1: Only threads about technology or /tech/ itself are allowed. Rule 2: NSFW content are only allowed if they are spoilered. Rule 3: No referral links, asking for cryptocurrencies, advertising or similar. Rule 4: No spam or posts without meaningful content.
All rules and policies are open for discussion in this thread. Current Board Owner's not on Rizon, talk about it here and not elsewhere.
>>1452 At first my goal was to give an alternative to 08chan as to drop zeronet for X app/protocol/darknet. But actually if i wanted the perfect system I was thinking something that has mesh net capability. And the ability to filter what you "seed" firsthand and not after the fact like zeronet. With zeronet you must load the complete 08chan before filtering shit out. So you have to download the entire site including boards you would want to blacklist. That is unacceptable to me. I agree with the i2p and freenet comparison. Maybe p2p is not the way to go and some kind of anonymous meshnet is definatly the ideal in my opinion...if at all possible i know there is a couple of expirimental things like B.A.T.M.A.N which is probably not even anonymous. I don't know. When endchan was down i saw simular talk of how zeronet is not enough and a full meshnet sort of chan would be ideal. I read that on the overchan nttpchan which is compatable with tcp/ip meshnets apparently.
>>1454 ZeroNet doesn't make you download the entire board, that's bullshit someone is repeating. I actually spent the time and tested it myself and proved that's wrong. See this thread in /tech/
https://endchan.net/tech/res/13329.html#q13434 But as I said in those posts, there are other problems with 08chan, and most critically is the "need" to generate an ID from a clearnet connection. That pretty much defeats anonymity, since everything you post is trackable from that ID and thus that clearnet IP.
Supposedly, the primary directive of health care providers is "Do no harm," yet in every doctor's office I walk into today, the first thing they want to know is my name and social security number so that they can enter it into their electronic database. If I don't give it to them or deny them permission to store it electronically, they crash. They will often stare at me in befuddlement or start babbling nonsensically, unable to process what I just said or continue with the task of diagnosing or providing health care. This has happened even when they already had a two-inch thick folder of paper medical records and had been treating me for 30 years.
Several years ago, the thriving marketplace for millions of medical records stolen from insecure health care provider databases was called Hansa Marketplace. Hansa was shut down in 2017, but it matters not. Today, it's Samsara. If you want to buy millions of your own state's voter records, the entire LinkedIn name/email/password database, millions of names and SSNs stolen from hospital databases, or lists of US children's names and SSNs lifted from pediatrician's databases that won't be used for tax reporting for years so that you can use them to report wages for undocumented workers in your meat packing plant, Samsara is the place to go. It's easy too - download Tor from www.torproject.org, bring up any Tor search engine, and search for "samsara". There you'll find drugs, counterfeit money, credit card numbers, bank accounts, dozens of corporation's customer accounts and passwords, voter records, drivers license databases, fake ids, fake passports, and kid's names and SSNs because parents are so naive as to just answer the question whenever anyone in a white jacket asks them for their children's names and SSNs - Social engineering at its finest.
The next time you are sitting in an exam room unsupervised waiting for a nurse to walk in and take your blood pressure, try not to look too hard at the computer bolted to the wall. It is physically connected to their network, you could attach anything you wanted to without anyone knowing, and someone is about to type a password into it. If you look at that gigantic gaping hole in their security that is observed firsthand by millions of patients every day, your blood pressure will go up, and your doctor certainly wouldn't want that.
Why do you not have a full RGB only build /tech/? It makes everything look better, more sleek, and stylish. It shows you know what you're doing and that you care about your rig's appearance. Do you even do proper wire management? Do you hide them in the specially made wire compartment on your $300 case? Don't tell me you dont have one lmao.
Why do you not have a full RGB only build /tech/? It makes everything look better, more sleek, and stylish. It shows you know what you're doing and that you care about your rig's appearance. Do you even do proper wire management? Do you hide them in the specially made wire compartment on your $300 case? Don't tell me you dont have one lmao.
>go to local computer dude to buy a spare Precision M6500 mobo >ended up buying a entire box full of M6500 parts and putting them together >I have two M6500's now >pic semi-related even though that's not my machine
Well I've been working on this for around a month now, and I have finally created a semi-decent anonymous textboard. It's basically a combination of a temporary pastebin and an anonymous textboard. It's a SPA with the backend in Java using Eclipse Vert.x, and the frontend using Vue.js.
I'm posting this so you guys won't create conspiracy theories. I know, my hope us futile. If everything goes well soon the site's and our problems will be resolved. But they will turn the site read-only mode for a while. I have no information how long the process will take. Keep calm and be patient.
Well that brand
Tech + ecch
So it deserves utter desolation, as do 99.9% of these shit corporations and shitbrands and shitgineers and their shitty paychecks they are the enemies of America.
I am not trying to be "flippant" or "cute" Anyone who made sheckles in the last 20 years, on the destruction of IP NOTE: Sheckles not in many spellcheck dictionaries! CONSPIRACY AGAINST ANTISEMITISM TRUTHS!) Any the shits mentioned, wrecked IP over the last 25 years or so by: (using stock fraud as FB and twit etc) (and using spyshits and privileged moves) (control the game is the end the same?)
Alright, could anyone give me a basic bitch primer on dark web for little babbies? My knowledge at the moment is limited to Tor, and the onion addresses for the hidden wiki, and the onion address for Endchan. I'm starting to realize given how every site I liked has been shut down, switched domains, DDOSed, put on watchlists, or made 'registration only' on clearnet channels (a sidenote: I would have thought this would have happen to the porn sites I visit, but oddly enough, those are A-OK on clearnet) that I need to go ahead and plan for the future and just move whole-hog to Dark Web. To those who wil say I'm a little late to figuring this out: you're right. Here's what I would like if anyone can supply it:
- What are all the darkweb channels? Tor, I2P, Zeronet, Freenet....am I missing any?
- Any basic tips on general usage/quickstarts for each channel. Pros/cons of each.
- Good starter websites for each. I'm particularly interested in news/forums, and any libertarian websites.
>Intel ME/HAP Inclusion >So many bugs even a sewage worker would be surprised >Aggressive marketing on Intel® Core™ Products™ >Using toothpaste instead of actual solder for the heat spreader >CEO GTFOd' after Spectre/Meltdown/Portsmash fiasco >Crappy as fuck x86 architecture bloated to hell riddled with bugs >FDIV, F00F, and other catastrophes that "Wouldn't affect the average user" >and later taking money from employees after they had to replace the fucked CPUs
If they were smart, they would start over, start with a simple pipeline with absolutely nothing else, and then adding the branch prediction, dynamic execution, and other accelerative features later, but they are in a bad spot, because while AMD, ARM, and other manufacturers are speeding ahead, Intel has just lost one of its tires and is slowing down.
Support more transparent manufacturers. AMD is far better than intel, but has its own problems(PSP, Etc.), while ARM/SPARC/POWER CPUs seem to be some of the most stable, but this is just speculation (Highly likely to be better than intel, though.) RISC-V/FPGA designs could also prove to be useful.
>>13257 I think I would make a distinction(addition?) and say that x86_64 sucks but yes you're right OP, Intel can go die. I am curious to know if any anons have had success with other ISAs/architectures, specifically a "libre" ARM SBC or a POWER9 system(raptor computing?). It would be nice to relegate my x86_64 system to just a few "performance intensive" tasks.
>>13283 NPX Power Architecture might be an option too. They make SoC that are used in communications/aerospace/military applications. I'm having a difficult time finding designs available to civilians, but it looks like it could be a RISC option in addition to ARM.
>>13283 I've got two ARM boards: A20 and A64 SoCs. The A20 is a Cubietruck, got it because it has 2 GB RAM, SATA, GigE, and VGA (I like older 5:4 and 4:3 LCDs). It's a well-supported SoC and solid board overall, with a real DC power jack, which helps avoid problems like some micro USB powered boards have (too much internal resistance in micro USB connector to supply enough current in some cases). I don't use OpenGL, which needs driver blob for older Linux kernel (there's open source substitute driver, but not finished yet). Anyway I don't need 3D graphics, and the simple framebuffer is enough for my purposes. At most I read PDFs, use LaTex, write some code, play some old/simple games, browse web with simple browser like Lynx/Links... All that works fine here.
However, it's kinda slow for running recent web browser (which I need to do on occasions), so I bought a faster A64 board, but I've been struggling to get OpenBSD working on it properly. Right now I'm building latest u-boot snapshot that hopefully will improve things. I guess Linux runs flawlessly on this board, but I wanted OpenBSD, since it has some additional protestions to sandbox the browser more (pledge and unveil). I can tell you one thing now: get an SD card 32 GB or bigger if you want OpenBSD! They say 8 GB is sufficient, but my /usr/local parttion only has 59 MB free right now, and I used the default disklabel suggested by the installer too.
So anyway I hope this newer u-boot works. I only bought this A64 board to run Iridium web browser, and maybe a couple other things. Otherwise I'm happy with the A20 board as my primary computer.
I will probably buy more ARM boards for various purposes, like hosting network services and also some programming on the hardware level (not running on Unix/Linux or any other OS, just my own asm/Forth code).
ITT we shit on UNIX (because 8gag deleted the UNIX hater thread and blocked Tor). I'll start.
"Page down" is UNIX braindamage. In UNIX and shit you press page down (or some retarded combination of keys), and it replaces all the text on screen with the text from the next "page". It's a very crude way of scrolling, which makes perfect sense if you have a machine that sends the output to a printer each time you hit a key. Now since web browsers love to be a pile of UNIX braindamage for no reason, they copied this shit verbatim. You press page down and it goes down one page, leaving a tiny bit of the bottom of the previous page on top. This is literally just a copy of what UNIX does. But why the fuck? There should be a button to scroll down a tiny bit, and holding some modifier like shift at the same time as that button will scroll you down faster. And none of this key-repeat bullshit is needed either (where you press the scroll button and it does fuck all, until you hold it for over a second and it finally starts scrolling). Why the fuck would I want to scroll down some defined amount? I'm not comparing pixels on the page, and if I really wanted to, that feature could exist as an option, not the default. And no I don't want to fucking reach over to the mouse just to scroll whatever I'm viewing. Now by far the biggest example of UNIX braindamage here is that not only image viewers but even media players will do this key-repeat bullshit for panning and scaling (most likely typically because whatever API/libraries they use do it by default).
Now if you implemented sane scrolling and used an LCD monitor, you'd notice it looks like shit and will be completely unreadable (some fonts may still be partially readable) while scrolling, because the image is smeared across the screen. This isn't an understatement or some retards arguing about whether they can see 300us pixel transition times. It looks like complete shit and is hard to read, for everyone, it's just how the human vision system works. The point of this is that back when everyone used CRTs, there were no programs with real scrolling - only UNIX braindamaged variants of "page down" (and games/movies had framerates far below the refresh rate of the monitor so they'd look bad even on a CRT). So nobody experienced how much worse LCDs look because no applications in the CRT era rendered properly in the first place. What I'm saying is that if it wasn't for UNIX braindamage, the LCD meme may have never even taken off (or at least not until LCDs are able to display motion content -they only started getting there around 2015).
>hurr durr this is a shit thread well technology is shit and if you're not complaining about it, you should kill yourself
Have some more I tried to post to 8gag this week but they blocked Tor and now cuckflare blocked them
https://www.halfdog.net/Security/2012/TtyPushbackPrivilegeEscalation/ Look at this shit. This is completely a non-problem - UNIX invented it into itself. And it's funny because the moment you go on this piece of shit OS renowned for its user-based privilege seperation, you get slapped on the hand for using the most obvious privilege separation tool they provide, which doesn't work. Typing sudo instead before every command is fucking braindamage. And the satire doesn't even stop there. Su will now be another thing that the smarter of the neckbeards will tell you not to use "because it's insecure", having no idea themselves what's insecure about it.
It's also funny because in the 2000s I always had the feeling there's something insecure about using su (why wouldn't there be? this is UNIX after all. if everyone's using sudo then that means su is insecure. but don't get me wrong, sudo is insecure too), and opted to instead login through a different virtual console.
Even without this vuln, how do you tell if you're still the user dropped into? I'm guessing as usual there's no way. If you press ctrl+d, it might ignore it, change its shell to look like the previous user's shell, and then start logging all input, so if you then enter something secret, it will get it. Of course at some point you'd notice some commands aren't working. And this is where the retard sysadmins will say "always use a fresh shell when doing something sensitive", having no idea why they have such a belief. Also the user you su into could probably end the session somehow while you're typing and the commands go to your previous user. I'm not sure if the user you login to has control over ending the session, but I wouldn't take some idiot on the web's word for it. To be safe instead I'll just assume it's insecure. Again none of these problems exist or are even considerations outside of braindamaged UNIX. On top of all that, metacharacters are probably turing complete (especially in shit like gnome shell or anything outside of the simplified in-kernel version) so the user you login to can just make your shell behave however he wants even a year after you logged out.
virtual console is also braindamaged as fuck and proves how UNIX makes the most trivial crap as retarded as possible. Go type john<enter>fuckyou<enter>. Will it log you in? You fucking bet not. Instead, you'll get some output like this:
localhost login: john <-- look at me everyone this is my host name. i am a big boy because i output my hostname whenever possible. my code breaks and doesnt work unless the hostname is configured because big boy business. this is UNIX i know this
Why? Why can't it just fucking do whatever IO bullshit in the background or multiplexed with select or whatever, instead of momentarily stopping accepting input and cut off half your password? probably because the terminal API is fucking retarded and something trivial like that is non-trivial in UNIX.
TL;DR: virtual consoles output half your password to the screen or whatever the fuck you're plugged into every time you login
Yes it only happens while the cache is cold or some bullshit (so it happens to everyone the first time within a cache lifetime), but that means it will happen every time you use it unless you're some fucking retard who carefully enters his login name, hits enter, and watches the screen until "Password: _" appears.
Fuck your protectionism bullshit. Fuck infosec community for making these retarded mechanisms a thing. And why the fuck can you press ctrl+c to cancel that shit, but you can't use ctrl+c to clear the username field after typeing the username but before hitting enter (to save time from pressing backspace a bunch of times) - ooh i just found out you can actually press ctrl+d here, makes me wonder how many types of signals and input you can send to agetty and bypass or even stack smash its dumb ass.
I literally just mashed the keyboard (but didn't not anywhere near the scroll lock key) and now it says: Hint: Scroll Lock on
localhost login: _ and pressing new keys does nothing at all. all you can do is switch to a different non-fucked VT. and another VT says just: Hint: Scroll Lock on and has the same problem. and that's as many fucks I can give about UNIX for today, back to making my own OS with actual real primitives instead of text or a "terminal subsystem"
I had the previous post queued on my hard drive to send next time I have internet access (yeah I actually practice what I preach, the internet is UNIX braindamaged consumer garbage which I do not support), but I couldn't even go a week without running into a new variant of _this particular_ UNIX braindamage:
Yesterday I was using three virtual consoles (or VCs, VTs, virtual terminals, whatever the fuck) to write some code with vim, a console to build and run code, and a third for REPL, manuals, etc. First I had to go through the process of logging in 3 times with the fucktarded login UI described above. After about 4 hours of coding, suddenly caps lock was stuck on, but the caps lock light on the keyboard was unlit. So I pressed caps lock, and now caps lock was off, but the light was lit. And it was like this in all the other VCs (they have their own caps lock,num lock,etc state): you either have caps lock on, or the caps lock LED light is on and caps lock is off. This sort of thing is expected when switching between X11 and VCs, but I never started X11 during the uptime of this machine. Now the next problem was pressing alt+f1,alt+f2,alt+f3 to switch to other VCs stopped working. So I could only switch between two of my VCs by using the "menu" button, which switches to the last VC (I guess if I really wanted to, I could use the chvt command). So I tried logging out and logging back in. But the login agetty shit was also fucked. This fucked state was still happening _IN THE LOGIN SCREEN_. So reboot. Maybe the "reset" command would have worked, I didn't think to try it because you'd think going back to the login screen already does this and more. And I'm sure more stuff was broken, but didn't bother to explore it before rebooting.
This is peek UNIX braindamage. Even the fucking virtual console is full of bugs. Not even the most ostensibly basic part of the OS works (of course it's not actually basic, because it's a terminal emulator instead of an attempt at a real console). Now what are you gonna tell me to use Screen or X11/wayland because the virtual console is not meant to be used??? I've used those too and they're all the same shit. You can't even edit a fucking text file in X11 because an ostensibly (yes, most things in UNIX are only ostensibly what they claim to be) simple program like leafpad truncates the document half way through without telling you, and gedit takes half an hour to fire up. Screen is a horrible idea since metacharacters are not composable let alone well-defined. You will have shit leeking from the subwindow into the top window, and the subwindows breaking because Screen probably doesn't reimplement enough metacharacters.
But what I'm saying is: Not even the most basic, in-kernel implementation of metacharacters works. This is counterevidence that UNIX (or Linux in this case) is a viable OS. The fucking LOGIN SCREEN is affected by what the previous user did, which backs up the sysadmin cargocult idea of "you should not reuse a terminal another user has previously used". Then again instead of se
Then again instead of setting up the virtual console state in a malicious way, the user could just set up a program that emulates the login screen without logging out. I'm sure theres some obscure way to counter that as well, which nobody knows about, because to run UNIX anywhere near securely you have to do 7 workarounds per second and remember 500 rules/workarounds, such as:
>never cat or display a file in any way because it can take over your terminal >use ~/mnt instead of /mnt >never chown an enemy directory >never run python or any other interpreter (or any program at all, to be safe) from an enemy directory >rewrite or redirect all your programs to use ~/tmp instead of /tmp >do you actually know how file permissions work? protip: you don't >do you actually know how (g/u)id,e(g/u)id/r(g/u)id work? protip: you don't >never do fuck all from a signal handler (signal-safety(7)) >don't use C because it's an NP-complete problem of deciding whether to make this part of the program standards compliant or compliant to whatever the fuck everyone does in practice, and then rewriting that part when another part conflicts with that the rule. Use assembly instead.