Requirements for Secure Clock Synchronization Anonymous 10/20/2017 (Fri) 04:12:22 [Preview] No. 11578 [Reply] [Last 50 Posts]
https://arxiv.org/abs/1710.05798

This paper establishes a fundamental theory of secure clock synchronization. Accurate clock synchronization is the backbone of systems managing power distribution, financial transactions, telecommunication operations, database services, etc. Some clock synchronization (time transfer) systems, such as the Global Navigation Satellite Systems (GNSS), are based on one-way communication from a master to a slave clock. Others, such as the Network Transport Protocol (NTP), and the IEEE 1588 Precision Time Protocol (PTP), involve two-way communication between the master and slave. This paper shows that all one-way time transfer protocols are vulnerable to replay attacks that can potentially compromise timing information. A set of conditions for secure two-way clock synchronization is proposed and proved to be necessary and sufficient. It is shown that IEEE 1588 PTP, although a two-way synchronization protocol, is not compliant with these conditions, and is therefore insecure. Requirements for secure IEEE 1588 PTP are proposed, and a second example protocol is offered to illustrate the range of compliant systems.
2 posts omitted.


Anonymous 10/20/2017 (Fri) 20:30:47 [Preview] No. 11581 del
>>11579
>>11580
It's clear neither of you read the article, or didn't understand any of it if you did read it.

If you don't want to sound stupid in the future, refrain from making inane comments based on a cursory reading of the abstract.

Thank you both for your low-quality contributions to the board!


Anonymous 10/21/2017 (Sat) 08:22:22 [Preview] No. 11584 del
>>11579
Fuck the PKI, just use OpenSSL and stunnel to encrypt non-web shit.


Anonymous 10/21/2017 (Sat) 09:19:26 [Preview] No. 11585 del
>>11581
It's clear we don't need to, the proposal doesn't provide one speck of code or mitigations for other forms of attack across the net. If I required extreme time sensitive synchronization, I'd buy clocks, and synchronize them wherever we'd need them. We wouldn't even need the net&cables.

But calling someone something when they aren't interested it's just easier than dismissal.


Anonymous 10/21/2017 (Sat) 09:33:26 [Preview] No. 11586 del
>>11584
How would using a known buggy insecure clusterfuck like OpenSSL be any better?


Anonymous 10/21/2017 (Sat) 09:35:43 [Preview] No. 11587 del
>>11586
m8, I think that was the bait, and you figuratively took it



ideas for saving /tech/ general Anonymous 10/16/2017 (Mon) 07:26:55 [Preview] No. 11561 [Reply] [Last 50 Posts]
We're about halfway through October and about two weeks out from our most esteemed /tech/nician's autistic tantrum over on /operate/:

>>>/operate/7122 it's good reading, he came in with a balloon knot and left with a rectum that you could park a utility van in

so it seems like a good time to reassess the state of the board.

Since October 1st, there have been 0.6 original posts per day on /tech/. I use the term "original" with some reservation, as some of them are just verbatim reposts from 8/tech/. There have been an average of 8.13 replies per day, but most of them were one-line comments or barbs without substance, or memes, or corrections to a previous post. We're averaging about 1 substantive reply per day. Two on a good day. I didn't feel like digging into the numbers any further, but it's my impression that these averages don't even reflect how dire the situation is, as there was a burst of activity at the beginning of the month that has tapered off significantly.

/tech/ is not dead, but it's on life support, and, ironically, none of its denizens seems to know how to service the life support machine.

It would be a shame for this alternative to pigchan and Hiroshima's /g/ to wither through neglect.

Let's brainstorm ideas for keeping this place alive.
1 post omitted.


Anonymous 10/16/2017 (Mon) 15:23:30 [Preview] No. 11563 del
most people would rather live in the world where proprietary software is ubiquitous and commercialism is in vogue

we should focus on quality of posts and not volume necessarily


Anonymous 10/16/2017 (Mon) 16:25:44 [Preview] No. 11564 del
More content is needed to spark more discussion. I think we already have some quality posting autists here, what we need are relevant things to discuss. What we really need are some immigrants to bump our levels and help generate content.

I think our best option is to make releases of something to draw users here. The releases would be best distributed via torrent sites with included readmes' pointing here and links disseminated on tech related boards. The question is, a release of what? It could be portables, infographics, mods, lots of options really we just need to decide on something.


Anonymous 10/17/2017 (Tue) 09:21:21 [Preview] No. 11570 del
>>11562
>let's import users from the Rust community
>I have already sent emails to 500 RiseUp accounts
top kek, as they say

>>11563
>we should focus on quality of posts and not volume necessarily
Agreed. And I wouldn't have said anything if those few threads/replies we've had recently had been decent, on balance.

Unfortunately, they were utter shit.

>>11564
>More content is needed to spark more discussion.
>I think our best option is to make releases of something to draw users here.
Be the change you want to see in the world.


Anonymous 10/21/2017 (Sat) 01:12:13 [Preview] No. 11582 del


Anonymous 10/21/2017 (Sat) 01:20:48 [Preview] No. 11583 del
(227.22 KB 450x777 didnt.jpg)



(26.35 KB 570x409 chip.png)
lowRISC: another year bites the dust? Anonymous 10/18/2017 (Wed) 05:41:40 [Preview] No. 11571 [Reply] [Last 50 Posts]
http://www.lowrisc.org/faq/

>When can I buy a lowRISC SoC?
>As with most tech projects, the most accurate answer is “When it’s ready”.
>We are expecting to crowdfund an initial instantiation of the lowRISC platform during the course of 2017.

I'm pretty sure the lowRISC FAQ said 2016 last year. It didn't happen, obviously, and it was changed to 2017, but we're running out of that, too. Ten weeks left, boys. Is a lowRISC SoC vaporware for another year?

At what point do we start looking to the J-x processors based on Hitachi's SuperH architecture? The last SH-4 patents are expiring this year.

http://j-core.org/roadmap.html
1 post and 1 image omitted.


Anonymous 10/18/2017 (Wed) 20:57:12 [Preview] No. 11573 del
(20.75 KB 570x409 chipblue.png)
Has anyone suggested that the board software be modified to allow noJS users to post more than one file at once? If not, I'll make that suggestion over on /operate/.


Anonymous 10/18/2017 (Wed) 20:58:38 [Preview] No. 11574 del
(28.92 KB 570x409 chipgr.png)


Anonymous 10/18/2017 (Wed) 21:00:54 [Preview] No. 11575 del
(29.97 KB 570x409 chipgreen.png)


Anonymous 10/18/2017 (Wed) 21:53:04 [Preview] No. 11576 del
(27.80 KB 570x409 chiporange.png)


Anonymous 10/18/2017 (Wed) 21:57:04 [Preview] No. 11577 del
(30.62 KB 570x409 chipurple.png)
Last one. Not being able to post 5 at once make a nigga wanna REEEEEEEEEEEEEEE



Meta Thread Endwall 07/12/2016 (Tue) 12:03:36 [Preview] No. 171 [Reply] [Last 50 Posts]
Post any comments, concerns, or requests for the board in this thread.
Edited last time by Endwall on 07/12/2016 (Tue) 12:15:00.
17 posts and 6 images omitted.


Anonymous 09/04/2017 (Mon) 19:58:42 [Preview] No. 1013 del
>>1006
fellow traveler is absolutely a masonic phrase. People will say traveler. They will ask "are you a traveler?" or "are you a fellow traveler?" or "are you a traveling man?"
>The logo is a tunnel.
that alone is fine but with the rabbit signaling it looks like a maglev tunnel.


May be coincidential. I think otherwise because there is a disproportionate amount of this kind of symbolism in tech.


Anonymous 09/08/2017 (Fri) 11:50:44 [Preview] No. 1018 del
>>1013
"fellow traveler" is hippie lingo ca 70s, masons absolutely don't have a claim on that.


Anonymous 09/27/2017 (Wed) 03:03:12 [Preview] No. 1036 del
Are you going to remove the idiotic claim in >>894 that the heads website contains "Masonic references"?


Endwall 09/27/2017 (Wed) 05:50:33 [Preview] No. 1037 del
>>1018

https://en.wikipedia.org/wiki/Fellow_traveller

The term fellow traveller (also fellow traveler) identifies a person who is intellectually sympathetic to the ideology of a political organization, and who co-operates in the organization's politics, without being a formal member of that organization.[1] In the early history of the Soviet Union (1922–91), the Bolshevik revolutionary Trotsky coined the term poputchik ('one who travels the same path') to identify the vacillating intellectual supporters of the Bolshevik régime. Likewise for the political characterisation of the Russian intelligentsiya (writers, academics, and artists) who were philosophically sympathetic to the political, social, and economic goals of the Russian Revolution of 1917, but who chose to not join the Communist Party of the Soviet Union (CPSU). Moreover, during the Stalinist régime, the usage of the term poputchik (fellow traveller) disappeared from political discourse in the Soviet Union, but the Western world adopted the term fellow traveller to identify people who sympathised with the Soviets and with Communism.[2] In U.S. politics, during the 1940s and the 1950s, the term fellow traveler (U.S. spelling) was a pejorative term for a person who was philosophically sympathetic to Communism, yet was not a formal, "card-carrying member" of the American Communist Party. In political discourse, the term fellow traveler was applied to intellectuals, academics, and politicians who lent their names and prestige to Communist front organizations. In European politics, the equivalent terms for fellow traveller are: Compagnon de route, sympathisant, and progressiste in France; Weggenosse and Sympathisant in Germany; and compagno di viaggio in Italy.

https://www.phrases.org.uk/meanings/135600.html

Meaning Someone sympathetic toward a certain point of view without being a fully paid-up member of the club. Origin In its literal meaning 'fellow traveller' just means someone who travels with you. It was first applied to non-communists who were inclined toward the views of the Communist Party by Leon Trotsky. He used the Russian word popútchik to indicate that. The term fellow traveller in this sense came rather later, in the New York publication Nation, 1936: "The new phenomenon is the fellow-traveler. The term has a Russian background and means someone who does not accept all your aims but has enough in common with you to accompany you in a comradely fashion part of the way. In this campaign both Mr. Landon and Mr. Roosevelt have acquired fellow-travelers."

https://en.wikipedia.org/wiki/1st_Congress_of_the_Comintern
https://en.wikipedia.org/wiki/Communist_International
https://en.wikipedia.org/wiki/World_communism

http://freemasonrywatch.org/communism.html
"It was during that period that I became interested in freemasonry. ... In the eighteenth century freemasonry became expressive of a militant policy of enlightenment, as in the case of the Illuminati, who were the forerunners of the revolution; on its left it culminated in the Carbonari. Freemasons counted among their members both Louis XVI and the Dr. Guillotin who invented the guillotine. In southern Germany freemasonry assumed an openly revolutionary character, whereas at the court of Catherine the Great it was a masquerade reflecting the aristocratic and bureaucratic hierarchy. A freemason Novikov was exiled to Siberia by a freemason Empress. I discontinued my work on freemasonry to take up the study of Marxian economics. The work on freemasonry acted as a sort of test for these hypotheses. I think this influenced the whole course of my intellectual development." The founder of the Red Army, Freemason Leon Trotsky. Leon Trotsky My Life: The Rise and Fall of a Dictator .

Message too long. Click here to view full text.




Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply] [Last 50 Posts]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
456 posts and 3 images omitted.


Endwall 09/29/2017 (Fri) 04:47:39 [Preview] No. 1040 del
Hak 5
Equifax and CCleaner Updates, Hacking Air 10:04
https://youtube.com/watch?v=UXEqh7WyKh4 [Embed]
Linux Terminal 201: Using the Find Command Pt 2 10:28
https://youtube.com/watch?v=WuZYqiais54 [Embed]
Bash Bunny Extensions! - Hak5 2303 28:33
https://youtube.com/watch?v=GHZCqCESxTw [Embed]


Endwall 10/07/2017 (Sat) 03:24:12 [Preview] No. 1044 del
Hak 5
Linux Terminal 201: Monitoring System Resources Pt 1 - HakTip 164
https://youtube.com/watch?v=xcR_FjAy1HI [Embed]
Published on Sep 29, 2017
Today we're monitoring system resources with ps, aux, grep, kill, killall, and lsof.
Monitoring System Resources Pt 2: Linux Terminal 201 - HakTip 165
Published on Oct 6, 2017
https://youtube.com/watch?v=fwMTD9ghC3c [Embed]
Monitoring system resources via the Linux terminal!
What is White Hat Hacking
https://youtube.com/watch?v=cbrPAwqlIgc [Embed]
Hacking as a Way of Thinking
https://youtube.com/watch?v=BzEYP345Rm4 [Embed]


Endwall 10/07/2017 (Sat) 03:30:39 [Preview] No. 1045 del
Jupiter Broadcasting
Laying Internet Pipe | TechSNAP 339
http://www.jupiterbroadcasting.com/118836/laying-internet-pipe-techsnap-339/
Posted on: October 5, 2017
We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS’s Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations. And of course your feedback, a fantastic round-up & so much more on this week’s episode of TechSNAP!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0339.mp4
http://traffic.libsyn.com/jnite/techsnap-0339.mp3

The history of man, kind | BSD Now 214
http://www.jupiterbroadcasting.com/118811/the-history-of-man-kind-bsd-now-214/
Posted on: October 5, 2017
The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0214.mp4
http://traffic.libsyn.com/jnite/bsd-0214.mp3


Endwall 10/18/2017 (Wed) 00:16:54 [Preview] No. 1053 del
Hak 5

3 Billion Yahoo Accounts Hacked; Disqus Hacked! - Threat Wire 9:37
https://youtube.com/watch?v=dVnWz6xFj9s [Embed]

WPA2 Wi-Fi Vulnerable to KRACK Hack; RSA Keys 12:43
https://youtube.com/watch?v=caRlWlKkw34 [Embed]


Endwall 10/18/2017 (Wed) 00:24:29 [Preview] No. 1054 del
Jupiter Broadcasting

Spy Tapes | TechSNAP 340
Posted on: October 12, 2017
http://www.jupiterbroadcasting.com/119041/spy-tapes-techsnap-340/
We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0340.mp4
http://traffic.libsyn.com/jnite/techsnap-0340.mp3



Endware Endwall 05/03/2016 (Tue) 08:54:28 [Preview] No. 32 [Reply] [Last 50 Posts]
Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Message too long. Click here to view full text.

181 posts and 3 images omitted.


Endwall 07/06/2017 (Thu) 01:03:11 [Preview] No. 972 del
>>970
Thanks. Good to know that I made something useful.

I made a bug fix to the --ranstr function of renum to remove spaces using tr -s " ". This should work well now. If you want to take the index number off go into the code and remove it.

I have it printng as filename="$index$filename$index" you can comment this line out if you want it to just have random text and numbers without the index number appended. I just did this to prevent clobber problems if the string came out short or empty.
I don't think that this is required now with the latest fix but I'm leaving it on for now.

Thanks for the suggestions. If you have any suggestions for products, features, comments or bug reports place these in the comments below.


Anonymous 10/07/2017 (Sat) 09:02:53 [Preview] No. 1046 del
Is there a way to use pdfclean to clean a folder of pdfs or every pdf in a folder? It can be done with a command too right? Like "for every $pdf run pdflean.sh". (That is not an actual command but what I am trying to do)


Anonymous 10/07/2017 (Sat) 10:39:54 [Preview] No. 1047 del
>>1046
You mean you want to use a * wildcard in the name like *.pdf or you want a recursive function like -r to enter sub folders etc?


Anonymous 10/07/2017 (Sat) 12:38:55 [Preview] No. 1048 del
>>1047
Yes the wildcard would be great. Sick of changing filenames.


Endwall 10/18/2017 (Wed) 00:11:54 [Preview] No. 1052 del
>>1047
>>1048

Yeah this is a good idea. Its on the to do list. This should be simple to add I'll add * as the flag and ls .pdf into a file and then do each filename in the list similar to renum. This should take 1 hour to code and test, but I'll work on it on friday or saturday.

I'm really bogged down with homework but I'll try to get this done. Great suggestion, keep them coming.



(87.93 KB 512x512 ilermanerty.jpg)
How far can you get in solving their puzzles? Anonymous 10/17/2017 (Tue) 09:08:03 [Preview] No. 11569 [Reply] [Last 50 Posts]



(103.91 KB 644x819 krackwpa2.png)
WPA2 protocol attack Anonymous 10/17/2017 (Tue) 06:41:08 [Preview] No. 11568 [Reply] [Last 50 Posts]
https://www.krackattacks.com/

>We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

>The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The Q&A is worth reading, and has information on attack mitigations. Unfortunately, if you are using an Android smartphone that isn't receiving updates anymore, your WiFi security on that device is probably null.



Anonymous 10/03/2017 (Tue) 19:15:25 [Preview] No. 11501 [Reply] [Last 50 Posts]
Vote against tranny LibreOffice mascot.

https://survey.documentfoundation.org/665628
17 posts and 5 images omitted.


Anonymous 10/06/2017 (Fri) 15:43:33 [Preview] No. 11526 del
>>11525
>I would actually love to see a dystopian cyberpunk ... future of trannies


Anonymous 10/06/2017 (Fri) 16:26:28 [Preview] No. 11527 del
>>11526
Absolutely, imagine this progressive movement took complete control, a dystopian totalitarian maxist tranny future. A cyberpunk future where incorrect use of pronouns is prisonable and people break the law to share illegal opinions. It could be the 1984 of our time.


Anonymous 10/09/2017 (Mon) 22:42:10 [Preview] No. 11536 del
Sounds like the plot to Aerannis. It's some inventive stealth game, although 2D stealth games are getting so good lately I doubt it holds a candle.

https://youtube.com/watch?v=Mx29QaBDPzM [Embed]


Anonymous 10/11/2017 (Wed) 19:53:50 [Preview] No. 11541 del
>>11536
This is really cool, thanks.


Anonymous 10/16/2017 (Mon) 17:52:39 [Preview] No. 11566 del
Rename it 2084, it would be an exciting hit movie.



(292.67 KB 450x399 RMS.png)
/tech/ - Technology Anonymous 01/03/2016 (Sun) 17:52:28 [Preview] No. 125 [Reply] [Last 50 Posts]
Welcome to /tech/, a technology board. This board is for discussion of technology, both software and hardware.

Wiki: https://wiki.installgentoo.com/
IRC: #/tech/, #InfinityNow and #endchan on irc.rizon.net - https://qchat.rizon.net/

NSFW files are only allowed if they are spoilered. Tech support, consumer advice and desktop/ricing threads are all allowed for now.

All rules and policies are open for discussion in this thread.

Related boards:
>>>/cyber/ - Cyberpunk & Science Fiction
>>>/lv/ - Libre Vidya
>>>/markov/ - bot hell
>>>/os/ - Online Security
>>>/t/ - Torrents/trackers
Edited last time by ring on 06/14/2017 (Wed) 23:18:55.
188 posts and 32 images omitted.


Anonymous 10/12/2017 (Thu) 16:00:37 [Preview] No. 11543 del
>>11510
It's only slow if you count that it's been going on for too long already. Running in circles and down the drain is showing impressive rpm in consistent elevation


Anonymous 10/12/2017 (Thu) 16:07:33 [Preview] No. 11544 del
>>11537
/pol/ is bring this shit to this board


Anonymous 10/15/2017 (Sun) 05:00:23 [Preview] No. 11556 del
>>125
This thread is quite obscure and I am uncertain if this post will be viewed by another human.

I am tired of this endless bullshit! I am tired of politics constantly leaking into this board, I am tired of every thread being related to damn security in one way or another, I am tired of idiots leaking into this medium and causing it to cease being entertaining and insightful for the genuinely savvy users, and I am tired of constantly running from corporations and agencies that want to oppress me and take my data, fuck this.

/tech/ has ceased being a medium for discussing genuine software and hardware and has basically become a medium for hiding from corporations and agencies and constantly being paranoid that every fucking electronic device around you wants you dead, it gets old after a while, and you end up using hardware and software which is absolutely useless for daily activities. BUT HEY! This software/hardware protects your freedom, so you should install it!

I want to discuss motherboards, I want to discuss soldering and other techniques for building simple electronics, I want to discuss interesting software applications for performing calculations or visualizing data plugged into it, I want to discuss signal interception using old television satellite dishes, I want to discuss physics and mathematics that pertains to technology, I want to discuss internal compression engines and transmissions (Because this type of shit actually pertains to /tech/).

But I know this is all a dream, imageboards are filled with faggots and individuals who are interested in these types of topics are highly rare, and on rare imageboards such as this, the only people you will find are those who are here because they care only about their privacy and that is all.


Anonymous 10/15/2017 (Sun) 11:01:02 [Preview] No. 11557 del
>>11556
start a soldering thread then, because soldering is neat


Anonymous 10/16/2017 (Mon) 17:40:14 [Preview] No. 11565 del
>>11556
There should definitely be more threads about hardware and other branches of engineering. Ironically, even though I am EE student no one in my class is particularly interested in field they study. Drinking and partying comes before everything, it's very tiresome to be surrounded by such people and I have no one to talk with, so I often loose will to do anything. I am also not very fond of forums, since attaching name to your every post is uncomfortable in some situations and I also find forum format more confusing than image board format of discussion. So by all means start a engineering/hacking/lab/whatever thread so that we may discuss about soldering, electronics, mechanics, physics and other things that are different from usual privacy and free software talk.



All shall fall Anonymous 10/13/2017 (Fri) 19:34:41 [Preview] No. 11550 [Reply] [Last 50 Posts]
>2017
>In last couple of years Red Hat forces systemd and other cancerous software in free software world.
>Microsoft joins linux foundation
>UNIX way totally fucked up
>RMS still pursuing free software endorsement all over the software world
>RMS lives for couple of decade/s
>RMS dies
>FSF falls to corruption
>FSF no longer defends free software values
>Freedom is no more, community is the only freedom givers, those who have stayed true to the end
>Linus Torvalds keeps kernel backdoor-free
>Linus Torvalds dies and some dipshit takes over the kernel, maybe one person or maybe a foundation.
>Freedom is no more
>Stupid fucking distros adopt systemd, majority of them, to touch as many distros as possible.
>Remember hearthbleed, only one mistake in one line of code on smaller program.
>Systemd is huge piece of shit, imagine how many shits would be there in that source code.
>Red Hat joins FSF

Message too long. Click here to view full text.



Anonymous 10/13/2017 (Fri) 19:45:24 [Preview] No. 11551 del
UNIX way is and always will be a philosophy, and cannot be fucked up. It is, simply, adhered to or not.


Anonymous 10/13/2017 (Fri) 19:49:50 [Preview] No. 11552 del
>>11551
Totally agree, but they fuck up UNIX way in those infected GNU/Linux distros.


Anonymous 10/13/2017 (Fri) 21:10:27 [Preview] No. 11553 del
I try not to worry about the future too much. For now I am part of a welcoming community bonded with free software. I will admit though, there is political influence making its way into tech. When the old members that act like pillars die, there is every chance freedom will be outlawed.


Anonymous 10/14/2017 (Sat) 20:17:52 [Preview] No. 11555 del
Bit torrent and P2P communities will be what temporarily saves the internet for past and current generations. Future generations won't know anything about the current internet and less than 1% will ever use P2P software rendering the internet into commercialized networks much like we see on TV.

I agree, backup everything and make sure you have multiple backups. But this won't save the internet forever as the mindless public capitulates to the total destruction of everything that made the internet so great.

If the original intenet ever goes, I'll go with it, and I won't be buying a bunch of "smart" tech or other commercialized crap. I'll be reading books, watching DVDs, throwing darts and drinkin' booze from a jar again. Going back to simpler times like the early 80s.

Who agrees?


Anonymous 10/15/2017 (Sun) 20:23:09 [Preview] No. 11560 del
>>11555
my man

i already feel "heavy" from all this stuff, it will get even more complicated over time, i could turn to that what have you described right now



Headphones Anonymous 09/30/2017 (Sat) 18:56:57 [Preview] No. 11425 [Reply] [Last 50 Posts]
Yes, they are consumerist bullshit and there are dozens of corporations attempting to market them to potential buyers, but one cannot truly appreciate classical music until they have listened to it in real life or with high quality headphones with sound of that seen in real life.

https://en.wikipedia.org/wiki/Headphones (Wikipedia article for quick brief and general information, look to the references for further information...)
http://graphs.headphone.com/ (Compare different headphones and look at variables such as Frequency Response, Isolation, Etc.)
https://wiki.installgentoo.com/index.php?title=Headphones (Highly detailed article on headphones and Amplifiers/DACs)

Do NOT buy Beats By Dre, Skull Candy, Bose, or headphones within large stores with no information on them available.


Anonymous 09/30/2017 (Sat) 18:57:20 [Preview] No. 11426 del
(287.48 KB 3000x1600 FuckBeats.png)
Do NOT buy Beats By Dre.


Anonymous 10/15/2017 (Sun) 12:11:53 [Preview] No. 11558 del
Prizes for headphones went down during the last year. You can get the AKG 702 for 140$ now. By removing the headphone jack from mobile phones normies buy bluetooth headphones instead.


Anonymous 10/15/2017 (Sun) 14:12:05 [Preview] No. 11559 del
>>11425
I own a pair of ATH M40 but I can hear a slight imperfection in certain tracks, it's like a slight crackling. I hear it for instance:
https://youtube.com/watch?v=yB8Ci7X5HUU [Embed]
GESAFFELSTEIN - PURSUIT
From 1:40-2:10 there is a crackling sound. What on earth is that? Is that track meant for more bass heavy headphones or are my headphones just crappy? Most music sounds great, it's just certain tracks.



(248.75 KB 640x835 1507880928001.png)
Anonymous 10/13/2017 (Fri) 10:32:33 [Preview] No. 11546 [Reply] [Last 50 Posts]
How long before we exclude white people from software development ? People like Linux Torvalds should not be left unchecked for much longer.

The kernel needs more diversity in order to mirror the multicultural distribution chain.


Anonymous 10/13/2017 (Fri) 17:30:47 [Preview] No. 11548 del
free software can be forked as one seesfit. if there are those who think they can do a better job than "linux" torvalds they should shut up and do it already


Anonymous 10/13/2017 (Fri) 17:42:52 [Preview] No. 11549 del
>>11546
Who says I can't just develop software all on my own?

Also, this entire thread is fucking /pol/ tier bullshit, fuck off already.


Anonymous 10/14/2017 (Sat) 19:25:10 [Preview] No. 11554 del
yeah sure thing, you just fork it XD, looks how great forks always end up



(120.75 KB 800x600 238-1.jpg)
(165.12 KB 1280x1024 6330-1.jpg)
(70.51 KB 640x480 9105-1.jpg)
(177.19 KB 1280x1024 13631-1.jpg)
(155.44 KB 1280x1024 48086-1.jpeg)
Anonymous 10/01/2017 (Sun) 15:38:23 [Preview] No. 11433 [Reply] [Last 50 Posts]
Following a suggestion from a painfully autistic (although well intentioned) user posting on /tech and /operate, this board now has a desktop thread.

Show off your desktops, phones, ricing, rigs and stations here.

Anyone posting must also offer advice to others and help the beginners.

To honour the tradition the desktops in this post are all over ten years old.
24 posts and 9 images omitted.


Anonymous 10/02/2017 (Mon) 20:02:38 [Preview] No. 11487 del
>>11477
No, that's someone else. I never had a working framebuffer.
Oh and the tetris is from bsdgames. Forgot to mention that before.


Anonymous 10/08/2017 (Sun) 06:14:30 [Preview] No. 11532 del
(114.36 KB 1280x1024 desktop.png)
What do I win?


Anonymous 10/08/2017 (Sun) 15:03:21 [Preview] No. 11533 del
>>11532
a ban


Anonymous 10/09/2017 (Mon) 23:44:20 [Preview] No. 11538 del
have a smiley :^)


Anonymous 10/13/2017 (Fri) 14:46:21 [Preview] No. 11547 del
>11532
>xfire
That shot doesn't count because its ancient.(And full proprietary.) Ups for SC.



Internet Security General Anonymous 04/16/2016 (Sat) 07:56:30 [Preview] No. 4 [Reply] [Last 50 Posts]
Continuing from >>>/tech/597
https://archive.is/INR3l
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.
64 posts and 3 images omitted.


Endwall 06/30/2017 (Fri) 03:55:38 [Preview] No. 961 del
>>958
Universal Plug and Play UPnP is a bad idea. If you get malware they can own your network. Open the ports that you want open and only those ports and protocols, block everything else. The first line in your firewall chain on you router should be:
BLOCK ALL INCOMING
BLOCK ALL OUTGOING.
What ever way that is set up according to your router.
Then slowly open things up, starting with DNS, then HTTP, HTTPS, then whatever other ports and protocols you need. This will take more time but it will give you more control.

NAT Network Address Translation. This should be OK to turn on.

UPnP No, NAT OK.

Those are my thoughts on it. I'm not an expert. Open only what you need and don't let your software on your OS control your router at will, set it up yourself.


Anonymous 09/15/2017 (Fri) 14:47:07 [Preview] No. 1020 del
>>884
With i2p isn't there an ip you can plug in like with tor (socks5 127.0.0.1:9050) I think port 4444?? If so then you can add i2p to the mix. I think it called an out-proxy. You can also use this to run i2pd with proxychains i2pd.I have found this proxychains setup useful because running i2pd with torsocks doesn't work.


Anonymous 10/02/2017 (Mon) 20:41:27 [Preview] No. 1041 del
https://sourceforge.net/projects/vpnchains/

Been foolin around with this.


Anonymous 10/13/2017 (Fri) 11:23:28 [Preview] No. 1050 del
>>958
others are correct on UPnP

wifi is insecure, use cables as much as possible

NAT should be enabled, but it isn't as important as making sure your router isn't compromised. There is FOSS router software available for maximum security, have a gander and lurk.


Anonymous 10/13/2017 (Fri) 11:57:40 [Preview] No. 1051 del
I use a cheap but private VPN service, with encryption and (allegedly) no IP logging reading the ToS.

I do not use wifi, that is insecure. My wifi chip in my computer (along with the bluetooth chip and camera) have been physically removed. Linux of-course.

I use Mozilla Firefox for the most part, sometimes Tor too.

One thing I do is make sure I manually program Bleachbit to scrub sqlite files in my browser directory routinely. Logs, caches, cookies etc: content-prefs.sqlite, cookies.sqlite, formhistory.sqlite, healthreport.sqlite, places.sqlite, signons.sqlite, webappsstore.sqlite (and their associated file formats) from my browser directory. Tor too stores these same kinds of databases, so any browser you use you'll want to learn what is in those directories and what they store.

Then, I also use Random Agent Spoofer to spoof my browser agent (spoofing metadata about what OS I use, what kind of browser it is, headers, get requests, etc.) and also allows me to disable webgl and geolocation in chrome.

I also use noscript and HTTPS Everywhere. Scrub noscript whitelist and reconfigure the list to your liking, whatever suites your browsing habits.

Go to about:config and learn how to use it, but be careful!!! There are some tweaks you can use to fortify and secure your browser, and to make it stop bragging about data.



(20.41 KB 812x513 why.png)
Microsoft and universities Anonymous 10/06/2017 (Fri) 19:10:05 [Preview] No. 11528 [Reply] [Last 50 Posts]
Hello /tech/. What is that? You have similar stuff in your university too? Any implications?
1 post omitted.


Anonymous 10/06/2017 (Fri) 22:13:24 [Preview] No. 11530 del
Remember kids, this is the sort of shit your ridiculous term fees pay for. Why? Well the high fees have to be justified somewhere!


Anonymous 10/06/2017 (Fri) 23:29:42 [Preview] No. 11531 del
Or I dunno, apply for another uni?


Anonymous 10/09/2017 (Mon) 17:02:17 [Preview] No. 11534 del
Fix your font rendering god damn


Anonymous 10/12/2017 (Thu) 07:59:16 [Preview] No. 11542 del
Hated taking cs classes and getting free microsoft trials as a student but theu would fucking run out before the semester was over and then I would have to scramble to figure out how to get my HW done without buying the software, while dealing with the flags Microsoft leaves in your system to prevent simply reinstalling the trial. Gotta make my own property.


Anonymous 10/12/2017 (Thu) 17:37:22 [Preview] No. 11545 del
>>11534
ok i am on a better computer and it is fine font rendering i see. i apologize



BTC Mixing services links anon 10/17/2016 (Mon) 12:33:37 [Preview] No. 608 [Reply] [Last 50 Posts]


Anonymous 10/17/2016 (Mon) 20:36:47 [Preview] No. 609 del
questionable


Anonymous 10/12/2017 (Thu) 00:22:15 [Preview] No. 1049 del
how 2 buy bitcoins?



Anonymous 10/03/2017 (Tue) 04:02:22 [Preview] No. 11492 [Reply] [Last 50 Posts]
The incompetence of /pol/ is amusing!!!


Anonymous 10/03/2017 (Tue) 05:55:25 [Preview] No. 11493 del
What happened now ?
Last time I checked they were all on discord like sheep.


Anonymous 10/03/2017 (Tue) 06:13:23 [Preview] No. 11494 del
(361.59 KB 900x1359 ser.jpg)
I don't get how so many channers are switching to discord. It's disgusting.


Anonymous 10/03/2017 (Tue) 08:47:05 [Preview] No. 11495 del
>>11494
fuckin' achting, m8.
Retard newfags are moving up the chans fast now that they've figured out that URLs are for websites, not hentai.


Anonymous 10/09/2017 (Mon) 23:49:01 [Preview] No. 11539 del
Everyone ignore this autistic fuck. He loves his rainbow text, and attacking /pol/. We don't give a rat shit about Discord, thanks.


Anonymous 10/10/2017 (Tue) 04:49:13 [Preview] No. 11540 del
(136.30 KB 546x700 back.jpg)



(70.59 KB 312x402 smgl.png)
Wizards Assemble! Anonymous 09/04/2017 (Mon) 10:18:13 [Preview] No. 11021 [Reply] [Last 50 Posts]
Advanced users of GNU/Linux (and I mean advanced), remember to try Source Mage GNU/Linux. True source-based distribution, and (in contrast with Gentoo and Arch) is:
Free from obfuscated and pre-configured code.
Fully committed to GPL, uses only free software (as in freedom) in their main package.
With even the documentation licensed as FDL.
Without 3rd party patches, sensible defaults or masked packages.
Doesn't need obfuscated python libraries, only bash.
No systemd (they've implemented their own init scripts system http://sourcemage.org/Init).
Uses clean dependencies as they came from upstream developers, which by the same provides instant updates.
Can heal broken installs.
Can also use flags.

Do you like Arch Linux's AUR? Do you like Gentoo's portage (or ports-like) package manager? With SMGL's "sorcery" you get all that. Making new spells (package build files) not found in the grimoire (repository of spells) is easy http://sourcemage.org/Spell/Book

Bash hackers welcome! Come and join http://sourcemage.org/

Installing SMGL is easy, here's the simplified process:
>boot a live Ubuntu (or whatever) USB drive

Message too long. Click here to view full text.

9 posts and 2 images omitted.


Anonymous 09/28/2017 (Thu) 19:57:23 [Preview] No. 11406 del
Never use the installer from the iso, even the website gives the warning of not using the iso image and suggests the chroot installation. Why did you even?


Anonymous 09/28/2017 (Thu) 20:19:07 [Preview] No. 11409 del
>linux


Anonymous 10/04/2017 (Wed) 04:50:35 [Preview] No. 11513 del
Apparently GRUB is now the default bootloader?


Anonymous 10/04/2017 (Wed) 15:08:57 [Preview] No. 11518 del
is source mage a RYF distro?


Anonymous 10/09/2017 (Mon) 20:43:14 [Preview] No. 11535 del
>11518
*an



Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply] [Last 50 Posts]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
69 posts and 1 image omitted.


Anonymous 09/18/2017 (Mon) 13:55:34 [Preview] No. 1028 del
>>1026
Tor sort of works now but there's no official Tor-OpenRC script besides the deprecated AUR version of that script. Also, UseEntryGuardsAsDirGuards is deprecated, Endwall might need to update his endtorrc file.


Endwall 09/19/2017 (Tue) 06:29:25 [Preview] No. 1029 del
>>1028
Yeah I noticed this a while ago and updated the file in endconf.git but forgot to copy it to the rest of the repo locations. Should be updated now. I guess the whole idea is that there is a best way to do something, (Tor settings for instance), so lets find that best way and spread it.


Endwall 09/19/2017 (Tue) 06:47:16 [Preview] No. 1030 del
I've been off of the ball for a while though. For instance I noticed recently that xtrac-ytpl.sh has stopped working. I'll look at this next weekend, but I've got homework up the wazoo.

I strongly believe that binary package based distributions are not the way to go for security. You're trusting the packager or the packaging team not to insert their own backdoor or malware, and you have no way to check if that has happened. Everything running on a secure computer has to have been compiled from source that is resident on your computer. That way if you suspect that something is wrong, you can at least check. I don't have the time or the expertise to do this but there are enough computer security experts out there that will, and will hopefully raise a red flag in a blog post, or in an article, or publicize it in a bug tracker. Right now, by using parabola (debian, ubuntu,mint,fedora,etc) , I'm trusting the packager that they don't work for an Intelligence agency of some small European country, or for a hacking team operating out of Russia. If they get caught (unlikely) they can just change their fake name and move on to the next distribution of linux (if they're not already doing it to the packages there as well).

I generally fell off of the wagon when I realized that my computer hardware and operating system were a major point of unreliability, and the probable source of my leak and privacy issues.

Binary package based distributions are a good place to start for someone learning to use GNU/Linux, but they're not the place to be for secure / private systems. Those are just my opinions, I'm not an expert in computer security, but by talking about it we'll get to the bottom of this eventually.


systemd Anonymous 09/27/2017 (Wed) 22:18:38 [Preview] No. 1039 del
About security vulnerabilities on systemd:
https://www.scientificlinux.org/category/sl-errata/slsa-20162610-1/
https://www.phoronix.com/scan.php?page=news_item&px=Systemd-230-FBDEV-Woe

Beware of the combination with Wayland. Also systemd is not the only problem, Avahi has been a problem for a while.


Anonymous 10/03/2017 (Tue) 06:25:47 [Preview] No. 1042 del
https://github.com/projectatomic/bubblewrap
This is supposedly better than firejail, and it sure is harder to use than firejail from the looks of it.



odilitime 06/28/2017 (Wed) 14:10:02 [Preview] No. 8767 [Reply] [Last 50 Posts]
/g/'s building a web browser
http://boards.4chan.org/g/thread/61078788

OSX Fork (pic related)
https://gitgud.io/odilitime/netrunner

dicsuss
49 posts and 31 images omitted.


Anonymous 09/15/2017 (Fri) 11:46:57 [Preview] No. 11116 del
>>11113
>links2 doesn't render all css
That's not the problem with links2. CSS is cancer.
The problems with links2 is that it has not preventive security measures by default, such as privsep, sandbox, etc.
It also could adhoc with youtube-dl and an external player, so we could directly play media.
Another problem is keybinding. There's none.

If someone address that problems in links2 (and clean the messy code, obviously), that would be a fantastic browser.
I had this project myself (although I would reconstruct it in a dependent-type language or Lambda-Prolog), but I'm too immature to do it (yet).


Anonymous 09/27/2017 (Wed) 22:46:06 [Preview] No. 11392 del
You can make this easy and without having to work twice where other people already leave its contribution, that is what the unix philosophy is about. Reuse other applications like curl/wget to make connections. Keep your your work at rendering engine but base off common unix tools and make it a frontend to all of those.


Anonymous 09/28/2017 (Thu) 10:59:38 [Preview] No. 11403 del
>>11116
Elinks lets you change key bindings and make custom scripts, so it's probably possible to have it run youtube-dl and mplayer from a youtube link.
It doesn't display images inline though, but relies on external viewer (like Lynx).
http://elinks.cz/


Anonymous 10/04/2017 (Wed) 04:36:15 [Preview] No. 11512 del
>>11403
That is freaking amazing. Elinks is perfect, just needs a graphical rendering.


Anonymous 10/04/2017 (Wed) 14:45:35 [Preview] No. 11516 del
>>11116
>>That's not the problem with links2. CSS is cancer.
Look man, I just need some basic css so I can view my hentai sites.
>The problems with links2 is that it has not preventive security measures by default, such as privsep, sandbox, etc.
you can sandbox it with third party shit like firejail and pledge

>Another problem is keybinding. There's none.
>If someone address that problems in links2 (and clean the messy code, obviously), that would be a fantastic browser.
Amen



Instagram is listening to you Anonymous 08/26/2017 (Sat) 21:44:37 [Preview] No. 10897 [Reply] [Last 50 Posts]
https://lobste.rs/s/smmjku/instagram_is_l
istening_you_scary

Interesting. I've noticed this too when I see a friend connect to his facebook while we are working. Sometimes I talk about a random subject and minutes later facebook shows an ad about this uncorrelated data.
I don't think they are actually using microphone, but I think it's almost certain that they correlate the data/metadata about the users with such precision, at the point to build a oracle sybil ad system.
Can anyone here understand how this is very dangerous? They can control everything using this.
18 posts and 4 images omitted.


Anonymous 09/08/2017 (Fri) 14:34:00 [Preview] No. 11053 del
>>11042
i don't mean to defend goybook, but you are hugely speculating. it would be pretty stupid for a company to secretly record your microphone in code that is easy to reverse engineer
>>We only access your microphone if you have given our app permission and if you are actively using a specific feature that requires audio. This might include recording a video or using an optional feature we introduced two years ago to include music or other audio in your status updates.
this vaguness here is normal and always has been in software. companies don't understand security and privacy and don't consider them important. as such they will not carefully explain what their programs do and do not do


Anonymous 10/02/2017 (Mon) 18:48:06 [Preview] No. 11484 del
>>11053
How is it speculating, when a company's whole revenue is based on data collection? Anon you are really naive.


Anonymous 10/02/2017 (Mon) 18:49:36 [Preview] No. 11485 del
>>11053
dont assume the code would be *easy* to reverse engineer!


Anonymous 10/02/2017 (Mon) 22:29:14 [Preview] No. 11490 del
>>11484
is that anon naive, or is he a shill?


Anonymous 10/03/2017 (Tue) 21:54:05 [Preview] No. 11509 del
This seems more likely: https://www.wired.com/2017/05/hundreds-apps-can-listen-beacons-cant-hear/
Just like how it's easier to put a web beacon on a page instead of parsing it's content.



(21.35 KB 358x272 045.jpg)
Anonymous 10/02/2017 (Mon) 00:14:34 [Preview] No. 11448 [Reply] [Last 50 Posts]
I'm looking to build a PC ($700 - 1000), and was wondering what would be a good build for gaming?
12 posts and 1 image omitted.


Anonymous 10/03/2017 (Tue) 12:16:21 [Preview] No. 11498 del
>>11497
Your post improved the quality


Anonymous 10/03/2017 (Tue) 16:14:00 [Preview] No. 11499 del
>>11498
back to lainchan


Anonymous 10/03/2017 (Tue) 18:58:58 [Preview] No. 11500 del
Summary of actual info in this thread:

1. pcpartpicker.com

2. tech contains hostile douchebags who need more bran in their diet

So, does an SSD actually make a damned bit of difference *during gameplay* for any popular games? If one doesn't give a shit about boot or load times, is skipping the SSD and going with the classic bigger, cheaper, mechanical hard drive in a gaming rig the way to go?


Anonymous 10/03/2017 (Tue) 19:30:32 [Preview] No. 11504 del
>>11500
Depends on your ram space and your setup. I don't think you get a choice on windows, but on GNU/Linux you can have no swap space in which case it makes no difference but you need enough RAM. Can also depend on the game with level loads. Short answer, it makes a difference. A noticeable difference? Depends.


Anonymous 10/17/2017 (Tue) 01:08:52 [Preview] No. 11567 del
It pretty depends on what type of games you play as you can save money here or there by buying specific parts that will be used heavily in those games. For example, if you like to play games like Total War, you might want to get a Ryzen 5 or 7 as the threading and price will help out immensely. Those games don't really put a dent in your GPU as much as other games. If you want to play FPS' in 4K or whatnot I'd recommend spending more on the GPU and sticking with a modern intel quad core and something like a 1070 or even a 1080 if you can manage.

Another thing. I'd recommend to get a small 80-120 gig SSD to store your OS and other files and go for a 50 buck 1tb hdd for your video games. Most video games will take a lot longer to load as you're moving the data off of the platter but if you have enough RAM to handle the game's cache you're A OK. Honestly anything over 8G is enough in terms of RAM. If you can squeeze it out try getting mid priced memory modules and overclock them just a bit from there. The reason you want 8 gigs or more is because games (and most programs now) often cache the game's files in memory directly as memory is the second fastest thing you can retrieve your delicious bits from (the next up being your CPU's caches).



OpenIKED vpn alternative Anonymous 10/02/2017 (Mon) 10:27:22 [Preview] No. 11471 [Reply] [Last 50 Posts]
What do you think of OpenIKED?
Is it a viable alternative to Openvpn?

http://www.openiked.org/
https://github.com/reyk/openiked
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/
4 posts and 1 image omitted.


Anonymous 10/02/2017 (Mon) 18:44:47 [Preview] No. 11483 del
>>11482
define better**


Anonymous 10/02/2017 (Mon) 18:52:30 [Preview] No. 11486 del


Anonymous 10/02/2017 (Mon) 21:50:37 [Preview] No. 11488 del
See this: >>10608


Anonymous 10/02/2017 (Mon) 22:17:23 [Preview] No. 11489 del
>>11488
>See this: >>10608
Yes, and then read the rest of that thread so you can see what an idiot >>10608 is. Then realize that it would be pretty dumb to take security advice from someone who makes bold, unequivocal statements like he knows what he's talking about, then when he gets utterly blown the fuck out, falls back on "B-but I never said I was an expert, pls no bulli pls!!!!!"


Anonymous 10/02/2017 (Mon) 23:58:17 [Preview] No. 11491 del
(444.77 KB 1280x960 sure.jpg)



Learning Anonymous 10/02/2017 (Mon) 02:15:57 [Preview] No. 11454 [Reply] [Last 50 Posts]
How did/does everyone continue their learning endeavours? I think most of us are self-taught and autodidacts around here, but there might be some formally taught.

I recently found the joy of academic websites by professors. The first is a nice computer security basics for the stack and how to exploit it by Wenliang Du of Syracuse New York: http://www.cis.syr.edu/~wedu/education/buffer_overflow.html

If you mess around with the URL, you can traverse different directories and see more resources by him and his department. Of not is this page where he has labs and videos for OS sec and exploitation: http://www.cis.syr.edu/~wedu/education/

I've found myself greatly under-educated to understand some of the more advanced issues like injection and return-to-libc, but that is being remedied after I found MIT's open courseware: https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/

There's a lot of courses with guidelines to learn specific topics that could be useful to patch up the holes in someone's knowledge. I know there isn't enough time in most of our lives, unless you're set and have the time which I would be jealous of, so it's imprudent to go at learning everything. I know I've skimmed the CS basics (6.00SC) to brush up what being a self-taught "coder" has left me wanting. A deeper look into recursion and algorithm times was cool, but I don't think it would be useful for anything at the current moment, so I've put it off into a "rainy day" tab to go back to whenever I don't have enough brain power to focus on pressing tasks, but don't want to waste the time on entertainment or idle tasks. Most of the undergraduate classes I believe have video lectures, which can be nice to just play on a mobile device and passively absorb too.

I found both links only by chance and using a proxy from a different country (American networks don't show edu sites as often?), but I can reproduce it on Google using "'TOPIC OF INTEREST' site:*.edu" where single quotes is just a string literal of interest and site portion specifics to return all sites that are .edu domains only.

It'd be best if you could share only things that were personally useful to you and how. There is too much stuff floating around and too little time to waste on personally verifying them.

On a more personal note, if anyone has sources for vulnerability research (exploitation development, assembly code auditing, etc.) I'd be grateful.


sage sage 10/02/2017 (Mon) 02:19:11 [Preview] No. 11457 del
Excuse my terrible formatting and extra picture.


Anonymous 10/02/2017 (Mon) 03:14:18 [Preview] No. 11458 del
>>11454
I took a programming class in college, but that is the extent of my formal education in /tech/ type subjects.

Later on, I learned Perl because I wanted to solve a math problem I saw in a science magazine. A computer wasn't necessary to solve it, but I didn't have the mathematical maturity to do it "the right way", so I had to brute force it instead. Thus, Perl. I used this tutorial: https://users.cs.cf.ac.uk/Dave.Marshall/PERL/

Most of my learning has been dictated by expediency. I don't think I've ever said to myself "I'm going to learn Python today." Rather, I have something I want to do, or a problem I want to solve, or something I want to automate, so I try to figure out from there how to go about getting it done.

When it involves learning timeless concepts, e.g. different types of algorithms or data structures, I'll often try to find a good book on the subject.

When it involves learning a new programming language, if the language itself is still in development, I shy away from using books, as they rapidly become outdated. In that case, I look for tutorials online that appear to still be maintained, or are part of the official project. But after having learned how to program in general, it's often more efficient to just refer to the documentation for the language (if it's good) and code examples. I never followed a Python tutorial or course, for example. I already knew Perl, so I just read the Python docs to figure out how to do what I wanted to do.

MOOCs and self-paced learning courses (the materials, anyway) of the sort offered by MIT could be a great resource for the right kind of person, but I don't have the discipline to do those.

Lecture-type videos can be good for somethings. I really don't care for screencast-type videos, however. I think those must be hard to do well.

So, for me, I tend to have a goal or task in mind, then I work backwards from that, figuring out what I need to do in order to reach that goal, then depending on what those things are, I look to different types of resources as appropriate. Might not work for everybody. Works okay for me.

Message too long. Click here to view full text.



Anonymous 10/02/2017 (Mon) 18:27:00 [Preview] No. 11480 del
>>11458
>"the right way"
I remember in the 600SC course, the professor (Guttag) mentions that brute forcing is usually the "right" way to do maths problems in programming languages. I don't remember his reasoning but I think it was because all maths problems are just a bunch of smaller pieces glued together and you can break down and can be characterized as such in your programs, instead of the "elegant" but confusing one-liner.
>"expedency" + "self-paced" + "lecture" + "task"
I am the same. I've been trying the MOOCs and to build up a "foundation" but I feel bored out of my mind and whenever I try to learn something that's not immediately useful, I just glaze over the information. I know it's my ADD and I'm being subborn about it, but I'll have to work through the fact that I don't need to know everything to face a problem, even if it might be reckless. However, some topics don't lend well to being learned "as you go," and don't have texts as readily available as broader topics.
>"Violent Python"
I had the book saved from a bunch of torrents and repos I downloaded, but I decided against keeping it because, like many of the books I had downloaded, it focused too much on specific tools and cases, instead of the replicable theories behind the attacks.