/tech/ - Tech

Technology.

catalog
Mode: Thread
Name
E-mail
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

Captcha
Password

(used to delete files and postings)

Misc

Remember to follow the rules


(177.41 KB 1135x2048 niconozo-charging.jpg)
Comrade 10/01/2019 (Tue) 18:48:19 No. 4312 [Reply] [Last]
What are some Free Software projects worth contributing to?
1 post omitted.
>>848
>What are some Free Software projects worth contributing to?
That depends entirely on your skill set and interest comrade. So what to you enjoy and what are you good at? Just so you know hacktoberfest is being sponsored by digitalocean right now so it might be a nice thing to get in on if you're planning to do this anyway: https://hacktoberfest.digitalocean.com/
desktop environments like KDE. they need more polish.
Bring window edge snapping back to Openbox.
OpenTTD and OpenRCT2 These projects are keeping 2 really good oldschool games alive and running on modern machines while also improving them and adding new features.

(143.71 KB 728x409 ap_resize.php.png)
Is firefox compromised now? Comrade 08/13/2020 (Thu) 07:53:41 No. 4059 [Reply] [Last]
https://www.androidpolice.com/2020/08/12/massive-mozilla-cuts-threaten-the-future-of-firefox/ I want to say Tor is the future but i heard it was funded by the U.S
37 posts and 8 images omitted.
>>4184 >>4186 >>4187 They're actually political commissars
>>4184 I wouldn't necessarily agree, their role is more along the lines of a strikebreaker, but with a human face. In the name of diversity and inclusion, anyone can be fired or assigned somewhere else, which is ideal for anti-organisational measures.
>>4199 Did this ever happen or are you just making shit up again?
>>4220 I was just saying that this is not a useless job, I have no idea if Mozilla specifically has used the position this way.
>>4238 You did claim that this is what they do, and I asked that it ever actually happened. It seems to me that you are just making conspiracy theories up.

The Coding Interview Comrade 07/26/2020 (Sun) 17:34:10 No. 3641 [Reply] [Last]
What's up with the coding interview? You would think being a competent programmer would be enough to get a job but there's a whole industry out there specialized in preparing people for code interviews. It even has a Wikipedia page of its own. No other industry has a specific Wikipedia page for their job interviews. Why? What went wrong?
4 posts omitted.
>>4000 Also nice job citing a blog from 2007, before leetcode, topcoder, projecteuler, khanacademy, etc. etc. were a thing, before FAANG's corporate dominance and consolidation of the internet, before the 2007 financial crisis, before the first iPhone was released, your blog is prehistoric by the rapid pace of the changing IT world.
>>4009 >>4011 >Tesla Was from the early transitional period when all this started, during an era when safety and reliability standards were far lower, and it only became universal by the post-WWII era even in the US: https://en.wikipedia.org/wiki/Regulation_and_licensure_in_engineering#History >Wozniak Cobbled together a PC design on a shoestring from spare parts, even writing the entire BASIC on paper and typing it in all at once because he didn't have regular access to a workstation. Like all PCs of the era, it was a clumsy hackjob, but the fact it worked at all was more than enough to make it amazing for the time. That's not an acceptable standard for anything even vaguely resembling the level of maturity the IT sector should've had since the '90s at the latest, not to mention today. >the changing IT world Wow, yeah, Indian webdev mills churning out script kiddies that can't "program" in anything except JS, and deploying end-user software for joke "platforms" like Electron.
>>4025 If you're really that much smarter than Tesla and Wozniak combined, why are you wasting your talents shitposting here?
>>4000 In most places of the world, "their field's accrediting body" is the university. If you have a software engineer or computer engineer diploma, you are an engineer and can call yourself one. If you work for industries where it is necessary, you will be held for the same standards as other engineers. Ask anyone working in automotive, healthcare or similar fields.
>>3641 Engineers are naturally drawn towards over-engineered solutions. Just look at Silicon Valley startups. They even invent problems where there are none just so they can create an app.

(503.48 KB 934x1000 daily_programming.png)
Daily Programming Thread Comrade 01/27/2020 (Mon) 18:13:02 No. 17 [Reply] [Last]
What are you working on, /roulette/?
188 posts and 33 images omitted.
>>1869 Sure, and asm is also turing complete, but you will never use it to replace your shell scripts. Now imagine having to work with convoluted json data in bash.
>>2940 https://stedolan.github.io/jq/ It's actually pretty convenient.
>>17 Working making changes to some Vue codebase. I kinda wanna die, ngl.
>>2939 Which one did you end up using?
>>17 Funnily enough, I'm currently working through SICP, CLRS and that one book by Patterson and Hennessy. Don't know if I'm just memeing myself or if this actually werks, but these books are pretty good so far.

(62.91 KB 480x341 element-logo.png)
Riot is now Element Comrade 07/22/2020 (Wed) 17:17:50 No. 3559 [Reply] [Last]
22 posts and 4 images omitted.
>>3747 why does only Riot support voip?
>>3748 Because its definition in the Matrix standard is still experimental. Also because it's currently reliant on WebRTC, which relies on web bloat. There is currently an early effort by nheko Reborn (the only truly native client that [mostly] supports E2EE) to implement VOIP without WebRTC, probably using GStreamer: https://github.com/Nheko-Reborn/nheko/issues/109#issuecomment-610607467
>>3746 I use gomuks. Encryption isn't currently supported, though. Unfortunately.
I'll just keep using Element/Riot until Fractal enters beta/stable (has E2EE & VoIP support).
>>3761 this.

Comrade 01/27/2020 (Mon) 13:36:56 No. 221 [Reply] [Last]
What Internet browser does /tech/ use? personally, I just use firefox
86 posts and 7 images omitted.
>>221 Vivaldi good?
>>521 RIP Mozilla
(28.08 KB 633x758 soy198 (2).png)
>>521 >NOOOOOOO!! YOU WERE THE CHOSEN ONE, MOZILLA! YOU WERE SUPPOSED TO DESTROY THE ENEMIES OF THE INTERNET, NOT JOIN WITH THEM! BRING BALANCE TO BROWSER STANDARDS, NOT LEAVE THEM IN DARKNESS!
(17.16 KB 400x400 sheev.jpeg)
Did you ever hear the tragedy of Mozilla the Wise? I thought not. It's not a story Google would tell you. It's a hacker legend, you see. Mozilla was a Dark Lord of the Internet, so powerful and so wise he could use his browser to influence web standards... He had such a knowledge of webdev that he could even keep floundering file formats from dying. The dark side of webdev is a pathway to many abilities some consider to be unnatural. He became so powerful... the only thing he was afraid of was losing his power, which eventually, of course, he did. Unfortunately, he taught his apprentice everything he knew, then his apprentice killed him in his sleep. It's ironic... he could save others from death, but not himself.
>>4022 >Vivaldi Hell no, it's proprietary

(100.76 KB 1520x1000 boothole.jpg)
GRUB2 pwned through UEFI exploit Comrade 07/30/2020 (Thu) 07:02:03 No. 3737 [Reply] [Last]
Yet another gaping security flaw has been found in the Microsoft Trojan Horse replacement for BIOS known as UEFI. This one affects GRUB2 bootloaders in particular. https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.
1 post omitted.
>>3738 Basically this vulnerability requires root / admin access to access the grub.cfg file located in the EFI System Partition, which means the attacker must first gain a foothold on the system and escalate privileges (physical access also works). The vuln only helps with persistence across system reboots, so it’s unnecessary — and perilously noisy — for attackers to employ this if they already have root on a system that never reboots. In other words, protect your system from privilege escalation attacks and prevent evil maids in hotel rooms from physically accessing your machine and you protect yourself from this. Also you should laugh at anyone who has ever relied upon Secure Boot to protect themselves, a "feature" that has been broken by design since its inception.
>>3738 it has a catchy name and a logo that means it is scary
>>3739 >Basically this vulnerability requires root / admin access You're already beyond fucked at that point anyway. There are more important vuls discovered all the time that either escalate the privileges or gain access to the system over network in the first place. But most of them are so specific that there's very little chance you'll get hit if you update your system, even if takes a month for the fix to arrive in your repos.
>>3744 Why is everything so comodified and branded that even something as obscure and technical as security vulnerabilities get flashy logos, graphic design and a name that sounds like it was created by a marketing focus group? It's just ridiculous.
>>4053 It was created by a marketing focus group. It's advertisement for the business that found it.

(6.32 KB 109x100 searx.png)
Searx Comrade 07/03/2020 (Fri) 11:53:59 No. 3073 [Reply] [Last]
I know that if I run my own instance of searx is the most private way to search things up. But what about public instances of searx like search.snopyta.org, are they any safer than just using pure duckduckgo? Because I am still trusting a 3 party with my data, the only other advantage that I see using a public instance of searx is that is completely open source. Are there any other positives?
14 posts omitted.
>>3437 I like street view though, photo imagery of Earth's surface, rather than the layout?
>>3431 impossible
>>3431 Unless the NSA and friends have made a breakthrough on quantum computing and kept it secret, functionally impossible. With properly set up and non backdoored ssl crypto you're looking at average computation times longer than the heat death of the universe. Of course they could always do what they did with Dual_EC_DRBG and backdoor the encryption to make it significantly easier to break or just compromise the servers you're talking to.
>>3437 Good post. What's a good .txt dictionary? I tried looking for one once, but they were all antiquated
>>4032 Check this out: https://dumps.wikimedia.org/ Wiktionary has a lot of English words, plus etymologies, pronunciation, translations, etc.

(573.58 KB 1140x500 cyber_security.jpeg)
Privacy general Comrade 05/08/2016 (Sun) 16:12:51 No. 2214 [Reply] [Last]
Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.

General tips
===

* Use free software as much as you can.

* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits

* Don't use Flash Player, use youtube-dl instead for watching streaming videos online

* Do not use Google, use DuckDuckGo or StartPage instead

* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.

* Use the Tor Browser Bundle if you really want to stay anonymous.

Firefox
====

* Go to Preferences -> History and set History to "Never remember history".

* See for additional tweaks: https://github.com/amq/firefox-debloat and https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security

Add-ons
-----------

* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode

* HTTPS Everywhere

* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)

* Self Destructing Cookies: only allow cookies that you choose to allow

OS
==

* Encrypt your hard drive or home partition at least

* If you use GNU/Linux, you can try to restrict systemd or syslog from logging.

* Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.

Real life tips
===

* Pay with cash if you can



Feel free to provide tips to each other comrades!
65 posts and 4 images omitted.
>>2214 >Use a password manager like Keepass is it alright if i use bitwarden? i like the easy sync across multiple devices
>>3958 If you're talking about their cloud offering then its enough to deal with reducing password reuse but because the database is stored on their server and is encrypted/decrypted via a webpage they control you should not expect any protection whatsoever from anyone with serious resources. If three letter agency wanted access to your passwords on a self controlled keepass database then they would have to either thoroughly compromise your computer (to the point nothing would help) or get the password via other means, for something like bitwarden they could potentially walk into the office with a subpoena and have them change the web page so it sends your password to the server and decrypts your db for them, since there is no warrant canary assume this has already occured.
>>3958 I'm using keepass and tbh I don't see the problem with just transferring the file around, its like 5kb, I've got into the habit of just copy/pasting it across my different machines when I update it on my main machine, it takes like 2 seconds to copy it to my phone and push it over waprinator or ssh to my laptop, if I needed to get it remotely for some reason I could just put the encrypted password file in a cloud repo or github or something and up the masterpass complexity/change the pass after downloading the file (I don't forsee ever needing this so I don't have an online backup of it, doesn't seem like the greatest idea even if a 30 character properly configed masterpassword should be virtually uncrackable) I think the slight hassle is worth the extra comfiness of knowing its not being passed around in a cloud server by some company somewhere, and the passwords don't need to change often, since they're so strong, and they all get changed at once since force change after a certain time is enabled for them
I really hate that I can't post on fourchins with my vpn. I want to basically fight every right wing post that they shoehorn into any thread.
anyone virtualize whonix on debian: what version of virtualbox do you use?

(38.57 KB 700x470 AccuVote TSX.jpeg)
Designing transparent and secure election systems with computers Comrade 07/09/2020 (Thu) 23:00:09 No. 3173 [Reply] [Last]
Many countries around the world, after some initial experiments, have completely dumped the idea of running their election systems with computer hardware and returned to hand-counted paper ballots. One look at the cartoonish hodgepodge of election machines with a million security holes across the United States all making use of unauditable proprietary software and hardware and manufactured by private companies mired by a history of corruption and scandals. One look at all that would be enough to give any reasonable person pause to reconsider the entire idea of electronic voting. Is it possible to design an electronic voting/counting system that fulfills some basic expectations of security and transparency? I and many other computer security experts would argue that it is not and never will be due to some fundamental aspects of computers. But let's not let that spoil our fun. How would you design electronic voting systems to be secure and transparent? What would the hardware be like? What would the software be like?
10 posts and 1 image omitted.
>>3177 This work work fine too. A pseudonymous but verifiable cryptographic signature is a solved problem. Look into zero knowledge proofs as well: https://research.kudelskisecurity.com/2018/11/05/e-voting-crypto-protocols/
>>3197 >Its simply not feasible to have tons & tons of properly organised paper votes for things like workers councils making small decisions. Why not? It's being done right now.
The fundamental issue isn't that its an unsolveable problem, its that you still have to trust the organisation running the election more than you do for a paper ballot.
>>3174 >copyleft openrisc >not permissively-licensed risc-v meme ISA giga based
>>3192 >1. In what ways are current pen-and-paper election systems are broken? Insecure, unreliable, centralized, slow, expensive, inflexible. >2. How would an ideal digital election system fix this issues? Public-private keys are a simple centralized solution, blockchains are a more elaborate decentralized solution. >>3219 >its that you still have to trust the organisation running the election more than you do for a paper ballot Not true. Crypto systems can be completely decentralized.

Delete
Report

no cookies?