[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

Matrix   IRC Chat   Mumble   Telegram   Discord

| Catalog | Home

File: 1608526015238.jpg ( 74.01 KB , 1024x768 , 31821-1.jpg )

 No.2177[Reply]

I posted this in another thread but I think it deserves its own thread.I've been seeing a lot of people saying that installing tor is super hard and difficult, and, even if you use windows it's not that hard. All you have to do is install the tor browser and go into the browser bundle files and run the executable for tor, or, just use the browser bundle.Like it's not hard at all.But, being the pros (and dirty commies that we are) we don't use fucking bourgeois Microsoft.So, I've set up a super simple and comprehensive guide to installing and using tor like a pro on Linux.This is why we use Linux.STEP ONE:Downloading tor:ctrl+alt+t: Open terminal:Sudo apt install torsudo service tor startSTEP TWO:Downloading and setting up privoxy.sudo apt install privoxyEdit the config file:vim /etc/privoxy/config(If you don't have vim sudo apt install vim)add in text at the bottom:(vim insert mode: press I)forward-socks5 .onion 127.0.0.1 9050(press escape)Type :wq (write quite)Done, ammo loaded cannons ready to fire.STEP THREE:Set up firefox to use tor:about:preferences: Network settings, Use custom proxy(Privoxy runs on port 8118) 127.0.0.1 8118Check off "Use this proxy for all protocols"Done.Takes literally 5 seconds and you don't have to inconvenience yourself by downloading a whole brand new fucking browser ONLY for the simple task of bouncing around encrypted packets through a bunch of proxies. You also don't have to live with the hellscape that is Microsoft and the billions of exploits and bugs in and written for it. (Not to mention back doors.)And before anyone starts bitching; Setting up firefox for privacy isn't that difficult.Basically turn off all telemetry and geo location, referer headers (but you will need http refer headers for 8chan) and some other shit, Guide here:https://www.privateinternetaccess.com/blog/2018/09/firefox-hardening-guide/But honestly none of that even matters unless you are a windows user or a pedophile and let's hope you aren't either one of those.Have a nice day.
67 posts and 8 image replies omitted. Click reply to view.
>>

 No.10856

>>10855
How can you expect us to troubleshoot your problem if you're unwilling to tell us anything and provide misleading examples? Then you call me an autist when I try to work with what you gave us lol.

At least try using torsocks with something basic like wget and post the result of that FFS.

>just one simple example of a popular program that should work with torsocks but doesn't

Wrong, it's not simple and it's not guaranteed. Only a few programs are officially guaranteed to work. Firefox might work or not, but it's a ridiculous test case for testing if torsocks works at all. https://gitlab.torproject.org/legacy/trac/-/wikis/doc/torsocks
>>

 No.10857

>>10856
Tails OS sure seems able to get torsocks to work with a wide range of things.
>>

 No.10858

>>10857
Tails doesn't use torsocks at all, you have no idea what you're talking about.
https://tails.boum.org/contribute/design/Tor_enforcement/

Anyway, torsocks works fine for me, but I'm not trying to make it torify whole browsers or operating systems. Sounds like you encountered a user error.
>>

 No.10859

>>10858
Huh, guess I had torsocks misconstrued then. I thought it was the big tool used generally to route non-browser applications through Tor. I still can't make it work with anything.
>>

 No.10862

>>10859
Torsocks is basically a monkey patch: it is a hack that replaces the connect() system function at runtime with its own wrapper.
But if a program does some weird shit then torsocks's wrapper might break something. Or some part of a program might use a different method of connecting, which means torsocks's wrapper will be bypassed and the program will leak. Browsers have become almost their own operating systems, they probably reimplement large parts of the network stack. That's why I would be surprised if applying torsocks to firefox actually did work.

Try this:
torsocks curl -I https://www.example.com/


The above should output HTTP headers. If not then inspect with strace:
strace torsocks curl -I https://www.example.com/


Then look for the connect() calls, something like this:
connect(5, {sa_family=AF_INET, sin_port=htons(9050), sin_addr=inet_addr("127.0.0.1")}, 16)


There's other options than just torsocks though. The program might internally support SOCKS proxies without documenting it. Often they check the ALL_PROXY or all_proxy environment variables. So you can try running this:
ALL_PROXY="socks5h://127.0.0.1:9050" all_proxy="socks5h://127.0.0.1:9050" /path/to/my/program

Post too long. Click here to view the full text.


File: 1629068693634.jpg ( 45.97 KB , 1920x1081 , spotify-logo-1920x1080_fou….jpg )

 No.10716[Reply]

What's the tool to download video from Spotify and Netflix?

I want to download an encrypted video.

I tried yt-dl, yt-dlp and N_m3u8DL.
6 posts omitted. Click reply to view.
>>

 No.10836

>>10835
No that's not it, if people say how they tech the tech, it might induce changes in the distribution systems, and then they have to do the work of figuring out where the stream is put together all over again.
>>

 No.10841

Yeah, I write scrapers for myself all the time, which includes automated logins and such. The only obstacle are captchas, everything else is usually trivial to work around.

I've looked at the list of youtube-dl's extractors and it does support Spotify, but not Netflix. So there's that at least.

>>10835
To work in a "team" and withstand your boss and the general office bullshit you need normie skills not tech skills. Hobby programming, let alone web scraping, is not a "marketable tech skill" either way.
>>

 No.10842

>>10841
meant for >>10834
>>

 No.10843

>>10841
if you know right people, there is no such thing as unmarketable skills. degenerates like sports betting junkies will hire retards who know how to use selenium at basic level to scrape odds and buy lines at discount. Learn some R with shiny and you can even scam people looking for cheap business analytic.
>>

 No.10845

>>10835
shut the fuck up workoid


File: 1608525825243.jpg ( 23.79 KB , 480x360 , 9f0bdf62311485b859e0078e84….jpg )

 No.39[Reply]

Is protonmail a honeypot?
>Trying to sign up on .onion links back to .com
>Can't sign up with vpn
>Only accepts crypto after you've signed up

There's absolutely no reason for not allowing sign-ups with vpns/TOR and activating the accounts after the payment has gone through
Do there exist any alternatives that aren't glowies?
46 posts and 2 image replies omitted. Click reply to view.
>>

 No.10811

>>10810
>By default, we do not keep any IP logs which can be linked to your anonymous email account.
Legal context aside, this statement evaluates to false
>>

 No.10812

>>10811
Whelp, I've had about enough of this shit. Time to get a home email server setup already.
>>

 No.10814

the entire internet is an honeypot. once you get there you're fucked.
>>

 No.10815

>>5626
t. your cia glowie
>>

 No.10822

I don't care much about the server side of things because I heavily compartmentalize and torify my email usage anyway, so it's not very helpful for their big data algos. For the most part I use one email account per identity per website - that includes multiple email accounts for a single website in case of multiple logins. That's a lot of email accounts.

Which is why I'm searching for an email provider that:
- isn't a pain in the ass to register an account with
- provides IMAP support for free so I can automate my email checks

Is there anything like that out there?

>>10808
What's essential is to use Tor, the onion service is just a cherry on the cake, but Tor by itself already hides your origin IP even if you connect to a clearnet address.

Unfortunately their onion service is not configured for its purpose, so it will often refuse to login you with the message "too many recent login attempts". That's probably because they left their clearnet checks in place. Most of the people who set up onion services don't use Tor themselves so there's really very little testing involved.


File: 1631380372246.jpg ( 36.75 KB , 828x435 , cheez.jpg )

 No.10816[Reply]

I know this is firstworldproblems

I don't game so this is really just a commentary from a outsider looking in, but i've recently heard that first person video game developers are thinking about using the TPM (trusted platform module) chip on the motherboard for anti-cheat, this seems like an extreme measure for video games, which got me curious about the problem.

Apparently cheating in video games has become really serious business and very technically sophisticated. Some people even use a secondary computer to run cheat software that generates fake user input signals for a simulated mouse, keyboard and or gamepads. Which means people pay big money for hacks.

Why are game devs trying to beat cheaters in a technical arms-race, instead of trying to make money off of them ?

Cheating doesn't really matter as long as cheaters and non-cheaters don't mix. Because "the experience™" matters.
To fix this, a detailed skill measuring system is needed that is really effective at matching players. The goal at this point is not to detect cheaters, but to indirectly move them to cheater arenas where they can have software robotwars. To make this work you have to do more than just give players a skill rank, you have to generate like a "data-rich" play pattern and match players according to their play patterns. This would probably also fix other issues that diminish "the experience™"

The next step is to develop your own cheat programs and sell them, that way you know who the cheaters are (at least some of them) and you can safely quarantine them in the cheater corner. To get maximum capitalistic cheater-bucks, periodically depreciate the cheat programs. (I know this is really atrocious anti consumer behavior but nobody cares about it in this specific instance).The technical experience you gather from making the cheat programs translates into making good bot-players that you can dynamically remove or add to online matches to balance out mismatched human players.

This hole problem might just be capitalism's fault because how many cheat programs would really be developed in an economy based on production for use rather than production for sale. However it is still plausible that such abuse cases could occur in socialism as well, and i think we ought to find ways to negate the abuse in a more elegant way that doesn't involve punching the donkey. Is there a way to get hack-devs interested in using their skills for a bettePost too long. Click here to view the full text.
>>

 No.10817

It's simply not possible. Despite having some of the most intrusive anticheats, both esea and faceit cannot detect hardware cheats.
https://blog.esea.net/esea-hardware-cheats/
>>

 No.10818

The best way to bust cheaters is with active server admins and the honor system. Everything else comes with too many drawbacks.
>>

 No.10819

>>10817
That being said, hack v hack is fun to watch.
>>

 No.10820

>>10819
seemed boring to me, am i missing something ? can you share what the fun part is ?
>>

 No.10821

>>10820
I probably not the best example, but the story goes like this.
>two "legit" cheaters are trying to hide their cheats
>they eventually learn that the only person killing a hacker is another hacker
>cheat arms race to see who "rage hacks" first, aka spinbot, bhops, etc.
it happens a lot now that csgo is f2p, I think there are whole YouTube channels dedicated to hack v hack


File: 1608525871820.png ( 275.43 KB , 2508x2043 , nntpchan.png )

 No.564[Reply]

Recent events have once again highlighted the necessity of a truly communal, self-governed anonymous discussion forum. This thread is for the development of new forms of decentralized anonymous image boards.

The problem in need of a solution is this: [b]How can we develop a forum that genuinely empowers its community and allows them to resist censorship?[/b]

One recent attempt is NNTPChan/Overchan. NNTPChan is a decentralized imageboard that uses the NNTP protocol (network-news transfer protocol) to synchronize content between many different servers. It utilizes cryptographically-signed posts to perform optional/opt-in decentralized moderation. I'm still rather confused on how moderation works there myself.

This seems like a great idea, by distributing a forum across a collection of servers one can resist the disruption of any single server. When 8ch was shutdown by its DDoS provider, however, its community didn't find the motivation to learn from this and migrate to a censorship-resistance platform. Instead its subcommunities were scattered to the winds, the ones that survived coalescing back on a number of individual websites using the classical top-down server-owner structure, with all the authority and alienation from its userbase that it necessarily contains. What lessons can be learned from this? Is there more that can be done?
14 posts and 1 image reply omitted. Click reply to view.
>>

 No.10740

bumping due to recent talk of resurrecting this / integrating it into a lefty webring
>>

 No.10745

>dec of 2020

>Another spit 6 months later.
>>

 No.10746

I would give literally anything to have nntpchan at this point.
>>

 No.10761

>Recent events have once again highlighted the necessity of a truly communal, self-governed anonymous discussion forum.
Not this shit again.

>This thread is for the development of new forms of decentralized anonymous image boards.

Not THIS shit again.

Stop falling for marketing memes.
>>

 No.10792

>>10761
How is a federated board a marketing gimmick?


File: 1616230062452.jpeg ( 8.79 KB , 474x257 , tyytvytv.jpeg )

 No.7070[Reply]

Where did it go? The onion just stopped working.What happened? They were fairly popular. Was that the issue? They were a bunch of contrarians, after all.
>>

 No.7100

I only posted there near the start, would have been two years ago, then got bored of it.
Did it ever develop a real culture beyond 'we use Tor only'?
I was an erisfag, there were two others (another bystander and the notorous bot spammer).
>>

 No.10789

>>10788
Fucking based, anon. Thank you.


 No.10754[Reply]

Flywheels are cool as heck, you can use them to store electric power or even mechanical energy from other spinning devices through kinetic energy recovery systems. It seems like this would save a ton on gas mileage, why aren't these found in more automobiles?
11 posts omitted. Click reply to view.
>>

 No.10782

>>10781
>So, why didn't Japanese car makers include flywheels?
Because they cost more than they save?
>[_] Miracle technology everybody is too dumb to use
>[X] You don't have all the facts and there is a catch somewhere
>>

 No.10783

>>10782
hey i was just asking a honest question

>Because they cost more than they save?

No that can't be it, there were short range buses that were powered by flywheels, which essentially used them like batteries. For a car to recover breaking energy you'd need a tiny fraction of the capacity.

there has to be something else that prevents their use that is not so obvious. Like maybe gyroscopic properties that made the car handling weird or something.
>>

 No.10784

>>10783
>there were short range buses that were powered by flywheels
Ok. There are also cars that run on wood. Just because it's possible doesn't mean it's a good idea.

It's worth noting that many electric cars and hybrids have regenerative braking. You just reverse the motors and turn them into generators while braking. Then you get a nice boost of energy when you accelerate after the corner. The Porsche 918 was famous for being one of the first road cars to do that. The mechanical flywheel thing doesn't seem that useful though.

There's a bit of history about Formula 1 trying to use flywheels here
https://en.wikipedia.org/wiki/Regenerative_brake#Use_in_motor_sport
My interpretation is they are only really useful for countering turbo lag in racing and even then it was not really worth the extra weight and complexity.

And like I say, if there was any fuel efficiency gains to be had then Japan at least has more than enough ingenuity and motivation to make it work.

>hey i was just asking a honest question

*baka**
>>

 No.10785

>>10784
>It's worth noting that many electric cars and hybrids have regenerative braking. You just reverse the motors and turn them into generators while braking. Then you get a nice boost of energy.
Batteries can't handle enough current, they can only capture between 10% and 25% of braking energy. Electric super capacitors should be able to capture enough energy for stop and go regenerative braking. However Flywheels can handle truly enormous power spikes at high efficiency in a very compact size, this tech will probably make a comeback.
>>

 No.10786

>>10783
>Like maybe gyroscopic properties that made the car handling weird or something.
That actually is a problem and why flywheels are more common on vehicles that don't turn a lot. You need a flywheel mounted in gimbals to be able to overcome its inertia and make large directional changes when storing really large amounts of energy.


 No.10773[Reply]

Is anybody willing to speculate whether the mega drive reaction-less space drive pans out ?

here is another video
https://www.youtube.com/watch?v=0bp8fk5rosI

the theory part might be plausible
>>

 No.10774

impossible
>>

 No.10779

No they don't. There is no explanation for their physics and the peddlers just claim that they will magically work if they were just tested in space; something rather expensive and infeasible without justification through proper scientific methods.

They also seem to have found believers among the conspiracy theorists on /pol/ and other places who are convinced that jew physicists don't want them tested in space because jew physics is smoke and mirrors holding whitoids back from being the pioneers in space exploration.


File: 1630074799367.jpg ( 125.15 KB , 1240x840 , tumblr_mwbirxCG5Q1rso91mo1….jpg )

 No.10763[Reply]

ITT post a tool or tools you find useful when attacking, maintaining access, bug hunting, recon or whatever else. I'll start:

Weevely3 is my favourite out of the box PHP/.htaccess web shell. Its payload is very small and you can sneak it in to many places and has many features that make the job faster, especially with its pivoting functionality
and lastly its modular allowing easy creation and sharing of new functionality such as adding privilege escalation methods and automated further backdoor and persistent access creation.
https://github.com/epinna/weevely3


File: 1627879257222.jpeg ( 53.65 KB , 1200x630 , javascript.jpeg )

 No.10548[Reply]

This guy wrote an interesting article on using popular sites with javascript disabled:

https://www.smashingmagazine.com/2018/05/using-the-web-with-javascript-turned-off/

His experience was that news sites/blogs tended to "mostly" work while most other sites were utterly broken.

WHAT IS /TECH/'S OPINION ON JAVASCRIPT?

I know many on the channers totally disable js in the browser since Stallman wrote an article against javascript many years ago, additionally many are paranoid about browser zero days used by glow in the darks. Finally a ton of people just see javascript heavy sites as being bloated and overengineered, having slow load times and discriminating against minimalism and third world users with slower internet.

With more and more sites using SPA frameworks like vue, react, and angular, and less and less apps doing server side HTML rendering, javascript-disablers are quickly becoming a tiny minority.

What do we think about js vs nojs/noscript?
44 posts and 2 image replies omitted. Click reply to view.
>>

 No.10733

>>10730
>Why should the site have tracking functionality included, when it needs to load that from a tracking provider?
Consider a "4th-party" or "meta" tracker specialized in fingerprinting users through their adblocking filters. Yes, eventually this tracker would also be end up in blocking filters, but that's how it is, cat and mouse game.
>>

 No.10734

>>10733
That was a technical question. How could the site access tracking infrastructure, when it would need to hardcode it into every page and could not forward the data to the tracking provider over js/ajax.
>>

 No.10735

>>10734
The example I gave is of a not-yet-blocked provider, a new kid on the block, but yes, they technically could also hardcode it into every page, although why not just make the 1st party host the script file? The script just needs to send the raw data back to the website itself (so 1st party request), then their backend forwards the data to the provider to be analyzed. It's not that hard technically, the website just installs a server module that does all this automatically.

Maybe you're thinking why does this matter when filters will catch up sooner or later (although remember that the fingerprinting threat comes from users using different filters). It matters in the case of Tor browser due to how it defeats fingerprinting: it doesn't block trackers, it gives them fake data that is uniform for all Tor users or otherwise ensures uniform conditions (e.g. window size), so that everybody looks like the same person. But when you block a specific selection of those trackers instead, you introduce new bits of fingerprint data with that selection.

It's two different methods that right now kinda step on each other's toes in practice, and one (block filters) is always catching up with the million trackers out there, while the other (Tor browser) just has to keep the browser's mouth shut / feed the lines to it in a uniform and consistent way.

That doesn't mean they can't work well together. For example, there's things that Tor devs haven't discovered how to spoof yet without fundamentally breaking things. One such example is the scroll bar width, it can be calculated via window and viewport size difference. For such cases blocking trackers would be useful, but the only proper solution is for Tor browser to be bundled with adblocker by default without user being able to switch it off or change filter lists, so that uniformity is enforced. Unfortunately that doesn't look likely:
>>10731
>>10732
>>

 No.10737

>>10731
>Adblocking bundled with the browser would mean that the browser itself and not merely the user is antagonistic to various interests that make money from ads and trackers (websites themselves, ad networks, data brokers…). Just one concrete consequence of this is more websites would then block Tor users in return (there are other more complex things as well), but the project in general would be antagonistic to capital's interests, thus potentially losing some of its support, both financial and in terms of technical "tolerance" (cf. the war between Tor and Cloudflare).
Great point.
>>10730
>I don't think the added attack surface you get from allowing all js is worth the risk of fingerprinting.

Browse in Whonix then. A tor dev (Matt Traudt) says this about JS exploits:
<setting the security slider to its highest setting:
>This is unnecessary for the majority of adversary models and will make the web significantly less usable.

>The only people who have had significant JavaScript exploits used against them in Tor Browser were pedophiles using Windows. This suggests to me (and security experts in general, AKA not people that read "tech news" and parrot everything they read) that these exploits are rare, expensive, and hard to replace. Thus they aren't going to be used against random people because the risk of the exploit being discovered and fixed is too great.


>Setting the security slider to its highest setting does remove JavaScript as a possible attack vector. So as long as you set it there consciously, are aware much of the web may break, I support your choice to disable it. I especially support it if you have legitimate concerns that JavaScript exploits may be used against you, not just dumb paranoia.

http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/about-to-use-SkxEFK1m/#index2h1

I use 'safer' in whonix but if 90% of tor users used 'standard' (which I Post too long. Click here to view the full text.
>>

 No.10744

>>10737
Whonix is really the ultimate solution if you still want to use a normal OS instead of Tails or Qubes. And if you still want to run Tor browser natively on host OS then there's firejail which runs the browser in a sandbox.

>I use 'safer' in whonix but if 90% of tor users used 'standard' (which I think is unlikely?) then I would switch to that

Idk, I think a huge majority of users are allergic to sacrificing any usability, so it might be close to 90%. But a lot of them also do stupid shit that makes them less uniform. When letterboxing was introduced you had a mass of people complaining on Tor's blog about "grey borders", meaning they were all resizing and maximizing their windows prior to that. It really showed how uniformity is really poorly maintained by users in practice, which fucks it up for everybody.

Btw, on fingerprint tests I get best results at "safest" security level, while "standard" and "safer" come out exactly the same. Although I doubt these tests are that good. EFF's one claims to test with real trackers yet I get same results even with or without uBlock Origin with all filter lists enabled.

Should be mentioned though that security levels are not meant to defeat fingerprinting but reduce browser's security vulnerabilities.


Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]
[ 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20 / 21 / 22 / 23 / 24 / 25 / 26 / 27 / 28 / 29 / 30 / 31 / 32 / 33 / 34 / 35 / 36 ]
| Catalog | Home