[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Tor Only

Password (For file deletion.)

Matrix   IRC Chat   Mumble   Telegram   Discord

| Catalog | Home

File: 1608525825243.jpg ( 23.79 KB , 480x360 , 9f0bdf62311485b859e0078e84….jpg )


Is protonmail a honeypot?
>Trying to sign up on .onion links back to .com
>Can't sign up with vpn
>Only accepts crypto after you've signed up

There's absolutely no reason for not allowing sign-ups with vpns/TOR and activating the accounts after the payment has gone through
Do there exist any alternatives that aren't glowies?
46 posts and 2 image replies omitted. Click reply to view.


>By default, we do not keep any IP logs which can be linked to your anonymous email account.
Legal context aside, this statement evaluates to false


Whelp, I've had about enough of this shit. Time to get a home email server setup already.


the entire internet is an honeypot. once you get there you're fucked.


t. your cia glowie


I don't care much about the server side of things because I heavily compartmentalize and torify my email usage anyway, so it's not very helpful for their big data algos. For the most part I use one email account per identity per website - that includes multiple email accounts for a single website in case of multiple logins. That's a lot of email accounts.

Which is why I'm searching for an email provider that:
- isn't a pain in the ass to register an account with
- provides IMAP support for free so I can automate my email checks

Is there anything like that out there?

What's essential is to use Tor, the onion service is just a cherry on the cake, but Tor by itself already hides your origin IP even if you connect to a clearnet address.

Unfortunately their onion service is not configured for its purpose, so it will often refuse to login you with the message "too many recent login attempts". That's probably because they left their clearnet checks in place. Most of the people who set up onion services don't use Tor themselves so there's really very little testing involved.

File: 1631380372246.jpg ( 36.75 KB , 828x435 , cheez.jpg )


I know this is firstworldproblems

I don't game so this is really just a commentary from a outsider looking in, but i've recently heard that first person video game developers are thinking about using the TPM (trusted platform module) chip on the motherboard for anti-cheat, this seems like an extreme measure for video games, which got me curious about the problem.

Apparently cheating in video games has become really serious business and very technically sophisticated. Some people even use a secondary computer to run cheat software that generates fake user input signals for a simulated mouse, keyboard and or gamepads. Which means people pay big money for hacks.

Why are game devs trying to beat cheaters in a technical arms-race, instead of trying to make money off of them ?

Cheating doesn't really matter as long as cheaters and non-cheaters don't mix. Because "the experience™" matters.
To fix this, a detailed skill measuring system is needed that is really effective at matching players. The goal at this point is not to detect cheaters, but to indirectly move them to cheater arenas where they can have software robotwars. To make this work you have to do more than just give players a skill rank, you have to generate like a "data-rich" play pattern and match players according to their play patterns. This would probably also fix other issues that diminish "the experience™"

The next step is to develop your own cheat programs and sell them, that way you know who the cheaters are (at least some of them) and you can safely quarantine them in the cheater corner. To get maximum capitalistic cheater-bucks, periodically depreciate the cheat programs. (I know this is really atrocious anti consumer behavior but nobody cares about it in this specific instance).The technical experience you gather from making the cheat programs translates into making good bot-players that you can dynamically remove or add to online matches to balance out mismatched human players.

This hole problem might just be capitalism's fault because how many cheat programs would really be developed in an economy based on production for use rather than production for sale. However it is still plausible that such abuse cases could occur in socialism as well, and i think we ought to find ways to negate the abuse in a more elegant way that doesn't involve punching the donkey. Is there a way to get hack-devs interested in using their skills for a bettePost too long. Click here to view the full text.


It's simply not possible. Despite having some of the most intrusive anticheats, both esea and faceit cannot detect hardware cheats.


The best way to bust cheaters is with active server admins and the honor system. Everything else comes with too many drawbacks.


That being said, hack v hack is fun to watch.


seemed boring to me, am i missing something ? can you share what the fun part is ?


I probably not the best example, but the story goes like this.
>two "legit" cheaters are trying to hide their cheats
>they eventually learn that the only person killing a hacker is another hacker
>cheat arms race to see who "rage hacks" first, aka spinbot, bhops, etc.
it happens a lot now that csgo is f2p, I think there are whole YouTube channels dedicated to hack v hack

File: 1608525871820.png ( 275.43 KB , 2508x2043 , nntpchan.png )


Recent events have once again highlighted the necessity of a truly communal, self-governed anonymous discussion forum. This thread is for the development of new forms of decentralized anonymous image boards.

The problem in need of a solution is this: [b]How can we develop a forum that genuinely empowers its community and allows them to resist censorship?[/b]

One recent attempt is NNTPChan/Overchan. NNTPChan is a decentralized imageboard that uses the NNTP protocol (network-news transfer protocol) to synchronize content between many different servers. It utilizes cryptographically-signed posts to perform optional/opt-in decentralized moderation. I'm still rather confused on how moderation works there myself.

This seems like a great idea, by distributing a forum across a collection of servers one can resist the disruption of any single server. When 8ch was shutdown by its DDoS provider, however, its community didn't find the motivation to learn from this and migrate to a censorship-resistance platform. Instead its subcommunities were scattered to the winds, the ones that survived coalescing back on a number of individual websites using the classical top-down server-owner structure, with all the authority and alienation from its userbase that it necessarily contains. What lessons can be learned from this? Is there more that can be done?
14 posts and 1 image reply omitted. Click reply to view.


bumping due to recent talk of resurrecting this / integrating it into a lefty webring


>dec of 2020

>Another spit 6 months later.


I would give literally anything to have nntpchan at this point.


>Recent events have once again highlighted the necessity of a truly communal, self-governed anonymous discussion forum.
Not this shit again.

>This thread is for the development of new forms of decentralized anonymous image boards.

Not THIS shit again.

Stop falling for marketing memes.


How is a federated board a marketing gimmick?

File: 1616230062452.jpeg ( 8.79 KB , 474x257 , tyytvytv.jpeg )


Where did it go? The onion just stopped working.What happened? They were fairly popular. Was that the issue? They were a bunch of contrarians, after all.


I only posted there near the start, would have been two years ago, then got bored of it.
Did it ever develop a real culture beyond 'we use Tor only'?
I was an erisfag, there were two others (another bystander and the notorous bot spammer).


Fucking based, anon. Thank you.


Flywheels are cool as heck, you can use them to store electric power or even mechanical energy from other spinning devices through kinetic energy recovery systems. It seems like this would save a ton on gas mileage, why aren't these found in more automobiles?
11 posts omitted. Click reply to view.


>So, why didn't Japanese car makers include flywheels?
Because they cost more than they save?
>[_] Miracle technology everybody is too dumb to use
>[X] You don't have all the facts and there is a catch somewhere


hey i was just asking a honest question

>Because they cost more than they save?

No that can't be it, there were short range buses that were powered by flywheels, which essentially used them like batteries. For a car to recover breaking energy you'd need a tiny fraction of the capacity.

there has to be something else that prevents their use that is not so obvious. Like maybe gyroscopic properties that made the car handling weird or something.


>there were short range buses that were powered by flywheels
Ok. There are also cars that run on wood. Just because it's possible doesn't mean it's a good idea.

It's worth noting that many electric cars and hybrids have regenerative braking. You just reverse the motors and turn them into generators while braking. Then you get a nice boost of energy when you accelerate after the corner. The Porsche 918 was famous for being one of the first road cars to do that. The mechanical flywheel thing doesn't seem that useful though.

There's a bit of history about Formula 1 trying to use flywheels here
My interpretation is they are only really useful for countering turbo lag in racing and even then it was not really worth the extra weight and complexity.

And like I say, if there was any fuel efficiency gains to be had then Japan at least has more than enough ingenuity and motivation to make it work.

>hey i was just asking a honest question



>It's worth noting that many electric cars and hybrids have regenerative braking. You just reverse the motors and turn them into generators while braking. Then you get a nice boost of energy.
Batteries can't handle enough current, they can only capture between 10% and 25% of braking energy. Electric super capacitors should be able to capture enough energy for stop and go regenerative braking. However Flywheels can handle truly enormous power spikes at high efficiency in a very compact size, this tech will probably make a comeback.


>Like maybe gyroscopic properties that made the car handling weird or something.
That actually is a problem and why flywheels are more common on vehicles that don't turn a lot. You need a flywheel mounted in gimbals to be able to overcome its inertia and make large directional changes when storing really large amounts of energy.


Is anybody willing to speculate whether the mega drive reaction-less space drive pans out ?

here is another video

the theory part might be plausible




No they don't. There is no explanation for their physics and the peddlers just claim that they will magically work if they were just tested in space; something rather expensive and infeasible without justification through proper scientific methods.

They also seem to have found believers among the conspiracy theorists on /pol/ and other places who are convinced that jew physicists don't want them tested in space because jew physics is smoke and mirrors holding whitoids back from being the pioneers in space exploration.

File: 1630074799367.jpg ( 125.15 KB , 1240x840 , tumblr_mwbirxCG5Q1rso91mo1….jpg )


ITT post a tool or tools you find useful when attacking, maintaining access, bug hunting, recon or whatever else. I'll start:

Weevely3 is my favourite out of the box PHP/.htaccess web shell. Its payload is very small and you can sneak it in to many places and has many features that make the job faster, especially with its pivoting functionality
and lastly its modular allowing easy creation and sharing of new functionality such as adding privilege escalation methods and automated further backdoor and persistent access creation.

File: 1627879257222.jpeg ( 53.65 KB , 1200x630 , javascript.jpeg )


This guy wrote an interesting article on using popular sites with javascript disabled:


His experience was that news sites/blogs tended to "mostly" work while most other sites were utterly broken.


I know many on the channers totally disable js in the browser since Stallman wrote an article against javascript many years ago, additionally many are paranoid about browser zero days used by glow in the darks. Finally a ton of people just see javascript heavy sites as being bloated and overengineered, having slow load times and discriminating against minimalism and third world users with slower internet.

With more and more sites using SPA frameworks like vue, react, and angular, and less and less apps doing server side HTML rendering, javascript-disablers are quickly becoming a tiny minority.

What do we think about js vs nojs/noscript?
44 posts and 2 image replies omitted. Click reply to view.


>Why should the site have tracking functionality included, when it needs to load that from a tracking provider?
Consider a "4th-party" or "meta" tracker specialized in fingerprinting users through their adblocking filters. Yes, eventually this tracker would also be end up in blocking filters, but that's how it is, cat and mouse game.


That was a technical question. How could the site access tracking infrastructure, when it would need to hardcode it into every page and could not forward the data to the tracking provider over js/ajax.


The example I gave is of a not-yet-blocked provider, a new kid on the block, but yes, they technically could also hardcode it into every page, although why not just make the 1st party host the script file? The script just needs to send the raw data back to the website itself (so 1st party request), then their backend forwards the data to the provider to be analyzed. It's not that hard technically, the website just installs a server module that does all this automatically.

Maybe you're thinking why does this matter when filters will catch up sooner or later (although remember that the fingerprinting threat comes from users using different filters). It matters in the case of Tor browser due to how it defeats fingerprinting: it doesn't block trackers, it gives them fake data that is uniform for all Tor users or otherwise ensures uniform conditions (e.g. window size), so that everybody looks like the same person. But when you block a specific selection of those trackers instead, you introduce new bits of fingerprint data with that selection.

It's two different methods that right now kinda step on each other's toes in practice, and one (block filters) is always catching up with the million trackers out there, while the other (Tor browser) just has to keep the browser's mouth shut / feed the lines to it in a uniform and consistent way.

That doesn't mean they can't work well together. For example, there's things that Tor devs haven't discovered how to spoof yet without fundamentally breaking things. One such example is the scroll bar width, it can be calculated via window and viewport size difference. For such cases blocking trackers would be useful, but the only proper solution is for Tor browser to be bundled with adblocker by default without user being able to switch it off or change filter lists, so that uniformity is enforced. Unfortunately that doesn't look likely:


>Adblocking bundled with the browser would mean that the browser itself and not merely the user is antagonistic to various interests that make money from ads and trackers (websites themselves, ad networks, data brokers…). Just one concrete consequence of this is more websites would then block Tor users in return (there are other more complex things as well), but the project in general would be antagonistic to capital's interests, thus potentially losing some of its support, both financial and in terms of technical "tolerance" (cf. the war between Tor and Cloudflare).
Great point.
>I don't think the added attack surface you get from allowing all js is worth the risk of fingerprinting.

Browse in Whonix then. A tor dev (Matt Traudt) says this about JS exploits:
<setting the security slider to its highest setting:
>This is unnecessary for the majority of adversary models and will make the web significantly less usable.

>The only people who have had significant JavaScript exploits used against them in Tor Browser were pedophiles using Windows. This suggests to me (and security experts in general, AKA not people that read "tech news" and parrot everything they read) that these exploits are rare, expensive, and hard to replace. Thus they aren't going to be used against random people because the risk of the exploit being discovered and fixed is too great.

>Setting the security slider to its highest setting does remove JavaScript as a possible attack vector. So as long as you set it there consciously, are aware much of the web may break, I support your choice to disable it. I especially support it if you have legitimate concerns that JavaScript exploits may be used against you, not just dumb paranoia.


I use 'safer' in whonix but if 90% of tor users used 'standard' (which I Post too long. Click here to view the full text.


Whonix is really the ultimate solution if you still want to use a normal OS instead of Tails or Qubes. And if you still want to run Tor browser natively on host OS then there's firejail which runs the browser in a sandbox.

>I use 'safer' in whonix but if 90% of tor users used 'standard' (which I think is unlikely?) then I would switch to that

Idk, I think a huge majority of users are allergic to sacrificing any usability, so it might be close to 90%. But a lot of them also do stupid shit that makes them less uniform. When letterboxing was introduced you had a mass of people complaining on Tor's blog about "grey borders", meaning they were all resizing and maximizing their windows prior to that. It really showed how uniformity is really poorly maintained by users in practice, which fucks it up for everybody.

Btw, on fingerprint tests I get best results at "safest" security level, while "standard" and "safer" come out exactly the same. Although I doubt these tests are that good. EFF's one claims to test with real trackers yet I get same results even with or without uBlock Origin with all filter lists enabled.

Should be mentioned though that security levels are not meant to defeat fingerprinting but reduce browser's security vulnerabilities.

File: 1625128444089.png ( 98.49 KB , 1200x1200 , fediverse.png )


hi /tech/ , have you seen the federated chans that are coming along?

https://fchan.xyz is 4chan + ActivityPub. It's a bit rough around the edges, but it's going to be able to connect to other ActivityPub projects like Lemmy and Mastodon later.

https://0chan.vip is a tag-based textboard that will soon gain a scraper. It also has user-managed boards with stickies, permasage, and a "soft delete" that hides threads in board view, but doesn't delete them from the server. see http://0chan.vip/b/meta/

NNTPchan was kind of cool but it was pretty busted. It fizzled out after a year.


File: 1625130399158.png ( 19.11 KB , 600x200 , cloudflare.png )

I spent a fair bit of time trying to understand NNTPchan when 8ch was shut down because I see decentralized federation as the only real way to fight back against the CDN-DDoS racket and resist censorship. It was disappointing to me when so many diaspora communities went and decided to just clone the old traditional image board site model all over again without seeking to address how they lost their community in the first place. It was even more disappointing to find out how unpopular NNTPchan was.


>because I see decentralized federation as the only real way
if you want that than make a general decentralization layer protocol, that everybody can use to build on top, add something to the general purpose network stack, instead of making specialized applications.


Might as well bump this too


The two sites ought to develop and adopt an fchan fork and then follow each other. But of course they never would because the ability for users to move to another server without creating an isolated community would directly threaten janny privilege.


what happened to 0chan.vip?

File: 1624224280351.png ( 198.34 KB , 512x337 , hacker.png )


Please dump any resource I can use to teach myself, including online communities I can join for questions.

Is Python optimal?

Thanks in advance
12 posts omitted. Click reply to view.




Off topic this is, but somewhat relevant.
So some of these are targeted at Linux.
Is this a problem.


Interesting. Thank you.


This blog really cant be overstated in its quantity of quality work.


bumping this epic bread.

Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]
[ 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20 / 21 / 22 / 23 / 24 / 25 / 26 / 27 / 28 / 29 / 30 / 31 / 32 / 33 / 34 / 35 / 36 ]
| Catalog | Home