[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only

Flag
File
Embed
Password (For file deletion.)

Matrix   IRC Chat   Mumble   Telegram   Discord

| Catalog | Home

File: 1705030590883.jpg ( 17.24 KB , 362x447 , apple backdor.jpg )

 No.12861[Reply]

A short while ago some people tried to hack Kaspersky, which is a famous IT security company. Obviously the hack failed because it got discovered. Maybe hacking a crowd of security experts was asking for it.

The hackers used an exploit/backdoor in the iphones from people working at Kaspersky. The important technical aspect was that it was a insanely long and complicated exploit-chain which included undocumented features in the chip-hardware/firmware. Many people described it as the most complex attack method in all the history of IT security breaches.

2 discussions dominated the IT Security scene.
1. Since kaspersky is located in Russia, many suspected it was the US doing cyberwarfare.
2. Many people debated whether the undocumented hardware feature was a intentional backdoor that either Apple or the US government put there.

I think that it doesn't really matter whether this was an intentional cyber-war backdoor or just a deep security flaw that sophisticated cyber-crime was able to find. The main lesson to be learned here, is that people were able to discover this insanely complicated method of gaining access to these phones. And the conclusion should be that we now have conclusive proof that there is no such thing as a secret backdoor that's only accessible to "vetted and trusted personnel"
>>

 No.12863

Welcome to the internet captain obvious.
I mean, anon. I'm not trying to be an asshole, but. This doesn't come as a surprise to anyone lurking this board who knows shit about computers. It's basic opsec to know that everything can be hacked and nothing is completely secure.


File: 1703746170106.png ( 17.69 KB , 600x320 , deb cra.png )

 No.12821[Reply]

Debian statement:
https://www.debian.org/vote/2023/vote_002#statistics

some interesting comments on LWN and hackernews
https://news.ycombinator.com/item?id=38787005
https://lwn.net/Articles/956187/

My take away from this is, that people are unsure whether this is an honest attempt at legislating for more computer security, or whether it's monopolists trying to kill off smaller competitors or FOSS projects with impossible regulatory burdens. Debians take seems to be that if they can make provisions for FOSS and smaller companies it might be good, they seem to think that the CRA makes sense for closed source software, but less so for open source.

<Manufacturers will need to perform risk assessments and produce technical documentation and, for critical components, have third-party audits conducted. Discovered security issues will have to be reported to European authorities within 24 hours. The CRA will be followed up by the Product Liability Directive which will introduce compulsory liability for software.

The irony is that FOSS software probably gets audited more than any other software, but it's by other programmers who will not bother to declare an official audit. They will just use the issue-tab on git-hub, complain about bugs/vulnerabilities in the project-forum/messaging, mailing lists or on irc. GPL and other free-software licenses generally have disclaimers that they do not offer any warranties. The CRA legislation would introduce compulsory liability. So that would be trying to make a law that overrules the GPL and other such licenses. I think the reasons why FOSS software had those liability exemption clauses added in the first place might have been because there was a lot of "liability lawsuit trolling" in the past. If i understood this correctly there might be a risk that if you make a GitHub-repository and post some code to it, somebody might try to sue you for liability as part of a shady lawyer-scam or something. It was generally the case that in order to get a warranty you had to buy a software support contract with a company, and the liability was handled via that contract, that way only actual customerPost too long. Click here to view the full text.
>>

 No.12822

Might help if you explained what the hell "CRA" is first, OP.
>>

 No.12823

>Like the RUST programming language that has eliminated a hole class of memory-leak security flaws
I play Veloren regularly and it has literally had a memory leak for well over a year (if not years). Rust hype is fucking stupid.
>>

 No.12824

>>12822
CRA stands for "cyber resiliency act".
It's EU legislation that's supposed to improve IT security.
But might end up screwing over Open source and small tech
>>

 No.12825

>>12823
>I play Veloren
I approve of your taste in video games
>and it has literally had a memory leak for well over a year
chances are this is caused by a graphics api.
>Rust hype is fucking stupid.
It got approved by the Linux kernel dev team tho.
>>

 No.12826

>>12823
OP is dumb but so are you. Rust eliminates memory safety issues, but memory leaks are not categorized as such because it is impossible for a compiler or even a runtime to determine if memory allocations are leaks or intentional.


File: 1626055997034.png ( 291.47 KB , 485x436 , 1623078444647.png )

 No.10042[Reply]

Hey /tech/ I'm here to say I'm probably going to be rewriting a chan in a new language/stack intended as a vichan replacement. I've reached out on lainchan:
https://lainchan.org/%CE%BB/res/26674.html
and I'm also reaching out here. Initially I was writing it in java, but after getting some feedback from other people I've decided to take a step back and solicit more feedback from the userbase and people here on /tech/ and in the wider alt chan community on what it should be.

What does /tech think of:

Architecture: Monolith vs Microservices
Front end: SPA (ex: Angular, React) vs Server Side HTML templating
Backend Language: Java, C#, Lisp, Rust, Golang, PHP, etc.
Database: SQL vs NoSQL
19 posts and 2 image replies omitted. Click reply to view.
>>

 No.12791

>>10070
>le choice of language
You will never get anywhere, just give up
>>

 No.12796

>>12790
idk why you're necrobumping but yes coding MUST be fun for side projects otherwise you will get nowhere.
>>

 No.12799

>>12796
What you are saying is correct.

However a surprising amount of code gets copy-pasted from stack-overflow and then tweaked to fit the application. Recently people have begun a similar praxis by prompting large language models, and tweaking the output of that. Neither is particularly fun.
>>

 No.12801

>>12799
ChatGPT has made programming way more fun for me. I'm blocked a lot less often, I can delegate the boring stuff to it and focus on solving slightly higher level problems. It's been a game changer tbqh.
>>

 No.12802

>>12801
>ChatGPT has made programming way more fun for me.
I haven't tried it to be honest. Tho I watched online videos of people using llm code. It didn't look compelling to me. People spend as much time refactoring the generated code as it would have taken them to write it from scratch. To be fair it's been a few months since i last looked at this, it might have improved since.

I could see this as a great way to learn a new programming language, and possibly as a tool to detect bugs and perhaps security flaws.

I'm not sure about using a online llm services for production software tho. I would be too paranoid about the code-generators being used to slip malicious code into programs. Consider that Code-llms scrape all of github, which means that if somebody figures out how to spike "delicious" code-snippets, that the llms like to pass on to users, they only have to upload that to github and then loads of people get pwnd. If i wrote programs for other people i would use a airgapped computer, and then upload the finished software from a connection-point that is not predictable. For fears of getting hacked and abused as a vector for distributing malware.

Security conscious developers worry allot about supply chain attacks and go to great length like encrypting the ram on their machines because that somehow makes it harder to compromise software at the point of compiling binaries.

the FUNmetric
My take is that "llm-prompt-coding" will be fun once it becomes more like a sudo programming language with predictable output and less like a code lottery. My concept of fun is playing the same game over and over while incrementally improving my skill level until i reach a plateau. So the code lottery aspect looks frustrating to me.


File: 1700280456362.png ( 45.66 KB , 512x512 , nofu.png )

 No.12732[Reply]

speed reduction tech in every new car
https://techcrunch.com/2023/11/16/ntsb-speed-reduction-tech-in-every-new-car/
<How it works
<ISA technology relies on a car’s GPS location and matches it to a database of posted speed limits and onboard cameras to come up with the legal speed limit. Passive ISA systems warn a driver when the vehicle exceeds the speed limit through sound, visuals or haptic alerts, leaving the driver responsible for slowing the car. Active systems might make it more difficult to increase the speed of a vehicle, or even fully limit it from going, above a posted speed limit.

I think this is bad because it would interfere with users being able to have complete control over their tech.

However i don't know if cars are a worth-while battleground, because cars are going to get banned in cities anyway and replaced with public transport, a few automated road-network-integrated taxi-pods and bicycles. The people living in rural areas who need the cars are going to rip out those "defective by design" control circuits and replace it with simpler stuff that is incapable of refusing user-inputs.

Why the car-companies go along with this is puzzling, because stuff like this will eventually demote cars from status symbol to an appliance.

As far as those overreaching regulations go, car culture and the car industry selecting for big, heavy and fast cars is partially to blame also. If cars were dinky half-tonne machines making around 40 to 80 horsepower rolling around at moderate speeds, instead of 2 tonne high-speed behemoths making hundreds of horsepower, they would be far less intimidating and draw less attention from the No-Fun-Allowed brigades.

I think there is a compromise to be had. Exempting cars that are very light, small and slow, with the trade-off being: low-potency in exchange for full user control.
26 posts and 7 image replies omitted. Click reply to view.
>>

 No.12777

>>12775
>1 ton hitting you at 100 miles per hour will paste you with no issue.
Cars can be made lighter than that. I figure 650kg/1400pounds are doable. A top speed of 135km/h 85mph is probably good enough. As far as potential energy stored as kinetic momentum goes, that's no longer scary. This won't break through any barriers intended to keep cars from exiting the road with destructive consequences. For the politics of control since this type of car can be contained with a simple barrier, there is no need to install a back-door/murder-switch into it.

If you want to get radical with optimizing the design, you can go 6 wheels. That'll reduce capital costs because 6 small off-the-shelf industrial-motors will make enough power to move such a light car. Hence no need for bespoke motors. Spreading the load 6 ways instead of 4 will let you get away with lighter/simpler suspension, smaller wheels and less structural strength for the car-frame. Rear wheels stay fixed, middle wheels can rotate while being spring centered and front wheels steer like normal. Making smaller parts but more of it, means you can get away with smaller machine capital. Letting the smaller machine run longer to make more small parts is cheaper, especially now that so much of car assembly is automated.

If you go electric with this, a small and light car, means you can get away with a smaller battery, and battery swapping for quick-recharge situations might even become economical. Or you could go with a tiny commuter range build in battery using standard battery-chem like Lithium-Ion, Lithium-phosphate or Sodium-Ion. And then for long range trips you have a single use Zink-Air or Aluminum-Air cells that'll give you a crazy range of around 3000km 1900miles. Those have to be mechanically refurbished after every discharge, but that can be done in the already existing metal recycling industry. Unused, these cells have indefinite shelf-life, which means unlike gasoline and diesel those won't spoil, and that'll make logistics easier. And there's an upgrade path to H2-fuel-cell range extender packs once we figure out economical H2storage.

>a 30% efficiency improvement

That's huge. 30% more efficient times how ever many hundreds of millions of cars, will make a big dent. The 0.65 tonne cars i have in mind will net yPost too long. Click here to view the full text.
>>

 No.12779

>>12777
I am not an expert but I still very much doubt the impotency of any thing measured in hundreds of pounds going over 40 miles per hour.

The 6 wheels idea is cool. I believe it would increase rolling friction, but would still be interested to see it. My idea which I have not idea of practicality is to electrify the roads so you're usually not using a battery at all, and make cars capable of hooking together with the car in front, increasing efficiency more. Even more of a pipe dream than your ideas, I'm sure.

I doubt you can shrink lanes and parking spaces with smaller vehicles and keep comfort and safety margins. I've seen small city cars bang their mirrors off on busses on a historic street near me. Til you have self driving, humans are too imprecise so most of the lane extra space is there for human error, not car variation from what I can tell.

I'd guess it'll be luxury/business cars and no cars. I doubt a small car saves more than say… 35% the costs of a current toyota corolla to build and operate over its life, so once the costs start going up, through government or market, proles will be priced out period unless they have a high willingness to pay. You see it today with aircraft- many status symbols luxury models at different price points from upper class to billionaire, many business models like cropdusters and airbusses. Not many prolemobiles. I'm sure there are some different factors here of course. Also, I'm not totally sure public opinion matters that much. There are plenty of airports in the US, despite most general aviation probably being bad for the poor. Could be wrong here- going over the sound barrier is still illegal over the US.
>>

 No.12782

>>12779
>I am not an expert but I still very much doubt the impotency of any thing measured in hundreds of pounds going over 40 miles per hour.
40mph or 65km/h is a speed that you can go with a bicycle if you are really fit or going down a long and steep slope. But you are mostly correct in your assessment. For a 0.65 tonne vehicle the maximum comfortable cruising speed is 90km/h 55mph. The top speed of 135km/h 85mph is something only useful for a brief period during an overtaking maneuver. Keep in mind that e-cars get the benefit of a low center of gravity which improve stability.

>The 6 wheels idea is cool. I believe it would increase rolling friction, but would still be interested to see it.

Yes there would be a very marginal increase because you add 2 additional bearings. Friction with the road surface does not change, 6 small wheels would have the same contact area with the road than 4 larger wheels. However this is academic. For light vehicles the dominant type of friction is atmospheric drag.

>My idea which I have not idea of practicality is to electrify the roads so you're usually not using a battery at all, and make cars capable of hooking together with the car in front, increasing efficiency even more.

It's economical to add induction charging loops into high traffic roads, that keep car batteries topped up. Linking car-columns into adhoc trains can be done but in a different way. You build a high speed cargo train. It needs special train-stations and train-cars, that allow for quick access via automobiles. So you and a bunch of others drive their cars ontop of trains, and then the trains take passengers inside their cars to a far away destination at high speed around 400km/h 250mph. The extra effort needs to yield a efficiency and a speed bonus, to make it worth it for people to bother with the extra steps.
>a pipe dream
If you accept my modifications than all of that already exists.

>I doubt you can shrink lanes and parking spaces with smaller vehicles and keep comfort and safety margins.

You can't shrink road lanes anyway because buses and large utility vehicles like firetrucks still need to fit. But you can shrink parking spaces. If we are going to do Post too long. Click here to view the full text.
>>

 No.12784

>>12782
Everything you said seemed reasonable and in accordance with what I've seen. I wasn't thinking about the massive value of the land used on automobile transport. I wonder if you could really miniaturize the prole-mobile into something like a large electric wheelchair, so they'd pack well into trains, and could lock to the floor, allowing for safe high speed high density travel, and really solving the parking issue, since you could just stay in it all day, or they'd be small enough to stack much more efficiently. With self driving, you could be napping, reading or working/playing on a laptop not only on the 'drive to work,' but the 'walk from the parking lot' or even while standing in line. Sort of like in the movie wall-E.

I really would like people to be able to preserve having their own private compartment in, as I think it's more psychologically healthy, what with our being adapted only to know so many people, and have so much to focus on. I think changing transportation has the potential to free up such a massive amount of productive time, but I hope it won't all go to dealing with stressful changing environments full of strangers. At some point though, density must conflict with privacy and low stress. Do you think people could sit on a large electric wheelchair with walls and not be too claustrophobic? IDK, just an idea I find interesting to play with. All I've got on my end is idle chit chat about this very interesting topic. Do you think there's anything I ought to be doing? I could try make a startup lol, but that's 99.9% not going to happen. Thanks again for your post.
>>

 No.12788

>>12784
WallE hoverchairs are technically doable but putting maglev-tech into all the roadways that'll be very pricey. On the more affordable side of things, there's the so called micro-cars. But those are kinda niche atm and don't work well out-side of a city, at the moment it's mostly wealthy urbanites that buy these as a second car.

I'm unsure how well you can miniaturize this. A well optimized and small 1 person transport machine already exists and it's an electric bicycle or motorcycle. I know you want some kind of personal-space compartment. But at that size, were talking a tube-frame with fabric stretched over it. If you shrink a container, volume decreases much faster than surface area, so in relative terms the body will make up a much bigger fraction of the weight. If you put a metal body on a tiny vehicle it'll get heavy and sluggish. The question becomes do people want tiny tent-cars? To make this economical We're looking at an empty-vehicle weight-goal of about 165kg 360pounds. And you want to spend about half of that on a battery-pack. Aiming for a top speed of 55km/h 35mph.

My guess is that claustrophobia would be ameliorated by having large windows in it. Also the point of optimizing transport to have a small footprint isn't really about crowding people. You can use the gained space for nice things like green patches.

>Do you think there's anything I ought to be doing? I could try make a startup lol, but that's 99.9% not going to happen.

I'm probably the last person you should ask for business advice, but it doesn't really look like the current economic structure accommodates starting a business. The Neo-liberals give all the money to wall-street, the military complex, the surveillance complex and large corporations. Currently the predominant business-model in the consumer space is enshitification, basically copy something old that works well enough and make it worse by adding a subscription fee and spyware. If soc-dems get into political power and redistribute wealth, regular people will once again get enough "disposable income" to give small companies that just "started up" a chance and try out their new product ideas. That's probably the time to build something like this. I guess that at present you could work out all the technical details so that you have something ready to go once thePost too long. Click here to view the full text.


File: 1701199780486.png ( 32.26 KB , 860x392 , hub and spoke point to poi….png )

 No.12761[Reply]

So it appears the IP mafia is going after CDNs now.
https://torrentfreak.com/court-cloudflare-is-liable-for-pirate-site-but-not-as-a-dns-provider-231127/
Some discussion about this happened here: https://news.ycombinator.com/item?id=38444606

I'm not sure what to make of this, CDNs generally seem to be considered part of internet infrastructure , correct me if I'm wrong.

These people appear to be attacking internet infrastructure, regardless of what they say, that's what they're actually doing.
So this is about legacy monopolists in information distribution still attacking the internet for bypassing their monopoly ?
And their end goal is to wreck the internet in order to re-assert their old monopoly and make all information pass through them again ?
Is that behind this crusade, they're no longer the gate keepers they once were, and they're trying to turn back time ?

At the most fundamental level, they're trying to re-impose a hub and spoke information network topology.
1 post omitted. Click reply to view.
>>

 No.12763

>>12762
>It's something you could do locally but it's just cheaper to hire them then build your own backbone to the internet.
I thought the point of CDNs was to make a website load fast for users that are far away from the web-server. So that functionality is not something you could do locally, because the hole point is for it to have an effect far away.

>Really? I've never considered infrastructure.

I will admit i don't have a good grasp on how CDNs work, i considered it infrastructure because it's something that most websites seem to use.

So what's your take, why is the IP mafia attacking this ?
>>

 No.12764

Is that not how 8chan got taken down, they pressured their CDN?
>>

 No.12765

>>12764
Yes. CDNs are effectively a protection racket today. Play by their rules or get DoS'd when they revoke your service.
>>

 No.12774

Hopefully I2P/tor/one of those nets where hosting is distributed will save us long term.

>>12762
TBF most this applies to most real world infrastructure. You CAN treat your own water and generate your own electricity if you're rural and are willing to spend a decent chunk of your wages. The infrastructure line seems like one of those excuses which will be tossed aside by the powers that be when convenient though. Hopefully structural change will come.
>>

 No.12776

>>12774
>Hopefully
>one of those nets where hosting is distributed will save us
Indeed.

Maybe open systems where no gate-keeper can impose them self's are temporary. It appears that nice people build a pleasant open system, and then people are free for a while. But eventually the horrible people that try to subjugate everybody figure how to break in and close it down. So in order to have a open system that stays open, the nice people have to keep re-configuring their open systems continuously, to stay ahead of the horrible people trying to clamp everything down.

>long term.

Maybe there is a permanent fix that prevents the emergence of gatekeepers. I think we might have figured it out for roads, the vast majority of roads are free from gatekeepers in our time. Compare that to feudal times where about half the roads were blocked by some kind of feudal thug that was extorting travelers for unmolested passage. I wonder what the materialist causes for the liberation of roads were and whether we can learn from that.


File: 1702175229078.png ( 23.4 KB , 350x524 , snooty.png )

 No.12770[Reply]

EU AI regulation dropped

Civil liberties
There are some protections in there that somewhat limit it's use for things like biometrics scraping and predictive-policing, but given the propensity for AI to hallucinate, make shit up and confidently assert pure nonsense as objective truth, i would have expected a moratorium for anything related to police work, with periodic re-evaluations in case somebody managed to fix the hallucinations.

There is a ban on using it to manipulate people, which sounds good but i don't know the specifics.

copyride
No ban for using IP-shackled materials but a requirement to declare the use of ip-shackled stuff. Not sure where this will go. The sticky point here is going to be that the IP-mafia is looking to extract rent from AI companies, and if the law is any good it'll prevent that. The goal should be to allow the AI to learn from anything and use what it learned to generate new works, but not let it pass off the works of others as it's own, so no license stripping, but also no IP-rent-seeking.

There seems to be an opt-out clause so that people who are granted the special title of """copyrightholder""" can say that a AI isn't allowed to look at certain materials. I sort of understand why some people may find this reasonable, because they imagine granting rights to small artists to defy big-tech. But in the medium term i see a legal risk that the copyright bullshit might get extended to human brains if the difference between learning done by meat-brains and machine-learning sufficiently decreases. And in the long term it means that artificial machine people, or biological people with AI-implants will no longer have freedom of thought.

As a side-note Iran has abolished all ip-shackles, so if the AI companies all of a sudden begin setting up shop in Iran, that probably is the signal that a war between the IP-mafia and AI-companies has broken out. Japan also has very broad exemptions for AI that insulates them from IP-lawfare.

risk level
Post too long. Click here to view the full text.
>>

 No.12771

File: 1702188976646.jpg ( 42.59 KB , 640x629 , 20231208_174225.jpg )

>>12770
Oh look, there goes Euros. Making themselves irrelevant nobodies in the name of safety again.
>>

 No.12772

>>12771
I think that's not an entirely fair assessment.

The reason the US has big-tech companies and Europe doesn't, has little to do with regulations.

The US developed these technologies in the public sector with public funding and handed them over to silicon valley, where big finance pumped huge sums of money into those tech companies so they could grow faster than anything else doing regular market stuff, like re-investing profits of the previous quarter to grow a little bit next quarter.

The question is what do you want from AI. Do you want one giant mega-AI that does everything ? if so the US method will give you that.

I find the big tech platforms frustrating to use. They're sort of alright if you have no idea and just want to follow their template. But if you know what you want, it gets really complicated and difficult.

To me a few hundred small AIs that are specialized to a narrower field sounds a lot more appealing. I think at the moment this can only exist as small open source projects that are funded by donations from individuals, public grants and private companies that use the tools they make. Regular small businesses that make a proprietary tech thing tend to get gobbled up by massive corporations that mostly just ruin and then ditch the tech thing. I'm not sure if these EU regulations will deliver that or not, i'm kinda waiting for policy experts to analyze that.

Another thing is that there are 2 stages to the current AI-race. The first one is figuring out these Ai models, once these crystalize into known quantities and are fully optimized software. There will be a second race to build the most efficient hardware-stack to run them. I'm guessing that will need lots of different accelerators, so that might favor open architectures like RISKV where it's easy to mix and match.
>>

 No.12773

>>12772
uygha, you really need to work on brevity


 No.12767[Reply]

TLE made a video where he points out that the surveillance danger is encroaching. In the comment section of his video there were bot accounts that tried to argue that people should just accept this attack on their liberties and political rights. So that means there definitely is a conspiracy for a population monitoring system afoot.
https://farside.link/invidious/watch?v=u0s3qbfEWjc

<Tangent:

<TLE also attacks China and Russia on this issue, i don't get the political logic behind that. The faction most hellbent on surveillance and censorship are the neo-con warhawks, they get politically boosted every-time anybody says chinabad or russiabad. The clever political calculation would be to withhold criticism of China and Russia until the Neocon warhawks stop trying to trample on our civil liberties and political rights.

The main argument:
The mass surveillance is a kind of aggression, because it's like a predator looking for pray. For a meat-space analogy you could look at the act of stalking people, where it is recognized as aggression and will result in restraining orders.

But there is more too it, mass surveillance monitoring of all people also is a type of legal accusation against the entire population, and is kind of reversing the presumption of innocence. But in a new way where actions can be criminalized retro actively, which can be abused in lots of different ways especially for persecuting certain groups of people.

There are biological effects too. Monitoring people causes an effective violation of self-determination, because feeling watched interferes with the brains ability to exercise free expression and free action. For a lot of people being watched is a form of psychological torture, that causes a type of permanent stress that will lead to long term health injuries.

Mass monitoring will always be abused to subvert political processes. It begins with powerful people being able to target their critics. But it also means that politicians will always be afraid that any of their past conduct can be weaponized against them politically. A democracy is probably impossible under such conditions. This is not hyperbolic the complete contempt from political norms has already been demonstrated by the JuPost too long. Click here to view the full text.
>>

 No.12768

File: 1701498211229.png ( 5.73 KB , 600x300 , eff hands.png )

I'm posting this in this thread because it's vaguely related

Latest Draft of UN Cybercrime Treaty Is A Big Step Backward
https://www.eff.org/deeplinks/2023/12/latest-draft-un-cybercrime-treaty-big-step-backward

<A new draft of the controversial United Nations Cybercrime Treaty has only heightened concerns that the treaty will criminalize expression and dissent, create extensive surveillance powers, and facilitate cross-border repression.

<The proposed treaty, originally aimed at combating cybercrime, has morphed into an expansive surveillance treaty, raising the risk of overreach in both national and international investigations. The new draft retains a controversial provision allowing states to compel engineers or employees to undermine security measures, posing a threat to encryption.

It feels almost like there is a cabal going around that is inserting their poising into all kinds of political institutions, in the form of horrendous policy drafts. That cabal seems to have a special hard-on for surveillance and fucking with encryption.

<This draft retains the concerning issue of expanding the scope of evidence collection and sharing across borders for any serious crime, including those crimes that blatantly violate human rights law.

That probably means that if some country goes bad and makes nonsense laws like for example, classifying insulting the flag as a serious crime, every country that is a treaty signatory would be compelled to help persecute people for making the pole-cloth feel bad.

Was it always like this ?
It feels like it's gotten worse somehow.
Was there ever a time when people decided that the risk of enabling persecution was too high and policing powers had to be reduced to protect people from overreach ?


File: 1608526287100.png ( 32.83 KB , 432x432 , 1565502518003.png )

 No.4951[Reply][Last 50 Posts]

This Thread Has Been Re-appropriated for leftychan.net Usage.

General thread meant for the discussion of the mobile app for browsing leftypol.org, known as clover.

Releases can be found here:
https://github.com/PietroCarrara/Clover/releases/latest
242 posts and 36 image replies omitted. Click reply to view.
>>

 No.10762

>>10760
Next post will probably be how to optimize the output of a factory using Kantorovich's method *if I can get a grip on this shit*
>>

 No.10770

>>10762
i understood zero of what you said
i don't own a factory man
>>

 No.11175

I've been looking into what's needed for both leftychan and leftypol sites to be converted into the latest kurobas. It looks like it just needs to be imported more than anything with the correct type of chan engine.

I'm not a coder but I'm not too dumb in understanding what might be required for conversion. I've found the original source code and two potential forks we can use.

I'll make an update on this next weekend.

If you know how to do java, please let me know. We might can get this fixed way easier and probably even leave directions when shit hits the fan again.
>>

 No.12758

There's two major apps that we could use moving forward.
Blue Clover: https://nnuudev.github.io/BlueClover/
Kuroba-Ex: https://github.com/K1rakishou/Kuroba-Experimental

We were very close with Kuroba-Ex but the developer is a bit of a dick and asshole. Thus why I moved to Blue Clover.

Sauce: https://github.com/K1rakishou/Kuroba-Experimental/issues/780
>>

 No.12759

>>12758
based thank you


File: 1695969625698.jpg ( 29.81 KB , 800x592 , crushedicemachine.jpg )

 No.12496[Reply]

Backstory:
I became suspicious about the path NoScript is taking when devs decided that users are not allowed to block JS on addons.mozilla.org anymore.
I did not care much because I'm using Third-Party Request Blocker which not only lets you block JS but also incorporates the functionality of the great but sadly abandoned RequestPolicy addon, as well as some neat options like automatic redirect to archive.org in case the user encounters a CloudFlare-encumbered website.

However, I just noticed that Tor Browser doesn't allow you to disable/remove NoScript anymore.
Being a skilled conspiracy expert, this strongly rustled my jimmies.
Why the fuck are we forced to give a monopoly position to this useless piece of shit addon?

Well, maybe because addons are a great way to inject JavaScript and potentially use one of a gazillion JS engine vulnerabilities to expose the user's clearnet IP.
https://www.invicti.com/blog/web-security/noscript-vulnerability-tor-browser/

Let's not forget that TBB devs once before joined forces with the FBI and changed NoScript settings to allow all scripts by default so thousands of people using legit non-pedo services like TorMail could get hacked and identified using a JS exploit:
https://www.wired.com/2013/09/freedom-hosting-fbi/

So, what do?
Post too long. Click here to view the full text.
3 posts omitted. Click reply to view.
>>

 No.12572

>>12496
I remember reading about people proposing ideas to make a java-syntax compatible replacement-script with dramatically reduced functionality but also much greater security. Something that was supposed to work for the basic stuff that most websites use.

Anybody know what happened to that, maybe that would be useful for this.

If you cared about security, you wouldn't add java-script and then add another program ontop of it to disable it.
>>

 No.12573

>>12569
>Maybe chown root the extensions folder?
I tried chmod u-w on the extensions folder, this resulted in TBB starting up but when I tried to open a website it just kept re-downloading the page over and over but it never displayed it.

>>12571
>Tor is open source.
I tried to compile TBB once but couldn't figure out how to do it. Maybe I'll try again.

And it seems they are rewriting the Tor daemon in Rust.
https://blog.torproject.org/arti_119_released/

Compiling Rust requires tons of free disk space (like 10+GB) and half a day on a mediocre multi-core machine.
Problem, gentoo users?

>>12572
Post too long. Click here to view the full text.
>>

 No.12574

>>12573
>If it is turing-complete it is potentially vulnerable.
A solution for websites that need JS for whatever reason would be to distribute gpg-signed browser extensions. At least that way the code can be audited.
But if your site requires JS, it might be worth considering to release it as software instead…
>>

 No.12709

Last time my TBB updated, it didn't reinstall NoScript.
So it seems someone got through to the devs. Let's hope it stays that way.
>>

 No.12728

>>12496
>Well, maybe because addons are a great way to inject JavaScript and potentially use one of a gazillion JS engine vulnerabilities to expose the user's clearnet IP.
If you can be deanonymized with javascript then the noscript extension is really not the problem. If you don't know how to configure a tor-only firewall then use a system like tails or whonix which does it for you.

>Let's not forget that TBB devs once before joined forces with the FBI and changed NoScript settings

<ctrl-f noscript
<Phrase not found.
If you feel the need to lie that means you can't even convince yourself with this argument.

>It seems (((someone))) has a strong interest to keep this addon around.

The whole point of tor browser is to protect non-technical users who have a tenancy to fuck things up by accident. If they were malicious they would hide backdoor code in the browser itself not an extension you can just delete.


File: 1699454237834.jpeg ( 90.99 KB , 600x300 , love_note6-d3fdf440eef390….jpeg )

 No.12710[Reply]

During some research for a project of mine I stumbled upon this:
https://www.theregister.com/2022/03/21/new_linux_kernel_has_improved/
https://unix.stackexchange.com/questions/704737/kernel-5-10-119-caused-the-values-of-proc-sys-kernel-random-entropy-avail-and-p

<Due to some kernel patches in recent years /dev/random (and getrandom(0)) now behaves exactly like /dev/urandom, generating an infinite amount of peudorandom data regardless of how little entropy is in the pool.


The patches' author wrote about it here:
https://www.zx2c4.com/projects/linux-rng-5.17-5.18/

Sadly he does not explain why he decided to make /dev/random non-blocking.
But he does say
>That means tinfoil hatters who are concerned about ridiculous hypothetical CPU backdoors have one less concern to worry about

Phew, I sure am glad that is solved by this very trustworthy person. He's also a SystemD developer. So awesome.

Post too long. Click here to view the full text.
>>

 No.12711

Forgot link to disinfo site:
https://www.2uo.de/myths-about-urandom/
>>

 No.12712

>>12710
there are 2 kinds of people who might want to fuck with the random number generator.

The first group is indeed glowies who want to undermine cryptography. They don't seem to care that they're making the hole infrastructure vulnerable. I wonder what the logic behind that is. Maybe they think the ability to destroy something = having power over something. Maybe they're self-deluding that they'll be the only ones that can figure out the security holes they poke into the system.

The second group is people who don't use the random number generator for anything where true randomness is critical (like adding artistic blur to a picture) they just want it to be simple and fast, and they try to take out all the extra steps that improve the quality of randomness.

The people who don't need random numbers for security are probably going to stop bugging you if you make it fast enough. Low entropy pool did actually cause delays where some applications would halt for a few seconds until they loaded.

For the glowies you'd probably have to understand why and how they operate before you can fix anything , you'd have to figure out why they're trying to sabotage our systems. Like why aren't they trying to help making it more secure. Is something wrong with their organizational incentives ?

For the standpoint of making the technical infrastructure more secure i guess you want to avoid single points of failure, and have more than one random number generator contribute. Maybe you also want to add automatic checks. You know give the system more depth to make it more complicated to compromise it.

>Thoughts?

I think the big-picture is that information systems that can get compromised will eventually fail. There is some tolerance for error, but it's really low. So what has to happen for this situation to improve ?
>>

 No.12723

>>12710
What do you make of the entropy seed generator in X86 processors ?

https://farside.link/invidious/watch?v=aEJB8IAMMpA


Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]
[ 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20 / 21 / 22 / 23 / 24 / 25 / 26 / 27 / 28 / 29 / 30 / 31 / 32 / 33 / 34 / 35 / 36 ]
| Catalog | Home