[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

Matrix   IRC Chat   Mumble   Telegram   Discord

| Catalog | Home

File: 1695969625698.jpg ( 29.81 KB , 800x592 , crushedicemachine.jpg )

 No.12496[Reply]

Backstory:
I became suspicious about the path NoScript is taking when devs decided that users are not allowed to block JS on addons.mozilla.org anymore.
I did not care much because I'm using Third-Party Request Blocker which not only lets you block JS but also incorporates the functionality of the great but sadly abandoned RequestPolicy addon, as well as some neat options like automatic redirect to archive.org in case the user encounters a CloudFlare-encumbered website.

However, I just noticed that Tor Browser doesn't allow you to disable/remove NoScript anymore.
Being a skilled conspiracy expert, this strongly rustled my jimmies.
Why the fuck are we forced to give a monopoly position to this useless piece of shit addon?

Well, maybe because addons are a great way to inject JavaScript and potentially use one of a gazillion JS engine vulnerabilities to expose the user's clearnet IP.
https://www.invicti.com/blog/web-security/noscript-vulnerability-tor-browser/

Let's not forget that TBB devs once before joined forces with the FBI and changed NoScript settings to allow all scripts by default so thousands of people using legit non-pedo services like TorMail could get hacked and identified using a JS exploit:
https://www.wired.com/2013/09/freedom-hosting-fbi/

So, what do?
Post too long. Click here to view the full text.
3 posts omitted. Click reply to view.
>>

 No.12572

>>12496
I remember reading about people proposing ideas to make a java-syntax compatible replacement-script with dramatically reduced functionality but also much greater security. Something that was supposed to work for the basic stuff that most websites use.

Anybody know what happened to that, maybe that would be useful for this.

If you cared about security, you wouldn't add java-script and then add another program ontop of it to disable it.
>>

 No.12573

>>12569
>Maybe chown root the extensions folder?
I tried chmod u-w on the extensions folder, this resulted in TBB starting up but when I tried to open a website it just kept re-downloading the page over and over but it never displayed it.

>>12571
>Tor is open source.
I tried to compile TBB once but couldn't figure out how to do it. Maybe I'll try again.

And it seems they are rewriting the Tor daemon in Rust.
https://blog.torproject.org/arti_119_released/

Compiling Rust requires tons of free disk space (like 10+GB) and half a day on a mediocre multi-core machine.
Problem, gentoo users?

>>12572
Post too long. Click here to view the full text.
>>

 No.12574

>>12573
>If it is turing-complete it is potentially vulnerable.
A solution for websites that need JS for whatever reason would be to distribute gpg-signed browser extensions. At least that way the code can be audited.
But if your site requires JS, it might be worth considering to release it as software instead…
>>

 No.12709

Last time my TBB updated, it didn't reinstall NoScript.
So it seems someone got through to the devs. Let's hope it stays that way.
>>

 No.12728

>>12496
>Well, maybe because addons are a great way to inject JavaScript and potentially use one of a gazillion JS engine vulnerabilities to expose the user's clearnet IP.
If you can be deanonymized with javascript then the noscript extension is really not the problem. If you don't know how to configure a tor-only firewall then use a system like tails or whonix which does it for you.

>Let's not forget that TBB devs once before joined forces with the FBI and changed NoScript settings

<ctrl-f noscript
<Phrase not found.
If you feel the need to lie that means you can't even convince yourself with this argument.

>It seems (((someone))) has a strong interest to keep this addon around.

The whole point of tor browser is to protect non-technical users who have a tenancy to fuck things up by accident. If they were malicious they would hide backdoor code in the browser itself not an extension you can just delete.


File: 1699454237834.jpeg ( 90.99 KB , 600x300 , love_note6-d3fdf440eef390….jpeg )

 No.12710[Reply]

During some research for a project of mine I stumbled upon this:
https://www.theregister.com/2022/03/21/new_linux_kernel_has_improved/
https://unix.stackexchange.com/questions/704737/kernel-5-10-119-caused-the-values-of-proc-sys-kernel-random-entropy-avail-and-p

<Due to some kernel patches in recent years /dev/random (and getrandom(0)) now behaves exactly like /dev/urandom, generating an infinite amount of peudorandom data regardless of how little entropy is in the pool.


The patches' author wrote about it here:
https://www.zx2c4.com/projects/linux-rng-5.17-5.18/

Sadly he does not explain why he decided to make /dev/random non-blocking.
But he does say
>That means tinfoil hatters who are concerned about ridiculous hypothetical CPU backdoors have one less concern to worry about

Phew, I sure am glad that is solved by this very trustworthy person. He's also a SystemD developer. So awesome.

Post too long. Click here to view the full text.
>>

 No.12711

Forgot link to disinfo site:
https://www.2uo.de/myths-about-urandom/
>>

 No.12712

>>12710
there are 2 kinds of people who might want to fuck with the random number generator.

The first group is indeed glowies who want to undermine cryptography. They don't seem to care that they're making the hole infrastructure vulnerable. I wonder what the logic behind that is. Maybe they think the ability to destroy something = having power over something. Maybe they're self-deluding that they'll be the only ones that can figure out the security holes they poke into the system.

The second group is people who don't use the random number generator for anything where true randomness is critical (like adding artistic blur to a picture) they just want it to be simple and fast, and they try to take out all the extra steps that improve the quality of randomness.

The people who don't need random numbers for security are probably going to stop bugging you if you make it fast enough. Low entropy pool did actually cause delays where some applications would halt for a few seconds until they loaded.

For the glowies you'd probably have to understand why and how they operate before you can fix anything , you'd have to figure out why they're trying to sabotage our systems. Like why aren't they trying to help making it more secure. Is something wrong with their organizational incentives ?

For the standpoint of making the technical infrastructure more secure i guess you want to avoid single points of failure, and have more than one random number generator contribute. Maybe you also want to add automatic checks. You know give the system more depth to make it more complicated to compromise it.

>Thoughts?

I think the big-picture is that information systems that can get compromised will eventually fail. There is some tolerance for error, but it's really low. So what has to happen for this situation to improve ?
>>

 No.12723

>>12710
What do you make of the entropy seed generator in X86 processors ?

https://farside.link/invidious/watch?v=aEJB8IAMMpA


File: 1698186341950-0.png ( 30.76 KB , 128x122 , 2w.png )

File: 1698186341950-1.png ( 77.66 KB , 345x296 , 12345.png )

File: 1698186341950-2.png ( 179.2 KB , 561x281 , 23456.png )

File: 1698186341950-3.png ( 126.26 KB , 340x272 , 345678.png )

File: 1698186341950-4.png ( 66.37 KB , 332x274 , 12345678.png )

 No.12624[Reply]

because fuck it is an OS for cunts, retards, and cunty retards.
52 posts and 55 image replies omitted. Click reply to view.
>>

 No.12702

File: 1698985691673.png ( 70.72 KB , 407x340 , troll.png )

>>12701
>Buy a Mac and
install Asahi Linux on it
>>

 No.12718

File: 1699606584069-0.png ( 413.47 KB , 614x618 , 9876293128731.png )

File: 1699606584069-1.png ( 273.68 KB , 637x629 , 9876293128732.png )

File: 1699606584069-2.png ( 398.22 KB , 643x663 , 9876293128733.png )

File: 1699606584069-3.png ( 342.41 KB , 598x659 , 9876293128734.png )

File: 1699606584069-4.png ( 182.01 KB , 614x606 , 9876293128735.png )

>>12701
>>12700
>>12702
Linux is an operating system "for fun," to help a college student figure out how an intel 80386 works and what all it is capable of doing.
Developers glommed onto it for various reasons in the decades that followed achievement of that purpose. Almost all of those various developer reasons are today no longer valid. For example Apple now supplies professional quality Unix operating systems far below the price of the NeXT boxes that Carmack & co needed to build Doom. All operating systems now have adequate, native modern compilers for C style languages without the butchery of Microsoft Turbo-C. DirectX is no longer distinctly inferior to OpenGL, and even if it were OpenGL works more or less natively in a platform agnostic way after Microsoft buried the hatchet. The extent to which Linux is a good or even adequate solution for development environment is also increasingly questionable. Linux does not offer support for industry standard solutions such as Microsoft Visual Studio Pro, and this means that Linux will not in the future offer support for AI-accelerated development utilizing the CoPilot features that OpenAI and its partner Microsoft will soon integrate into the interfacial orifices of every Windows environment.
And by share of adoption Linux isn't for developers either, it's for user-ignored peripherals and backend systems. In both of those systems its vulnerabilities are increasingly showing and therefore it is on those fronts that development from large corporate interests would rationally focus. Linux having purpose as a networking and infrastructure OS is also increasingly questionable. Chrome and Android have in the past been steered by Google in the direction of adopting a proprietary minix- or bsd-based kernel, though I'm not sure anything came of those motions. What I am sure of is that Microsoft Azure and Windows solutions have found rapid and rapidly-expanding adoption into network roles throughout the business world due in no small part to Microsoft's ability to both offer direct support and to certify and vouch for the credentials of independent network technicians and professionals at a level unparalleled in the Linux ePost too long. Click here to view the full text.
>>

 No.12719

>>12718
Developer here, linux is the only viable option. OSX is for babies who can't into programming.
>>

 No.12720

>>12718
Okay but have you even *used* Windows in the last 5 years? As in attempted to decipher the interfaces of the native apps themselves and not just do everything in the browser?

Like whatever problems you ran into with linux was most certainly you trying to do something so advanced you wouldn't have even concieved as possible on windows. Linux will trivially do every work task you're reasonably going to be expected to do, and any indie game is going to run without issues. Even drivers are a non-issue now.
>>

 No.12721

>>12718
>Windows has ai features
I'll admit for a giant mega-corp Microsoft was actually pretty quick in adopting the AI tech, so cudos for maneuvering that giant ship. However there were Chat-gpt plug-ins for most popular Linux desktop environment a few days after ChatGPT went into public beta. Ocean liners can't outrun speedboats.

However Integrating AI with the desktop will get more interesting once computers have AI accelerators on board so that your Operating system doesn't loose features if you're offline or the AI servers back-end is unavailable. Also running stuff locally is probably better for privacy.

>co-pilot

Have they fixed their legal issues yet, that thing where it just copy pasted code from github, and caused all major software dev factories to ban copilot because of legal risks?

You are not wrong that prompt-engineering will replace stack-overflow copy-paste-engineering. But at the moment it's still slower, it takes 5 seconds for Ai to generate code and than it takes at least a hour until the prompt-engineer has polished it enough to go into production. I would say this makes it less demanding in terms of effort, but for time, it's not faster. The final form of AI-assisted programming will be in form of a sudo-programming language. Because you need a high degree of specificity to describe what you want it to code and spoken language doesn't have that.

MS has a particular vision for how all of this is supposed to work and as soon as you try to do something that strays from the beaten path, it's going to be fucking impossible to do that with windows. Linux will not have that problem. Power User will increasingly go Linux

>Microsoft will take the blame for your fuck-ups if you pay the certification racket

Lol, i very much doubt that, they have thousands of lawyers busy deflecting blame away from MS
Post too long. Click here to view the full text.


File: 1699514162899.png ( 13.02 KB , 499x176 , ClipboardImage.png )

 No.12713[Reply]

Do you guys realize you can upload your posts, notes and everything you've ever wrote to this and get a copy of yourself that can outlive you?
>>

 No.12714

Wow. You mean we can create a chatbot which constantly replies with:
>That's racist
>That's fascist
>That's not funny
>That's not real

Sounds great. Could really change the fortunes of leftist organizing
>>

 No.12715

>>12714
That's racist and not funny.
>>

 No.12716

>>12713
i mean it could be nice in a way, you could have an interactive epitaph of your loved ones. But if you let that loose on the internet you'll have social media haunted by digital ghosts.
>>

 No.12717

>>12714
Lol

>>12716
The internet is already dead, no one uses it and every account is a bot.


File: 1699303819170-0.jpg ( 37.8 KB , 949x630 , riscv.jpg )

File: 1699303819170-1.png ( 48.07 KB , 600x424 , shoot foot.png )

 No.12706[Reply]

US cold-warriors are shooting US tech in the foot once again. They are now trying to ban American Hardware devs from playing with Chinese hardware devs on RISCV micro-processor technology. The RISCV foundation has already fucked off to Switzerland.

>"The CCP (Chinese Communist Party) is abusing RISC-V to get around U.S. dominance of the intellectual property needed to design chips. U.S. persons should not be supporting a PRC tech strategy that serves to degrade U.S. export control laws," Representative Michael McCaul, chairman of the House Foreign Affairs Committee, said in a statement to Reuters.

CPC communist party china, not Canadian Canoe Patrol

>"Communist China is developing open-source chip architecture to dodge our sanctions and grow its chip industry," Rubio said in a statement to Reuters. "If we don't broaden our export controls to include this threat, China will one day surpass us as the global leader in chip design."


>"I fear that our export-control laws are not equipped to deal with the challenge of open-source software - whether in advanced semiconductor designs like RISC-V or in the area of AI - and a dramatic paradigm shift is needed," Warner said in a statement to Reuters.


Their main strategy appears to be preventing China from getting knowledge, they think that current US tech dominance originated from having technical know how that others don't. Which is baffling. US tech-dominance comes from economies of scale and imperial monopoly capitalism bullying competing companies out of the market. It was never about secret sauce technology. During the cold war the soviets often couldn't match US tech 1:1 and produced downgraded versions. But that wasn't a lack of know-how, they just couldn't afford as much specialized machine capital as the US.

They are now going to isolate US based RISC-V devs from participating in the global RISCV playground and basically cripple their ability to compete. I wonder if this really is cold-war2.0-autism and not simply ARM chip-makers not wanting the competition from RISK-V.
>>

 No.12707

>>12706
America is so fucking stupid, I hope this leads to brain drain.
>>

 No.12708

>>12707
>America is so fucking stupid
Well sort off, there are lots of clever Americans too but they don't appear to have much pull in the halls of power these days.

>I hope this leads to brain drain.

That's definitely what will happen.

I don't know what the effect will be, the philosophical conviction and ethical principles for open technology are very American. Europeans have to an extend adopted those as well but see it more in terms of fair market competition and consumer rights.

It's difficult to gage how the Chinese see it. I think they consider companies that open source their tech as the industry leader/master and those that copy it as the industry follower/apprentice.


File: 1699135097488.jpg ( 34.6 KB , 612x405 , wtf eu.jpg )

 No.12703[Reply]

The offending legislation is
<eIDAS (electronic IDentification, Authentication and trust Services)

The Situation
<These legislative articles were introduced in recent closed-door meetings undermining democratic norms of public scrutiny. This legislation will be presented to the public and parliament for a rubber stamp before the end of the year.

<It seems to enable any EU member states to issue fake website certificates for interception and surveillance via a man in the middle attack. Website certificates are crypto-graphically secure identities of websites, and states might be allowed to commit a type of identity theft.


<There is no independent check on the decisions made by member states with respect to the keys they authorize and the use they put them to.


<This legislation seeks to ban browsers from applying security checks to these EU web certification keys and certificates except those pre-approved by the EU IT standards body ETSI. There are misaligned incentives. ETSI has a concerning track record of producing compromised cryptographic standards.


further reading
https://www.techdirt.com/2023/11/03/eu-tries-to-slip-in-new-powers-to-intercept-encrypted-web-traffic-without-anyone-noticing/#comments
https://last-chance-for-eidas.org/
Post too long. Click here to view the full text.
>>

 No.12705

File: 1699235580298.png ( 3.21 KB , 400x400 , qwaks.png )

>>12703
https://securityriskahead.eu/

here is another webpage that explains this better, they're basally trying to downgrade to a type of web-certificates that were depreciated in 2019 because they were not secure.

<When using the internet, your browser protects valuable information you send to websites. But eIDAS article 45.2 will force browsers to accept QWACs – lower-security standard website certificates and providers that issue them. By complying, browsers would open users up to possible malicious attacks and online crime.


<In short, eIDAS article 45.2 will lower the bar for protection. And those few sentences make the internet less safe.


the faq page is actually useful
https://securityriskahead.eu/faq/


File: 1697152974050.png ( 13.42 KB , 500x496 , video.png )

 No.12551[Reply]

Many claim that it's not possible to make economically viable video platforms, and that You-tube can only exist because google subsidizes it. If your platform is designed around the concept of renting servers that host and serve all the video-files that people download, that could be true.

However there might be another way

If you make the video platform a peer to peer protocol where the servers just have to host reference video-files, which then percolate through a peer to peer distribution model, video platforms should become economically viable. The bandwidth-cost of transmitting a video once will lead to many views not just one. Another cost factor is video-transcoding. That too could be offloaded to peers. If a uploaded video gets watched on average a few hundred times, peers only have to contribute a fraction of a percent of the necessary compute resources per video. Even for battery-powered devices this will be a negligible drain.

The "Muh-businesmodel"
Sell video-makers a modified NAS pre-setup to host the video reference files.
Sell users a low-power compute-device they plug into their internet connection which helps with peer-availability and grants them network-priority for the best viewing experience.

additional "Mc-revenue streams"
Many online videos shill products, add a online market-place where people can directly buy their crap and you can take a small cut. Same scheme with sponsored content.
Also add a crowd fund mechanism where people can crowdfund episodes for open creative commons entertainment franchises. And be strategical about it, you need to have one popular pioneer project that draws a crowd, to get this started.
If you're not too greedy and only take a 0.5 to 3% cut, your stuff will take off.

Post too long. Click here to view the full text.
5 posts and 2 image replies omitted. Click reply to view.
>>

 No.12632

File: 1698196368871.jpg ( 38.89 KB , 439x358 , no.jpg )

>>12631
>copulate with a female dog
bestiality ?
Ew
>>

 No.12635

File: 1698200072991-0.png ( 476.63 KB , 539x600 , d0.png )

File: 1698200072991-1.png ( 512.21 KB , 424x640 , doggo1.png )

File: 1698200072991-2.png ( 397.36 KB , 403x643 , doggo2.png )

File: 1698200072991-3.png ( 121.84 KB , 555x181 , doggo3.png )

File: 1698200072991-4.png ( 339.93 KB , 416x650 , doggo4.png )

>>12632
bestiality is based
>>

 No.12694

>>12551
my parents in south america essentially use whatsapp as their main social media. boomers send each other videos on group chats all the time. i think it's unironically a p2p video platform, with whatsapp servers helping host for a little while and then the files are on their own.

for your scheme though, i would add virtual servers or SaaS where creators can upload their videos to the network without having to own the hardware. yeah, "you will own nothing and be happy," but most creatives are really happy to let the experts manage the technical part of their business

however, though we all would consider a lack of censorship as an advantage, you risk having the platform filled with bestiality and child porn and such illegal and disgusting content. moderation is the real test of fire with social media. all the apps people used today are built on the backs of traumatized moderators who have to go through mountains of gore everyday to make the internet usable
>>

 No.12695

File: 1698875817825.jpg ( 64.1 KB , 1400x1200 , 20231027_095455.jpg )

Film is vastly overkill for most things people make videos about these days. Something like how flash games operated (ship static vector assets with transformation instructions and audio) would be a better fit approach.

If videographers start making powerpoints with a Vtuber rig and mocap data overlayed on top made in godot exported as an html5 "game," youtube is gonna lose half it's traffic.
>>

 No.12696

File: 1698886085574.jpg ( 44.23 KB , 704x562 , cat with a fish.jpg )

>>12694
>whatsapp
>it's unironically a p2p video platform
interesting, i did not know that.

>for your scheme though, i would add virtual servers or SaaS where creators can upload their videos to the network without having to own the hardware. yeah, "you will own nothing and be happy," but most creatives are really happy to let the experts manage the technical part of their business

That would replicate the bottle-neck that makes current video-platfroms so uneconomical. Storage absolutely has to migrate to the edges of the network to fix that. I don't think it's too much to ask for a content creator to set up what is basically a fancy NAS. Many already do that to backup their video source files. Besides there's another "revenue streamerino" : tech support. I specifically want dispersed ownership of hardware, not merely for ideological reasons of prioritizing personal property. All those data-centers look really fragile and precarious. Destroying a data-center with military weapons costs a 1000x times less than building one. I get it there are advantages to a consolidated cloud, but the current political leadership is insufficiently peace-minded for that.

>however, though we all would consider a lack of censorship as an advantage, you risk having the platform filled with bestiality and child porn and such illegal and disgusting content.

Oh bother, yeah i didn't really think about the toxic data sewage. I was primarily thinking about network efficiency, resiliency and muh-business-model that doesn't rely on adds.

>moderation is the real test of fire with social media. all the apps people used today are built on the backs of traumatized moderators who have to go through mountains of gore everyday to make the internet usable

There has to be a better way because the amount of content that can be created is increasing while the amount of humans moderating does not, so this scheme is living on borrowed time anyway.

We can probably also forget about using AI-moderation. There already are ways to tweak images to trick AIs to see something else than a human would. This AI-vision-interference stuff was invented because Artists wanted to prevent their images from bPost too long. Click here to view the full text.


File: 1698106572336.png ( 56.37 KB , 320x313 , grayjaylogo.png )

 No.12615[Reply]

Rossmann videoed about 2 interesting programs.

grayjay
The first is one that lets you subscribe to people regardless on what platform they publish
https://farside.link/invidious/watch?v=5DePDzfyWkw
https://grayjay.app/index.html
https://gitlab.futo.org/videostreaming/grayjay

Harbor
The second is similar in that it's some kind of platform independent online identity system
https://farside.link/invidious/watch?v=nMSO1TiTW4E

This seems to be about people not loosing track of each other online when their accounts get deleted.
It seems really nice, tho i don't know what implication this will have. Will this really empower people ?
>>

 No.12617

>>12615
so you are telling me you waste your time listening to that guy? how many macbooks have you repaired? none? what the fuck is this shitware brother, why would you subscribe to anything in the first place?
don't reply, I don't actually care, you are one dumb motherfucker
>>

 No.12618

>>12617
>you waste your time listening to that guy?
i'm wasting my time incorrectly?
>how many macbooks have you repaired?
one, replaced a borked wifi adapter
>what the fuck is this
I don't really know, that's why i'm asking, i have a text file with bookmarks, where i add descriptive tags, i search through that with a fuzzy-finder.
>>

 No.12619

Uh, who?
>>

 No.12620

>>12619
>Uh, who?
Rossmann is the right to repair guy
>>

 No.12683

So apparently YouTube axed those videos

Here's an alternate source
https://odysee.com/@rossmanngroup:a/the-best-way-to-watch-online-video-my:c
https://odysee.com/@rossmanngroup:a/the-best-way-to-watch-online-video-part:1

I still don't understand why they would care about this ?
It's a program that collects all the places where somebody uploads stuff. It's like a sophisticated organizer for bookmarks.


File: 1618169419070.png ( 95.72 KB , 568x548 , pepe-mouse-friend-pepe-cof….png )

 No.7789[Reply]

Just installed arch

What do I do now?
>>

 No.7791

install gentoo
>>

 No.7792

>>7791
Based
>>

 No.7798

enjoy how ridiculously convenient pacman is
just install a bunch of shit you don't even need because why not
>>

 No.12673

Arch is a gateway drug to NixOS.


File: 1608526393353.webm ( 1.34 MB , 952x605 , 1606957784986.webm )

 No.5907[Reply]

Apple is sec-
>>

 No.12672

Thought it was gonna play Bad Apple for a second there.


Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / 777 / posad / i / a / R9K / dead ] [ meta ]
[ 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10 / 11 / 12 / 13 / 14 / 15 / 16 / 17 / 18 / 19 / 20 / 21 / 22 / 23 / 24 / 25 / 26 / 27 / 28 / 29 / 30 / 31 / 32 / 33 / 34 / 35 / 36 ]
| Catalog | Home