/tech/ - Tech

Technology.

catalog
Mode: Thread
Name
E-mail
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

Captcha
Password

(used to delete files and postings)

Misc

Remember to follow the rules


(503.48 KB 934x1000 daily_programming.png)
Daily Programming Thread Comrade 01/27/2020 (Mon) 18:13:02 No. 17 [Reply] [Last]
What are you working on, /roulette/?
188 posts and 33 images omitted.
>>1869 Sure, and asm is also turing complete, but you will never use it to replace your shell scripts. Now imagine having to work with convoluted json data in bash.
>>2940 https://stedolan.github.io/jq/ It's actually pretty convenient.
>>17 Working making changes to some Vue codebase. I kinda wanna die, ngl.
>>2939 Which one did you end up using?
>>17 Funnily enough, I'm currently working through SICP, CLRS and that one book by Patterson and Hennessy. Don't know if I'm just memeing myself or if this actually werks, but these books are pretty good so far.

Comrade 01/27/2020 (Mon) 13:36:56 No. 221 [Reply] [Last]
What Internet browser does /tech/ use? personally, I just use firefox
86 posts and 7 images omitted.
>>221 Vivaldi good?
>>521 RIP Mozilla
(28.08 KB 633x758 soy198 (2).png)
>>521 >NOOOOOOO!! YOU WERE THE CHOSEN ONE, MOZILLA! YOU WERE SUPPOSED TO DESTROY THE ENEMIES OF THE INTERNET, NOT JOIN WITH THEM! BRING BALANCE TO BROWSER STANDARDS, NOT LEAVE THEM IN DARKNESS!
(17.16 KB 400x400 sheev.jpeg)
Did you ever hear the tragedy of Mozilla the Wise? I thought not. It's not a story Google would tell you. It's a hacker legend, you see. Mozilla was a Dark Lord of the Internet, so powerful and so wise he could use his browser to influence web standards... He had such a knowledge of webdev that he could even keep floundering file formats from dying. The dark side of webdev is a pathway to many abilities some consider to be unnatural. He became so powerful... the only thing he was afraid of was losing his power, which eventually, of course, he did. Unfortunately, he taught his apprentice everything he knew, then his apprentice killed him in his sleep. It's ironic... he could save others from death, but not himself.
>>4022 >Vivaldi Hell no, it's proprietary

(100.76 KB 1520x1000 boothole.jpg)
GRUB2 pwned through UEFI exploit Comrade 07/30/2020 (Thu) 07:02:03 No. 3737 [Reply]
Yet another gaping security flaw has been found in the Microsoft Trojan Horse replacement for BIOS known as UEFI. This one affects GRUB2 bootloaders in particular. https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.
1 post omitted.
>>3738 Basically this vulnerability requires root / admin access to access the grub.cfg file located in the EFI System Partition, which means the attacker must first gain a foothold on the system and escalate privileges (physical access also works). The vuln only helps with persistence across system reboots, so it’s unnecessary — and perilously noisy — for attackers to employ this if they already have root on a system that never reboots. In other words, protect your system from privilege escalation attacks and prevent evil maids in hotel rooms from physically accessing your machine and you protect yourself from this. Also you should laugh at anyone who has ever relied upon Secure Boot to protect themselves, a "feature" that has been broken by design since its inception.
>>3738 it has a catchy name and a logo that means it is scary
>>3739 >Basically this vulnerability requires root / admin access You're already beyond fucked at that point anyway. There are more important vuls discovered all the time that either escalate the privileges or gain access to the system over network in the first place. But most of them are so specific that there's very little chance you'll get hit if you update your system, even if takes a month for the fix to arrive in your repos.
>>3744 Why is everything so comodified and branded that even something as obscure and technical as security vulnerabilities get flashy logos, graphic design and a name that sounds like it was created by a marketing focus group? It's just ridiculous.
>>4053 It was created by a marketing focus group. It's advertisement for the business that found it.

(6.32 KB 109x100 searx.png)
Searx Comrade 07/03/2020 (Fri) 11:53:59 No. 3073 [Reply]
I know that if I run my own instance of searx is the most private way to search things up. But what about public instances of searx like search.snopyta.org, are they any safer than just using pure duckduckgo? Because I am still trusting a 3 party with my data, the only other advantage that I see using a public instance of searx is that is completely open source. Are there any other positives?
14 posts omitted.
>>3437 I like street view though, photo imagery of Earth's surface, rather than the layout?
>>3431 impossible
>>3431 Unless the NSA and friends have made a breakthrough on quantum computing and kept it secret, functionally impossible. With properly set up and non backdoored ssl crypto you're looking at average computation times longer than the heat death of the universe. Of course they could always do what they did with Dual_EC_DRBG and backdoor the encryption to make it significantly easier to break or just compromise the servers you're talking to.
>>3437 Good post. What's a good .txt dictionary? I tried looking for one once, but they were all antiquated
>>4032 Check this out: https://dumps.wikimedia.org/ Wiktionary has a lot of English words, plus etymologies, pronunciation, translations, etc.

(38.57 KB 700x470 AccuVote TSX.jpeg)
Designing transparent and secure election systems with computers Comrade 07/09/2020 (Thu) 23:00:09 No. 3173 [Reply]
Many countries around the world, after some initial experiments, have completely dumped the idea of running their election systems with computer hardware and returned to hand-counted paper ballots. One look at the cartoonish hodgepodge of election machines with a million security holes across the United States all making use of unauditable proprietary software and hardware and manufactured by private companies mired by a history of corruption and scandals. One look at all that would be enough to give any reasonable person pause to reconsider the entire idea of electronic voting. Is it possible to design an electronic voting/counting system that fulfills some basic expectations of security and transparency? I and many other computer security experts would argue that it is not and never will be due to some fundamental aspects of computers. But let's not let that spoil our fun. How would you design electronic voting systems to be secure and transparent? What would the hardware be like? What would the software be like?
10 posts and 1 image omitted.
>>3177 This work work fine too. A pseudonymous but verifiable cryptographic signature is a solved problem. Look into zero knowledge proofs as well: https://research.kudelskisecurity.com/2018/11/05/e-voting-crypto-protocols/
>>3197 >Its simply not feasible to have tons & tons of properly organised paper votes for things like workers councils making small decisions. Why not? It's being done right now.
The fundamental issue isn't that its an unsolveable problem, its that you still have to trust the organisation running the election more than you do for a paper ballot.
>>3174 >copyleft openrisc >not permissively-licensed risc-v meme ISA giga based
>>3192 >1. In what ways are current pen-and-paper election systems are broken? Insecure, unreliable, centralized, slow, expensive, inflexible. >2. How would an ideal digital election system fix this issues? Public-private keys are a simple centralized solution, blockchains are a more elaborate decentralized solution. >>3219 >its that you still have to trust the organisation running the election more than you do for a paper ballot Not true. Crypto systems can be completely decentralized.

Centralization of the Internet; what to do about it and would decentralization come back in a socialist economy? Comrade 04/20/2020 (Mon) 21:22:16 No. 1287 [Reply]
Hey all, It is sort of eerie, back in the Web 1.0 days, (I know showing my age here) there were so many websites all created by ordinary people all expressing themselves. Now big corporations have barged in and so many people are now using these centralized websites and services without even knowing of any alternatives. Would such a decentralization and expression come back to the internet in a socialist world or would it be used for something different?
11 posts and 1 image omitted.
>>1312 I've heard zeronet and ipfs are very sloppily built projects. This is just a guess, but I believe I2P is a better built network than both, technically.
(30.34 KB 320x280 gnunet-logo-dark-text.png)
>>1301 This shit's cool IMO. I read one of the features was it has a "bridge" mode that lets you communicate over gnunet without requiring any of your current applications to be rewritten for it.
>>1305 There is a meshnet in my town and it's pretty cool, they use wireless equipment for connecting to each other. I haven't researched how much the equipment would cost but i'd guess that its somewhere in the hundreds for just a short link, but the subscription is dirt cheap and the speeds are very fast. Internet access isn't guaranteed though, there are some people within the network that share their internet connection. Meshnets should be way more popular and widespread than they currently are.
>>1362 I was always curious about this but I could never figure out how to get it set up or understand exactly how it works.
>>1288 >it's all SEOs, paywalls and ads, once that is gone, the shit parts of the Internet will be too. Link extremely related: https://idlewords.com/talks/what_happens_next_will_amaze_you.htm If the surveillance/advertising/datamining/botnet bubble pops, the entire corporate web and its SNSs could die overnight. >>1296 Quick reminder WWW was just supposed to be HTML+CSS via HTTP, for creating/editing/distributing hypertext documents, with GUI editing integrated into all clients using a standard open library, raw markup and URLs never supposed to be seen nor touched by humans. Both the 1-way consoomer "Web 1.0" and the monstrous JS hodgepodge of "Web 2.0" are perverse accidents of history. Note there was an attempt by the web's original authors to fight all this, and right the course of the web with semantic metadata: https://www.w3.org/2009/Talks/01-15-steven-website/ But it was scuppered by Google/Apple in the fight between W3C vs. WHATWG, resulting in the death of XHTML in favor of HTML5.

(62.69 KB 1920x1080 discord.jpg)
Mysterious User Comrade 08/10/2020 (Mon) 15:15:47 No. 3983 [Reply]
I have heard from a relative on discord about a user named hill- , Do any anon's have some information about this mysterious person?
its hillary clinton
>>3984 he knows tuu much. take 'im down

(639.30 KB 609x411 1596730726723.png)
Intel Massive Leak Comrade 08/06/2020 (Thu) 20:10:28 No. 3902 [Reply]
Intel seems to have suffered a massive leak of about 17GB in size. It is named drop 1 so maybe more to come. magnet:?xt=urn:btih:38f947ceadf06e6d3ffc2b37b807d7ef80b57f21&dn=Intel%20exconfidential%20Lake%20drop%201
6 posts and 1 image omitted.
>>3902 They will find a way to blame China for this.
So what do these leaks even revolve around? Government collusion?
>>3907 The update to the tomshardware article lists this stuff. Intel ME Bringup guides + (flash) tooling + samples for various platforms Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history) Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES Silicon / FSP source code packages for various platforms Various Intel Development and Debugging Tools Simics Simulation for Rocket Lake S and potentially other platforms Various roadmaps and other documents Binaries for Camera drivers Intel made for SpaceX Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform (very horrible) Kabylake FDK training videos Intel Trace Hub + decoder files for various Intel ME versions Elkhart Lake Silicon Reference and Platform Sample Code Some Verilog stuff for various Xeon Platforms, unsure what it is exactly. Debug BIOS/TXE builds for various Platforms

Message too long. Click here to view full text.

is the master key for IME leaked or what?
>>3902 Anything important that relates to the common folk?

(15.52 KB 160x160 2afavicon.png)
Comrade 08/07/2020 (Fri) 13:39:31 No. 3914 [Reply]
Big list of imageboards easily sortable https://socialwiki.top/wiki/Imageboards Enjoy
>>3914 nice
that explains all the new spam on /leftypol/

(154.55 KB 477x620 spanish.png)
Comrade 08/01/2020 (Sat) 15:37:10 No. 3774 [Reply]
>tfw used to be really into coding and computer shit as a teenager >became an adult and got into video editing, photoshop and all that other stuff >basically forgot everything i knew about coding and computers >now a macfag how do i get back to the tech stuff and whats a good way to break back into it through mac ? also pic unrelated
37 posts and 5 images omitted.
>>3888 >All distro websites tell you to use checksums Exactly. And any good distro has signed packages, so they fortunately assume their users could be attacked. It happened to Mint because of a wordpress vuln IIRC, so nothing to do with the distro itself. It's ridiculous to put so much blame on Mint project itself, wordpress is not some obscure amateur project of their own making. Much bigger scandal to me is how Arch Linux refused to sign their packages for so long, attacking anybody who pointed this out. This is the case where a distro itself was actually unthrustworthy, and not just because of incompetence but because of their attitude towards security.
>>3836 >>please dox yourself How is: >just use macOS for now if you have a mac equivalent to >please dox yourself delusional. >>3878 NTA, I think he may be referring to installing macOS on non-mac hardware. That's a huge pain in the ass, but also, if you're going that route, a linux OS is obviously much better. >>3883 >Dude, the website even tells you how to use them. Dude, do you seriously use checksums every time? I try to use them, but many times I'm just lazy and trust the server. I sometimes even run plain bash code directly through ```curl website | bash```. It's the easiest way to install some software. >>3889 Again, linux only makes sense if you're starting out and have non-mac hardware. On a fresh mac, this is what I would install:

Message too long. Click here to view full text.

>>3891 I don't know why anyone would think we're talking about macOS on non-mac hardware, that is quite silly. May I add to the list for fresh mac installs: >yabai wm >skhd >Kitty or Alacritty (fuck iTerm it's slow)
>>3892 Nvm, I was thinking of "hackintosh". I usually use all apps as large as possible and just command + ~, or command + tab, depending on what I need to access. I don't use a separate monitor though.
>>3878 you can do everything on every OS. that doesn't make it objectively more efficient to stick with linux when learning linux systems

Delete
Report

no cookies?