Nerve Center

A wise man once said : Windows, GNU/Linux and Android are OBSOLETE.

How come this wasn't proven wrong yet? I'm starting to think that he may be right after all. What would be the point sticking with wangblows if you're looking for productivity? Same can be said for the GNU/Linux OS. Apart from getting useless recognition on the internet, does it really benefits you in any way? Does it make you happier in your lives? I don't think so. Going through hours and hours of startpage searching just to ensure that your distro works correctly is a CHORE. And wangblows is even worse. Because except for gamers (and even then they have to withstand being constantly interrupted by system updates), there is no interest in owning a wangblows computer. On the other hand, for full fledged men with compelling duties and responsibilities, owning a MacBook or an iPhone device can be the best answer to your specific needs. Considering that we're now living through an Era of endless technological evolution, it's in your best interest to witness and being part of this progress equipped the best products and services available on the market. Luckily enough, the premium experience provided by Apple can cater to all your desires. May it be their top notch hardware and software, or their customer services renowned for its ability to solve any issues in one instant. I will only say this once for those who are willing to learn.

Be smart, and invest in Apple.

Writing clean Assembly

I keep seeing posters on here like >>1034281 trying to be galaxy brain by writing stuff in Assembly and ending up producing horrible code. I don't blame them, because pretty much the stuff about Assembly online is trash or unparsable.

So I've written Hello World properly, using modern interfaces & good code hygiene.

https://github.com/faissaloo/x86-asm-hello-world/blob/master/hello_world.asm

Feel free to ask questions in this thread.

Librefox, mainstream Firefox with a better privacy and security

>This project aims at enforcing privacy and security of Firefox without forking the project.

>Librefox uses more than 500 privacy/security/performance settings (gHacks and additional options), patches, Librefox-Addons (optional) and a cleaned bundle of Firefox (updater, crashreporter and Firefox's integrated addons that don't respect privacy are removed).

>Updated Browser : because this project is not a fork, it is kept updated with the latest Firefox version.

>Extensions Firewall : limit internet access for extensions (firewall-test-feature)

>IJWY (I Just Want You To Shut Up) : embedded server links and other calling home functions are removed (zero unauthorized connection by default).

>User Settings Update : gHacks/pyllyukko base is kept up to date.

>Settings Protection : important settings are enforced/locked within mozilla.cfg and policies.json, those settings cannot be changed by addons/updates/Firefox or unwanted/accidental manipulation; To change those settings you can easily do it by editing mozilla.cfg and policies.json.

>Librefox Addons : set of optional Librefox extensions

>Statistics Disabled : telemetry and similar functions are disabled

>Tested Settings : settings are performance aware

>ESR and Tor version (Librefox TBB Beta)

>Tor Librefox Addons : adapted Librefox extensions for TBB

>Multi-platform (Windows/Linux/Mac/and soon Android)

>Dark theme (classic and advanced)

>Recommended and code reviewed addons list

>Community-Driven

>And much more...

https://github.com/intika/Librefox/

Thoughts?

Anonymous distributed networks

Can we have a thread about anonymous (so no cjdns, no IPFS and no retroshare) distributed networks for the purpose of file sharing and shitposting?

>Tor

Primarly made for and used as a proxy to the clearnet; the network is saturated by this. The client is written in C with some welcome security features like sandboxing.

>i2p

Supposedly better than Tor, has a fork of the bittorrent protocol as filesharing. Sadly, the main implementation is a JavaPD implementation that includes everything possible.

Fortunately, there's i2pd, an actively developped C++ implementation and XD, a Go torrent application for it. It's still rough around the edges but progressing fast.

>gnunet

Don't know anything about it, except that there are some papers supporting it and the userbase is extremely tiny for now. Has filesharing builtin and an optional GTK+ GUI. It looks like its website got a facelift recently, maybe we'll see more development.

>lokinet (i2pd and monero successor)

Made by some guys including some i2pd devs because they're fed up with i2p and monero. Supposed to cure cancer and all.

For now, I think i2p is the way to go as far as anonymous filesharing goes. Any further opinions?

Brighteon - a platform for uncensored videos?

Many times I've seen /tech/ asking for a decent youtube alternative. Well today I just found this by accident. You can find political, conspiracy, health etc. videos in there. All exploring alternative content that would be censored on youtube. Unfortunately you have to get an invitation to register. But at least there's now a youtube without censorship. Even flat earth videos are allowed!

I know this question is vague but, what are the "best" programming languages and why?

>comeback after a year or two away from chans

>8chan still the same

i thought some guy got paid 10,000 usd to upgrade 8chan?

what happened? who in charge now? did the upgrade get abandoned? pic not related.

Spacechan.xyz

Greetings from SpaceChan!

http://spacechan.xyz

How do we stop this?

http://wiki.freeculture.org/Empowermentors_Collective/Bug_List

>This page is for documenting issues of ableism, racism, cissexism, heterosexism, misogyny, and classism in free culture and technology, especially libre technology.

>General Language

>Crippleware - Ableist language for "damaged good"

>Master/Slave (Hard drives) - Uses maste/slave relationship as analogy for pieces of hardware.

>Software Names

>GIMP (GNU Image Manipulation Program) - Ableist slur

>Apache (A patchy webserver) - Play on words that has turned into branding around indigenous people

>Cherokee (An Apache alternative) - Riffing off of Apache

>Tomahawk (A music sharing app) - No reason to be named after the axe used by native amaricans

>Volksempfänger - a Holo-themed podcast app with gpodder.net integration for finding podcasts, named after the cheap consumer radio sold during the Third Reich to spread Nazi propaganda. (src)

>Bug List

>This page documents bugs in free software projects relating to racism, ableism, cissexism, heterosexism, sexism, classism, etc.

>Gramps relations should be gendered as an option, not as a requirement. Bug #0005730

>Each role in 0ad is raced and gendered, such that (almost?) all characters are white, and some "female citizens" exist which "inspire nearby males to work faster".

South Korea Expands Site Blocking Efforts with SNI Eavesdropping

South Korea Expands Site Blocking Efforts with SNI Eavesdropping

February 14, 2019

South Korea will expand its site blocking measures with SNI eavesdropping, so HTTPS sites can be blocked as well. The new measure, which will also affect pirate sites, has generated widespread opposition. While it's more effective than standard DNS blocking, it's certainly not impossible to circumvent.

https://torrentfreak.com/south-korea-expands-site-blocking-efforts-with-sni-eavesdropping-190214/

Website generates a fake face with AI.

Has technology gone too far?

Was Uncle Ted right all along?

https://news.ycombinator.com/item?id=19144280

https://thispersondoesnotexist.com/

/tech/ Questions and Support

Bring all your hardware, software and other troubles here.

Norway: Academics Say Amazon’s Alexa Should Have “Moral AI” to Report Owners to the Police

>Smart assistants could soon come with a ‘moral AI’ to decide whether to report their owners for breaking the law.

>That’s the suggestion of academics at who say that household gadgets like the Amazon Echo and Google Home should be enhanced with ethical smart software.

>This would let them to weigh-up whether to report illegal activity to the police, effectively putting millions of people under constant surveillance.

https://dailystormer.name/norway-academics-say-amazons-alexa-should-have-moral-ai-to-report-owners-to-the-police/

http://dstormer6em3i4km.onion/norway-academics-say-amazons-alexa-should-have-moral-ai-to-report-owners-to-the-police/

spacechan.xyz a shit

https://n3t.host a god

.onion URLs and HTTPS certificates

DuckDuckGo as an example: https://3g2upl4pq6kufc4m.onion/

What is the impact of using TLS on an .onion URL like this? Is it redundant? And/or is it counterproductive?

Get in here

EU Copyright Law

>... any online community, platform or service that has existed for three or more years, or is making €10,000,001/year or more, is responsible for ensuring that no user ever posts anything that infringes copyright, even momentarily. This is impossible, and the closest any service can come to it is spending hundreds of millions of euros to develop automated copyright filters.

>any link that contains more than "single words or very short extracts" from a news story must be licensed, with no exceptions for noncommercial users, nonprofit projects, or even personal websites with ads or other income sources, no matter how small.

Why aren't we discussing this?

https://www.eff.org/deeplinks/2019/02/final-version-eus-copyright-directive-worst-one-yet

Vision Tech

How can I improve my eyesight?

>inb4 glasses, contacts, lasic

*How can I improve my eyesight without using common methods? are there any technologies I can use to improve my distance vision?

CVE-2019-8912

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 17eb09d222ff..ec78a04eb136 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -122,8 +122,10 @@ static void alg_do_release(const struct af_alg_type *type, void *private)

int af_alg_release(struct socket *sock)
{
- if (sock->sk)
+ if (sock->sk) {
sock_put(sock->sk);
+ sock->sk = NULL;
+ }
return 0;
}
EXPORT_SYMBOL_GPL(af_alg_release);

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea

https://nvd.nist.gov/vuln/detail/CVE-2019-8912

OH NoNOnoNONo.... OHOHH NOOOONOONONO.... BAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAAHA

archlinux or voidlinux?

why should i use one over the other?

Best practices to maintain anonymity online

How can I maintain an acceptable degree of privacy and anonymity while browsing the internet?

Should I chain a VPN with Tor or are obfs4 bridges are safe enough?

Which email clients are safe to use with Tor? If there isn't any, how can I configure mine to be secure?

According to Tor Browser design document[1], Tor Browser builds new circuits for each new domain and isolate all cookies, TLS session IDs and other identifying information on URL level. If this is true, then why is it widely recommended to restart Tor (or Tails) if the user wants to unlink his current activity from what he is about to do next?

Are there any known exploits that can penetrate TBB instances configured with safest options?

Are there any other browsers, text browsers especially, that can meet design requirements of TBB?[2]

Am I missing anything here that you would like to add?

1. https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

2. https://www.torproject.org/projects/torbrowser/design/#DesignRequirements

I pissed off anonymous how do I protect myself?

Plan9

What does /tech/ think about this? It it just Unix all over again with a cute mascot for marketing purposes? Is it a meme? Is it usable as a daily driver? Is it as "revolutionary" as its fanboys claim, or is it just snake oil?

Brighteon - an uncensored youtube alternative?

I've seen /tech/ asking many times for a decent youtube alternative. Well today I just found this by accident. You can find political, conspiracy, health etc. videos in there. All exploring alternative content that would be censored on youtube. Unfortunately you have to get an invitation to register. But at least there's now a youtube without censorship. Even flat earth videos are allowed!

Ryzen 7 2nd Gen > Convince me why it's better than Intel

I always hated AMD for making cheap hardware susceptible to overheating and poor maintenance, but I heard Ryzen can finally go toe to toe with big brother Jewtel.

Is this true, or does it still suck by your experience?

Stop Pretending Computers are Magic

I've seen this a lot lately, and it's getting really annoying. It's the idea that intelligence agencies like the NSA have some form of "magical" capability to instantly crack every encryption scheme known to man because 'you don't know what they're capable of'

Yes I do. I know quite well what they're capable of, and what they're capable of is nowhere near what you claim, simply because of how cryptography and computers work.

Let's look at the cryptography side of things. Any textbook on information security will tell you that secrecy in the true nature of cryptographic algorithms doesn't work. However, wikipedia explains that the history of this goes farther back than one would think.

>It was finally explicitly recognized in the 19th century that secrecy of a cipher's algorithm is not a sensible nor practical safeguard of message security; in fact, it was further realized that any adequate cryptographic scheme (including ciphers) should remain secure even if the adversary fully understands the cipher algorithm itself.

In short, hiding any sort of meta-information about cryptography would be foolish. Cryptography is the ultimate open source, because it requires and benefits from the eyes of everyone.

it also says with regards to modern computer encryption algorithms

>breaking it requires an effort many orders of magnitude larger, and vastly larger than that required for any classical cipher, making cryptanalysis so inefficient and impractical as to be effectively impossible.

In short, no they didn't find some super secret special way to instabreak AES, SHA-512, RSA, or ECC. If you truly believe they did, show some damn evidence.

On the computer side, I think people overestimate the how powerful computers are in terms of password and general cryptography breaking, and even more so how powerful the NSA's computers are. Below is a link to an earlier version of the Kaspersky password checker that estimates how long it would take for different types of computers to crack a password, everything from a ZX Spectrum to the TOP500 supercomputer Tianhe-2. Obviously don't type in your real password, but play around with this. You'll find that if your password is even remotely competent and in keeping with industry best practices (20+ characters, atleast 1 lower, upper, number, special char), it would take good ole Tianhe way longer than the average human lifespan to crack it.

https://web.archive.org/web/20170824104237/https://password.kaspersky.com/

To believe that the NSA can get it done as fast as you claim, you would have to believe that they have computers that would be TOP500-tier. I seriously doubt that.

Best registrars and hosting providers?

ThinkPad (and Toughbook) thread

Dell Precision edition. As usual, the old one hit 400 posts again.

>tfw your M6500 died and all you're left with is this M4300 and two Pentium era Precisions

normalfags destroying tech market

This is your brain when you are normalfag.

The comment was made in relation to iPhone sales declining by 10%

Those shit people are sending billions of dollars for shit products to shit companies.

Computer repair

Can you recommend me resources for learning about partition and boot repair?

I would like to learn more about things like mbr, gpt, uefi, bios, grub, fsck, testdisk, chkdsk and how to use them properly.

Is there a book or a manual with this information?

Alright /tech/, I have been doing some computering lately and I realized that web browsers can load files from the local file system with this protocol:

file://

Could CIAniggers use this to load files from paths that are always the same and then send them off with JavaScript in order to find out information about you?

Like these:

C:\Windows
C:\ProgramData
/var/log
/etc
/home/<user>

When I put this:

<img src="file:///etc/alternatives/start-here-16.png" alt="benis" />

into a html file and open it, It loads the Debian icon.

Should I be worried about this?

Pls respond am not good with computer.

Privacy phone

I'm tired of bein spied upon by botnet, i don't trust my current phone or any modern one (even modern "dumb phones")

So i was thinking about getting myself one of the legendary stainless steel Nokia 8800.

Until i heard about Librem 5, i'm really confused.

At $650 its definitely not cheap, do we even know what the specs will be ?, how can we be sure that it's safe ?

I quit

I started working at 15, when I took a job as a pizza cook. Over the next seven years, I moved up the ranks, to a driver, shift manager, and then as part of the “new store opening team.” The franchise was growing, and we needed to help new franchisees open their new stores. I’d travel to where the new store was a week before they would open, help train the new staff, and then work their opening weekend. It was really fulfilling work; if pizza paid as well as tech, I’d seriously consider doing it forever.

One time, somewhere in Maryland, I got a bit ill. It wasn’t a good idea for me to work the rest of the week, but the company’s top brass would usually visit to cut the ribbon on the store. It was about a four hour drive back to home, and our COO graciously agreed to let me come back to the ‘burgh with him, so I could recover at home. On the drive, I asked him what he did before working here, and the answer really surprised me. “Oh, I was the CEO of American Eagle. I grew them from 20 locations to 200, and then decided to move on.” To a kid from the suburbs, being in charge of one of the most popular clothing brands among my peers seemed like a great gig. Why’d he quit? The answer is something that’s really stuck with me; this happened about fifteen years ago. What he told me was this: at each stage of a company’s growth, they have different needs. Those needs generally require different skills. What he enjoyed, and what he had the skills to do, was to take a tiny company and make it medium sized. Once a company was at that stage of growth, he was less interested and less good at taking them from there. And that was what he was trying to do for our pizza chain.

I’ve mostly worked at small companies. I did a startup, then consulted, then worked for a series of companies with five to 15 people. I quit one of those jobs when I found Rust. What I saw in Rust was something that the world really needed. And I wanted to help it get there. Beyond that, the only real way to get a job working on Rust was to work at Mozilla. And independently of Rust, that was something I’m really excited about.

Here’s a poster on my wall:

I’ve been using Firefox before it was called Firefox. This poster is of a two-page ad that Mozilla took out in the New York Times to announce Firefox 1.0. I’ve long believed in Mozilla’s mission. This was an exciting opportunity!

Fast forward a few years. Rust has been growing, we’re doing great things. I love my team. But every time that this means interacting with Mozilla more broadly, I end up being frustrated. I could say a lot of things here, but I won’t get into the details. What’s really important is this: I’m not proud to be a Mozillian anymore. A variety of incidents contributed to this, but at the end of the day, it’s what’s true. Furthermore, I don’t have any personal opportunity at Mozilla; I recently discovered I’m the lowest-paid person on my team, and Mozilla doesn’t pay particularly well in the first place. In order to have any kind of career growth, I would have to not do the work that doesn’t align with my skills, and what I’m doing now is really how I can have the most impact on Rust moving forward.

Samsung predicts nuclear war?

See the picture on the screen in this video from Samsung:

youtube.com/watch?v=Uf8Q3lQRGpI

What an odd motive for the occasion!

To me it is an american soldier with a uniform that looks like its from Korea war time and he is holding his hand up as to shield his eyes from a bright "fire" in the sky. There is also a sign that says "AURO….." and "OR…..", which made me search for a place called Aurora in Oregon. And sure enough, there is; en.wikipedia.org/wiki/Aurora%2C_Oregon

What does this mean?

Author successfully DMCA's GPL'd work

Since: http://oxwugzccvk3dk6tj.onion/tech/res/1018729.html

was bumplocked by the shadow admins (aka the programming code) (Since I'm winning on all counts: because I am correct on the law).

https://lkml.org/lkml/2019/2/4/1065

Quick recap, as told by anon:

Anonymous 02/05/19 (Tue) 14:47:16 No.1027517

Summary of this episode as this thread reaches the bump limit:

>an impersonator ("John Doe") created GitHub, then GitLab and BitBucket repos for trolling purposes

>MikeeUSA hit all three with DMCA (with the GitLab and BitBucket repos successfully taken down)

>meanwhile the impersonator opened the GitHub repo to pull requests; Mikee's butthurt as usual

>that GitHub repo's last commit was made last Thursday

And:

>>1027530

>Gitlab and Bitbucket repos are down due to DMCA notices

>There is still no evidence he hit github with a DMCA

<100 IQ

And

"GPL is Revocable" (== incel terrorism -reddit)

Serious question....if there are closed source fireware blobs on nearly all popular linux distros how do u know whats going on under the hood

Cars are Getting Even More Botnet

We already have Android, OnStar, and other botnets in our cars, but are you ready to step it up, /tech/? :^)

http://www.govtech.com/fs/Electronic-License-Plates-Available-in-Arizona-and-California.html

>Car owners in Arizona and California can upgrade their metal license plates to an electronic, digital version, opening the door to easily changeable plate numbers, messaging, and even a “find my vehicle” feature, thanks to the technology’s wireless connectivity.

>“The Rplate Pro includes advanced telematics that can be used to manage and locate vehicles, log trips — including date, time, distance and route — and set geo-fence notifications,” said Neville Boston, CEO and co-founder of Reviver Auto.

>The electronic plates come in two versions: Rplate Essential ($499) and Rplate Pro ($799).

>$799

>You get to pay $300 more for the privilege of having your movements tracked.

>People will buy this.

Audio Hardware Thread

AUDIO AND AUDIO ACCESSORIES

What AMPs are you faggots using? I'll be getting an HD 6XX soon and is currently looking for an AMP. I'm currently looking at the Fiio E10K and the K3 but don't know the difference between the two. Any amps you'd recommend?

Consumer Advice

Looking to buy something but aren't sure what to get? Ask here.

GRSecurity Kernel Patch?

Is there any news on this.

Are they ever going to release another open version?

Why do they get to violate the GPL by adding an additional restrictive term (we will punish you if you redistribute the source), when their patch is a non-separable derivative work of the kernel?

Praise GDB

DISASTER, anon: your multithreaded application has deadlocked!

you probably should've used Erlang, anon. There's no way you're going to fix this in a timely manner.

This is one of them compiled languages. Have fun adding a bunch of print statements just to try and see what's going on.

pic related.

$ gdb -q -p 2971
Attaching to process 2971
[New LWP 2972]
[New LWP 2973]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

warning: Loadable section ".note.gnu.property" outside of ELF segments
futex_wait_cancelable (private=0, expected=0, futex_word=0x13bc3f0)
at ../sysdeps/unix/sysv/linux/futex-internal.h:88
88 int err = lll_futex_timed_wait (futex_word, expected, NULL, private);
(gdb) info functions bob
All functions matching regular expression "bob":

File deadlock.adb:
void <deadlock__bobTK__L_3__B51b__numA>(void);
void <deadlock__bobTK__L_3__B51b__set_numA1>(void);
void <deadlock__bobTK__L_3__B51b__stopA2>(void);
void deadlock.bob(struct {...} * const);
(gdb) break deadlock__bobTK__L_3__B51b__numA.5380
Breakpoint 1 at 0x405728: file deadlock.adb, line 43.
(gdb) continue
Continuing.
[Switching to Thread 0x7f231ef8c700 (LWP 2973)]

Thread 3 "bob" hit Breakpoint 1, <deadlock__bobTK__L_3__B51b__numA> () at deadlock.adb:43
43 accept Num (N : out Natural) do
(gdb) display increment
1: increment = 4
(gdb) set increment := 1
(gdb) continue
Continuing.

Thread 3 "bob" hit Breakpoint 1, <deadlock__bobTK__L_3__B51b__numA> () at deadlock.adb:43
43 accept Num (N : out Natural) do
1: increment = 1
(gdb) info break
Num Type Disp Enb Address What
1 breakpoint keep y 0x0000000000405728 in <deadlock__bobTK__L_3__B51b__numA>
at deadlock.adb:43
breakpoint already hit 2 times
(gdb) delete 1
(gdb) continue
Continuing.
[Thread 0x7f231ef8c700 (LWP 2973) exited]
[Thread 0x7f231f191700 (LWP 2972) exited]
[Inferior 1 (process 2971) exited normally]
feel free to praise gdb in the context of C, C++, D, Go, Objective-C, OpenCL C, Fortran, Pascal, Rust, or Modula-2. Or an unsupported language that the 'minimal' pseudolang can manage with.

>Debian was first announced on August 16, 1993, by Ian Murdock, who initially called the system "the Debian Linux Release". The word "Debian" was formed as a portmanteau of the first name of his then-girlfriend (later ex-wife) Debra Lynn and his own first name.

What sort of castrated cuckold names an OS after his girlfriend? Freetards are pathetic.

Shell thread

Post your shell commands or ideas for shell commands. I'm compiling a list. Here's what I got so far:

https://gitgud.io/chiru.no/useful-bash-stuff

gimpresize(){ input="$1"; res="$2"; output="$3"; gimp -ib "(let* ((image (car (gimp-file-load RUN-INTERACTIVE \"$input\" \"\")))(drawable (car (gimp-image-get-active-layer image))))(gimp-image-scale-full image $res INTERPOLATION-LOHALO)(gimp-file-save RUN-NONINTERACTIVE image drawable \"$output\" \"\"))(gimp-quit 0)";}
# gimpresize input.png 1920\ 1080 output.png

imagemagickresize(){ input="$1"; res="$2"; output="$3"; convert $input -colorspace RGB +sigmoidal-contrast 12.09375 -filter Lanczossharp -distort resize $res -sigmoidal-contrast 12.09375 -colorspace sRGB $output;}
# imagemagickresize input.png 1920x1080 output.png

vidtogif(){ input="$1"; res="$2"; colors="$3"; output="$4"; ffmpeg -i $input -vf palettegen /tmp/palette.png && ffmpeg -i $input -i /tmp/palette.png -lavfi paletteuse $output && gifsicle -b -O3 --resize-width $res --colors $colors -i $output;}
# vidtogif input.webm 640 200 output.gif

vidtowebm(){ input="$1"; videoquality="$2"; audioquality="$3"; output="$4"; ffmpeg -i $input -vcodec libvpx-vp9 -b:v 0 -crf $videoquality -c:a libopus -b:a $audioquality -g 500 -threads 8 $output;}
# vidtowebm input.mp4 40 192K output.webm

vidtomp4(){ input="$1"; videoquality="$2"; audioquality="$3"; output="$4"; ffmpeg -i $input -c:v libx264 -crf $videoquality -profile high -level 5.1 -preset veryslow -pix_fmt yuv420p -c:a aac -b:a $audioquality $output;}
# vidtomp4 input.mkv 20 192K output.mp4

7zipmax(){ archive="$1"; directory="$2"; 7z a -t7z -mx9 -m0=lzma -mfb=273 -md=1024m -ms=on -mqs=on -myx=9 -mmc=200 -mlc=8 $archive $directory;}
# 7zipmax archive.7z directory/

tarmax(){ archive="$1"; directory="$2"; XZ_OPT="--lzma1=preset=9e,dict=1024MB,nice=273,depth=200,lc=4" tar --lzma -cf $archive $directory;}
# tarmax archive.tar.lzma directory/

screenshot(){ scrot -e "meh \$f || sxiv \$f || feh \$f || nomacs \$f && read -erp Upload\? -n1 yn && [ \\\$yn == y ] && curl -F upload=@\$f https://chiru.no";}
# screenshot

waifu2xmax(){ input="$1"; output="$2"; quality=$(identify -verbose $input | grep -oP "(?<=Quality: ).*"); noiselevel=3; [ $quality -gt 95 ] && noiselevel=2; [ $quality -gt 98 ] && noiselevel=1; parameters="-m noise_scale --noise_level $noiselevel --scale_ratio"; [ -z $quality ] && parameters="-m scale --scale_ratio"; iteration=2; while waifu2x-converter-cpp -i $input --force-OpenCL $parameters $iteration -o $output; do ((iteration++)); done;}
# waifu2xmax input.png output.png

mouseaccelerationdisable() { for i in {0..99}; do xinput set-prop $i "libinput Accel Profile Enabled" 0 1; done &> /dev/null;}
# mouseaccelerationdisable

come tox with me~

>ctrl+f

>no tox thread

Get in here, fags, let's have a Tox thread.

Looking for Rudolph edition

>favorite client?

>is irungentoo ded?

>will file transfer ever just werk?

Let's share our Tox IDs too. I'll start:

8FC4694583756BEC3F9DCBED5CEF21AD47D5B4A19D6C2974D68FC33AAB056509E24B62449BF0

Freee from the botnet

how can we become free from the botnet ?

Phones and tablets are loaded, Intel and AMD aren't safe, i was looking to replace my computer with a raspberry PI but it turns out even that isn't safe.

whats left ?

Best practices to maintain anonymity online

What are some best practices to maintain an acceptable degree of privacy and anonymity while browsing the internet?

Should I chain a VPN with Tor or are obfs4 bridges are safe enough?

Which email clients are safe to use with Tor? If there isn't any, how can I configure mine to be secure?

According to Tor Browser design document[1], Tor Browser builds new circuits for each new domain and isolate all cookies, TLS session IDs and other identifying information on URL level. If this is true, then why is it widely recommended to restart Tor (or Tails) if the user wants to unlink his current activity from what he is about to do next?

Are there any known exploits that can penetrate TBB instances configured with safest options?

Are there any other browsers, text browsers especially, that can meet design requirements of TBB?[2]

Am I missing anything here that you would like to add?

1. https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

2. https://www.torproject.org/projects/torbrowser/design/#DesignRequirements

Hacker Spaces

I joined a hacker space recently thinking I would finally be able to learn all about electronics and realized I don't know what I actually want to actually do there. A few years ago when I was still in high school I wanted to be around like minded people interested in electronics and computers but never knew where to start (the closest I got to that was lurking and posting here and joining a robotics club where they didn't let me do or teach me anything). Now that I've joined this facility, I want to work on projects but tasks I thought would be simple seem to be too hard for me at my current skill level and I have no idea where to even start. What's worse is that projects that I can do at home seem meaningless because even if they seem fun in concept, it all seems pointless in the end while I learn nothing. For example I was planing on modifying a piratebox to try and host a custom forum and doom server off it's local connection for tenants at my friend's apartment I'm sure there's a better way of doing this but bear with me. While doing research on how I would achieve this I realized that nobody would actually use this and I would be doing a fuck ton of work to basically have normalfags talk to each other from their apartment rooms with their, more likely than not, uninteresting thoughts. This happens to me for basically every project I can do and I don't know what to do about it.

TL;DR I have access to a hackerspace. What should I do with it.

I heard that Tencent is buying reddit. What are some good sites that replace /r/vim and /r/neovim? And don't say "just use emacs" because you'd be wrong.

Specifically looking for a resource that details current plugin development. If it wasn't for these communities I wouldn't know about half of the nice plugins I have and I'd be some VSCode plebian or EVIL user.

Old Hardware Thread

The old thread passed the bump limit so I figured I'd make a fresh one. Discuss your old hardware. Are you fixing anything?

I have an IDE to mSATA adapter and an mSATA SSD coming in the mail to fix my thinkpad.

Windows 10 thread - new updates!

Just installed the new 'dipshit 2019' update! More ads and spyware have been installed, and Bill personally made it harder to modify the desktop environment. Toolbar colors are now locked into a pool of 16 choices, and you can no longer change its position. I really enjoy the sterile, flat colors, and microsofts pledge to stick to the interface paradigm that they have since 95. Using Linux, there is just too much choice in interface control. Thank god that has been taken away from me, it makes my brain hurt.

I was dumb enough to remove the ads from the windows(tm) smarttile(r), so they have been put back! Can't wait to look at the cool candy crush logos while I'm trying to search for an item off the super menu, which for some reason takes several minutes. I actually remember the function being faster on xp. Maybe it's bill's little way of saying "stare at the ads you fucking consumer pig. look at the groove(tm) music ad, that looks good doesn't it? Did you know that artists can make .001% of every sale?"

If you do want to disable the tiles adware completely, don't worry! It's as easy as : gpedit.msc => Local Computer Policy => User Configuration => Administrative Templates => Start Menu and Taskbar => Notifications. => navigate to sidebar => turn off tile notifications

Then, simply:

Go to regedit => HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications => click on NoTileNotifications => modify dword => change base hex value to 1

(not kidding, you actually have to go through all of this. I could not make up something this user-unfriendly)

Do you guys have the update yet? If not, Microsoft will install it for you the next time you leave your pc for half an hour. Remember to save your work!

Hey fags

My name is Galen Winsor. I eat Uranium on the regular, just to show you that it's quite safe and to dispel the fears surrounding nuclear energy. I considered the used fuel pool at the Morris, IL recycling plant to be my personal warm swimming hole. What programming language should I use?

https://www.youtube.com/watch?v=QmJN-LMPnX0

/fucko/ FBI edition

>Home security

>online privacy

>PC and data destruction methods

>How to hide questionable images, video, audio, etc. (stenography)

-==COMMON BULLSHIT==-

>B-but I dont have anything to hide!

https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

>B-but if you've done nothing wrong you should have nothing to hide!

If I've done nothing wrong there is no reason to search me.

-==TOOLS TO USE==-

>LiveUSB/LiveCD Review v1.1

http://pastebin.com/BbmZ8hiR

>Web Posting Assessment v.2

http://imgur.com/T8q7eB0

>TrueCrypt 7.1a [Last official release]

https://www.grc.com/misc/truecrypt/truecrypt.htm

http://istruecryptauditedyet.com/

https://wiki.installgentoo.com/index.php/Encryption

>The Paranoid #! (now #!!) Security Guide

http://pastebin.com/tUvq8Jzj

>Fake info Generator

http://www.fakenamegenerator.com/

>Pretty Good Privacy [PGP]

http://www.gpg4usb.org/

https://www.gnupg.org/

>Off the Record messaging [OTR]

https://otr.cypherpunks.ca/

>Cell Phone guide for Protesters

https://www.eff.org/deeplinks/2014/08/cell-phone-guide-protesters-updated-2014-edition

>Team 1: #Squad

http://pastebin.com/PxcDYUr0

>Team 2: #squad

http://pastebin.com/jd1sEwKL

>/fucko/ squad irc

#Fucko @ irc.rizon.net

All and any supportive comments, template contributions, are welcome and encouraged. NSA shills need not apply.

Template ALWAYS here: https://wiki.installgentoo.com/index.php/Fucko

Previously on /fucko/:

I don't fucking know

Mumble Server:

mumble://167.99.178.127

Libbie Anniversary and FOSS Mascot general

It's has been one year since we, through sheer autism, uncovered the gayest, most pointless, conspiracy in the history of /tech/.

Archive links (get em while can)

SFW: https://my.mixtape.moe/hgguzd.tar.gz

NSFW: https://my.mixtape.moe/fwfief.tar.gz

Videos: https://my.mixtape.moe/otonyi.tar.gz

Brian Fagioli™ General

All the Fagioli threads go here.

WinRAR BTFO, remote execution from 19 year old exploit, extracting ACE archives

>Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users.

>The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on victims’ machines – simply by persuading them to open a file, researchers with Check Point Software said on Wednesday.

>“We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer,” said Nadav Grossman with Check Point in the analysis. “The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.”

>Researchers specifically found a path-traversal vulnerability in unacev2.dll, a third-party dynamic link library in WinRAR used for parsing ACE (a data compression archive file format) archives.

>When taking a closer look at unacev2.dll, researchers found that “it’s an old dated dll compiled in 2006 without a protection mechanism. In the end, it turned out that we didn’t even need to bypass them,” said Grossman.

>Due to the lack of protections and support for unacev2.dll, researchers were able to easily rename an ACE file and give it a RAR extension within unacev2.dll. When opened by WinRAR, the fake ACE file containing a malicious program is extracted to the system’s startup folder – so the program would automatically begin running when the system starts.

>On an update on its website, WinRAR said: “WinRAR used this third-party library to unpack ACE archives. unacev2.dll had not been updated since 2005

<and we do not have access to its source code.

>So we decided to drop ACE archive format support to protect security of WinRAR users.”

>The PoC makes use of a chain of vulnerabilities (CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, CVE-2018-20253).

https://threatpost.com/winrar-flaw-500-million-users/142080/

https://research.checkpoint.com/extracting-code-execution-from-winrar/

John Carmack - writing Rust code feels very wholesome

I'm still completely in the excited-newbie honeymoon phase, but writing Rust code feels very wholesome.

https://twitter.com/id_aa_carmack/status/1094419108781789184

Does the haptic feedback of phones make the side channel attack harder or easier?

TCP transmission error handling

So TCP is using a 16-bit checksum which only detects honest transmission error caused by noise in the transmission. However, one can easily swap two 16-bit words in a message, which has a 100% probability of being undetected. For stronger integrity checks, such as whether a man in the middle attacker actively changed the message, it is recommended to perform those checks at the application level.

But to the application, the TCP connection looks just like a stream of bytes, and at some point, the application may (or may not) detect that modified values were received (the modified message might still seem valid). How would a programmer handle this optimally?

I have the suspicion that this is not even possible without implementing your own packets on top of TCP, and then request the other party to re-send those higher-level packets. But if we go that far, why not directly use UDP and implement those higher-level packets with resend-requests in UDP? The only thing you'd still have to do in UDP would be the manual ordering of packets, but that seems comparatively easy. Also, UDP is faster than TCP, and you could directly use authenticated encryption on the protocol level, so instead of a 16-bit checksum, you'd have strong cryptographic guarantees about the integrity of the channel.

TL;DR: TCP makes it fucking hard to handle undetected transmission errors

Questioning validity of TCP

Can I make a full time job out of virtue signaling in the tech industry?

I have a fuckhuge imageboard folder and had an idea the other day to make a system where I could expose my collection to the internet in a way that would allow other anons to download stuff and help organize it by submitting tickets to suggest changes (add, remove, move, rename).

So my question for you is this: Are there any existing solutions that I could set up that would accomplish this or would I need to cobble something together?

>"Smart"-everything

>corporate spyware

>Code of conducts & normie fuckery instead of actual work

>Still no year of the linux desktop

>Linux has been subverted by systemd fuckery

>Horrible flat UI interfaces that strain my eyes everywhere

>Actual government spyware all around

>still no truly secure computing

>Rampant javashite bloatware that forces you to upgrade your hardware

>software doesn't last and shit you write today doesn't last more than a couple years because everything breaks all the time and no one cares about writing lasting software

I'm so tired of technology.

How do I unplug if tech is all I know?

I built a fake metamask window popup thing. How much do you think it might be worth? It looks like the real deal, gives a semi legitimate error message to convince users input the private key and it stores the key on a flat file in the server running PHP.

Internet communities

where the people on the internets communicate these days? and what kind of people are on each community?

examples:

-imageboards (8ch, 4ch, nanochan, others)

-reddit

-facebook

-discord groups

-irc

based apple?

What is going on in this timeline?

So, about the GDPR thing...

Has anyone actually tried to get their data from Facebook and such? What do they store and is it possible to delete it all? Or is GDPR just a puff of smoke? Just asking out of curiosity since I don't use those "services" which collect your data.

MULTIPLE VULNERABILITIES IN THE RUST PROGRAMMING LANGUAGE

>make a """safe""" programming language.

>has vulnerabilities

OH NoNOnoNONo.... OHOHH NOOOONOONONO.... BAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAAHA

https://twitter.com/cvenew/status/1016419391515381760

https://bugzilla.redhat.com/show_bug.cgi?id=1632932

TCP: Handling undetected transmission errors

So TCP is using a 16-bit checksum which only detects honest transmission error caused by noise in the transmission. However, one can easily swap two 16-bit words in a message, which has a 100% probability of being undetected. For stronger integrity checks, such as whether a man in the middle attacker actively changed the message, it is recommended to perform those checks at the application level.

But to the application, the TCP connection looks just like a stream of bytes, and at some point, the application may (or may not) detect that modified values were received (the modified message might still seem valid). How would a programmer handle this optimally?

I have the suspicion that this is not even possible without implementing your own packets on top of TCP, and then request the other party to re-send those higher-level packets. But if we go that far, why not directly use UDP and implement those higher-level packets with resend-requests in UDP? The only thing you'd still have to do in UDP would be the manual ordering of packets, but that seems comparatively easy. Also, UDP is faster than TCP, and you could directly use authenticated encryption on the protocol level, so instead of a 16-bit checksum, you'd have strong cryptographic guarantees about the integrity of the channel.

TL;DR: TCP makes it fucking hard to handle undetected transmission errors

Questioning validity of TCP

P.S.: Sorry if this is a double post, 8ch seems to have some problems right now.

Make your own CS student!

https://picrew.me/image_maker/15730

Is there any way to increase the video ram of my laptop? I want to play mgsv TPP on it but for some reason the game is crashing on startup as soon as it starts loading.

I have a Lenovo ideapad 320 amd a12 r7. 8gb ram, 1tb hd, and 512vram.

When I got it a year ago I just assumed it wouldn't run mgsv and other games, even though it can run some ps2 games on pcsx2 pretty well. But today I saw some you tubers testing out the amd a12, the same one I have, and they were running games like mgsv and tomb raider, one of the newer reboot ones on high and at 1080p.

I don't know what vram they had though. Apparently the game needs 2gb of vram even on minimum requiremenys. How can I increase it?

Year of the GNU/Linux desktop

ok, no more memes. what is the best linux distro for the desktop?

e.g. which one are you using?

/tech/ Book Thread

Can we get a /tech/ book thread going? Post them if you got them.

I'm looking for good book for learning Lua programming, if anyone has one.

Net Nutrality

Ten movies streaming across thatInternet, and what happens to your own personal Internet? I just the other day got an Internet that was sent by my staff at 10 o'clock in the morning on Friday. I got it yesterday [Tuesday]. Why? Because it got tangled up with all these things going on the Internet commercially.

They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material.

Anti Net Neutrality Thread

How do pirate websites like yourporn.sexy or porntrex manage to provide all that HQ porn for free?

I mean, where the fuck do they host their content? Where do they get the bandwidth?

I started making websites in the early 2000 and I never had to stream a lot of "heavy content", so in my mind you would receive a blasphemous bill if you try to serve video content to the masses. Maybe it's not the case anymore.

So, please let me know more about how to serve content that requires a lot of bandwidth.

CLOUDFLARE = CIA

Why people use cuckflare if most hosting providers provide DDOS protection?

CLOUDFLARE = Man In The Middle (MITM)

CLOUDFLARE = CIA

it tracks all your visitors and what they do, what they post. it even steals their passwords.

Nanochan II

Old thread, >>>/tech/991375 has hit 400 replies and is no longer bumping.

>What is nanochan?

Nanochan is an imageboard with its software written in Lua.

>Why is it speshul?

Nanochan does not use or require Javascript in any way, shape or form.

Nanochan is totally immune to XSS due to the fact that it does not use Javascript combined with a restrictive Content-Security-Policy header. To date, zero security flaws have been exploited.

Nanochan operates exclusively through a Tor hidden service and does not restrict Tor users in any way. Clearnet users may use a tor2web gateway.

Nanochan's source code is small, reasonably clean and easy to understand.

The website itself is available at http://nanochanxv2lxnqi.onion

The most recent source code is always available at http://nanochanxv2lxnqi.onion/source.lua

Use this thread for feature suggestions, questions, etc. Feel free to use the /test/ board on nanochan to check for bugs and vulnerabilities.