>>1957 The word you're looking for is marxist. Nanochan is a third position board, and so here communism isn't blindly despised in the traditional pigchan fashion.
>>1965 >Fuck this Judeo-Masonic blah blah of Man/Woman <oy vey goy gender is a spectrum What exactly are you faggots trying to say here? Being third positionist doesn't mean that you don't hate communism. After all, the ideal economic system is capitalism with some significant modifications (as seen in the Third Reich) rather than any form of communism.
>>1967 >oy vey goy gender is a spectrum
No, I mean letting man fight woman, black fight whites, left fight right, pro- against anti-, et cetera.
I'm very much against Communism, because it's created by Jewish Freemasons who have shown not to have the best interest at heart for the gentiles.
>After all, the ideal economic system is capitalism with some significant modifications
True.
I was responding to this alone:
>It means that you don't accept stupid political dichotomy.
Don't know much about the "third position".
>>1968 >muh spooks
Your retarded cult of Equality nonsense is just annoying. Niggers being subhuman is certainly not a "Judeo-Masonic" idea, it's the truth.
>>1969 I know it's a bit hard to see who is who without IDs, but I only posted:
>>1965 >>1968 Anyway, you don't need to tell me that men, women, Negroids and Europeans are not equal --- that was not what I was trying to say.
I meant to say that the Jewish overlords and their henchmen rule over us by setting up false divisions or exaggerating the already existing divisions so we keep endlessly each other and wasting our energy which should've been spent on the Jews and their henchmen.
>>1971 Here's a good quote by Carroll Quigley in his 1966 book "Tragedy and Hope":
>“The argument that the two parties should represent opposed ideals and policies, one, perhaps, of the Right and the other of the Left, is a foolish idea acceptable only to the doctrinaire and academic thinkers. Instead, the two parties should be almost identical, so that the American people can ‘throw the rascals out’ at any election without leading to any profound or extreme shifts in policy.”
>>1973 Nevermind, not too relevant to what I was trying to say... sorry. This quote is about how it's more efficient to have a Left and Right to be almost the same but appear to be opposites.
Thread locked (>>1976), so answering here:
>Best vps to host an imageboard?
I'd say Cock.li but their servers at a Romanian data center were recently raided and a copy has been made of their encrypted hard disks, then again probably every VPS service will have had the same thing happening to them. I'd say look for the ones that still accept Bitcoin.
I want Gentoo's USE flags on OpenBSD.
I tried fucking around with Gentoo Prefix to get it to work under OBSD, but no dice.
Is this feature available somehow in pkgsrc?
The only thing preventing me from using OpenBSD exclusively is its god fucking awful ports collection.
In open source projects, is it fair to say lower level languages such as C are easier to hide backdoors in?
Do potential substitutes such as Go mitigate this opportunity?
>>1996 Not unless the code is somewhat obfuscated. If you find code that is very hard to read, it's either badly written or hiding a backdoor, and either case should make you stop using it.
>>1997 In C it is very possible, if not easy, to hide backdoors in otherwise good looking code. The issue is that, what would normally be a complicated operation delegated to a library in another language, is regularily redone in everyday c code. The formula would look like: provide a reimplementation of a familiar function with a subtle imcompatibility to the usual version; use the function as if it was implemented the normal way. Because of pervasive memory unsafety, this is likely enough to get you an exploit. Because every c program reimplements at least one low level detail, this is always possible.
>>2000 >hide bugs in otherwise good looking code
>library functions are regularly redone in C code
That's a contradiction. Code which reimplements library functions is not good looking code and anyone producing such code is outright retarded.
>>2001 What we really need is a can of WD-40 you faggot.
>and anyone producing such code is outright retarded
I agree that Ctards are retarded, but you misinterpreted what he said. C programmers like creating data structures and algorithms from scratch even though they should probably just use a library for that functionality. They always want to write things from scratch even though most of the time they will make a mistake doing that. In one study, 90% of professional programmers couldn't even implement a correct binary search algorithm even with given plenty of time to write and test their implementation. In fact in academic literature it took over 15 years before a bug free version of it was published from the original paper that introduced it.
>>2004 Studies show that C is the optimal general purpose programming language. In fact, in one paper it was discovered that the typical C code is up to 30% faster than the functionally equivalent program written in a high-level programming language. C programs are only 2% slower than assembly programs while containing 60% less bugs and taking up to 9000% less time to write.
In another paper which is widely regarded as being definitive in the industry, it was found that the average C programmer has a penis size 16.4% larger than the average JavaScript programmer.
The FreeBSD 12.0 hardware support list includes the following 64-bit AMD processors:
>AMD Athlon™64 (“Clawhammer”).
>AMD Opteron™ (“Sledgehammer”).
>AMD Sempron™.
>AMD Turion™.
>AMD Phenom™.
https://www.freebsd.org/releases/12.0R/hardware.html
Does this mean that FreeBSD won't run on the AMD FX- series of processors (e.g. FX-8370)?
>>2006 Copy-pasting a Reddit comment
>So this is what I should give a try probably, I have been wondering why FreeBSD virtual machines on my desktop gets stuck on "Booting..." on my FX-8350 system with either "host-passthrough" or Opteron_G5 in KVM, while my thinkpad with intel works fine Thanks in advance if it works, will try later
>Yup, I encountered an identical problem on my A10-7850K KVM host. Setting CPU type to Opteron_G3 fixed got things moving. To confirm, I have run 11.1 on the host directly with no issues.
>>2031 Go to a website which is likely to sell them and have a look. If it doesn't exist already, having one custom designed and fabricated will cost an exorbitant sum.
>>2031 >Does anyone know anything about movement, distance and axis sensors?
Nah, but blithering on about shit you don't really know about is standard IB tech board behavior, so I'll take a stab at it.
>I know it sounds ridiculous but how much would it cost to have a sensor that could tell the size and distance of a moving object.
We know that sensors that can tell the distance of an object via emitting EM radiation of some kind (e.g. radio or laser waves) are readily available. After all, this is the principle behind the radar guns that traffic cops use, or even the rangefinding devices that you can buy at the hardware store.
A sensor that could detect both the distance and the size (in one or two dimensions) of an object would involve some kind of computer vision, i.e. being able to distinguish the object the distance of which was just found, and calculate its size based on the distance.
I'm not going to say that you won't find something like that off the shelf, but it's a significantly more difficult task than just bouncing some radio waves off of an object.
And, of course, it's one or two dimensional, as I said. If you have such a sensor, and you bounce it off of a school bus that's driving directly at you or away from you, there's no way to tell whether it's a short bus like the one most 8chan users rode when they were kids, or a regular-size school bus.
>>2031 >>2036 I guess I spoke too soon about short bus riders. I forgot to address your question about cost.
Again, just spitballing here, but if a rangefinding device can be had for <100USD, I would think that an off-the-shelf rangefinding-and-object-size device, if it exists and has been mass-produced, would be <2,500USD.
If such a sensor/device would be a bespoke creation, you're probably looking at an investment of up to 100,000USD for the engineering to actually develop and build a prototype, after which mass production would decrease the per-unit cost of such a device, assuming there were a market and that were your goal.
>>2031 Typically distance sensing is left to radar. If you use radar to build a map of all the distances in front of you, you can use that map to tell the size of objects. The problem is that radar isn't very accurate in this regard, so for size detection people typically use lidar instead. The smaller wavelength allows you to distinguish between objects more finely, but it is also much more expensive. Quotes I was able to find online list radar at around $700, and lidar at around $7,000.
>install openbsd
>firefox downloads file at the speed of ~100KB/s
>boot back to fedora
>firefox downloads the same file from the same sever at the speed of 3MB/s
Why
What's the difference between lurking .onion and clearweb https version of the same site using tor? Don't they provide similar security?
I feel safer using .onion, but I want to know why
>>2230 When using .onion, you don't rely on (((certificate authorities))), which is a good thing because CAs are bad engineering of the TLS system as a whole.
When using .onion, you can't accidentally visit the site using clearnet.
When using .onion, you aren't restricted by the bandwidth of exit nodes, which are far fewer than relay nodes.
When using .onion, you don't allow exit nodes to know what site you're visiting (take note, though, that the exit node still doesn't know who you are).
So in conclusion, .onion is in fact far better, and your feeling of safety is warranted.
However, something even better is to visit an .onion site using HTTPS, which means you don't rely on the Tor Project's cryptography in case it is broken or they are compromised by feds or whatever. In this case, the CA system cannot be used, and you instead need to verify the fingerprint of the TLS certificate manually (once, and then your browser does it for you).
>>2231 >exit node still doesn't know who you are
Exit nodes still get everything that goes in and out of your browser. There are malicious exit nodes out there, which can get all the info of what you did while using them.
For example, if you log into something, they can steal your login or then know what you posted here.
Exit nodes are pretty dangerous, while they don't know who you are(yet), they know what you did, all your actions, messages, logins, etc.
>>2232 Only if using clearnet HTTP over Tor. In that case, Tor provides very little security against a determined attacker or state entity. It will still protect you against casual datamining by corporations, though.
Clearnet HTTP over Tor < Clearnet HTTP+TLS over Tor < HTTP over Tor v2HS < HTTP over Tor v3HS < HTTP+TLS over Tor v2HS < HTTP+TLS over Tor v3HS As a side note, Nanochan supports HTTP+TLS over Tor v3HS, which is what everyone should be using. Anyone still using plain HTTP over the v2HS is vulnerable to future cracking of the 1024 bit RSA.
>>2253 >, Hakase,
no u
>should TLS be enforced site wide?
I think hapase should redirect the v2 hidden service to the v3 hidden service, at the very least.
>>2301 so if im using tor but not prefixing https://, then it's not TLS? i assumed that was inherent in onions or something.
when i used https, it denied the connection so i just stopped. reading the error, it's probably because the self-signed cert is not trusted.
>>2308 >if im using tor but not prefixing https://
Then you are relying exclusively on Tor's encryption. This is still miles better than cucknet HTTPS, so it's not that big of a deal. However, if Tor is indeed run by feds, then using Nanochan's HTTPS gives you extra protection.
>when i used https, it denied the connection so i just stopped. reading the error, it's probably because the self-signed cert is not trusted.
You need to verify the fingerprint from what hapase posted on >>>/meta/1455. If the fingerprint matches, then you can accept that. If it gives you another warning and the fingerprint has changed, then it's compromised.
Is this the features requests thread? Can index browsing be added? Not just for boards but for the overboard as well. The site is currently slow enough that index browsing can be justifiable.
>>2351 post in the global meta thread on >>>/meta/ where hapase actually reads.
and I don't think he will add it because he's a faggot who never uses index view.
>>2365 >what's the license on source.lua?
No license. License is irrelevant since I cannot enforce it, so in practice you can do whatever you want.
>What version it it?
/source.lua is a symbolic link to /Nano, so it always points to the live version. I don't keep old versions.
>What else does it need to be deployed?
1. GraphicsMagick (gm)
2. haserl compiled with Lua 5.3
>>2369 >it always points to the live version.
I know at one point you had decided to stop issuing new versions of the source, so thank you for changing your position. your source is a major contribution for lua (and imageboards generally).
When was the last time OpenBSD was formally and openly audited?
They keep talking about auditing but I see no concrete evidence. The only one I recall was some random dev who did a talk about going through the main *BSD OSs and found around 20 bugs in OpenBSD (they were quickly fixed, but one dev finding 20 in a short amount of time is in stark contrast to OpenBSDs advertised correctness fetish.
>>2409 The "auditing" of OpenBSD is basically their development philosophy of continuously and autistically combing through their code and trying to find better ways of doing things.
>>2409 There have been no comprehensive external audits that I'm aware of. And, indeed, audits of e.g. the Xorg DRM code have revealed tons of bugs, even upon cursory examination. OpenBSD security is snakeoil, frankly. "Two remote holes in the default install" goes out the window as soon as you install a single package or port.
>>2414 Do you reckon I could crowdfund to commission a proper external audit?
It would either absolutely own the LARPers or better yet spur the devs into improving.
Or it might just turn up little to know bugs. That's the best result.
>>2419 >(((crowdfund))) Crowdfunding is basically just a fancy way of saying that you want to be able to steal all the money.
It would be better to organize with the openbsd developers and have them agree "if we receive $X we will do a proper audit".
>>2458 Exercise caution using someone else's """random""" password or key generators.
Just DIY if it's for one or two passwords. Also you had better have a lot of words if they are out of a dictionary (or a password dictionary, which includes 1337$p34k)
>>2459 List contains 7776 words and author now recommends 6 words to choose. 7776^6 is 221073919720733357899776, implying attacker knows we use this method and which list (there are in other languages). Now use 7 or 8 words, add your autistic shit and special characters and it should be safe. Yeah, should, because it's still dictionary list and I'm skeptical about it.
I rolled actual dice to get 8 word passphrase using both eff and original wordlist.
original
>forthbattjaymelcostachunknymphbill
34 characters, 26^34 (26 small letters) is 1285564381113498051199127603629788201662311038976, for comparison 95^25 (95 - all characters on keyboard) has less combinations.
eff
>haikudrainpipesprintuntimelydegradedsensuoussupermanashes
57 characters, 26^57 is 4,50278109819623441928e+80 (it's more than 666091878431395624153823182526730590376250379528249805353030484209594192101376) 95^40 has less combinations
As we see, eff list is superior to original one with more characters per word and in my opinion it's easier to learn. That is implying attacker doesn't know we use diceware list, because if he does, then we have 7776^6 combinations.
I kind of answered my own question, however I'm still interested in your answer.
>>2470 You assume they don't know you use diceware, but it looks like you still assume a (somewhat) blind brute force. For a reasonably motivated and skilled adversary, this is not realistic.
<Using zxcvbn (hosted on https://www.bennish.net/password-strength-checker/ , use that site for extra details about how it is broken into patterns)
>Estimating strength of password "forthbattjaymelcostachunknymphbill" ...
>Average number of guesses needed to crack: 6.822623161164758e+28
>Estimating strength of password "haikudrainpipesprintuntimelydegradedsensuoussupermanashes" ...
>Average number of guesses needed to crack: 1.415308862342038e+33
According to this particular checker, there is the same result of eff being magnitudes more combinations needed ,which makes sense, but the number of guesses needed is far far smaller than the naive search space calculation.
>>2475 I, for some reason, assumed attacker knows both method and number of character. Adding our words to existing passphrase makes it even harder. Latter - don't know how many characters your password has. You will not be able to lie if you are genuinely not aware.
>but the number of guesses needed is far far smaller than the naive search space calculation.
Can you elaborate? I'm not sure I get you.
>>2476 I said it badly, I meant that the number of guesses required to crack the password is far less when using the intelligent guessing method suggested by the zxcvbn password strength checker tool I used, when compared to simply brute forcing every possible letter needed to reach that password.
By the way, you assumed they knew the length of the password, but if you double the result, you get the amount of time it would take to guess every combination up to and including that length, removing that length assumption. The only remaining assumption would be knowing its only lowercase letters, not uppercase letters, numbers or symbols.
It is worth remembering that anyone above a skiddie will not just brute force every combination in order. There are patterns people use (in our case, dictionary words) which is what the zxcvbn checker sees.
Either way, those passwords are very strong. You need to be storing nukes or a CEO bank account for someone to want to crack that I would say.
>>2478 >double
Actually, I'm thinkig about binary numbers, my mistake. It ends up being far less than double though, someone better at maths can correct me (think of 26^1 + 26^2 + 26^3 + ... + 26^(x-1) < 26^x).
Either way, you're in the right order of magnitude.
>>2478 >It is worth remembering that anyone above a skiddie will not just brute force every combination in order. There are patterns people use (in our case, dictionary words) which is what the zxcvbn checker sees.
That makes sense, it's not like everyone would use randomly generated password and learn it. Maybe you misunderstood because I didn't specify my threat level. It would be to protect from an attacker that has physical access to the hard drive and can get millions if not billions guesses per second.
About assumption - I don't want to depend on security through obscurity that maybe I am lucky, maybe not. I'm assuming worst possible scenario and expecting to be safe. It's funny because I don't really have (((illegal))) stuff to be considered a threat of state, but I refuse to hand my private data.
>The only remaining assumption would be knowing its only lowercase letters, not uppercase letters, numbers or symbols.
Adding those for the sake of getting more possible combinations wouldn't be a bad idea.
>>2457 In /etc/wsconsctl.conf:
keyboard.repeat.del1=400
keyboard.repeat.deln=100
Replace 400 with the initial delay, and 100 with the key-to-key delay.
Run wsconsctl on each of those lines to set the values immediately.
>>2470 Maybe this is the wrong place to ask but, why not generate passwords from a master pass using a script and a hashing algo like sha256? Your master pass is xxxxxx the website name is yyyyyy then to make a unique password you take xxxxxx+yyyyyy > sha256. Simple and easy.
>>2485 I think it would work. But you will still need a program to help you manage the passwords or you would have to waste time rehashing it every time you log in to something.
Is it recommended for everyone (at least here) to know how to program in a (sane) language? I never had an urge to learn anything more than shell, but I am thinking it might be a good thing to do for extensibility's sake.
>>2487 The question you need to ask is what you hope to accomplish with your programming? Are you just looking to extend the functionality of your system scripts? Or are you looking for a way to efficiently perform semi-intense operations?
The obvious extension to shell, in case of the former, is Python or Perl as they're used in most distributions already. You can also choose Lua. In case of the latter, you're looking at non-scripting languages. Here it's mostly down to personal preference and how much time you're willing to spend writing a solution. Things like Go/Nim will speed up your development, but they have garbage collection. C/C++ do not and you'll have to manually manage memory.
>>2488 My first comment was vague sorry. I was thinking more in this way: Because I have no knowledge of programming, I have to depend on others to provide the software I use (OBSD, w3m, etc.). And it seems to me that with current programming trends, quick, secure, and sane software is sidelined for whatever is as convenient as possible. My question is, is it a good idea to start learning programming now so that in the future I would be able to contribute to software I use or to contribute to an alternative in case the development becomes inadequate. I'm not sure if I am being overly paranoid about the future or is this a reasonable thought?
>>2489 It is unlikely that you will be able to write a replacement OS, compiler and browser in a reasonable time-frame if the currently acceptable ones become cancerous, unless you dedicate years of your life to doing so. Perhaps that may be worth it for some people, but if that happened, I would just throw away my computer and pursue my irl hobbies instead.
If you just want to make small fixes or modifications to existing software, or write small software such as simple games or webshit (like forum/imageboard software, chat servers etc.) then by all means learn programming.
>>2489 We got to this point by people doing just that. Contributing to a kernel or a browser is a pretty big goal, but for the majority of open source projects developers come and go or just disappear one day. If there's noone around to pick up the torch or fork the projects, how else are you supposed to keep the cancer at bay? CoCs notwithstanding, that's something that can kill even the healthiest of teams.
>>2498 In theory, having a separate client for each site is less cancerous than using a web browser. However, in my experience (back when I still used pigchan regularly) Clover is an extremely shitty app for everything except browsing 4cucks. And it uses shitty material design and has bad UI.
Since Nanochan doesn't require javashit, and doesn't have an API, I agree that using a browser is acceptable for this.
>>2504 I don't think that's really fixable. After all, 8Cucks and other vichan boards don't even have a floating reply box on mobile, it's probably an issue of browsers in general because web technology is such cancer.
When I use responsive design view in firefox (which is supposed to simulate a phone screen), that problem doesn't appear. However, on IceCatMobile (which is what I have on my phone) the problem happens. I wonder if there is some sort of about:config option to disable this behavior. Must be, since they both use the same layout engine afaik. Problem is I don't know what most of those about:config options are for.
>>2506 >8Cucks and other vichan boards don't even have a floating reply box on mobile
Yep. At least on Nanochan I can scroll back down, on 8chode I have to scroll back and forth. Nanochan unironically has better UI than all other more popular websites out there.
>>2506 I tried with Brave (chromium based) and it doesn't scroll to the top.
But there is another issue, the floating window shows up in the middle of nowhere. I guess the responsive design doesn't work properly.
>>2510 I think that's mainly because hapase's sha256 filenames aren't truncated, so they scroll off the side of the screen, and then the box always appears at the far right so that's where it turns up.
Either way, I'm personally fine with how it works on mobile. I don't think it's useful to put extra effort into making it work for us cancerous phoneniggers anyway.
>>2506 >web technology is such cancer
>IceCatMobile
hakase spotted
>>2513 I like overchan, but honestly it has quite a few annoyances that eventually made me go back to clover (no 18:9 compatibility, reply boxes not fitting to screen when wm density changes, media attachments sort of broken even with the fork, etc)
There's also the issue of tor support and no existing API
>>2489 I'll partly disagree with the other replies. Developing simple, sane software is a thing--consider suckless and bitreich, and even this board. While mainstream software is a fuck, if you find that you enjoy programming you should do it in the ways you enjoy. That is how one helps shape the future they want to see.
Not sure how receptive people will be to consumer advice questions as from what I can tell it could open you up to correlation attacks, but does anyone have suggestions on consumer grade KVM's?
>>2691 >Run a middle relay.
It would require another device (to be running 24/7) and my ip would be listed publicly. Right now I'm thinking about simple solution.
Whonix with one VM where Firefox autoreload addon is installed + VM for actual activity is an option, but maybe it can be achieved easier?
I just downloaded an anime episode from a streaming website. I noticed that downloading through clearnet is actually slower than downloading through Tor (180kb/s vs 350kb/s). Why the fuck does this happen? Aren't internet routers supposed to select the fastest route between two computers online, while Tor just does random routing?
>>2783 my best guess at an explanation is that something fishy (e.g., content throttling) must be happening on the clearnet side. tor should not normally be faster by any means.
>>2783 The exit node have had a better route/position than you relative to their server. Or your ISP is shaping traffic and throttling video downloads. Either way, use torrents & Nyaa.
>>2803 >use Nyaa
I used to do that when I owned a server in a third world shithole that didn't care about torrenting. Unfortunately I now live in a first world shithole which has actual penalties for torrenting, so I have to download files over Tor instead.
Torrents are gay cancer anyway because they expose your IP to literally everybody. IMO an alternative to torrents that works over Tor would be nice, but for now I'll just download the file in the mundane way.
>>2808 By streaming service I mean some semi-illegal russian website which lets you get the mp4s for free e.g. chia-anime.tv or (formerly) 9anime.tv. Yes it's a shitty way of doing it but it werks. And I don't even see ads or malware because I disabled javashit.
>>2807 If you live in the first world now, you ought to have money for a VPN or even a cheap VPS box. And a torrent alternative would still expose your IP address, it's just a matter of not revealing the original one. Tor isn't meant for P2P downloads anyway.
>>2814 >you ought to have money for a VPN
I don't want to pay money for a useless VPN. VPNs are not private or anonymous and there is nothing stopping the government from spying on them.
>Tor isn't meant for P2P downloads anyway
Tor isn't meant for P2P downloads, but if a protocol were specifically devised for usage with Tor then it would actually work properly, unlike torrenting over tor. All you need to do, in theory, is replace all usage of IP addresses with hidden service addresses.
>>2820 For pirating anime and regular browsing, VPNs are perfectly fine. The government doesn't care about you watching Chinese cartoons (yet, First World Sharia soon), but it does prevent you from receiving those annoying ISP letters and providing information for analytics. It also makes your watching easier, since some services have limits on how much you can download from a single IP.
>but if a protocol were specifically devised for usage with Tor then it would actually work properly
Not exactly torrenting but, using OnionShare 2, you could keep a tracker of instances hosting the same file and use the HTTP POST downloading method to fetch chunks from them. Although I'm not sure if it would be faster than just getting everything from one instance.
>>2820 You seem to have no money, anon. VPN service can be bought anonymously and unless you are high-profile criminal, they won't target you; after all, the only reason people pay them 10 bucks is because they are not isp.
>nothing stopping the government from spying on them
What government and how? How can, say, german gub spy on what traffic exactly comes to your computer when using tajik vpn, not only that you share your ip, but how would they get access, and even then, some vpns are field-tested that they do not log shit.
>>2827 Why do you want to shill a vpn so badly? VPNs are both inexpensive and unprofitable. The only way they could possibly make money is by selling user info, or displaying obnoxious ads, or being run by the government. Don't forget that the vpn can see your real ip, and that zogs cooperate with each other to arrest wrongthinkers.
Tor is VPN on steroids (privacy-wise) and allows extra benefits like hidden service hosting as well. It doesn't require you to trust the node operators either.
>>2828 Because you can connect through tor and pay with bitcoin. Also there's still the vps option. bonus: at least one vpn provider has .onion, expressobutiolem.onion And you explicitly said that the only usecase tor isn't suitable for is P2P, therefore vpn/vps is the only option and no one ever got sued or anything for torrenting with vpn.
>hurr-durr using vpn means you are against tor
I haven't said a word against tor and use vpn exclusively for torrenting.
>>2820 You can try xdcc, it's like DDL but you need IRC for it.
>VPNs are not private or anonymous and there is nothing stopping the government from spying on them.
True, you musn't do anything illegal with them. However, they are fine for torrenting, especially chink cartoons. You can also consider seedbox - server with torrent client. I'm sure there are sites that accept bitcoin, so you can sftp and snatch files, if you are patient.
If you pay for your VPN, then at least you know how the service is being funded. I2P makes similar, ostensibly valid, claims about provable anonymity by design, but it doesn't have the tons of money behind its media outreach campaign. Shit that probably actually works like PGP/GPG? Coffee-table articles poo-poo it or pretend it doesn't exist.
Weird, huh?
If you need to do something gnarly, just build a fucking cantenna and use reaver.
Tor gets all the encrypted traffic through nodes run by volunteers to make it hard to learn IP and destination. What about I2P, GNUnet or Perfect Dark? What layer do they provide to prevent from learning one's IP?
>>2841 >I like to rape cute little girls
Stop posting please, no one gives a flying fuck.
>>2864 If they're as low-latency as Tor is it suffers from the same problem as stated in >>1892
>>3054 It's a shitty (((phone app))) which lets you send messages and shit, supposedly "privacy aware" and "encrypted". But it's a phone, it's insecure by nature. Muh baseband n'shiet.
>>3107 >torsocks ping
Pinging doesn't work over Tor, because Tor is only a TCP proxy and not an IP proxy. To generate fake Tor traffic, you should perform HTTP requests to random websites.
>>3139 >selenium javashit cancer bloat
Why not just make a list of websites, then use torsocks curl to make requests with random data? Or just make automated requests to a random list of search engines. Just make sure to change your user-agent so that you don't get blocked as much.
How do I apply a note onto a sound e.g. an animal sound, or a voice, autotune style? I only have available audacity and ffmpeg. I don't want to install any proprietary shitware.
>>3147 I don't know any particular tools, but look into vocoders for an autotune like effect. You could also just pitch shift the sound, which won't make it sound as harmonic.
Has anyone else noticed that noscript is a useless piece of pajeet shit? It slows down my browser by a ridiculous level.
uMatrix is much better and allows better control over everything.
>>3161 Wrong question. You wanted to ask if the numerous projects linux userland consists of are safe from glow niggers. systemd-project is long time confirmed to be ciaids subversion, so no Can anybody but glow niggers know?
>>2807 I can understand the impetus for downloading over tor vs torrenting, but this is bad for the ecosystem as a whole. What happens when your semi-legal Russian sites run out of money or get copyright-nuked? It's also a way worse user experience than torrenting: overcompressed mp4's with subtitles burned into the video vs crisp audio/video and aesthetically styled subs.
From a technical standpoint, torrenting over i2p is the superior method of procuring chinese cartoons, but it's slow and there are no peers. The true chad method then is the aforementioned VPS in a third world country. Bonus points if you buy it anonymously (prepaid credit card most likely) and connect only over tor/i2p. Extra bonus points if you seed over i2p as well as clearnet.
Assume I have a smartphone.
Any good browser? I'm currently using waterfox but the fact that it blocks saving images, taking screenshots or copying text is really fucking annoying.
>>3234 >>3235 My personal arrangement is to run the tor daemon in a termux instance, also run DNS66 in order to give myself OpenNIC DNS for all non-tor stuff, and then point IceCatMobile at SOCKS 127.0.0.1:9050 in about:config. Make sure to set remote DNS as well, and set socks version to 5.
How do i sdard fresh? I mean glean as gan be. Seems bigbrodher gnows my disgreed irl hisdory. And ibe bersonally dalged do him, hes guide nosy. Will i need a new ib address?
>>3336 Reinstalling or wiping everything and starting from scratch? Use EFI boot and there will be no need to have a particular routine when setting up a dual boot system. Also, outside of gaymen, you can just use a Tiny7 image in a VM on Linux.
how do I encrypt directories? I have a folder on my desktop I want to use to store porn/images/etc. gpg doesn't seem to do this and is only for emails. The book I'm reading doesn't discuss this. The interent is full of pajeet codes and they don't use debian cammands.
Al it talks about is setting permissions. read and write which is easy to du and can be done with a gui. but i want to take it a step further, and tack on a password to enter folder. anyway to do this? i'm using mx linux based on debian.
>>3354 You poor, confused bastard. What the fuck are you trying to do? You can't create a directory called shadow in /etc, because the text file /etc/shadow already exists. It contains, among other things, hashes of user passwords (not the passwords themselves).
[code]
# less /etc/shadow
[/code]
if you want to examine the file, but it's still not clear why you'd want to do that.
I see. Yeap I downloaded a thing called veracrypt and it's pretty sweet how i can dismount it and make it unaccesible. (nothing is completely unaccesible) but it seems tucked away enough for a normie like myself.
ughh I know. I'm just getting started with linux, i'm going to refrain form asking any questions because they're idiotic and yes confusing. thank you for the laugh.
I have an HDD that was part of a RAID5 array. Is there any forensics software (for Linux) that will allow me to see if I can recover any data? I know most will be unreadable, but surely not all of it will be right?
>>3409 This is my off-the-cuff, I-just-went-to-Wikipedia-to-refresh-my-memory-about-what-kind-of-RAID-RAID5-is take, but because RAID5 is block-level striping, I think you might be able to recover files smaller than the blocksize for the filesystem. So if the blocksize is 1KiB, you might be able to find files smaller than that, because the entire file would have been written when the block was striped, yeah? In that case, I would assume any standard forensics tool that can scan a block device for the magic numbers associated with different file types could tell you something.
Or maybe I'm misunderstanding how block striping works.
hey people. what are the commands that show file activity?
All I know:
ls -l
top
this just shows the time the file was last accessed or used and shows any unfamiliar processes running (assuming a normie got on my computer) ((hackers can just hide the processes))
heres why I'm asking. I accidently left my computer open. SO I got back home from work and realised my computer was on, desktop showing. And I was like oh fuck! Luckily I live alone, but you never can be too careful.
>>3465 >supreme privacy?
>"but just works"
>very light weight
>friendly for programming.
I don't think you're going to find anything that meets all of those criteria off the shelf.
You also need to define a threat model. You could install any distro you wanted and if you ripped out the WiFi card, didn't plug in an Ethernet cable, ran it off of batteries, and used the computer in a Faraday cage in your basement, it would be more "private" than any computer not located in a secure military or intelligence facility.
I suppose that's not what you're going for, which is why you need a threat model. "Supremely private, yo" isn't one, unfortunately.
Here's a command I did for encrypting a text file for 'tripwire'. NOw how do I know this has worked?(it would be nice to see a prompt screen requirring the password) then it would prove success..
It created a duplicate file with an icon showing a lock. Oh god I'm so sorry, but i need to ask questions.. I wish I had a friend to chill with and just talk about linux irl. maybe i'm just a confused..
>>3472 >3467 please forgive me for my foolish question
Sorry if I came across as rude.
>3455 oh thank you so much.NIce artwork!
You're welcome. I meant to shoop out the url before I posted it, but I forgot.
>NOw how do I know this has worked?
# file /etc/tripwire/twpol.txt
/etc/tripwire/twpol.txt: ASCII text
# file /etc/tripwire/twpol.txt.gpg
/etc/tripwire/twpol.txt: GPG symmetrically encrypted data (AES cipher)
It didn't create a duplicate of the file, it encrypted the file in memory and wrote the encrypted file to a new file, /etc/tripwire/twpol.txt.gpg. At least, that should be what happened.
Incidentally, if you do see that output for the second command with the (AES cipher) part, your gnupg is using AES-128 by default, like mine. Try
# file /etc/tripwire/twpol.txt.gpg
/etc/tripwire/twpol.txt: GPG symmetrically encrypted data (AES256 cipher)
Note that it now says (AES256 cipher) instead of (AES cipher).
>(it would be nice to see a prompt screen requirring the password)
When you ran that first gpg command, you should have been prompted for a password, twice.
What I mentioned earlier bears repeating. gpg -c does not encrypt a file. It creates an encrypted *copy* of a file. The original is still sitting there. Once you're sure you can decrypt the encrypted version and you don't need the plaintext version, you can shred it with
shred -zun1488 /etc/tripwire/twpol.txt
where 1488 is the number of times the file will be overwritten. 3 or 7 times is probably enough. If you're using a RAID or one of those newfangled filesystems like ZFS or btrfs or bcachefs, I have no idea whether that will actually get rid of the file, though, which is why it's important to use full disk encryption.
How to use my router's tftp server to serve file that is on my computer?
Mounting sshfs directly on tftproot or using symlinks to sshfs gives permission denied (permissions are good).
Hey a question about txt files? I am asking becasue I am curious about manipulation and customization with software ui, but I want to know if the txt files are where you go to fuck around with the code? What sort of files do you search for when you're trying to manipulate something to your desires, it could be anywhere from the theme,text,font,font-size,sounds etc..
>>3544 I guuess I could hhave just put it as.What files should be used for hacking software? this is so stupid. nevermind. I'll look for the README becasue this has everything I need to know.
~ # cd /mail'
>
>
>
how to i un fuck this kind of typo? it puts my shell into a txt mode. how do i make it go back to root command mode, woth out opening a new term?
>Included is a set of keybindings similar to those in Adobe Photoshop.
You can find them in the ps-menurc file. To use them, copy this file
to ~/.config/GIMP/2.10/menurc. You can also manually change the keybindings
to any of your choice by editing ~/.config/GIMP/2.10/menurc.
When browsing the dark web what are a few pointers to look out for, if you need to download software off a site, for example, Virtual box. But in general what proof exists a site is malicious?
I managed to get an old Dell Poweredge 2950, and was thiking about setting it up to mine some crypto. Does anyone know any coins that are worth it? I know I won't make anything mining BTC or Etherium. I was thinking maybe Monero, but even that is pretty popular.
>>3585 If you have Javascript off, and your not downloading a bunch of random stuff, you'll probably be fine. As a general rule of thumb, if something seems too good to be true, it probably is. This is especially true for any kind of market place.
>>3544 Assuming you're using Linux, check hidden files in home directory. Many also use ~/.config. In general RTFM.
>>3595 I made around $100 by mining Monero on an old laptop. But that was before it got popular.
I don't think it is really profitable to mine anything with a CPU nowadays. There are a few coins that will technically be "profitable", but your profits will be so miniscule that it isn't worth it. On the order of cents per month, if that.
Crypto in general is stagnating since all the development was led by faggots trying to get rich quick, or epin meme lords who think they'll become some sort of online legend. Now that the price of BTC has slumped, these people have lost interest.
>>3616 Not really the answer I was looking for, but definetely the answer I expected. I know it's not really worth it, but I have a server I have no other use for and don't really have to pay for electricity with my current living conditions.
>>3714 >don't really have to pay for electricity
but your mom does though *mic drop* instead, you should write a nanochan-style anonymous file upload software and host it as a hidden service. we need one of those since they're dropping like flies (catbox.moe admin revealed as a turbo-cuck, mixtape.moe shut down for financial reasons).
>inb4 muh cp
nanochan is over tor and has no cp
What's the key to increasing my torrent upload speed? I have bandwidth set to unlimited for uploads, but it never seems to get above 20kbps, usually much lower than that. I'm trying to do my duty for low-seed torrents.
>>3759 Usually, the upload speed is low due to the simple reason that there aren't many people downloading at any given time, in comparison to the number of people uploading. If someone with high-bandwidth internet starts downloading when you're the only seeder, you will see more substantial upload speeds. Furthermore, seeding for a long timespan is much more beneficial to the life of the torrent than simply uploading at high speed.
tl;dr Low upload speed is normal, don't worry about it.
>>3760 >Usually, the upload speed is low due to the simple reason that there aren't many people downloading at any given time, in comparison to the number of people uploading. If someone with high-bandwidth internet starts downloading when you're the only seeder, you will see more substantial upload speeds.
I can download something with low seeds with great speed. But more often than not, when the role is reversed, and I am seeding something either alone or with a couple other seeders, the upload speed is incredibly slow. Do all the leechers just have shitty internet?
>>3759 Most residential internet has a much lower, often around ten times lower, upload than download. ISPs do this is because its usually businesses running servers that need high upload, so they can charge more for it. The cheapest way to get good upload is probably to get a cheap vps that allows torrenting, then do everything off of that.
>>3761 >leechers just have shitty internet
Yes and they are often downloading more than one torrent.
>>3768 Yes. I get download speed as high as 6500 kB/s and upload as high as 1800 kB/s.
>>3860 >Is Windows worse than a Linux distro with systemD,
The issues with systemd are that it's bloated and insecure, but windows is ten times worse on both fronts.
>from a privacy standpoint?
what refutation did you read that mentioned privacy implications? Systemd doesn't intentionally spy on you, this is not one of it's many issues.
>>3860 >Bare with me
555 come-on-now.
>Is Windows worse than a Linux distro with systemD, from a privacy standpoint?
Not particularly. It's a bloated system that is slowly consuming everything and is coded by a smug retard, but that's about it. You can also pick up a distro without it - MX Linux or antiX being obvious choices for a newcomer compared to, say, Gentoo or Void. However, privacy is mostly about limiting your own OpSec failures and knowing how your environment works. You'll reach that on a system you're most familiar with.
>>3863 Check the syntax very carefully and look through man pages to see if the setting is even still there. I've wanted to kill the devs multiple times when setting it up.
I have a coaxial cable with internet connection entering one part of my house attached to a modem, and then in another part that isn't connected to anything. Is there a way for me to convert it to ethernet with a modem/router/etc?
>>3932 What kind of gay ass question is this? Draw a diagram please.
What do you mean by "not connected to anything"? Just a bare cable at both ends, or is it connected to ISP at one end and nothing at the other end?
>>3934 First, move the modem from your working line over to the one that isn't connected. Confirm that the internet on that line is accessible. Then, move the modem back to the original line.
Secondly, obtain another identical or at least compatible modem and just connect it up to the second cable. Isn't this a rather obvious solution? Am I missing something?
>>3935 >Am I missing something?
No that's pretty much it. I didn't know if you could have two modems. Does it have to be ISP approved, or will any modem work?
>>3937 See if your ISP uses the DOCSIS cable-internet standard.
https://en.wikipedia.org/wiki/DOCSIS If it does, you can use any modem which follows the standards. Probably.
Telecommunications bullshit is usually full of obsolete crap and standards-non-conforming faggotry, though, so don't be surprised if it requires proprietary trash to make it work.
God damn it, this is another reminder that every nu-/g/ has been full of loser lamers for years. You can't even read or understand the fucking Wikipedia article you link. Asking grannies on Facebook technical questions would be more fruitful.
DOCSIS modem is not just a modem (a device to transmit and receive bits over analog line), though it obviously has DAC and ADC. There is no dedicated line between you and your ISP, the tree of cable customers is a shared medium, because the whole point was using and extending TV cable system. Even if you haven't learned much about it, that alone should make you wonder how collisions are handled, how the uneven bandwidth in different sections affects the operation, how it all coexists with TV signal, etc. The technology is complex, and a lot of cooperation is required from all the devices, so the cable station on the ISP side generates the downstream signal, syncs, and controls the clients dynamically, depending on network condition, number of active clients, noise, and so on. Cable modem is a slave device, it is not supposed to operate independently, apart maybe from some testing with fixed parameters.
Also, you can't just plug another modem to a free cable end, it has to be configured/accepted by ISP, and you need to pay for its share of network usage, because it's just another independent client device.
To connect Ethernet devices over dedicated or shared coaxial cable, you need MoCA or G.hn bridge like this:
https://www.amazon.com/Actiontec-Bonded-Ethernet-Adapter-ECB6200K02/dp/B013J7O3X0 (Just an example, I have never touched the thing, and have no idea how good or bad that model is.) Supposedly, both standards include the detection of third-party TV/data/whatever signals in the wire, and a negotiation process to only use the remaining bandwidth.
If you have a dedicated coaxial line between two points, you may ask archeologists to find some 10Base2 hubs for your enormous 10 Mbps pleasure.
>>3942 That kind of system sounds incredibly easy to attack. All anyone would need to do is either broadcast random noise down the line to stop it from working, or send high voltage down the line and blow up all attached devices.
Of course, isp could detect where it's coming from in option 1, but I don't think they could tell in the case of option 2.
How many customers are connected together in a single tree?
>>3955 >You can also pump shit into the water mains
If I were an infrastructure designer I would place a check valve on each residence's water line so that kind of shit doesn't happen as easily. But given how retarded this shit is, I guess it is actually possible to pump a shit ton of cyanide into the water mains and kill a lot of people.
>Who is going to pay for the damage
If I were in a situation where I wanted to cause a lot of damage, death and destruction indiscriminately, it would be an excellent tactic, and I don't care who is going to pay for the damage. But the time for that has not yet come.
Think of doing this shit in africa. Extreme damage, nobody's going to find out it was you, and you don't need to show your face at all. Perfect strategy. They would all chimp out 1000% and wipe each other out without you even needing to put in any effort.
Unfortunately, I don't think it is possible to do similar things with the electrical grid because there are isolation transformers scattered around. Damage would be limited to a single city block at worst.
>I guess this would be part of pentesting, but I'm trying to get a little more insight about it to protect myself. PLease don't call me retard or say kys, no bully please I am sensitive.
What causes a port-scanner(nmap) to be unsure of an OS. I've scanned ip addresses and sometimes I've identified computers on my network, but other times it has a hard time finding a confident analysis, and will puke out a number of possibilities and by the percentage.What would cause this to happen? It's almost like a defense barrior from the other computer and I want to know how to configure this for myself so I can prevent exploits.
This is all for the sake of learning, and I probabaly sound like a confused bastard, but I tried wording this my best. If anybody has the slightest idea, I would be greatful for any feedback.
>>3986 >how to configure this for myself
put a lot of different routers in between yourself and the internet. each time the packet goes through a router it gets harder to find out what os it is.
I need a new VPN that is both torrent safe and accepts bitcoin cash. I was using mullvad but they are unreliable pieces of shit and I am sick of throwing money to an organization that clearly doesn't want me as a customer. Does anyone know of a VPN which fits these characteristics besides them?
>>4048 perfect privacy I'd say
expressvpn is amazon datamining front and pia is american
perfect privacy is field-tested too, the only downside is having servers in shit places, depends
>>4048 you should know this already, but unfortunately way too many people don't.
DO NOT USE VPNS for important activities. If you think that using anonymous payment methods is necessary for a VPN, you are probably using it for something too important for a VPN to be used for. If you suggest using a VPN for such activities, you can expect a downvote from me. If you think using a VPN for such activities is ever the right solution, you can also expect a downvote from me.
>>4051 the point of vpn is torrenting, and it works good; if you live in the west it's necessary anyway
not wanting to deanonymize yourself, why is it bad?
>>4050 Thanks for the recommend, I will look into them.
>>4053 Agreed. While I generally agree that using VPNs is bad I must because my ISP caught me torrenting and acted like faggots cutting me off from the internet. Sometimes it is simply necessary. Getting a, ahem. "downvote" from some random person on the internet is worth actually having internet still.
Perfect Privacy was a bit of a hassle to get going (couldn't use tor or my regular crypto wallet) but I finally got it set up and running. Thanks again for the suggestion!
I am thinking about intstalling Gentoo. I am familiar with GNU/Linux, but have never touched Gentoo. I know the devs got rid of stage 1 and 2 tarballs, but I think I would learn a lot by starting from the absolute beginning. My question is: is it worth it? Or should I just start from stage 3?
>>4123 You mean the black shit that ICs are encased in?
It's epoxy resin. Quick search reveals the specific type is "o-cresol-formaldehyde novolac epoxy"
I have Tor Browser which runs its own Tor instance. I also have Tor explicitly installed on my Linux system. Should I start up and run the Tor service in addition to using the Tor Browser, even though I technically don't need to? Is this more secure and robust and, if so, why?
>>4238 It does absolutely nothing but waste your bandwidth, cpu, memory and time. Don't bother unless you are actually routing something through the second daemon's connection (e.g. if you don't want the connection to go away when you close the browser).
>>4099 To build a working Gentoo system, you need a working Gentoo system (LMAO), so there is no point in going for stage1 as a start specifically. You may just build stages yourself with catalyst though. I predict it to be miserable experience, because catalyst sucks, but it will give you the idea about Gentoo production process.
As for learning about how your typical GNU/Linux distro ticks, you may want to look into the LFS book. It gives you the most generic loonix experience, well, unless you go and start writing userland tools for Linux (the kernel) yourself.
If you're set on learning Gentoo though, your best bet after the catalyst would be just learning portage, because this piece of Python code is what makes Gentoo. Stages' build scripts use emerge as the command to build software, so portage and, by consequence, Python language are your cyclic dependencies for your Gentoo distribution. Not that I know much about it. It's just knowing this much is enough to prevent me from wanting to do anything else with Gentoo but using it, maybe writing some custom profiles and ebuilds, but no more. Creating a custom Gentoo-based distro (a big part of which would be creating custom stages) without doing something with that piece of shit portage is is going to be unproductive. Or at least I believe so. xD
what software do i need in order to host my own static website. its just a personal site. I have all my text files and images finished,but i'm a little confused with the webserver and additional software..
To be honest it's a little intimidating.I've never made my own site before.
Thread dedicated to Questions That Don't Deserve Their Own Thread
(but are worth asking)