/tech/ - Tech

Technology.

catalog
Mode: Thread
Name
E-mail
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

Captcha
Password

(used to delete files and postings)

Misc

Remember to follow the rules


(3.84 MB 2048x1450 capitalism.png)
The Anti-Capitalist Software License Comrade 08/19/2020 (Wed) 20:26:18 No. 4240 [Reply] [Last]
https://anticapitalist.software/ >What is the Anti-Capitalist Software License? The Anti-Capitalist Software License (ACSL) is a software license towards a world beyond capitalism. This license exists to release software that empowers individuals, collectives, worker-owned cooperatives, and nonprofits, while denying usage to those that exploit labor for profit. >How is the Anti-Capitalist Software License different from other licenses? Existing licenses, including free and open source licenses, generally consider qualities like source code availability, commercialization, and attribution, none of which speak directly to the conditions under which the software is written. Instead, the ACSL considers the organization licensing the software, how they operate in the world, and how the people involved relate to one another. The Anti-Capitalist Software License is not an open source software license. It does not allow unrestricted use by any group in any field of endeavor, an allowance that further entrenches established powers. It does not release your project to the creative commons or public domain, nor does it require derived source code to be made available. The availability of source code is less important than the organization of software labor. Commerce and capitalism are not the same thing, and the commercialization of ACSL software is allowed, provided the organizations that do so are not organized along capitalist lines. The ACSL is explicitly intended to provide such organizations and individuals with a competitive advantage so that they may survive under capitalism, and outlive it. >Why would I want to use this license? The ACSL is right for you if you want your code to empower students, artists, hobbyists, collectives, cooperatives and nonprofits to survive under capitalism while not contributing free labor to corporations. The ACSL is right for you if you reject the status quo, believe better things are possible, and want to act on your beliefs. The ACSL is right for you if you carry a new world in your heart, and in your code. >What if this license doesn’t fit my needs? The ACSL was built in response to, and out of, other licenses. We fully encourage you to adapt, expand, or edit the language of the ACSL to meet the needs of your project, or to use it as a starting place for something new.
9 posts and 2 images omitted.
>>4289 Variant of GPL that makes corporations seethe the most. It protects against service-as-a-software-substitute.
>>4291 what's the difference between GPL3 and AGPL3?
>>4289 If you give someone a binary compiled from source code protected by the GPL, you are legally obliged to give them the source code too. With the AGPL this is still true, but you also have to provide the source code if the user accesses your system through a network connection (instead of running it on their own hardware).
Would be based if FSF had reverse engineering lawyers

(177.41 KB 1135x2048 niconozo-charging.jpg)
Comrade 10/01/2019 (Tue) 18:48:19 No. 4312 [Reply] [Last]
What are some Free Software projects worth contributing to?
1 post omitted.
>>848
>What are some Free Software projects worth contributing to?
That depends entirely on your skill set and interest comrade. So what to you enjoy and what are you good at? Just so you know hacktoberfest is being sponsored by digitalocean right now so it might be a nice thing to get in on if you're planning to do this anyway: https://hacktoberfest.digitalocean.com/
desktop environments like KDE. they need more polish.
Bring window edge snapping back to Openbox.
OpenTTD and OpenRCT2 These projects are keeping 2 really good oldschool games alive and running on modern machines while also improving them and adding new features.

(143.71 KB 728x409 ap_resize.php.png)
Is firefox compromised now? Comrade 08/13/2020 (Thu) 07:53:41 No. 4059 [Reply] [Last]
https://www.androidpolice.com/2020/08/12/massive-mozilla-cuts-threaten-the-future-of-firefox/ I want to say Tor is the future but i heard it was funded by the U.S
37 posts and 8 images omitted.
>>4184 >>4186 >>4187 They're actually political commissars
>>4184 I wouldn't necessarily agree, their role is more along the lines of a strikebreaker, but with a human face. In the name of diversity and inclusion, anyone can be fired or assigned somewhere else, which is ideal for anti-organisational measures.
>>4199 Did this ever happen or are you just making shit up again?
>>4220 I was just saying that this is not a useless job, I have no idea if Mozilla specifically has used the position this way.
>>4238 You did claim that this is what they do, and I asked that it ever actually happened. It seems to me that you are just making conspiracy theories up.

The Coding Interview Comrade 07/26/2020 (Sun) 17:34:10 No. 3641 [Reply] [Last]
What's up with the coding interview? You would think being a competent programmer would be enough to get a job but there's a whole industry out there specialized in preparing people for code interviews. It even has a Wikipedia page of its own. No other industry has a specific Wikipedia page for their job interviews. Why? What went wrong?
4 posts omitted.
>>4000 Also nice job citing a blog from 2007, before leetcode, topcoder, projecteuler, khanacademy, etc. etc. were a thing, before FAANG's corporate dominance and consolidation of the internet, before the 2007 financial crisis, before the first iPhone was released, your blog is prehistoric by the rapid pace of the changing IT world.
>>4009 >>4011 >Tesla Was from the early transitional period when all this started, during an era when safety and reliability standards were far lower, and it only became universal by the post-WWII era even in the US: https://en.wikipedia.org/wiki/Regulation_and_licensure_in_engineering#History >Wozniak Cobbled together a PC design on a shoestring from spare parts, even writing the entire BASIC on paper and typing it in all at once because he didn't have regular access to a workstation. Like all PCs of the era, it was a clumsy hackjob, but the fact it worked at all was more than enough to make it amazing for the time. That's not an acceptable standard for anything even vaguely resembling the level of maturity the IT sector should've had since the '90s at the latest, not to mention today. >the changing IT world Wow, yeah, Indian webdev mills churning out script kiddies that can't "program" in anything except JS, and deploying end-user software for joke "platforms" like Electron.
>>4025 If you're really that much smarter than Tesla and Wozniak combined, why are you wasting your talents shitposting here?
>>4000 In most places of the world, "their field's accrediting body" is the university. If you have a software engineer or computer engineer diploma, you are an engineer and can call yourself one. If you work for industries where it is necessary, you will be held for the same standards as other engineers. Ask anyone working in automotive, healthcare or similar fields.
>>3641 Engineers are naturally drawn towards over-engineered solutions. Just look at Silicon Valley startups. They even invent problems where there are none just so they can create an app.

(503.48 KB 934x1000 daily_programming.png)
Daily Programming Thread Comrade 01/27/2020 (Mon) 18:13:02 No. 17 [Reply] [Last]
What are you working on, /roulette/?
188 posts and 33 images omitted.
>>1869 Sure, and asm is also turing complete, but you will never use it to replace your shell scripts. Now imagine having to work with convoluted json data in bash.
>>2940 https://stedolan.github.io/jq/ It's actually pretty convenient.
>>17 Working making changes to some Vue codebase. I kinda wanna die, ngl.
>>2939 Which one did you end up using?
>>17 Funnily enough, I'm currently working through SICP, CLRS and that one book by Patterson and Hennessy. Don't know if I'm just memeing myself or if this actually werks, but these books are pretty good so far.

(62.91 KB 480x341 element-logo.png)
Riot is now Element Comrade 07/22/2020 (Wed) 17:17:50 No. 3559 [Reply] [Last]
22 posts and 4 images omitted.
>>3747 why does only Riot support voip?
>>3748 Because its definition in the Matrix standard is still experimental. Also because it's currently reliant on WebRTC, which relies on web bloat. There is currently an early effort by nheko Reborn (the only truly native client that [mostly] supports E2EE) to implement VOIP without WebRTC, probably using GStreamer: https://github.com/Nheko-Reborn/nheko/issues/109#issuecomment-610607467
>>3746 I use gomuks. Encryption isn't currently supported, though. Unfortunately.
I'll just keep using Element/Riot until Fractal enters beta/stable (has E2EE & VoIP support).
>>3761 this.

Comrade 01/27/2020 (Mon) 13:36:56 No. 221 [Reply] [Last]
What Internet browser does /tech/ use? personally, I just use firefox
86 posts and 7 images omitted.
>>221 Vivaldi good?
>>521 RIP Mozilla
(28.08 KB 633x758 soy198 (2).png)
>>521 >NOOOOOOO!! YOU WERE THE CHOSEN ONE, MOZILLA! YOU WERE SUPPOSED TO DESTROY THE ENEMIES OF THE INTERNET, NOT JOIN WITH THEM! BRING BALANCE TO BROWSER STANDARDS, NOT LEAVE THEM IN DARKNESS!
(17.16 KB 400x400 sheev.jpeg)
Did you ever hear the tragedy of Mozilla the Wise? I thought not. It's not a story Google would tell you. It's a hacker legend, you see. Mozilla was a Dark Lord of the Internet, so powerful and so wise he could use his browser to influence web standards... He had such a knowledge of webdev that he could even keep floundering file formats from dying. The dark side of webdev is a pathway to many abilities some consider to be unnatural. He became so powerful... the only thing he was afraid of was losing his power, which eventually, of course, he did. Unfortunately, he taught his apprentice everything he knew, then his apprentice killed him in his sleep. It's ironic... he could save others from death, but not himself.
>>4022 >Vivaldi Hell no, it's proprietary

(100.76 KB 1520x1000 boothole.jpg)
GRUB2 pwned through UEFI exploit Comrade 07/30/2020 (Thu) 07:02:03 No. 3737 [Reply] [Last]
Yet another gaping security flaw has been found in the Microsoft Trojan Horse replacement for BIOS known as UEFI. This one affects GRUB2 bootloaders in particular. https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.
1 post omitted.
>>3738 Basically this vulnerability requires root / admin access to access the grub.cfg file located in the EFI System Partition, which means the attacker must first gain a foothold on the system and escalate privileges (physical access also works). The vuln only helps with persistence across system reboots, so it’s unnecessary — and perilously noisy — for attackers to employ this if they already have root on a system that never reboots. In other words, protect your system from privilege escalation attacks and prevent evil maids in hotel rooms from physically accessing your machine and you protect yourself from this. Also you should laugh at anyone who has ever relied upon Secure Boot to protect themselves, a "feature" that has been broken by design since its inception.
>>3738 it has a catchy name and a logo that means it is scary
>>3739 >Basically this vulnerability requires root / admin access You're already beyond fucked at that point anyway. There are more important vuls discovered all the time that either escalate the privileges or gain access to the system over network in the first place. But most of them are so specific that there's very little chance you'll get hit if you update your system, even if takes a month for the fix to arrive in your repos.
>>3744 Why is everything so comodified and branded that even something as obscure and technical as security vulnerabilities get flashy logos, graphic design and a name that sounds like it was created by a marketing focus group? It's just ridiculous.
>>4053 It was created by a marketing focus group. It's advertisement for the business that found it.

(6.32 KB 109x100 searx.png)
Searx Comrade 07/03/2020 (Fri) 11:53:59 No. 3073 [Reply] [Last]
I know that if I run my own instance of searx is the most private way to search things up. But what about public instances of searx like search.snopyta.org, are they any safer than just using pure duckduckgo? Because I am still trusting a 3 party with my data, the only other advantage that I see using a public instance of searx is that is completely open source. Are there any other positives?
14 posts omitted.
>>3437 I like street view though, photo imagery of Earth's surface, rather than the layout?
>>3431 impossible
>>3431 Unless the NSA and friends have made a breakthrough on quantum computing and kept it secret, functionally impossible. With properly set up and non backdoored ssl crypto you're looking at average computation times longer than the heat death of the universe. Of course they could always do what they did with Dual_EC_DRBG and backdoor the encryption to make it significantly easier to break or just compromise the servers you're talking to.
>>3437 Good post. What's a good .txt dictionary? I tried looking for one once, but they were all antiquated
>>4032 Check this out: https://dumps.wikimedia.org/ Wiktionary has a lot of English words, plus etymologies, pronunciation, translations, etc.

(573.58 KB 1140x500 cyber_security.jpeg)
Privacy general Comrade 05/08/2016 (Sun) 16:12:51 No. 2214 [Reply] [Last]
Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.

General tips
===

* Use free software as much as you can.

* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits

* Don't use Flash Player, use youtube-dl instead for watching streaming videos online

* Do not use Google, use DuckDuckGo or StartPage instead

* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.

* Use the Tor Browser Bundle if you really want to stay anonymous.

Firefox
====

* Go to Preferences -> History and set History to "Never remember history".

* See for additional tweaks: https://github.com/amq/firefox-debloat and https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security

Add-ons
-----------

* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode

* HTTPS Everywhere

* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)

* Self Destructing Cookies: only allow cookies that you choose to allow

OS
==

* Encrypt your hard drive or home partition at least

* If you use GNU/Linux, you can try to restrict systemd or syslog from logging.

* Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.

Real life tips
===

* Pay with cash if you can



Feel free to provide tips to each other comrades!
65 posts and 4 images omitted.
>>2214 >Use a password manager like Keepass is it alright if i use bitwarden? i like the easy sync across multiple devices
>>3958 If you're talking about their cloud offering then its enough to deal with reducing password reuse but because the database is stored on their server and is encrypted/decrypted via a webpage they control you should not expect any protection whatsoever from anyone with serious resources. If three letter agency wanted access to your passwords on a self controlled keepass database then they would have to either thoroughly compromise your computer (to the point nothing would help) or get the password via other means, for something like bitwarden they could potentially walk into the office with a subpoena and have them change the web page so it sends your password to the server and decrypts your db for them, since there is no warrant canary assume this has already occured.
>>3958 I'm using keepass and tbh I don't see the problem with just transferring the file around, its like 5kb, I've got into the habit of just copy/pasting it across my different machines when I update it on my main machine, it takes like 2 seconds to copy it to my phone and push it over waprinator or ssh to my laptop, if I needed to get it remotely for some reason I could just put the encrypted password file in a cloud repo or github or something and up the masterpass complexity/change the pass after downloading the file (I don't forsee ever needing this so I don't have an online backup of it, doesn't seem like the greatest idea even if a 30 character properly configed masterpassword should be virtually uncrackable) I think the slight hassle is worth the extra comfiness of knowing its not being passed around in a cloud server by some company somewhere, and the passwords don't need to change often, since they're so strong, and they all get changed at once since force change after a certain time is enabled for them
I really hate that I can't post on fourchins with my vpn. I want to basically fight every right wing post that they shoehorn into any thread.
anyone virtualize whonix on debian: what version of virtualbox do you use?

Delete
Report

no cookies?