=== ANCHOR POEM === ◀─╔═══════════════════════[BOOST]════════════════════════────────────────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧════════════════════════════════════════════────────────────┴───────╝─▶ === SIMILARITY RANKED === --- #1 fediverse/884 --- ══════════════════════════════════════════════───────────────────────────────────── ┌──────────────────────────────────────────────────────┐ │ CW: completely-unfounded-no-evidence-mis-information │ └──────────────────────────────────────────────────────┘ If we make a law that says you can't sell user data, they'll just build an intentional vulnerability into their system and point it out to specific people who paid under the table. Then, when they get "hacked", they'll surely be ashamed and sorry to their users, but hey the data's out there now not like they can take it back. Oh don't worry we already patched the hole in our security, that way nobody can get in through the same door that was intentionally left open for very particular people who've paid, and not for the people who haven't paid yet, who are still waiting patiently for a door to be built for them. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #2 fediverse/1113 --- ═══════════════════════════════════════════════──────────────────────────────────── we should be able to configure our web browsers so that they don't remember to autofill certain pieces of information. Such as the IP address of our router, or our bank credentials, or any other forms of passwords that we are using to authenticate ourselves. That way our infrastructure that we've designed is less susceptible to cybersecurity threats that involve physical access to the computer. Or remote control of some kind that is channeled through the UI (like RDP or SSH) (a terminal is a text based UI in this context) Unless of course they knew what they were doing. Which most of them don't. Hence why it'd be a good idea to isolate the capabilities of defeating certain vulnerabilities to ourselves. Like, a reverse backdoor, only more like a DMZ - a sector of computing space (sandboxed of course) that is only utilized for understanding the intent of the message sender. Doing so would require an analysis of the capabilities of the system, the kind of analysis that [script kiddies'dve] generated by googl ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘ --- #3 fediverse/2252 --- ══════════════════════════════════════════════════════───────────────────────────── ┌──────────────────────┐ │ CW: tech-encryption │ └──────────────────────┘ users don't want to have to think about encryption keys. they should be available for them if they need them, in like... a folder or something somewhere, but they don't need to really know that they exist. more friction like that keeps people away from being secure. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #4 messages/181 --- ══════════════════════════════════════════════───────────────────────────────────── I know you don't want to hear this, but there is a chance that there will come a time where your life depends on your ability to debug a computer without the internet. To set up an SSH server. To install Linux. To program in C. To do something else that I'm not prepared for... If StackOverflow didn't exist because network connectivity has been lost, could you remember syntax? Maybe it's a good idea to set up a local LLM that can answer basic questions about technology. Maybe it's a good idea to set up on your parents computer, just in case you have to hide out there for a couple months. Maybe it's a good idea to download wikipedia, just in case. If I need to use a mac, I'm screwed ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #5 fediverse/5369 --- ══════════════════════════════════════════════════════════════════════───────────── @user-138 you can use a username now. They added that functionality recently. it's supposedly more encrypted or something. But, it's still a centralized point of failure. If you want to say something privately, pretend like you're ordering drugs on the dark web and use PGP encryption or SSH keys or whatever it says in the "how to order drugs on the dark web" guides. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════════════════════────────────┘ --- #6 fediverse/3470 --- ════════════════════════════════════════════════════════─────────────────────────── alternatively, when you initiate an SSH session it sends you a randomized public key whose private key is the password that you need to login. By decrypting the string of text it sent you and sending it back (plus the password at the end or whatever) you can ensure secure authentication without bothering with the passwordless keys which are wayyyyyy more trouble than they're worth and lack the "something you know" authentication method. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #7 fediverse/4946 --- ════════════════════════════════════════════════════════════════─────────────────── I would trust the CIA if they gave me continual access to all surveillance of myself -- stack overflow -- what if you made a program which cycled credentials? like... "give me a random credential for Zoom" because we share all of our digital resources did you get banned for account sharing? no you didn't because you routed through the correct VPN automagically [has never had a software job] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════──────────────────┘ --- #8 fediverse/4720 --- ═══════════════════════════════════════════════════════════════──────────────────── @user-882 it's a security hole though yeah... there ya go... ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════════───────────────────┘ --- #9 fediverse_boost/4589 --- ◀─╔════════════════════════[BOOST]══════════════════════════─────────────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ Remember Friends: │ ║ ║ │ │ ║ ║ │ You cannot both have secure end-to-end encryption to protect your communication AND also have a backdoor/key/access only for "the good guys." │ ║ ║ │ │ ║ ║ │ This is not possible. │ ║ ║ │ Do not believe anyone telling you otherwise. │ ║ ║ │ │ ║ ║ │ End-to-end encryption protects us all, │ ║ ║ │ we must fight to keep it ✊🔒 │ ║ ║ │ │ ║ ║ │ #Privacy #Encryption #E2EE #RootForE2EE │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧═══════════════════════════════════════════════─────────────┴───────╝─▶ --- #10 fediverse/2674 --- ══════════════════════════════════════════════════════───────────────────────────── ┌────────────────────────────────────────────────────────────────────┐ │ CW: factually-untrue,-that-never-happened.-this-is-just-gesturing. │ └────────────────────────────────────────────────────────────────────┘ the kind of friendship where you SSH into each other's systems and leave notes for one another. as soon as you find one you message the person who left it like "yoooo only just found this lol" and they're like oooo yeah did you see the bash script I wrote in that directory "yeah totally I used it on one of my video files just now - cool filter!" ahhhh reminds me of all the times hackers have hacked my permanently insecure system and left me friendly messages like "hey I'm on your side" or "how's life, friend? I hope it's going well." or "never forget; you are worth all the fear" y'know cute things like that oh. right. because leaving vulnerabilities like that can lead to threat actors affecting your stuff. how lame. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #11 fediverse/1862 --- ╔════════════════════════════════════════════════════──────────────────────────────┐ ║ some people look for signals or signs before doing something. Try and have │ ║ someone in your life who can give you signals or signs so that you know when │ ║ to do things. And ideally, if they're more hardcore than you, you'll know what │ ║ to do, not just when to do it. │ ║ │ ║ did you know that anything on the internet can be read by at least one other │ ║ person besides your intended recipient? There's no way they'd let us talk │ ║ amongst ourselves otherwise. │ ║ │ ║ I think encryption is pretty neat, all you have to do is run a shell script on │ ║ some text, then send that text over the internet. If you want to decrypt it, │ ║ all you have to do is run a shell script on it to decrypt it. │ ║ │ ║ downside is, it has to be translated into plain text somewhere along the │ ║ line... Maybe if we rendered the words not as text that can be read from │ ║ memory, but as like, brush-strokes that can have a randomized order, but still │ ║ present to the user as visual text? anyway that's what's on my mind as I try │ ║ and improvise a baking recipe with yeast, flour, and butter │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧═════════════════════════════════════════───────────────────┴──────────┘ --- #12 messages/1203 --- ═════════════════════════════════════════════════════════════════════════════════── Programmers are lazy, this is well known. So why would i trust by default that anyone would read open source code looking for security exploits or malicious code? I trust an LLM for that more than a human. At least your own LLM can digest the entire project or library at once. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════════════════════════════════════─┘ --- #13 fediverse/664 --- ═════════════════════════════════════════════────────────────────────────────────── @user-482 [secretly installs a keylogger and doesn't tell anyone upstream but still pushes it to production] [or worse, was told to do as such and given tools to fabricate "evidence" to the contrary to everyone else on the team] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #14 fediverse/3469 --- ════════════════════════════════════════════════════════─────────────────────────── you know how SSH password login is deprecated because the password needs to be transmitted in cleartext or whatever? what if we just... required two passwords? the first initiates the conversation, and sets up an encrypted line. It doesn't matter if anyone sees the first password because they'll get a new set of encrypted keys, meaning each session automatically is encrypted in a different, randomized way. the second password is the one that actually authenticates you. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #15 fediverse/624 --- ═════════════════════════════════════════════────────────────────────────────────── You know, there's no guarantee that Youtube or Gmail has to show you the EXACT SAME video or message that your friend shared with you. Or did they even share it at all? So hard to tell when they know all the communication you've ever had, because you only know each other online on their platforms, [read: US government observed platforms] [like, HTTPS] surely there's no room for someone to sneak in and edit your conversations. Surely the only way to securely communicate is to send pure PGP encrypted bytes to another target, wrapped in a TCP/IP header, with unknown intent or expression. Worst they could do then is just, y'know, block it entirely. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #16 fediverse/3407 --- ════════════════════════════════════════════════════════─────────────────────────── @user-1218 there's only a password so that if the zip archive is displaced from it's context it's harder to read. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #17 messages/1172 --- ════════════════════════════════════════════════════════════════════════════════─── the danger is not that the LLM will generate poor, vulnerable, or malicious code. the concern is that someone else might inject something into the codebase that you're not reading. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════════════════════──┘ --- #18 messages/1245 --- ═════════════════════════════════════════════════════════════════════════════════── BRB, if you want to talk to yourselfs, I recommend opening a port in your router and exchanging HTTP packets that create messages on each other's computers. Can be done in a couple hundred lines of C code that can be 90% premade or auto-generated. Then, once it's made, you don't have to think about it again because it's so simple. It's not trying to scale, it's just... designed for a small, focused, human oriented mindset.\ ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════════════════════════════════════─┘ --- #19 fediverse/1587 --- ═══════════════════════════════════════════════════──────────────────────────────── @user-883 If we lived in a sane world, the internet would operate on standards. And yet... Well, that's not entirely true, we have HTTP and HTML and all the security risks that Javascripts entails... Well, here's hoping the future can figure out what exactly's important aside from profit and ease-of-development. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════───────────────────────────────┘ --- #20 fediverse/6215 --- ════════════════════════════════════════════════════════════════════════════─────── hi does anyone have any good resources on risc-v? I found this: https://dramforever.github.io/easyriscv/#shift-instructions and this: https://projectf.io/posts/riscv-cheat-sheet/ but I'm missing a big gap - specifically, how to move from syntax to deployment. I need details on how to implement the software and get it running on the actual hardware. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════════════════──────┘ |