Welcome >>>/bmn/ ! Bad movies every saturday.
There is a criminal organization in Brazil using NSO Group's Pegasus to infect devices for hack for hire, to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations. They also have other advanced malware, like UEFI implants and even persistent implants for Kindle and Raspberry Pi. Plus face/voice recognition on every camera and microphone they can get into, in public or private places.
Brazil won't do anything to stop them. Only the FBI, CIA and NSA can stop them.
There is also the possibility that they were engaged on the hack of Bezos' smartphone.
If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.
If you want a story about how they operate, I am willing to work with you to expose them.
Not OP but there's already dead journalists in Turkey I heard and probably related to the same backdoor that got leaked (intentional or accidental).
Pegasus from public sources is said to be known to work on mobile devices and it's likely that they target popular devices since the disparity makes it a headache for backdoor writers.
The thing to avoid is borders, where they can check your phone which they can then use the timing to image your phone and/or install a modified TWRP recovery partition to exfiltrate everything and/or have it install a backdoor next boot. The process should take less than 20 minutes.
This is in my theory but this checks out with the information out there and should be true (a hacker's theory).
And in theory, again, your phone should feel like it is booting up from factory reset like pic related which means it has been compromised. I would advice you to stop using that phone and reformat the partitions but assume they already have most of your files. Using personal FOSS cloud is better if you're a journalist, and avoid SSL_strip when accessing your own cloud/servers.
JSchan doesn't actually give IPs, just IP hashes.
I would assume the harder it is for a phone to root, the harder it would be for them to do anything with it. I had a Galaxy S4 that was fairly easy to install TWRP on and root (it could've taken a much shorter time but it was my first time doing it), now I have an LG V20 that took two full days to root and required using both Windows-based community tools and a custom-made Linux distro to flash a different firmware version. I can't even remember the last time I saw someone else using an LG phone so I should be good anyways implying I'm ever going to leave the country or even the state anytime soon
>implying they have hands on official rooter
Vendor's repair department have their "recovery"(ring 0/jtag access) tools. Some phone hacking services have already figured it out and are selling them.
Journalists should either use those secure HTCs or Sony.
There is an official TWRP image so it might be included, the hard part is usually only unlocking the provider lock but LG isn't that great.
There's also a possibility of shortening unlock wait times by using hydratool server.
At that point, the best measure would be putting tamer resistant tape, and unironically destroying your microUSB port if you have removable batteries, or using a tampered charging-only microUSB board. Maybe a sound alarm when it detects data transmission might work too or a phone case with sound alarm, but there's no stopping them from just confiscating it.
What is even a good email provider to use anymore?
>inb4 selfhost your email
most info taken from: https://digdeeper.neocities.org/ghost/email.html
probably incomplete quick list, but you could read the dippity dopper article for more information
<gmail, yahoo, etc.
>big corpo trash
>sells data to 3rd party advertisers
>Shady metadata policy (retained for an indefinite amount of time)
>URLs in onion hidden service site point to the clearnet (information is from 2019, cannot reconfirm as the hidden service never loads as of the time writing this)
>Account creation verification blocks some email domains from being used to verify the account (Riseup and possibly cock.li domains for example)
>Doesn't allow usage of your own PGP keys and forces their private keys generated on their servers instead through a JS web interface, many backdoors
>Requires to use their stupid bridge thing for mail clients, possible backdoor
His articles seem to suffer from the same sensationalism that most contemporary journo publications do. Only instead of spreading the asshole for whoever's paying, it's tech-related doomerism. Case in point;
>Does he really think that if someone can reverse engineer a video game ROM, they can fork something much more complex like Firefox using nothing but a disassembly?
Given the part about piracy over freetardism, I'd say the overall point the article is trying to make is that a gongkai culture (basically having a limited circle of people sharing company and trade secrets) is better than separating from the establishment and creating free software in a sort of bubble. But that in itself depends on where you live, as it clearly won't work outside of China and other grey law shitholes.
I'm using Posteo now. I don't think it's waste for paying 1 eur per month. How about you guys?
Trying it it out now, little dated apperance wise but as long as its functional i dont care.Have to migrate all my shit from Protonmail
A mail provider service's TOS follows their hosting provider's TOS which you might have not read at all.
It's a chain of terms of service, even if your mail provider claims to never do logs over their "users", they would still do logs when they take legal notice from their hosting provider which takes legal notice from some country of origin (local or domestic).
>we never do logs unless it is abuse or fraud
This is very vague, especially the term abuse.
This applies to no-logs services like mail, DNS, etc.
Abuse abnormal use above normal || not normal
Fraud is also a vague term. Claiming x=y where x is a company can be considered a fraud.
The term stretches out to having one fake/false information, and even as simple as using tor will be considered fraud, keep in mind detection systems can mark you for abuse by being in IPs that had been marked for abuse.
Vagueness is how they get around their supposed "promises".
If you're someone who is above normal users or someone who uses their service a lot, generates a lot of traffic or requests than average, a power user then they can and will treat you as either a bot/spam or mark it for abuse and treat your supposedly TBD (to be deleted) logs as abuse in which case they can store it forever and can now share your data to all third parties.
Mind you they only protect their "users" and not "abnormal users"
Abuse abnormal use above normal || not normal
I was looking through the video editing thread on /v/ and figured it would be appropriate to have something similar here now that /tech/ exists. Except I think it would be ideal if the focus was on free software solutions, and also encompassing a broader spectrum of content rather than just videos.
In this thread give tips and ask questions about image editing, video editing, encoding, and anything else you think might be relevant for creating content.
Recording & Streaming
>OBS (Open Broadcaster Software)
>need every kilobyte
>that's why we choose to waste data with literal non sense
That's not at all what the page you just linked to say. It lists the effective sample rates to be 8, 12, 16, 24 & 48 kilohertz.
Which means that FFmpeg & VLC are right, and whoever wrote the subroutines for this browser decided to chintz out and only include half the code.
Maybe less than that; scrolling down I read that any opus decoder can decode audio encoded to any bandwidth. By definition, then, FF and I guess Pale Moon can't render the opus audio codec.
Now, I can kinda understand that, because I don't consider a web browser to be a media player, and I have a separate MP3 player exactly because I also don't consider my phone to be an MP3 player.
and for as frustrated by this as I am, I obviously need to thank you for having these weblinks handy since I new about Xiph but hadn't gone looking for the codec specification because I was expecting it to talked about by more-normal people than the math nerds making lossy ways of writing down the description of the parts of sound you care about hearing.
But that page was surprisingly readable, so I'm impressed at whoever they hired to act as translator.
>That's not at all what the page you just linked to say. It lists the effective sample rates to be 8, 12, 16, 24 & 48 kilohertz.
You are right, however I think it's impossible to encode an opus file at any rate other than 48kHz.
I just tested the official opusenc and it doesn't even let the user specify an output sample rate. See https://opus-codec.org/docs/opus-tools/opusenc.html And regardless of the input sample rate, the program always outputs at 48kHz. I tested ffmpeg as well and it, too, always outputs 48kHz opus files, regardless of the input sample rate or the -ar specified...
How exactly did you produce the 12/24kHz opus files?
>that's why we choose to waste data with literal non sense
You're talking about defaulting to 48kHz when encoding opus? If so, I disagree that data is wasted, because my tests showed a decrease in file size... If you throw a 44.1kHz flac file and a 8kHz flac file at opusenc, you'll find the output of the former to be larger than the output of the latter. Similarly, if you encode a 44.1kHz flac file using ffmpeg twice, once wi
ffmpeg always reports 48kHz for decoding opus, see https://stackoverflow.com/questions/39186282/ffmpeg-not-honoring-sample-rate-in-opus-output
Is there a way to make ffmpeg shut the fuck up? I have a video that has 800 million chapters and ffmpeg spams the fuck out of my console with them every time I touch it. I don't want to see them, but I do want to see the conversion progress and errors and the like.
>For a few hours today all v3 onion addresses on the Tor network were down. This appears to be a new kind of attack which affects the entire network and involves overloading the consensus authority nodes.
>You will currently not be able to access any v3 onion addresses, what is happening is unknown, but it is potentially a huge attack on the entire network. Earlier today I made a post outlining consequences I would be putting into place to deter markets from funding DDoS attacks against each other, as the potential to scale and completely kill every node on the network is a very real potential outcome. Now everything is down and I have no idea if this has sped up the process of this occurring or if it is even an attack at all, all I know is, this is big.
>Reddit post by u/hugbunt3r This attack began after Dread forum owner, HugBunter made a post stating the consequences for market owners who continue to attack rival markets.
<—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512
>The recent/current attacks on multiple markets have been troubling after we’ve all had a good break for some time and things started to heal and become stronger.
>We’ve now had large scale attacks hitting the likes of WHM, DarkMarket and apparently some other services, although I cannot really confirm any others.
>I’d like to outline the main issues with this here. Firstly, /u/Paris and /u/mr_white ‘s work on /d/EndGame has been amazing and has allowed us to all have some really good filtering processes to limit malicious traffic from hitting the application layer and dropping their connections for v3’s where possible. Along with our collective knowledge of the attacks since February 2019, we have some very solid configurations that allow us to scale enough to stay ahead of the attacks and continue scaling alongside it. This is the absolute best protection we as service operators can currently provide and it works, but at many costs.
>We’re not really any closer to seeing a Tor PoW implementation that will seriously improve the situation, but the position we’re in with our own developments is a hell of a lot better than when this all started. There are things I haven’t disclosed publicly because of the potential for abuse, but a lot more worrying things have come from these attacks, costs that aren’t of the monetary kind. The seriousness of the attacks’ will probably become clear at some point. Consequences for Markets
>Consequences for Markets I am aware of at least 2 markets that have paid for attacks against other markets within the last few weeks. I also know of one wishing to pay for retaliation attacks.
>This behavior from market admins is absolutely unacceptable and it will not be tolerated. You have [b]no idea[/b] of the ramifications this has, it is way beyond just taking your competitor offline, inadvertadly, but you are causing a problem that is a great deal worse without even knowing it, if market admins wish me to disclose these other issues to them, they can contact me directly and you will soon rethink your poor business strategy.
>– From here, there will be extreme consequences for any Market admin found to be funding attacks against any other service, market or not. You know who you are and I won’t publicly out you here for it, for the time being.
>Any Ads/other promotional material will be indefinitely disabled You may have your Subdread banned You will be delisted from Recon You will be delisted from DDF Most importantly, your own service will be attacked. This is where it ends, I’m not sitting through another storm of attacks.
<—–BEGIN PGP SIGNATURE—– iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAl/5pNwACgkQ6GEFEPmm 6SIJWA/+M0KfiK5D4T9D3ELwqtAHRBjU8cPqP1yxMYmoZrnZPKO81SuP+fH59xMj XtQn01rIPmRwuLntitf4zGo05LvPWBu8eDErLw4va9yqZtcBVKpP7Jaj+pr8vuRx XgqBA+bdcYpESHs1dzl10HVmeDe2dT7QuuJk63sohw9xf+31wgp9TI2wr8VM48Sv enbO9UUf+dHOajHqmbvNbUOIcf6EPcIUgCA/iedm5WhUfKDOt1AHK4xLYJA7Mmbz 7Y+vCBbPitx0kGMth/xWUsvKWhHeTsv/eSAlsbxmMaVQ4S7zJqJKvHAjxpxT1ZDG lNZqGAH5E4geylibg/mfntJmo4bIg62jQTCT3/kd9Q4ZNWp84Y6FXq55kTTIzrZt ii5Q5wdSIAtUG+mk7gKsPSO2vgvh7TIh8Y6LYg89xvCV1kS9SHC6d2bTiRDqJH7F qo/+qf3ml4jgYqSv4rJIZ7NqmJVGRqQpMMwHxp8zUZyW0ArmE78nTf9I3rRRvaJN OiPnCXDi1i/gK3TrwHOrek4VXhqT+VRBAbUWUPCu1i0IHsfJv3UKgDYLRP2S8x6q A9ed97mTwqNnIKxrXOozvvfE5CJj/N+6Mfu5Q9+3mFNI9FRQtTmoWSpzxrZZdozx nbexW83LKN/b6/zu+KRE/uaabDLg8kvdE/iRiYYAR6gzHlDlHPk= =wZW1 —–END PGP SIGNATURE—–
>An explanation of the attack from Paris, the co-admin of Dread.
Seemed brief this time. Hopefully it doesn't become a large attack like last time.
Use I2P, Lokinet or Freenet instead of Tor.
Tor died when the original silkroad did. It's just government run bullshit.
Are there visit-worthy websites on any of these?
Do your own research on dark.fail
hi... i guess this is considered computing? taking animation from my favorite animator toniko pantoja (credits to him pls let me know if it is not okay to post i ll remove)
his walk cycle is so balanced and i always made walk cycle that is kinda 'sliding' or 'limping' unconciously and somehow fixing it alot of time doesnt help
i suppose this is cause i dont know how to fix it too so i wonder how do you make it balanced and good? like what do you need to consider to make the good animation? things like center of weight or baseline , where are those and how do we mark them properly?
i look to make straight ahead animation that are always correct so i guess preparations before hand is everything?
Please reuse threads as much as possible.
Moving to >>1386 (OP)
im using it am i
You tell me, Anon. Does it help?
Also, quite a good demonstration of all 12 principles by a professional.
I am currently using Colemak CAWS. It is the best currently available keyboard layout for ANSI/ISO column staggered keyboards. If you're a split/ortholinear chad then DHm is enough.
Your fingers move less and stay on the home row most of the time.
Here's the info you need: https://colemak.com/
at last I truly see
>my fingers move less
No they don't, you still move you fingers laterally, moving your arm more doesn't matter
Just use QWERTY its the standard.
I have a .txt document with a few 104-key layouts I'm reminding myself to try someday.
Why doesn't someone reprogram their keyboard with the above, and let us know how it compares to dvorak, or I guess colemak, etc?
I will too. Someday.
Title gives my conclusion from empirical events I witnessed and inside info. PSP runs on the same circuit, but isn't the backdoor per se, which has been around for much longer.
The same way AMD was able to change the crypto algorithms for the Zen chip they licensed to China, they can change how the CPU behaves at any system, even those already deployed. This can also be used to sabotage any program or computation, making BadBIOS vastly nastier than Stuxnet.
American military made a grave mistake to partner with the morons of the Brazilian military, who are letting knowledge of this spread like a fire (and misusing it for petty profit and inside jobs to justify a police state). Israel, UK and France also have access, but are much more professional.
>dude trust me
You can bump, but don't make duplicates.
Moved to >>1509 (OP)
/x/ the /tech/ thread.
>what is network monitoring and DPI?
I think it's worth having a thread about ARM linux as it's on the verge of becoming viable in phones and mobile devices. Discussion around whether or not this hardware is or will ever be worth actually buying is important. I understand that a lot of the PINE64 hardware is explicitly not consumer ready, but I've seen some videos of the recently officially launched Librem5 that shipped the product with a fucked screen protector that wasn't applied properly, and that's a fucking $800+ device. I'll try to get around to making a webm of it.
The ARM ecosystem is traditionally cucked. Each ARM soc does things differently, because they are designed usually for specific applications and boards. There is no BIOS or UEFI, vendors typically provide you with a non-mainline patched u-boot blob and binary kernel and that's it. Many chips don't have sata and pci-e, have particular memory timing requirements (so no "common" ram sticks for you) and other shits to cheap out as most as possible.
I was looking for the ultimate blobless libre SBC and it's either too expensive or not completely free.
On the software side. If you are lucky enough to have most functions works on mainline kernel, Gentoo solves most problems.
All my computers are ARM now. This is my main one, a cubietruck with A20 SoC, 2 GB RAM, SATA, VGA, 1000M Ethernet. It doesn't need any special firmware blobs for basic operation. I don't use the OpenGL stuff at all, and I boot it with /dev/fb0 at 640x480. I don't use Xorg, unless I have to, but I don't like to. I mean I really, really, really don't like GUI shit at all!
Cubietruck was the only A20 with 2GB ram. But it was hard to find and is expensive. I ended up on Olinuxino a20 lime2. 1GB ram is one of the main performance bottleneck other than the slow CPU.
Wayland works much better with mainline lima.
How much did you pay for a Cubietruck? An i.mx6 Wandboard looks better for the same price.
100 euros, pretty much. That was back in 2018 though, when you could still find them easily. Now most of their distributors are out of stock. Well I guess there's NewIT in the UK, but they don't sell just the board by itself, they want to sell you also an ugly metal case, battery, and SSD, none of which I have any use for.
Anyway I don't want to spend money i.mx6 or any SoC with processor that does speculative execution. That mostly leaves only Cortex-A7 and A53 (plus older ARM stuff and microcontrollers), but there's enough choice of SoCs built on those to do what I want. I have this A20 board, and an Olimex A64 board with 2 GB RAM also that I reserved for running subversive garbage like Firefox. That way the nasty shit stays contained in a controlled environment and doesn't affect my main computer. I don't like or trust VMs also. Since the hardware is cheap (100 bucks or less for a board), I can simply buy as many as I need. But right now I only got these two, and also a tablet (with A64 SoC and 1 GB RAM) that was gifted to me. I haven't used it because it's Android... I'll probably convert it to Linux eventually, but will need to open it up to access the UART.
All of this leaves the question: who bought up all the damn cubietrucks? Clearly nobody wants them, except for freaks like me who prefer a slower, simpler system.
I2P can import/export reseed files. Yggdrasil pretty much requires that you manually specify peers to connect to (for the first hop, anyway). ZeroNet will work with pretty much any tracker you throw at it. What does Tor have if the indexing servers and dirauths go down?
how is that tree flying
If the last attack on V3 onions has shown anything, it's that nothing aside from this exists and everything will disappear if something permanent happens to the main infrastructure of Tor.
Tor's design is defected.
Only several authorities servers' down causes the whole network's down!
When Tor Browser accesses to a clearnet site, how it knows whether or not it has a .onion address?
>except by looking on the clearnet
Find a hidden service that aggregates known onion addresses I guess. There's no way to discover onion addresses other than someone posting about them somewhere. They're called hidden services for a reason.
This shouldn't be in it's own thread. The answer is that the header provides an 'onion-location:' tag, as this anon indicated. >>1106 It's from the source, not the browswer, and btw you don't need Tor Browser to read this (or any other tag). Just read the header itself with any suitable program (cURL, for example). Next time, put something like this in QTDDTOT, OP.
BO/Mods can move posts and threads into other threads relatively easily if necessary.
My opinion of *TDDTOTs has soured, as it had with generals. I find them to be stifling. There's no ephemerality, no chance for bad threads to be pushed off the board as good threads rise. I dislike how they encourage obsessives to backseat moderate. It puts more control for shaping the atmosphere into the hands of the moderators.
anyway, tor-chan has a cute face!