|
mystes posted:So after I just recommended zerotier in this thread, the developers are now asking Reddit to help them roll their own crypto for zerotier 2.0. That’s ok. Zerotier 1.0 will always be older, and therefore better. That’s why I know it’s OK to stick a day-1 install of Windows XP on the internet too.
|
# ? Sep 5, 2019 22:27 |
|
|
# ? Apr 25, 2024 03:05 |
|
as we learned from bitcointalk, the first version of anything is always the most secure
|
# ? Sep 5, 2019 22:32 |
Soricidus posted:you’re kind of backwards here. the “new stuff should be presumed insecure until enough people have failed to attack it” thing works better for pure math than it does for code, where a product that’s been around for years with no serious cves could have a heartbleed level of vulnerability added to it at any time The KAME implementation has been audited (and is BSD licensed, so can be put anywhere and there's really no excuse for not using something that hasn't been audited), as has the one in FreeBSD. I would be very surprised if the on in Linux hasn't. Wireguard looks insanely interesting from several points of view (both because it's faster than OpenVPN, and because it can be done in kernel which means you can use VTIs and the crypto can be integrated into OpenCrypto-like Frameworks so other things can use it) and I look forward to using it once other people have tried it once we've seen implementation audits and the work in progress warning disappears from the website. That last part is kinda the sticking point for a lot of people I know, who're otherwise looking forward to using it.
|
|
# ? Sep 5, 2019 23:24 |
|
Potato Salad posted:Few pages back, but I don't think you know what these are I really stopped caring, thanks for your input.
|
# ? Sep 5, 2019 23:40 |
|
Rufus Ping posted:I stand by what I wrote. Port knocking belongs in the dustbin of the early 2000s and it's a bit of a 'tell' when someone recommends it. I use port knocking for my telnet sessions, of which I have many.
|
# ? Sep 6, 2019 00:58 |
|
867-5309-23!
|
# ? Sep 6, 2019 01:07 |
|
Somewhere djb starts gently weeping and doesn't know why
|
# ? Sep 6, 2019 02:03 |
|
Nomnom Cookie posted:nah I think you got what I was trying to say, more or less. it was pretty dumb and then i doubled down to rehash what other posters already said, you're not completely wrong, just kind of backwards. I don't think anyone disagrees that all else being equal, it's better to use battle-tested software. but I'll take formal security/correctness guarantees over "nobody's figured out how to exploit this mess yet". in this case, it's not a question of reducing attack surface - "our code that handles untrusted input is well-contained and audited and therefore probably safe" - but a question of whether we can say with certainty that wireguard doesn't have any e.g. use-after-free bugs, which we can if it doesn't dynamically free memory anyway I'll shut up and let the thread get back on track
|
# ? Sep 6, 2019 07:33 |
|
ewiley posted:Somewhere djb starts gently weeping and doesn't know why It's because nobody uses his stupid mailserver
|
# ? Sep 6, 2019 07:34 |
|
howabout this one: port-knockout game
|
# ? Sep 6, 2019 12:25 |
|
ofc, wireguard should be written as a userspace module in rust
|
# ? Sep 6, 2019 13:00 |
|
i figured it out: this thread is the boeing 737 max engineers the entire rest of the world is boeing management
|
# ? Sep 6, 2019 13:01 |
|
redleader posted:i figured it out: this thread is the boeing 737 max engineers i can't see myself even coming close to being as rigorous as airplane software engineers. I'm closer to like tesla levels of competence, while if nothing else being aware that i'm terrible
|
# ? Sep 6, 2019 13:12 |
|
Boiled Water posted:i can't see myself even coming close to being as rigorous as airplane software engineers. I'm closer to like tesla levels of competence, while if nothing else being aware that i'm terrible yeah i don't even feel comfortable comparing myself to an aircraft engineer as a joke
|
# ? Sep 6, 2019 14:19 |
|
redleader posted:ofc, wireguard should be written as a userspace module in rust Is the joke that that already exists? https://github.com/cloudflare/boringtun
|
# ? Sep 6, 2019 16:09 |
|
hey. i am working on a semi-secret project and need some help. can y'all help me add to this list of RSS feeds that will provide me with infosec news? i specifically want infosec and even more so if they're often sensationalised. it helps if i do not need to add filters to parse out what is infosec and isn't here is what i have right now from my own code Python code:
|
# ? Sep 6, 2019 16:54 |
|
add https://forums.somethingawful.com/showthread.php?threadid=3887592
|
# ? Sep 6, 2019 17:11 |
|
https://twitter.com/rootsecdev/status/1170005535934033922?s=20 Tried it on one of my lab machines.
|
# ? Sep 6, 2019 17:15 |
|
needs rss tho
|
# ? Sep 6, 2019 17:40 |
|
Lain Iwakura posted:hey. i am working on a semi-secret project and need some help. can y'all help me add to this list of RSS feeds that will provide me with infosec news? i specifically want infosec and even more so if they're often sensationalised. it helps if i do not need to add filters to parse out what is infosec and isn't https://www.theregister.co.uk/security/headlines.atom https://www.schneier.com/blog/atom.xml
|
# ? Sep 6, 2019 17:41 |
|
don't ask (it's for a project)
|
# ? Sep 6, 2019 17:42 |
|
eh screw it https://twitter.com/HackerMovieBot/status/1170021834592440320 i am pairing random movie screenshots (really just anti-trust and hackers for now) with random infosec headlines it's hit and miss on what it generates but it will get better as i start to put more images into the bot
|
# ? Sep 6, 2019 18:17 |
|
add sneakers and the net to your movie list
|
# ? Sep 6, 2019 18:22 |
|
if anyone wants to submit some high-quality movie snapshots for this i'll happily take some. right now i am just grabbing my copies of movies, grabbing every 4 seconds, and then deleting whatever i don't want. some of the shots are intentionally non-sequitur
|
# ? Sep 6, 2019 18:22 |
|
The Fool posted:add sneakers and the net to your movie list it's in my queue to do
|
# ? Sep 6, 2019 18:22 |
Lain Iwakura posted:hey. i am working on a semi-secret project and need some help. can y'all help me add to this list of RSS feeds that will provide me with infosec news? i specifically want infosec and even more so if they're often sensationalised. it helps if i do not need to add filters to parse out what is infosec and isn't Then there's Ted Ungangsts (l)inks rss feed which contains both stuff he's interested in, as well as some of his own stuff like data exfiltration through receive timing (which I'm fairly sure I've linked before) and the recent article on implicit backdoors which is really loving devious and also impressive as all poo poo. Also, there's https://lobste.rs/t/security.rss although that's kinda cheating as it's from an aggregator.
|
|
# ? Sep 6, 2019 18:24 |
|
any shots out of those needed? (all full HD blu-ray rips, not re-encoded) also reccos for more hacker movies welcome lol
|
# ? Sep 6, 2019 18:39 |
|
not exactly a "hacker movie" but maybe Colossus: The Forbin Project might be fitting?
|
# ? Sep 6, 2019 18:54 |
|
Sniep posted:
i would happily take all but hackers. even if they're just every 3-4 seconds i can curate them after the fact Lain Iwakura fucked around with this message at 19:00 on Sep 6, 2019 |
# ? Sep 6, 2019 18:57 |
|
add in The Core ~*~HACK THE PLANET~*~
|
# ? Sep 6, 2019 19:13 |
|
wrote a quick c# program a while back that went though a directory and for each video file it found it 1) extracted the softsub 2) parsed out all dialog lines 3) took screenshots of the movie with the line subtitled and 4) wrote the file name + line to a .txt for ez searching. lmk if you want the code
|
# ? Sep 6, 2019 19:21 |
|
Lain Iwakura posted:i would happily take all but hackers. even if they're just every 3-4 seconds i can curate them after the fact on it. Sniep fucked around with this message at 19:43 on Sep 6, 2019 |
# ? Sep 6, 2019 19:25 |
|
Kuvo posted:wrote a quick c# program a while back that went though a directory and for each video file it found it 1) extracted the softsub 2) parsed out all dialog lines 3) took screenshots of the movie with the line subtitled and 4) wrote the file name + line to a .txt for ez searching. lmk if you want the code i might hit you up for that when i work on accessibility options
|
# ? Sep 6, 2019 19:26 |
|
Sniep posted:on it. thank you!
|
# ? Sep 6, 2019 19:26 |
|
https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/quote:A message about iOS security e: as a reminder since the media are now running with "well google were just hiding the android exploits in use" to apple's tune
|
# ? Sep 6, 2019 19:43 |
|
https://twitter.com/n0rm/status/1169901032102457348
|
# ? Sep 6, 2019 19:48 |
|
black cat hacker
|
# ? Sep 6, 2019 19:52 |
|
Lain Iwakura posted:eh screw it Might want to link to the original article as well. That'd make it easier to find them.
|
# ? Sep 6, 2019 20:02 |
|
Mustache Ride posted:Might want to link to the original article as well. That'd make it easier to find them. i considered it but i'd rather not. it's based on another bot idea and it doesn't link to them
|
# ? Sep 6, 2019 20:02 |
|
|
# ? Apr 25, 2024 03:05 |
|
sometimes it almost gets it right https://twitter.com/HackerMovieBot/status/1170050829732085765
|
# ? Sep 6, 2019 20:07 |