/tech/ - Technology★

Computing has been being steered by memers for years now. It's fashionable now for soyboys to open heartbleed.com or meltdown.asd on their macbook with a coffee and gossip to their coworkers about the issue and make a knee jerk reaction about how to fix it with some ad-hoc crap they only thought of because they read the vulnerability.

>just use Rust

>just use Go

>use this new X509 lib that i just made last night

>muh forward secrecy

>but from what I gather, most of it could be dodged by simply using plaintext email.

correct but I haven't read the new GPG bug yet which could be a real issue, but

>The EFF on the other hand, decided to tell readers of their blog to STOP USING PGP ENTIRELY!! [about efail]

Exactly. It's been very trendy for years now to be against OpenPGP and use whatever meme system just came out 5 minutes ago instead. While OpenPGP isn't great, I trust these new projects even less.

That said GPG has and always will have huge issues for being a UNIX Way shit. You can't tell what it's trying to tell you because the console could have all kinds of metacharacters, the way of identifying people is broken, and there's no real API so programs will misinterpret what GPG is saying, and it's some huge ass code written in C. But like I said, all the solutions are just ad-hoc crap created by knee jerk reactions as opposed to real engineers, so really there's no good solution to issues like this right now.

>>930942

The gpg bug had nothing to do with gpg security. It had everything to do with HTML in email. You can fix this bug by using the latest version of enigmail on thunderbird

>>930942

>It's fashionable now for soyboys to open heartbleed.com or meltdown.asd

You nailed it. They also love to accompany the exploit with the perfect logo, and then they can call themselves a "security consultant".

>but from what I gather, most of it could be dodged by simply using plaintext email. The EFF on the other hand, decided to tell readers of their blog to STOP USING PGP ENTIRELY! It was also easy to see in some of those articles that they were shilling hard for Signal: a centralized """private""" messaging app.

It's a good thing that you research further anon. Find what's best for yourself, if there is some kind of criticism or crisis, dig deep and long. It's always best to find what is best for you and not what some market tells you.

Well, Heartbleed was massive and it was used for 2 years before being fixed.

Anyway, I've long considered EFF a fake privacy organization. They recommend addons that don't do shit (privacy badger...), do not track header (does nothing and actually could worsen your fingerprint). They write dumb articles such as "Facebook Has A Consent Problem---And The Solution Starts With Transparency". The "solution" is not using facebook, because it is a botnet by default. And they recommend suspicious programs like whatsapp.

>>931039

I don't really pay attention to them, but is it possible they were once pure but later subverted?

OP here

>>931039

>>931043

>is it possible they were once pure but later subverted?

I think that's likely. Going off of this:

>They recommend addons that don't do shit (privacy badger...)

in the past, I used to use privacy badger, and it actually did very well. It learned fast and quickly started blocking cookies and denying trackers. It was rather comfy.

Recently I just reinstalled it, and it doesn't do jack shit. Eventually it did start blocking some things, but it took way longer than it did when I used it before.

>>931115

>le "your hardware has issues so forget about all other security measures" maymay

On a side note though, I will be getting POWER9 for my next PC, and likely purism for my next laptop unless some actually decent non-x86 laptop comes out between now and then.

>>930896 (OP)

>However, I feel that this could become a very bad trend, and could be used by (((them))) for nefarious purposes. Certain actors with malicious intents could over-hype or fabricate vulnerabilities in an attempt to sway the public's choices and mislead them.

>90s era

>browser vulnerabilities and drive by downloads

>people getting malware without being tricked into manually downloading anything

>"i'm not clicking that link" mindset

>big shift from web surfing to staying on a few "safe" websites and big hubs

>>930968

There's ANOTHER GPG exploit now that let's you spoof headers even on PGP encrypted emails.

>>931162

> le "your hardware has issues so forget about all other security measures" maymay

I didn't say forget about them, in fact they are more important than ever. But it's a loser's game to constantly play with patches and various kludges when the foundations themselves are fucked. The fact that you want to move to antoher architecture tells me you realize that x86 is fubar.

>>931177

It's not a single bit better than it was then. The "i'm not clicking that" mindset still exists, and now other retarded shit like "I wont use teamspeak instead of Discord because someone will get my IP address"?

>>931208

>I didn't say forget about them, in fact they are more important than ever.

whew. At least you're sane unlike some other anons i've seen

>The fact that you want to move to antoher architecture tells me you realize that x86 is fubar.

Yeah it pretty much is. There's still a possibility that things could improve, but i'm not holding my breath.

btw, what happened to MIPS? I know that shitty netbook stallman liked was MIPS, as were a lot of the old SGI workstations, but nowadays it's like it disappeared off the face of the earth.

Comes to mind BadUSB, which was hyped as the ultimate physical access vulnerability due to the fact that it affected all operating systems and was "LITERALLY UNPATCHABLE LOL", just to discover the worst it can do is type stuff in your machine. Good luck trying to open a command prompt in my i3 with your shitty "cross platform" USB macros, tho.

>how do you get "x"?

just stab them a couple times, youll get x

>how do you keep people from getting your "x"?

you dont, anybody who even talks about stabbing me a couple times, im going to give them x

Back in the day normies had a "lmao nerds" mentality and didn't care about tech. So the only audience for exploits were other technical people. So if you wanted to be somebody the best exploits to find and talk about were the legitimately dangerous, non-trivial ones. There was no incentive to make mountains out of molehills because most people would easily see through the hype and ignore you.

Over the past 2 decades, as internet and computers became mainstream among progressively stupider consumers, they brought their shitty attitude of quasi-religious magical thinking: They identify some talking head "expert" (probably propped by corporate media) who is designed to give off just the right hip&cool vibe to the normie. The normie accepts these characters because they seem cool, and also because their other authority figures and friends meme them as such. Remember, the normie does not want to learn or understand. He wants just to be told what to do, what to think. When normies accepted tech, they brought this attitude with them, and suddenly there was demand for meme tech experts. Now the determinant of value shifted from relevance of the exploit, to how authoritatively you can hype it. This is what you are describing, OP: Non-issues, blown up into real issues, by wannabe (((experts))) trying to make a name for themselves, and (((tech media))) propping them up in a quest to secure their own name as the place to hear about the latest and coolest expert.

The vulns are at least technically real, since if they were completely fake it would be to easy for real experts to come out of the woodwork and discredit them. But if the hype is confined to magnitude of impact, which is ultimately a subjective thing, fake experts can fully leverage their media support to meme irrelevant vulns while distracting from real issues and real solutions.

>I really hope this doesn't become a big trend.

Unfortunately I think it will only continue to grow. Isn't it something like only 2 billion people have internet? Imagine what happens when all the africans and indians get connected. Imagine what will happen when kids today who grow up with youtube become the main demographic. You thought the "TV generation", Hollywood telling people who to vote for was bad? Wait till society defaults to always doing what their twitter, instagram and youtube "influencers" say.

Our only hope is to somehow segregate ourselves into a parallel platform, that is both technically difficult and also inherently uncool to normies, where we can get back to being able to have sane discussions in peace. At least until someone popularizes it, and the cycle has to repeat...

>>934555

>When normies accepted tech, they brought this attitude with them, and suddenly there was demand for meme tech experts.

I forgot to say, there is also a sort of race to the bottom among these meme experts. Since the meme tech expert does not have to actually be an expert on tech, the only required skill is to market yourself, as such there are countless upstarts trying to dethrone an established one. If other experts start talking about whatever latest trendy exploit and you don't, you rapidly lose cool status in the eyes of your normie audience, and they will instead go to those competitors that do talk about it. So shitty commentators who will latch on to literally every single overhyped meme, and then amplify it even more, naturally rise to the top and become prominent. And that's how we got to where we are today.

>>931739

You missed the point. BadUSB is not about keyboard emulation at all, and your shitty threat model considers security through obscurity. The biggest threat about BadUSB is that a malicious flash drive can pretend to be any device such as network card and sniff your network traffic if your OS is configured to accept it by default, but also it could exploit a USB driver and execute malicious code at kernel level without the need for command prompt and root password.

>>934555

You come up with a bunch of boogey-strawmen and debunk them in the next sentence. "Normies", "meme". What exactly do you want to say? Stop watching Linux Foreskin Tips and read actual bug reports/descriptions. The exploits are real, people who talk about them first-hand, the real kernel/software developers usually make explanation websites with colored pictures to attract journalists and spread the word to less-inclined folks so those people would not forget to update their puters.

>boohoo normies are dum-dum

Not everyone is a computer technology wizard, it is impossible for every human to be well-versed in all directions, I highly doubt you'd understand what those "normies" do for their living even after a brief introductory article in a subject-related publication, like construction methods, company management or surgery. But I agree with you on some points, today technological literacy is becoming the new literacy in "ability to read, write and do arithmetic calculations", as if it already hasn't become. remember when big-corp CEOs said things like "teach you children how to program, it'll help them a lot in their life". Guess, that wasn't of a bad advice innit?

>>934639

You missed the point. BadUSB is not about a malicious flash drive pretending to be any device. The idea behind BadUSB is that you exploit a regular flashdrive and install custom firmware in order for it to do malicous things.

>>934648

That's what it means to charge a mass-storage USB disquette with malicious firmware.

You have to hype vulnerabilities as otherwise no one cares. Everyone shit themselves over heartbleed and shellshock and buried my company in emails even though we don't have a webserver on our product. Meanwhile, glibc had a resolver bug so severe that it could have led to a worm taking down the internet and there were many puckered assholes behind closed doors in networking yet no one noticed as it wasn't hyped.

>>934639

>You missed the point. BadUSB is not about keyboard emulation at all,

But it is. It was explicitly listed as a usecase, when it came out.

>and your shitty threat model considers security through obscurity.

No, my "shitty" threat model considers that, given the infinite combinations of input states your computer could be in and keybindings, it would be impractical or even impossible to program the macros for all possible keybindings, specially considering USB have no idea about that, and so the macro should find a common way to exploit all computers in all possible states, so a mass infection scenario is unlikely, a server infection scenario is unlikely because more often than not they run without any users sessions open, and thus would require for the attackers to already know the password, and basically, only personal desktops and laptops would be vulnerable if you are being specifically targeted.

>The biggest threat about BadUSB is that a malicious flash drive can pretend to be any device such as network card and sniff your network traffic if your OS is configured to accept it by default

If I recall correctly, USB network adapter imitations could only attempt to make the OS or the user download bad and potentially malicious data when connecting to the Internet. There was a proof of concept attack for that shit, which was pretty clever, but required having an open browser making unencrypted connections to a site, and then hacing your cache enabled, which you shouldn't have in any secured setup. That, and the default behaviours of Windows and OS X, that apparently are dumb enough to send user credentials to the USB in the case of OS X, I think it outright gave the USB the credentials to access the computer, whereas Windows sent the hashed password

>but also it could exploit a USB driver and execute malicious code at kernel level without the need for command prompt and root password.

No shit. That's far from "literally unfixable", though.

As far as vulnerabilities go, it's pretty shit, even though it was hyped to hell and back.

>>934684

nobody cares about networking except sysadmins, cisco pajeets and reebsd users

>>934639

USB can be used for DMA attack also. Then you don't even care about the CPU or OS, you can just directly crawl the entire memory.

>> 934639

If you can't even understand basic imageboard terminology, r/technology might be more your speed. They are very welcoming to newbies as well so you can wallow in a cesspool of credulous retards to your heart's content.

>>935218

Ebin cuckchan and reddit menes and exaggerated straw-man mental gymnastics with wild urge to label things you don't like with trendy words are now considered imageboard terminology.

okay, c00l kid, you owned me, totally got trolololled xD

Stop talking like a teenager and get to the facts. This cryptic language doesn't indulge it's users to productive conversation which is problematic for a technology forum.

>> 935997

>complains about cryptic language (just standard imageboard vocab that everyone has been familiar with for years)

>packs his post full of meme terms like it's a competition

>says i talk like a teenager

>make typos a 12 year old would make

How are you even not funposting, sheesh. I'm afraid I'll have to dock another one of your (You)'s!