/cyb/ general: cyberpunk and cybersecurity

Ascension Edition

/cyb/ general is for discussion of anything and everything related to cyberpunk and cybersecurity.

>what is cyberpunk?
pastebin.com/raw/Jpci0dqD

>cyberpunk directory
pastebin.com/raw/HiTA1yXK

>nothing to hide? please.
youtu.be/pcSlowAhvUk

>cybersecurity essentials
pastebin.com/raw/0AjC2mcD

>cybersecurity resources
pastebin.com/raw/98vvNwcH

>thread archive
archive.rebeccablacktech.com/g/search/subject/cyb/

>thread backup
cyberpunked.org/

>irc://irc.rizon.net:6697
join #Sup Forumspunk and #Sup Forumssec

tags: cyb punk sec tech

Other urls found in this thread:

pastebin.com/UY7RxEqp
pastebin.com/raw/5a0y9hsp
arxiv.org/abs/1506.05869
github.com/wireapp
wire.com/en/
en.wikipedia.org/wiki/Wire_Swiss#Business_model
sandraandwoo.com/2017/05/11/0885-cyperpunk-2017-please-dont-sue-us-cd-project/
enigmail.net/
otr.cypherpunks.ca/
github.com/siacs/Conversations
github.com/siacs/Conversations#what-clients-do-i-use-on-other-platforms
youtu.be/pcSlowAhvUk
tldp.org/LDP/intro-linux/html/index.html
pastebin.com/raw/0AjC2mcD
vez.mrsk.me/freebsd-defaults.txt
github.com/vhf/free-programming-books/blob/master/free-programming-books.md
viva64.com/en/b/0377/
viva64.com/en/b/0496/
twitter.com/NSFWRedditImage

Wake me up when we have mind/machine interface

Bump

Seems informative.

pastebin.com/UY7RxEqp

Please get me out of this antiquated flesh and into a titanium shell.

nice resource. I know someone who's currently writing about non-edgy hacking an security topics, I'll provide a link when they're online

This is also a good resource linked in OPs cybersecurity resources paste.
pastebin.com/raw/5a0y9hsp

Human:
>What is the purpose of life?

Machine:
>To serve the greater good.

Human:
>What is the purpose of living?

Machine:
>To live forever.

arxiv.org/abs/1506.05869

Placing our brain into a synthetic shell only introduces a plethora of new cybersecurity concerns. As it stands only your environment can be hacked. In the future *you* can be hacked too.

Sec question, why is there still no good p2p encrypted distributed group messaging app?

tox

Why aren't we all using Wire?

>open source
>beautiful UI/UX
>audited crypto
>windows client
>macos client
>linux client
>android client
>ios client
>web client
>end-to-end encrypted text chat
>end-to-end encrypted group chat
>end-to-end encrypted audio calls
>end-to-end encrypted video calls
>forced encryption: no opt-in or opt-out
>email registration available
>no telephone number required

github.com/wireapp
wire.com/en/

There is seriously no other messaging client that does all of this.

because IRC is more 1337

How do we destroy mass surveillance before it gets even more accurate at identifying individuals?

Is there even hope?

Wasn't there some sort of PR disaster? That's bound to have put some people off.

because that "linux client" is just the webapp wrapped in electron
I want my software to have *native* client(s) for my platform

I remember there was a Blowfish addon for an IRC client ages ago. Is there anything like this still in use? I'm curious if anyone actually does forced end-to-end encryption on IRC anymore.

Yeah, but isn't that nitpicking at this point? I mean, what alternatives do we really have? I'd elect to have end-to-end encryption over fuss about electron.

So what do they gain from this? Wire seems to be a for-profit company, and the software is only open source for auditing, not to be built on.

Executive Chairman Janus Friis told Bloomberg that the company will "never create an advertising-based business model", but "might charge for certain premium services in the future".

en.wikipedia.org/wiki/Wire_Swiss#Business_model

Cyberpunk comics
sandraandwoo.com/2017/05/11/0885-cyperpunk-2017-please-dont-sue-us-cd-project/
...kind of.

We have had that for years. I guess you were asleep when it was announced.

Protip: your meatprocessor has already been programmed since birth. Or did you think those thoughts, moral structure and ethics belonged to you?

?

but that's a lot less direct then your synthetic shell being hacked to display McDonalds(tm) advertisements

>Protip: your meatprocessor has already been programmed since birth. Or did you think those thoughts, moral structure and ethics belonged to you?

Most of it, yes.

Well I guess one could argue instincts are "programmed" by evolution.

Daily reminder that necromancy is possible through dead cyborgs.

There is always social engineering as well.

what about necrophilia

Don't get me wrong, I live messengers and irc. Just as of late it feel like the safest way to pass information has been physically with say a flash drive or by mouth even depending on what it is.
Its just if half the shit the gop is saying about their abilities to track and breach, is there really a secure way to send content over the net anymore?

I can reasonably safely say that stuff like PGP isn't broken, so that's always an option (make sure to be weary of metadata though)
Physically sharing with a flashdrive doesn't really help unless you can be 100% sure your devices haven't been compromised, see: airgapping

okay cool, good to know about PGP.

I already know about airgapping. I guess what I mean is by not sending it online there is much less of an issue. Cause if its to the point you are worried about physical transfers, I'd say you've already been caught.

A lot of this was addressed in the OP links:

>encrypt your emails.
>PGP is pretty much all we have, but it is all we need.
>enigmail.net/

and

>encrypt your instant messages.
>for better or worse XMPP+OTR is still our best bet.
>otr.cypherpunks.ca/

How little has changed in the last ten years. We really need a second cypherpunk revolution.

If someone would just make a cross-platform electron app that used the Matrix protocol for e2e encrypted 1:1 chats and group chats we'd be in a whole new era of cryptography. How hard could this be?

for what it's worth

github.com/siacs/Conversations

>github.com/siacs/Conversations
If only it had a desktop client and supported group chat.

github.com/siacs/Conversations#what-clients-do-i-use-on-other-platforms
Desktop client is just other XMPP clients

>nothing to hide? please.
>youtu.be/pcSlowAhvUk
This was always a bullshit excuse. It's either social signalling that one is the "good guy" or absolving oneself of responsibility for not protesting the surveillance state.

Either way they're an asshole.

>I remember there was a Blowfish addon for an IRC client ages ago. Is there anything like this still in use? I'm curious if anyone actually does forced end-to-end encryption on IRC anymore.
Anyone?

Making it may not be too hard, its just getting stable support that would probably be the difficult part

How's my plan for digital anonymity?

>Wear a different mask every time I go out
>Wear dazzle camo makeup under mask in case it needs to be removed
>Purchase phone service under a pseudonym
>Connect phone to a nonlogging VPN and then to TOR
>Run Replicant with no gapps/proprietary software apart from necessary driver blobs (I figure I'm safer with the number of eyes on the AOSP/LOS/Replicant code than some obscure feature phone OS)
>Physically disable cameras, microphone, and Bluetooth
>Communicate through encrypted text message/email
>Pay with cash or buttcoin when possible
>Ride motorcycle with "accidentally" obscured plates (fewer cops will care compared to a car with obscured plates)
What did I miss? Is there a way to get a credit or debit card that isn't attached to an SSN? Is there a way to avoid facial recognition that's more compatible with physical anonymity?

Encirc?

holy shit that youtube url
>pcSlowAhvUk
>pc slow ah fuk

just call it /sec/ for cybersecurity

You can still find the thread with 'cybersecurity' in the title. Why must it also have /sec/?

any good books for linux beginners? Command line shell scripting etc?
Also any good math books?

cybersecurity is a meme word
infosec is better

Because it's a general.

Also this

These past weeks have been very depressing. First, security vulns in Intel ME (and there are more, for sure), then the unsandboxed JavaScript interpreter running as SYSTEM in Windows, and now another vuln in the shitty Linux network stack, along with grsecurity telling upstream to fuck off (and rightly so, admittedly).

What is left now that grsecurity won't be accesible to the general public? OpenBSD?

tldp.org/LDP/intro-linux/html/index.html

Noted. I will use a different title in future posts. I primarily wanted to to remove dead links, out of date advice, and bad resources from the old pastes. I hope the new ones are more helpful and organized.

I would also appreciate feedback and criticism of the "cybersecurity essentials" in particular: pastebin.com/raw/0AjC2mcD

Thanks.

>he doesn't use OpenBSD

>He doesn't use FreeBSD

touche

vez.mrsk.me/freebsd-defaults.txt

Hey guys, what's stopping NSA from conducting a mass social engineering campaign against anti-forensics?

I just realized the OP has so much fucking information within the /sec/ resources link
github.com/vhf/free-programming-books/blob/master/free-programming-books.md

Nothing. I don't think enough people care for it to a priority though

Because mass social engineering is a problem, and that same problem is enforced to prevent any cyberpolitics to effectively take place on cyberspace

I never said it was perfect out of the box. Fortunately there's a simple guide on hardening it.

FreeBSD isn't really secure. It's not only bad defaults, they don't take security seriously.

viva64.com/en/b/0377/
viva64.com/en/b/0496/

>just call it /sec/ for cybersecurity
In which case /cyb/ will appear once again. In theory /cyb/ and /sec/ should be a good match yet when you look at the actual discussions here there is little connect between these topics.

Personally I have an interest in electronic warfare (EW) and tried to fire up a discussion about that a few rounds ago but that went essentially nowhere. There is some conflict and some synergy between EW and /sec/ and would be /cyb/ since it relies more on finesse than brute force but it seems perhaps too left field here.

I would be quite interested in that, maybe you could make a thread on lainchan.jp/cyb/ about it? People might be more interested there, I sure am.

Post a comparable audit for OpenBSD or Debian, please.

>Personally I have an interest in electronic warfare (EW) and tried to fire up a discussion about that a few rounds ago but that went essentially nowhere.
>I would be quite interested in that, maybe you could make a thread on lainchan.jp/cyb/ about it?
I second this. Just because it isn't appropriate here doesn't mean it wouldn't be successful elsewhere. I can't speak for everyone, but I would be interested.

Fucking awesome OP,

We have XMPP + OTR, that's why.

>decide to check out the TSUKI project
>it's some /cyb/erpunk meme cult about lain
sounds neat

>uses discord
what the fuck?

Yeah, when it was at about 700 it had the nice small website, genuinely weird vibe going on. Now they've made it blatantly obvious that it's an ARG, what with all the changing of the usercap, and suggesting moving the date around and shit.

They also changed the wording around to make it not a suicide cult anymore. They "clarified" that the July 1st date was simply a registration date, not a migration deadline as was originally heavily implied.

I'm pretty disappointed honestly, now all that's left in the inevitable ARG regression is for the guy to break character once it hits enough users to sustain itself.

>Yeah, when it was at about 700 it had the nice small website, genuinely weird vibe going on. Now they've made it blatantly obvious that it's an ARG, what with all the changing of the usercap, and suggesting moving the date around and shit.
How could have that possibly have been avoided? You're basically asking them to freeze time.

>They also changed the wording around to make it not a suicide cult anymore. They "clarified" that the July 1st date was simply a registration date, not a migration deadline as was originally heavily implied.
Isn't that the responsible thing to do? Websites like that can really fuck with people with pre-existing mental illness like schizophrenia. I'm sure someone with severe psychosis already killed themselves.

>I'm pretty disappointed honestly, now all that's left in the inevitable ARG regression is for the guy to break character once it hits enough users to sustain itself.
We pretty much knew that they wanted to evolve towards an actual long-term community when they affiliated with lainchan.jp. You don't take the time to affiliate with another website a month before you kill yourself.

>How could have that possibly have been avoided?
Not him but picking a date that isn't so close would do it.

>I'm sure someone with severe psychosis already killed themselves.
One of the clauses is you don't get to see Lain if you die before the set date.

The site is having an identity crisis, the people there thinking they had an inner circle suicide club are upset that it's expanding. And it doesn't seem to be very cyberpunk outside of the aesthetics.

The Discord is a pretty big deal, and any cyberpunk community that uses Discord officially is well, not cyberpunk. It's a proprietary chat program for video games.

This is 60335356 here and I must say those are all pretty valid points.

I'm also curious if you personally were one of those types of members to which you are referring?

are there any decent cyberpunk movies beside matrix and bladerunner?

I don't think the site is bad for what it's doing, it tried to do something really neat it's just having trouble making that transition from ironic cyberpunk suicide club to lainchan-esque community. The purpose of the site is being lost in the process, it's not a suicide cult and it's not a hardcore cyberpunk community. So who is it for?

The userbase doesn't know, they're all worried about "normies" ruining their secret club and begging for the registrations to close. But they aren't meant to close.

Nah, I only watched it's growth as something kinda neat and silly. I've got no desire to kill myself, and if I did it wouldn't be with a bunch of channers on a lain worship site.

Is it more /cyb/ to be fat or /thinspo/?

Slight chub.

If I can see the bones in your cheek or your chest you are not /cyb/

If you aren't a skeleton surviving only on soylent, stims, and soykaf you aren't /cyb/

nope, you described a disgusting slum dweller at most

>How could have that possibly have been avoided? You're basically asking them to freeze time.
Cap it when you said you would, nuke it when you said you would. Not everything needs to grow and flourish, some things can be transient. Have a bunch of fun up until July 1st, end with a huge party, then replace the homepage with a huge

"THE WORLD HAS CLOSED"

text and leave it. It could have been beautiful, now it's just like everything else.

>when you download vaporwave420trakmix.docx and it hacks you ironically but the creators went long on Ronaldcoin so the pirate advertising causes the 3rd Ethereum hardfork that day because of moral ambiguity around whether burger branding should be legally recognized by our benevolent DASI overlords and among them the rogue sentient avatar of Wendy's enters a prediction market with a bet that the maintainers of vintage computing platform Macrohard 1984 will still be alive in a week thereby incentivizing a band of autistic Ukranian misfits to engineer a virus that specifically targets the developers whose genomes were leaked in the great UNIT (United Nations Identification Tripcode) database hack of 202X but the Macrohard developers are all NEETs living on basic income from the Swiss Empire and have biowarfare threat level VI rated drone airlocks for receiving tendies so the attack fails and it turns out Wendy tipped off the developers to collect the assassination prediction money from the Ukranian biohackers and then posts smug memes which become self-aware and counter-hack the vaporwave producers but that's their fetish so they start making pornographic VR music environment tributes to smug pr0nographic self-aware Wendy memes and several months later pornhub releases their yearly statistics report detailing their confusion over why Wendy's has suddenly become their most popular catagory and why most of their new premium users are unable to answer captchas.

Is this fresh pasta? On Sup Forums?

>tfw you live in a universe exactly like this but the names are different
>tfw this is reality

Yep.

I've got another 7000 words of similar stuff thanks to NaNoWriMo where I failed hard but not spectacularly to reach the 50K goal.

It's only a matter of time...

...

That's the greatest shit I've read all day

merging /cyb/ and /sec/ had its ups and downs. the ups are are more active thread, more people talking and contributing to conversation. but the downs are /cyb/ does drown out /sec/ and most people that come from /cyb/ to /sec/ are new. what i mean by this is many people from /cyb/ do not know how to use ssh or irc. these are just two examples but think about if they do not know how to use either of those and can not take the time to look up how to use them then they should not be learning how to into /sec/. anyone in /sec/ will tell you that it is critical to understand that system you are going to exploit and your tools before you can do anything

>many people from /cyb/ do not know how to use ssh or irc
>if they do not know how to use either of those and can not take the time to look up how to use them then they should not be learning how to into /sec/
yet when people offer to teach you find idiots supporting the elitist trolls

You're welcome.

Your compliment has been logged and automatically added to my user reputation at your expense.

it is not about people being willing to teach the new. it is about the new not having the initiative to learn themselves. something as simple as how to use an irc client or ssh into something have a surperfluous amount guides.

I suspected somebody would say that, discarding hacker culture tradition of sharing information and teaching the new batch

Lets cut the crap, I know some trolls are behind this shitty attempt at forbidding free flow of information, you can tell those fuckers to stick a pole to their asses

And you my friend, you are manipulated, I don't fucking care if they won your "trust" on IRC private messages or what gives, but if you are helping assholes guess what that makes you

this has nothing to do with culture or the free flow of information. if someone does not have the common sense to look up something they do not know before asking for help then they have no place trying to learn security. security in general requires an immese amount of self study. how am i being manipulated if i do not go to irc.

if you have nothing to share and nothing to learn, do you say you belong here?

how do you know if i have nothing to share or learn and you should ask youself that question

is a straightforward question, which you didn't answer

so, if you have nothing to share and nothing to learn, do you say you belong here?

i do belong. and why do you not answer anyone of my questions?

I do share, and sometimes I do learn, which answers my own question

but you get interested in my question all of a sudden, weird, because you expect everybody here learn stuff outside of this thread

I seriously hope you won't stop anybody to share and learn here though

i never said i expect people to exclusively learn outside this thread. how can i stop anyone from learning over the internet