Rocksolid Light

Welcome to RetroBBS

mail  files  register  nodelist  faq  

He is the MELBA-BEING ... the ANGEL CAKE ... XEROX him ... XEROX him --


rocksolid / Social / None

SubjectAuthor
* NoneAnonymous
+- Re: NoneAnonUser
+- I am not anyones subjectAnonymous
+- Re: noneAnonymous
+- NoneAnonymous
+- you are targeting zealotsAnonymous
+- NoneAnonymous
+- yeahAnonymous
+* NoneAnonymous
|`- Re: NoneAnonUser
+* this is some heavy shitAnonymous
|`- Re: this is some heavy shitAnonymous
+- NoneAnonymous
+- NoneAnonymous
+- why hide the tools ?Anonymous
+- looking forwardAnonymous
+- NoneAnonymous
+- hide the toolsAnonymous
+- Re: hide the toolsAnonymous
+- NoneAnonymous
+- NoneAnonymous
+- smartcards ?Anonymous
+- NoneAnonymous
`- How do you make the sig files ?Anonymous

1
Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Tue, 17 Nov 2020 23:26 UTC
Attachments: 000003-new-posts.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Tue, 17 Nov 2020 15:26:13 -0800
Organization: def2
Message-ID: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=38bd70277a1ad0207ea4fa21fad09f83dee134ba
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="18549"; mail-complaints-to="usenet@i2pn2.org"
View all headers
new posts up in http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/

comments and questions welcome.


Attachments: 000003-new-posts.asc (text/plain)
Subject: Re: None
From: AnonUser
Newsgroups: rocksolid.social
Organization: Rocksolid Light
Date: Wed, 18 Nov 2020 00:54 UTC
References: 1
Path: i2pn2.org!rocksolid2!.POSTED.localhost!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.social
Subject: Re: None
Date: Wed, 18 Nov 2020 00:54:14 +0000
Organization: Rocksolid Light
Message-ID: <606609f2eeee41e186c7e6121021c539$1@rslight.i2p>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.org; posting-account="retrobbs1"; posting-host="localhost:127.0.0.1";
logging-data="18339"; mail-complaints-to="usenet@novabbs.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Spam-Level: *
X-Rslight-Site: $2y$10$nnRAW3J5nMMlWLYlNiPC/ejn0DTuzYUCmB5XKljsT7RFZHTO.n.t6
View all headers
Anonymous wrote:

new posts up in http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/

comments and questions welcome.

oh i see where you're going with this. interesting. looking forward to see your ideas/solutions.

--
Posted on Rocksolid Light
rslight.i2p


Subject: I am not anyones subject
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Wed, 18 Nov 2020 09:42 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: I am not anyones subject
Date: Wed, 18 Nov 2020 01:42:25 -0800
Organization: def2
Message-ID: <soc.98.3a7fvy@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="30144"; mail-complaints-to="usenet@i2pn2.org"
View all headers
yeah, nicely written. appreciate somebody actually taking the time to put out a text which expresses genuine ideas and thoughts, and does it in a way that makes it fun to read, too.
like you said, the problem of a platform independent identity can be solved by cryptographic means, like public key encryption and signatures. there are some remaining risks, but they are relatively small.
the only program I know that can be used today for this is pgp. Would be simple to write a client that distributes signed content to whatever platform.
I also like the idea of a cypherspace extending into various electronic platforms, as well as into meatspace (although there are practical limitations in terms of decryption of paper based messages).

Private communication is yet a totally different topic imo, requiring different approaches for the solution. For public communication your ideas make more sense to me.

Two things are missing for me:
 
1) you cannot exploit what isn't existing: if you don't want identities to be exploited, don't have identities. In many cases, discussions are anyway better if they are anonymous (like on this platform), because then it is  the best argument that prevails, not the person with the best reputation. There are limits to this approach, but I believe it is good to use it whenever possible.

2) if you take away the centralization and use distributed/federated services, many of the problems still exist, but are not as severe. usenet, syndie or bitchan could go a long way to fight abuse of public and private data. especially the syndie approach is very useful, where you have a platform that is just using many different channels to distribute the same content. just a shame that it is so messy and not maintained (although I saw an alternative gui package for debian lately, maybe somebody took it from where it was dropped ?).

and a suggestion for the links: would be easier for your readers if you linked directly to the recent texts instead of linking to the directory only.

--
Posted on def2


Subject: Re: none
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Wed, 18 Nov 2020 10:18 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: Re: none
Date: Wed, 18 Nov 2020 02:18:17 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.99.36jdop@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="1046"; mail-complaints-to="usenet@i2pn2.org"
View all headers
https://en.wikipedia.org/wiki/Osiris_(software
http://www.osiris-sps.org/

just a pity that so many projects start with the same targets, but eventually just go to sleep and never wake up again....

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Wed, 18 Nov 2020 21:48 UTC
References: 1
Attachments: 000004-feedback-reply.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Wed, 18 Nov 2020 13:48:46 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.100.990nt@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=58db39c3004f1f5f8e42fdb981dbc065e33bc180
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="3132"; mail-complaints-to="usenet@i2pn2.org"
View all headers
02854752512f188181

happy to hear it was an enjoyable read.  there are other programs out there besides pgp that can be used for this (e.g., openssl/libressl), and i hope to bring some attention to these at some point.

1) you cannot exploit what isn't existing: if you don't want identities to be exploited, don't have identities. In many cases, discussions are anyway better if they are anonymous (like on this platform), because then it is  the best
argument that prevails, not the person with the best reputation. There are limits to this approach, but I believe it is good to use it whenever possible.

reputation and identity are very tricky subjects.  i could wring quite a few posts out of them.  it may ease your mind a bit to know that my interest lies less in a reddit-like "global points system" and more in a web-of-trust-like system.  i am also not as much interested in creating one single definitive tool as i am in fostering the creation of many tools, each of which may express a different perspective regarding how reputation ought to be figured.  (some of which may very well be reddit-like, but this is not my personal interest.)  i don't expect to personally come up with the best approach of all time or anything.

this sort of open-endedness is part of why i expressed "cypherspace" in such general terms in my last post.  while there _will_ be concrete tools produced, they will ideally be discrete and independent of each other, producing a lot of fragments and approaches.  eventually standards may arise, but the more people are encouraged into a deep understanding of the tools they are using, the better.  each component should be very simple, each system should also be simple, but the totality of all systems probably won't be.

the limitations that a lack of a reputation system imposes are what have driven me in this direction.  any coherent view of reality beyond our own immediate experience of it will necessarily involve reputation of some kind.  none of us
 have a direct experience of everything going on all the time, none of us have perfect knowledge, and none of us are the best at everything.  reputation is a heuristic that allows us to do better together than we could do individually.  it's certainly not perfect, but it's quite useful.

while i like the idea of "the best argument" prevailing, i don't believe that this happens in anonymous spaces very often.  people tend to overestimate their ability to suss out shaky evidence and poor arguments.  i do believe it could happen more if a system for modeling logical relationships between arguments and facts were put in place and repetitive arguments were deduplicated.  verbal arguments are imprecise, often poorly organised, and tiresome.  it would also have to enable surfacing the implications of changes in facts.  it might even be useful for it to support different systems of formal logic, since different systems of formal logic are better suited for modeling different things, but
that's almost certainly getting ahead of ourselves.  however it is implemented, some form of reputation will likely _have_ to play a part in what reported facts one chooses to believe.  "evidence" is often easy to fake, and it will only get easier.

2) if you take away the centralization and use distributed/federated services, many of the problems still exist, but are not as severe. usenet, syndie or bitchan could go a long way to fight abuse of public and private data. especially the syndie approach is very useful, where you have a platform that is just using many different channels to distribute the same content.

yes, these are interesting.  as you note, they don't totally solve the problems inherent to centralised platforms.  taking an approach that is not dependent on any particular platform or set of tools means that these services can likewise be tools available to us, even if they are not solutions in themselves.  in combination with other tools, they may be part of a solution.

fa2600bd5844aba1bf

yes, it's a shame.  for what it's worth, my own greatest hope is to create people who create projects.  if it becomes entirely normal for every group of ten friends or so to have, for example, a bespoke (if limited) private communications platform cobbled together from independently developed parts, i will have succeeded beyond my wildest dreams.  i don't expect to create an integrated, one-size-fits-all solution.  i only expect to show my work and my reasoning, breaking it all up into small parts, and in so doing contribute to the cognitive tooling available to others attacking the same problems.  if i disappear in the middle of it, the fragments i leave behind will hopefully be small enough and general enough to be useful on their own.


Attachments: 000004-feedback-reply.asc (text/plain)
Subject: you are targeting zealots
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Thu, 19 Nov 2020 07:08 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: you are targeting zealots
Date: Wed, 18 Nov 2020 23:08:02 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.101.2bjiwe@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="30570"; mail-complaints-to="usenet@i2pn2.org"
View all headers
58db39c3004f1f5f8e
entirely normal for every group of ten friends or so to have, for example, a bespoke (if limited) private communications platform cobbled together from independently developed parts

let's be clear, you are writing your software for nerds and zealots. john and jane doe sadly don't do any effort that goes beyond doing two clicks in their google playstore. look at the user numbers of all the big platforms like facebook et al if you don't believe me.
I think the best one could with any potential solution would be to make it as easy to install and to use as possible. only than their will be a significant number of users (look at the popularity of debian vs ubuntu and mint if you want another example).

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Thu, 19 Nov 2020 07:28 UTC
References: 1
Attachments: 000005-well-yes.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Wed, 18 Nov 2020 23:28:42 -0800
Organization: def2
Message-ID: <soc.102.45h0yb@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=e0f7f8415886c9b75942f4f27b88e4f490246494
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="2947"; mail-complaints-to="usenet@i2pn2.org"
View all headers
8c177e40f2b938cdf1

well, yes.  i did say "beyond my wildest dreams."  i have no expectation that this will happen.


Attachments: 000005-well-yes.asc (text/plain)
Subject: yeah
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Thu, 19 Nov 2020 17:25 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: yeah
Date: Thu, 19 Nov 2020 09:25:15 -0800
Organization: def2
Message-ID: <soc.103.1ou44j@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="21948"; mail-complaints-to="usenet@i2pn2.org"
View all headers
e0f7f8415886c9b759
did not want to discourage you, btw.

One more thing to comes to my attention: you posted all this on /social, not on /code. so this is a human topic for you, not a technical one, and I think this is the right approach.

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Fri, 20 Nov 2020 20:21 UTC
References: 1
Attachments: 000006-new-content.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Fri, 20 Nov 2020 12:21:59 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.104.3jl0p5@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=9f30ad752a1ce1fb66a95e273dfcfd5b89606397
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="17747"; mail-complaints-to="usenet@i2pn2.org"
View all headers
new content:

http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/003-steganography.md

http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/stegobot/readme.md

to avoid turning every thread in /soc into a "new post announcment" thread, i will just update this thread when i have new content.

783dd53ef51531fc65

thanks for the encouragement.


Attachments: 000006-new-content.asc (text/plain)
Subject: this is some heavy shit
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Fri, 20 Nov 2020 21:21 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: this is some heavy shit
Date: Fri, 20 Nov 2020 13:21:47 -0800
Organization: def2
Message-ID: <soc.105.3xyk5v@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="28568"; mail-complaints-to="usenet@i2pn2.org"
View all headers
9f30ad752a1ce1fb66
http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/stegobot/readme.md

this is some heavy shit. do you think this is realistic ? do you think that you could make something like that ?

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Fri, 20 Nov 2020 22:27 UTC
References: 1
Attachments: 000007-i-think-so.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Fri, 20 Nov 2020 14:27:08 -0800
Organization: def2
Message-ID: <soc.106.18x6h@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=9c6644a34d802ec96ae29ba798ad39c281a9a9ca
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="9726"; mail-complaints-to="usenet@i2pn2.org"
View all headers
cc0fd424b34c9067ff

i think i can produce or procure the necessary components.  enough to make a proof of concept.  i make no promises regarding ease of use or robustness.

if what we have now is the titanic, then what i am building may be no more than a life vest.  one wouldn't prefer it, but it's better than nothing if the ship is sinking.


Attachments: 000007-i-think-so.asc (text/plain)
Subject: Re: None
From: AnonUser
Newsgroups: rocksolid.social
Organization: novaBBS
Date: Fri, 20 Nov 2020 23:51 UTC
References: 1 2
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonUser@novabbs.i2p (AnonUser)
Newsgroups: rocksolid.social
Subject: Re: None
Date: Fri, 20 Nov 2020 23:51:54 +0000
Organization: novaBBS
Message-ID: <9181a8c86f6e0f0409679a4940c8ff99$1@www.novabbs.com>
References: <soc.96.hznxw@anon.com> <soc.104.3jl0p5@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="26114"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Spam-Level: *
X-Rslight-Site: $2y$10$KIomgnbuaxalHMLat9tVx.L9HgV2TqDjyxRiAtOiJuFE0Izw4Wt8C
View all headers
Anonymous wrote:

new content:

http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/003-steganography.md

I find this point to be very important "if or when strong encryption is outlawed, one may not have any other alternative. in such a case, having tools, techniques, and procedures already in place to ease migrate from openly secure communication to covertly secure communication would be advisable"

It's much better to be ready for something like this, which is something many govt's would like to happen, than to try to recover with no tools. I see government's need to know everything citizens are saying to be like the abusive husband who monitors his wife's phone, email etc. It's an abusive relationship based on fear and control.


--
Posted on novaBBS
www.novabbs.com


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Sat, 21 Nov 2020 10:42 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Sat, 21 Nov 2020 02:42:04 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.108.176nkd@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="2998"; mail-complaints-to="usenet@i2pn2.org"
View all headers
1e249473453aeb7e20
How do you go about hiding these tools, code obfuscation? Steganography isn't good for large amounts of data either but that's not the usecase.

--
Posted on def2


Subject: why hide the tools ?
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Sat, 21 Nov 2020 22:39 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: why hide the tools ?
Date: Sat, 21 Nov 2020 14:39:19 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.109.3bn45e@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="3142"; mail-complaints-to="usenet@i2pn2.org"
View all headers
73c39d87ff4940dc48
if you assume that not only the content that is posted somewhere will be monitored by the government, but also the programs that you use to post it I think there is no point in spending time to obfuscate code: in such an extreme situation you would not have the ability to run code that is not whitelisted (by checksum, most likely). in other words, if you cannot control your os and what runs on it, you are lost anyway. in this case you should rather spend time to learn to hack your system and take back the control.

--
Posted on def2


Subject: looking forward
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Sat, 21 Nov 2020 22:47 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: looking forward
Date: Sat, 21 Nov 2020 14:47:25 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.110.2n4ag8@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="4318"; mail-complaints-to="usenet@i2pn2.org"
View all headers
9c6644a34d802ec96a
you want, you have a beta tester right here.

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Sat, 21 Nov 2020 23:05 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Sat, 21 Nov 2020 15:05:44 -0800
Organization: def2
Message-ID: <soc.111.64zxb@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="18162"; mail-complaints-to="usenet@i2pn2.org"
View all headers
b9f2f0d2de3f4b074f
if you assume that not only the content that is posted somewhere will be monitored by the government, but also the programs that you use to post
This is more about after the fact inspection and artifacts created by the tools, not mandated hardware, that's further down the line.
you are lost anyway
I'm on this side of the fence but that doesn't solve practical problems.

--
Posted on def2


Subject: Re: this is some heavy shit
From: Anonymous
Newsgroups: rocksolid.social
Organization: novaBBS
Date: Tue, 24 Nov 2020 17:55 UTC
References: 1 2
Path: i2pn2.org!.POSTED!not-for-mail
From: Anonymous@novabbs.i2p (Anonymous)
Newsgroups: rocksolid.social
Subject: Re: this is some heavy shit
Date: Tue, 24 Nov 2020 17:55:52 +0000
Organization: novaBBS
Message-ID: <6db54112acb38ae5fe3993be2d2e6a4c$1@www.novabbs.com>
References: <soc.96.hznxw@anon.com> <soc.105.3xyk5v@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="29250"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Spam-Level: *
X-Rslight-Site: $2y$10$NYvCTcBSc/y9.XqaEWeSLeViIjZMSifQ98KDzLlXkuouQ3cj0J4pS
View all headers
http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/stegobot/readme.md
Erratum?:
to the botmaster at ens of megabytes every month.
Corrigendum?:
to the botmaster at tens of megabytes every month.
--
Posted on novaBBS
www.novabbs.com


Subject: hide the tools
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Tue, 24 Nov 2020 22:11 UTC
References: 1
Attachments: 000008-hide-the-tools.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: hide the tools
Date: Tue, 24 Nov 2020 14:11:08 -0800
Organization: def2
Message-ID: <soc.112.2gjwu9@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=71a79f8170658a005c12f4fe2181ab2f64463d4e
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="10326"; mail-complaints-to="usenet@i2pn2.org"
View all headers
73c39d87ff4940dc48

i plan to experiment with the ideas from dominic schaub's talk, "perfectly deniable steganography."  (yes, it's stegosauruses all the way down.)

b9f2f0d2de3f4b074f

as noted by >>4d86d06d7f8838549e, the idea is to protect oneself as much as possible in the event one's equipment is seized.  one is safer if basic forensic analysis does not uncover any stego tools.


Attachments: 000008-hide-the-tools.asc (text/plain)
Subject: Re: hide the tools
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Wed, 25 Nov 2020 10:18 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: Re: hide the tools
Date: Wed, 25 Nov 2020 02:18:57 -0800
Organization: def2
Message-ID: <soc.113.2o9ad1@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="29497"; mail-complaints-to="usenet@i2pn2.org"
View all headers
71a79f8170658a005c
this reason for hiding the tools was not obvious to me, nor did I understand >111 in that way, but now it makes sense to me.
if you want to fool standard forensic tools, I can think of several ways, depending on the level of investigation.
one standard approach of such tools is to generate the checksum (md5 or sha*) for each file found and then to compare those against a predefined list. pretty much like the conservative approach of malware scanners. to evade discovery, the approach can be the same as used by malware: one has to build individual executable files. To fool the checksum approach it is enough to have a part in the executable filled with random garbage during the compilation.
The next stage of detection would be to check the file for specific bit sequences. This one is a bit harder to fool, but still relatively easy: again one has to build individual executable files, but in this case the full code has to be obfuscated and/or packed. There are programs for this available, coming from the malware scene. I think the biggest challenge in this scenario is to hide/obfuscate the part of the code that does the unpacking, but the available solutions partly address that problem already.
As a special variant of this approach it would be nice to not only pack the code, but to also encrypt it, so that it needs a keyfile or password to be accessible. This would increase plausible deniability.
The last level would be to analyze the behavior of the code, check the executable for packed/encrypted parts or for calls to suspicious functions. This one is the most difficult one to escape. It would be a funny approach to hide your steganography tools with steganography: you could hide your code as a part of an image (maybe a screensaver), or in a channel of an audio- or videofile. Still, you have to retrieve and decrypt the code at some point, and the code used for this cannot be hidden as well, so it has to be kept as small and insuspicious as possible.
Or you could use yet a different approach and simply never store the code on your hd at all, but only download it just before usage and store it in ram only (or in your gpu). This last one is probably the most secure of them all. In this case you just need to make an efficient signature or checksum check of the downloaded executable to prevent malware infection.

Damn, this gets more and more interesting....

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Wed, 25 Nov 2020 23:31 UTC
References: 1
Attachments: 000009-stack-zero.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Wed, 25 Nov 2020 15:31:46 -0800
Organization: def2
Message-ID: <soc.115.3l89i2@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=eef93746fcd74bfd83c3cea29a8c12097834455b
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="7089"; mail-complaints-to="usenet@i2pn2.org"
View all headers
whoops, left off the clearsigned attachment on that last post.  here it is.


Attachments: 000009-stack-zero.asc (text/plain)
Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Wed, 25 Nov 2020 23:29 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Wed, 25 Nov 2020 15:29:42 -0800
Organization: def2
Message-ID: <soc.114.200zzz@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="7089"; mail-complaints-to="usenet@i2pn2.org"
View all headers
new content is up.

blog posts:
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/004-a-preface.md
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/005-stack-zero.md
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/soft/006-lix-os.md

content from the clearnet related to the 005-stack-zero post:
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/raptorcs/secure-boot-with-your-own-keys.md
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/raptorcs/compiling-firmware.md
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/raptorcs/debricking-the-bmc.md
- http://git.fuwafuwaqtlkkxwc.onion/yafox/blog/src/branch/master/refs/raptorcs/debricking-the-bmc-watchdog.md

my own projects related to the 005-stack-zero post:
- http://git.fuwafuwaqtlkkxwc.onion/yafox/lix-os
- http://git.fuwafuwaqtlkkxwc.onion/yafox/lix
- http://git.fuwafuwaqtlkkxwc.onion/yafox/src
- http://git.fuwafuwaqtlkkxwc.onion/yafox/how
- http://git.fuwafuwaqtlkkxwc.onion/yafox/lyr
- http://git.fuwafuwaqtlkkxwc.onion/yafox/lmr
- http://git.fuwafuwaqtlkkxwc.onion/yafox/chin
- http://git.fuwafuwaqtlkkxwc.onion/yafox/vercmp
- http://git.fuwafuwaqtlkkxwc.onion/yafox/versions

mirrors of the projects referenced in 005-stack-zero:
- http://git.fuwafuwaqtlkkxwc.onion/yafox/tfc-mirror
- http://git.fuwafuwaqtlkkxwc.onion/yafox/minimodem-mirror

--
Posted on def2


Subject: smartcards ?
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Thu, 26 Nov 2020 16:02 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: smartcards ?
Date: Thu, 26 Nov 2020 08:02:30 -0800
Organization: def2
Message-ID: <soc.116.2kct3u@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="9733"; mail-complaints-to="usenet@i2pn2.org"
View all headers
05431c8bea5aa7d03b
why is it so important to have support for smart cards ? are you fixing to write your own os for the smartcards you want to use ?

--
Posted on def2


Subject: None
From: Anonymous
Newsgroups: rocksolid.social
Organization: def2
Date: Thu, 26 Nov 2020 20:12 UTC
References: 1
Attachments: 000010-why-smartcards.asc (text/plain)
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: None
Date: Thu, 26 Nov 2020 12:12:41 -0800
Organization: def2
Message-ID: <soc.117.3rb0et@anon.com>
References: <soc.96.hznxw@anon.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=6c49bc7c49e73fed66920f1424392c167fd59fc6
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="21540"; mail-complaints-to="usenet@i2pn2.org"
View all headers
52eb76d3830b2ec551

i like the balance of security and convenience using a cryptocurrency wallet to manage my pgp keys provides.  using tfc data diodes or minimodem and audio cables might provide more protection against attacks stemming from smartcard vulnerabilities, but it also involves more hassle.  i wanted a way to keep my private keys off networked devices without introducing so much inconvenience that i became tempted to forgo signing things.  i assume if there is a vulnerability in ledger os, it will be used to steal cryptocurrency before it's used to forge messages from some person on a darknet image board.


Attachments: 000010-why-smartcards.asc (text/plain)
Subject: How do you make the sig files ?
From: Anonymous
Newsgroups: rocksolid.social
Organization: i2pn2 (i2pn.org)
Date: Sat, 19 Dec 2020 20:31 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.social
Subject: How do you make the sig files ?
Date: Sat, 19 Dec 2020 12:31:17 -0800
Organization: i2pn2 (i2pn.org)
Message-ID: <soc.134.15d2a5@anon.com>
References: <soc.96.hznxw@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="19934"; mail-complaints-to="usenet@i2pn2.org"
View all headers
58db39c3004f1f5f8e
Do you have a shell script making the asc files with the signed messages (and maybe even doing the posting :-) ) ? Or do you just make them by hand and upload here with you browser ?
I think it would be nice to have some basic tool to make, sign and post messages to sites like this (so integrating some simple editor, gpg and and a post function to an onion site).

cheers

trw

--
Posted on def2


1
rocksolid light 0.7.0
clearneti2ptor