3
0

coding thread


 invite response                
2022 Oct 18, 8:27pm   11,067 views  95 comments

by richwicks   ➕follow (2)   💰tip   ignore  

Since there are a significant number of nerds here, I wanted to start a thread for projects.

People seem to INSIST on using cloud storage, which removes your ability of privacy, so I'm going to write a strong encryption program using the NaCL librarary;

https://nacl.cr.yp.to/

The goal here is that the resulting encrypted data is impossible to recover without getting the original key. Keys are changed regularly, and being able to brute force one block will give the attacker no advantage in cracking the next block.

Also, it will be computationally expensive to attempt to crack even with specialized hardware. This increases energy consumption and slows down the encryption and decryption, but also will make brute force attacks 1000's of times slower.

« First        Comments 84 - 95 of 95        Search these comments

84   richwicks   2024 Jan 20, 11:15am  

NuttBoxer says

Fuck proving who you are. You wanna surf the web, do it at your own risk. No authority, no verification other than what users agree on amongst themselves. Back to newsgroups!


I want to resurrect newsgroups. I think the angle to do this is to make it hard for stupid people to get on it. People complain that sites like BitChute and Rumble aren't taking off ans aren't "real competitors" to YouTube, the reality is, all the dumb people are on YouTube and you really don't want them migrating to BitChute and Rumble anyhow.

HeadSet says

richwicks says


I have seen this done where websites have been blocked by removing them from the DNS database.

Could that DNS block be defeated by having the web site put out its actual IP address?


It's easy to get around, every computer has a list of files that you can use to map IP addresses to a name.
86   richwicks   2024 Jan 20, 5:08pm  

The_Deplorable says






There should be a push to move to simpler browsers. What we have today are as complex as operating systems, and 10000 times more insecure.
87   richwicks   2024 Jan 20, 5:20pm  

Patrick says


richwicks I suspect there is a way to make a replacement for SSL/TSL which is so simple that it's hard to leave any holes.

Maybe we could all browse via a local http proxy which takes in http requests and generates sftp requests. That would take care of encryption and there would be no certificates needed.

For identifying the remote server to prove it's not a fake, how do you trust that your DNS gave you the right IP back?

You just need something that only real the owner of the domain can do, l like creating a file on the server.


@Patrick - I wanted to mention there are several weaknesses in OpenSSL which I'm convinced are purposeful weaknesses. One that was (relatively) recently identified is during the TSL handshake process, an attacker can overflow a BUFFER to execute code which is a junior mistake but it's been there for decades.

This buffer is meant to contain all the possible methods available between the connection, and can overflow. I work mostly in C++ now, and it's impossible to overflow a buffer because storage is done differently and any attempt to overflow causes a crash. Even if people prefer to work in C, they should use the vector and string methods for arrays and strings. This eliminates 99% of security issues.

C++ can be (actually can? IS) far more complicated than it needs to be, but like C, you can organize your code well and make it well ordered and easy to understand. The major fault of C++ is that classes are just enormous, for methods (class functions) that are hardly ever used. The result is getting an enormous executable for many calls you will never make. The scattering of code throughout memory also slows down execution although I don't know if that's such a big deal with the size of cache we have today.

It's very different than when I was a kid. Execution speed isn't as much dependent on memory fetches, and if you optimize the hell out of code, you just end up with wait states and no increase in execution speed.
88   AD   2024 Jan 20, 8:20pm  

richwicks says

There should be a push to move to simpler browsers. What we have today are as complex as operating systems, and 10000 times more insecure.


how about Brave and Firefox ? or Chromium ?

.
89   richwicks   2024 Jan 21, 7:06pm  

ad says


richwicks says


There should be a push to move to simpler browsers. What we have today are as complex as operating systems, and 10000 times more insecure.


how about Brave and Firefox ? or Chromium ?

.



No I mean much simpler. Something like NetSurf:

https://www.youtube.com/watch?v=MoM2bzzsAcY

The Internet is extremely bloated and unnecessarily complicated. There should be a subset of html supported. Basically, I find that the actual utility and usefulness of a site is inversely proportional to its complexity. The more polished and whiz bang a site, the less I have a tendency to use it, because form follows function. Whenever I can get a video on BitChute instead of any other site, I go to BitChute.

The Internet was built in this gross hurry. Force XML to be standard (you can use standard XML on the Internet now), make WYSIWYG editors for pages, if you like support WebAssembly (this allows you to literally run ANY program in a web browser, you just have to compile it for it) get rid of JavaScript (unless it's WebAssembly) get rid of Java (unless it's WebAssembly) - it can be TREMENDOUSLY simplified and retain all the current functionality.

We have this now, people just don't use it. Instead of making browsers support all this legacy crap, get rid of the legacy crap.

There is literally no reason for all this junk. You know how many cookies you REALLY need for any website? 1. To identify you, the rest can be stored on the server. There's no reason to have more than one other than coder's laziness (and I can't blame them), and to track you around to other sites.
90   AD   2024 Jan 21, 7:32pm  

richwicks says

No I mean much simpler. Something like NetSurf:


I run Linux (Ubuntu) on my HP desktop (2017 model). Chromium and Firefox crash sometimes. I'll try NetSurf.
91   richwicks   2024 Jan 21, 7:44pm  

ad says

richwicks says


No I mean much simpler. Something like NetSurf:


I run Linux (Ubuntu) on my HP desktop (2017 model). Chromium and Firefox crash sometimes. I'll try NetSurf.


You might have to compile it.

I'm not saying NetSurf is a usable program, I doubt it is, but I'm saying browsers should be as simple as that. I wouldn't install NetSurf on my machine, but I've played with a few very simple browsers before. Some don't even support the ability to play video inline.
92   AD   2024 Jan 21, 8:07pm  

richwicks says

You might have to compile it.

I'm not saying NetSurf is a usable program, I doubt it is, but I'm saying browsers should be as simple as that. I wouldn't install NetSurf on my machine, but I've played with a few very simple browsers before. Some don't even support the ability to play video inline.


I am using NetSurf now. Seems rather crude or overly simple, but it is fast and does not crash.

.
93   Patrick   2024 Jan 21, 8:14pm  

richwicks says

what I'm suggesting is contact information isn't www.patrick.net but rather something like e5725089ef32b85aa3e35d4d67c70e7f


I had a similar idea, but something which can be remembered by a human, like 4 or five words. The average person knows about 25,000 words, so four of those gives 390625000000000000 distinct combinations. That should make a sufficiently large space of four-word names that people can remember.
94   richwicks   2024 Jan 21, 8:21pm  

Patrick says


richwicks says


what I'm suggesting is contact information isn't www.patrick.net but rather something like e5725089ef32b85aa3e35d4d67c70e7f


I had a similar idea, but something which can be remembered by a human, like 4 or five words. The average person knows about 25,000 words, so four of those gives 390625000000000000 distinct combinations. That should make a sufficiently large space of four-word names that people can remember.



If you want to talk privately, I can arrange that through my computer. I'd give you a temporary username and password, and you'd then setup your own username and password, and delete the one I gave you. I want to explain something to you at a point. We really don't need DNS at all.

Should be 10 words as well, and picked by a machine, not a person. People have a tendency to quote other people, most people are parrots. I have a password "TheBearAteATreeAndBarked". You know how often that's been written in history? Never. This is the first time you've seen it. It makes no logical sense, but it's easy to remember. Still the entropy could be higher however the phrase would require at minimum a dictionary attack.

Passwords are done wrong. People are lazy and want a short one, what they should do is aim for ludicrous phrases "Eat a bug or a hair, I like to dance with flair". That's pretty easy to remember and nobody has ever said it before, and nobody will ever say it again.
95   richwicks   2024 Jan 21, 8:25pm  

ad says


I am using NetSurf now. Seems rather crude or overly simple, but it is fast and does not crash.


I'm sure it lacks polish, but that's not the point. I frequently make throw away interfaces just so I can worry about more important things than if it's pretty or not. I've got the design taste of post modern art appreciator which is to say, none.

Remember when lots of people had tiny little pages with "About Me" posted and so on, and their interests, etc? I really want to bring that back. FaceBook, YouTube, and Twitter will ALL disconnect you from a person without even notifying you. They don't allow free association.

A simple web browser that follows a few rules will prevent you from accessing much of the Internet - well, GOOD! The VAST MAJORITY of the Internet is just centralized corporate garbage. If people want to promote their website to the "real web" fine, but I think there should be a simple, easy to access, little web that doesn't require any setup other than to install a program on your computer and leave your machine running and maybe not even leave it running, the webpage can be cached on somebody's machine that recently visited your site.

« First        Comments 84 - 95 of 95        Search these comments

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions   gaiste