User Controls
Would you be opposed to having a Tor Mirror?
-
2021-07-12 at 12:03 PM UTCSame rules would apply of course. So no CP and general stuff that would get Lanny in trouble. The benefit would be having an interactive mirror that will still be up even if for some reason the main site goes down for a bit. And it would add an extra layer of protection for the extra paranoid.
Perhaps having some presence on the Derpweb as well we may attract interesting users that would otherwise not want to post here. Specifically cyber security people. Setting up text file section on a static site hosted on the derpweb is trivial too, so that would be a features some users might appreciate as well.
I have infrastructure i'd be willing to volunteer for use with hosting the Tor mirror. But me being into h4x, and loli-sechs, i could see why some users might be uncomfortable with that idea. Not to mention the fact that a grain of power will instantly turn me into a megalomaniacal tyrant before you can say 'purges and firing squads' i understand that people would rather have a tor mirror hosted on some of your(Lon Lon-Chon's) infrastructure. So all i will offer on my part for now is basically scraping the main site myself, feeding the data to an instance of ISS i run myself, and turning it on as a hidden service in moments of need. Or when you(Lon) want a copy of my data to start your own hidden service on a separate server and whatnot.
What i'd personally like to have as well is an invite only section for T&T regulars, with the freedom to upload pdf/epub/mardownformat articles, research papers, ancient tomes arcane cyber wisdom and some such things.
I nominate aldra to be the curator of such a resource, i run a similar set up at a number of venues and i think such a thing is valuable for higher order discourse at least on matters of CompSci. Personally i'd be willing to contribute storage room, from my own infrastructure, and i would set up a number GH Orgs/Repos and Anonymous accounts for collaborative development in the same spirit as well, if of course interest from the T&T crowd would warrant that.
Let me know what everyone thinks. I can submit Pulls for ISS also, to add the features i spoke of. -
2021-07-12 at 12:24 PM UTCgood idea, but we'd need to sync the database to a hidden service otherwise the clear site going down would also break the hidden one
-
2021-07-12 at 12:33 PM UTC
-
2021-07-12 at 12:43 PM UTC
-
2021-07-12 at 12:45 PM UTC
Originally posted by Bueno Would hate to see yall do all this work if no one is really going to use it.
Are there folks who would use this?
Regarding syncing the database, PMs are still cleartext.
Just so happen that I was about to work on this the other day, but ran into some issues, I got too annoyed to figure out.
Sent lammard a PM, maybe he knows.
It was a fresh local deploy, error on login, "here is no current event loop in thread 'Thread-1'."
Havent seen this before, dono if something bad got pushed or if somehow I fucked it.
If we're gonna go ahead with this, we'll brainstorm the technical aspects and debug the stuff that needs debugging collaboratively.The following users say it would be alright if the author of this post didn't die in a fire! -
2021-07-12 at 3:54 PM UTC
-
2021-07-12 at 6:32 PM UTCif we can pull off whatever anglin did to mirror his site on tor to keep it available on the clearweb, nobody could fuck with NIS, it would be the most resilient totse spinoff to date and set an example of the direction things should go.
domain registrars are now fully in bed with the police state shithole, what kind of fucktard wants to depend on that? -
2021-07-12 at 6:50 PM UTCGreat way to have the feds kick your door down at 4am.
-
2021-07-12 at 8:14 PM UTCNot opposed to standing up a tor instance if folks want it, but I think I have to be the one to control it. I've given the idea of federation some thought over the years, but it's pretty complex.
The core tension is that, kinda from the premise of a web forum, you want just one forum. If you make thread here you want it to show up on a "mirror" and vice versa. Mirrors also have to be able to do auth, password resets, read/create PMs, and delete content. So mirrors have to be trusted. Even if you can encrypt your way out of the issues with someone else having a copy of the DB (e.g. password hashing, and this isn't simple at all for PMs and probably requires javascript), a mirror still has the power to delete rows or flood forums. Making untrusted or semi-trusted mirrors work with write permissions requires a whole bunch of application logic.
Just setting up tor as a kind of reverse proxy to the existing instance is a lot easier. But it doesn't provide any kind of redundancy or failover should the open web version get taken down (except via domain seizure). I guess the upshot is tor users could access it without having to route through an exit node which is something, I imagine that's a bit of a performance boon since I imagine exit nodes are something of a bottleneck but IDK. Exit nodes are probably targeted for correlation attacks too. -
2021-07-12 at 8:25 PM UTCOnly pedophiles need to hide their web activity or IP beyond a basic VPN
-
2021-07-12 at 8:25 PM UTC
Originally posted by Kev if we can pull off whatever anglin did to mirror his site on tor to keep it available on the clearweb, nobody could fuck with NIS, it would be the most resilient totse spinoff to date and set an example of the direction things should go.
domain registrars are now fully in bed with the police state shithole, what kind of fucktard wants to depend on that?
It would definitely go a long way in that regard, we could even go as far as have the primary Tor mirror function in concert with the clearweb version while every N interval of time, encrypted backups could be synced/stored over a number of hidden services for more redundancy.
All in all having a Tor Mirror and a number of encrypted backups scattered across secure locations would definitely increase the site's resilience like you mentioned.
Originally posted by ⠀⠀⠀⠀⠀⠀ Great way to have the feds kick your door down at 4am.
Hidden Services aren't illegal to host. I explicitly mentioned No CP, No nothing that would make the tor mirror hotter than it has to be, we're not gonna be selling drugs or run a rag tag renegade APT from there. Ya doink.
I have already volunteered to host components on my data center if Lanny needs something in terms of backups, storage, extra bandwidth a Tor mail service or what have you i think we have the capability between the both of us to make this a reality.
Ultimately it's Lanny's decision, but at least i have the assets and required know-how to be in a position to help.
Where's your data center Spectral? Or coding ability for that matter?
I don't mind if these sorts of things are above your pay grade, but don't start talking about feds kicking doors in when you clearly have never so much as run a VM Lab let alone worked on Enterprise level Networking and Security solutions for this kind of thing. -
2021-07-12 at 8:33 PM UTC
Originally posted by Lanny Not opposed to standing up a tor instance if folks want it, but I think I have to be the one to control it. I've given the idea of federation some thought over the years, but it's pretty complex.
The core tension is that, kinda from the premise of a web forum, you want just one forum. If you make thread here you want it to show up on a "mirror" and vice versa. Mirrors also have to be able to do auth, password resets, read/create PMs, and delete content. So mirrors have to be trusted. Even if you can encrypt your way out of the issues with someone else having a copy of the DB (e.g. password hashing, and this isn't simple at all for PMs and probably requires javascript), a mirror still has the power to delete rows or flood forums. Making untrusted or semi-trusted mirrors work with write permissions requires a whole bunch of application logic.
Just setting up tor as a kind of reverse proxy to the existing instance is a lot easier. But it doesn't provide any kind of redundancy or failover should the open web version get taken down (except via domain seizure). I guess the upshot is tor users could access it without having to route through an exit node which is something, I imagine that's a bit of a performance boon since I imagine exit nodes are something of a bottleneck but IDK. Exit nodes are probably targeted for correlation attacks too.
Right which is why i was only mentioning that the facilities are there on my end should you wish to make use of them, obviously it would be better if you had the appropriate infrastructure and assets to do this from your end.
Still, if there is any way in which you think i might be able to help let me know, that goes for code and PRs as well of course.
Also i would really really like to have an invite only part of the Tech forum. And the ability to upload documentation, and source to a Github Org you run, i run, aldra runs or whatever to more easily facilitate the spread of knowledge and source code examples and perhaps entire programs. -
2021-07-12 at 9:10 PM UTCIt’s great to have a project. I’m missing the need for such measures though. Where is the content? Are you operating off the idea of “build it and they will come” or will there be some kind of draw?
I guess I’m saying, in a nutshell, that you’re taking this place too seriously. -
2021-07-12 at 9:15 PM UTC
Originally posted by Ajax It’s great to have a project. I’m missing the need for such measures though. Where is the content? Are you operating off the idea of “build it and they will come” or will there be some kind of draw?
I guess I’m saying, in a nutshell, that you’re taking this place too seriously.
If you're referring to me i have a data center that functions independently from NIS. I built it because i wanted a data center, i use it as a VM Lab as well. I just think it's good policy to have a Tor Mirror. The other changes i proposed are just personal preferences. -
2021-07-12 at 9:18 PM UTC
Originally posted by Sophie If you're referring to me i have a data center that functions independently from NIS. I built it because i wanted a data center, i use it as a VM Lab as well. I just think it's good policy to have a Tor Mirror. The other changes i proposed are just personal preferences.
I’m curious what warrants the need to have a Tor Mirror. I doubt this site gets the kind of attention that necessitates it, unless you’re aware of certain threats that we aren’t privy to. If you just want to have a project to tinker with, knock your socks off. -
2021-07-13 at 3:16 AM UTC
Originally posted by Kev if we can pull off whatever anglin did to mirror his site on tor to keep it available on the clearweb, nobody could fuck with NIS, it would be the most resilient totse spinoff to date and set an example of the direction things should go.
domain registrars are now fully in bed with the police state shithole, what kind of fucktard wants to depend on that?
like no onion sites has been taken down by the feds or something.
no, that doesnt happen. -
2021-07-13 at 5:49 AM UTC
Originally posted by vindicktive vinny like no onion sites has been taken down by the feds or something.
no, that doesnt happen.
They only spend so much time and resources on onyos if there are drugs or CP involved. Besides 95 out of 100 times the reason an onyo gets rekt is because of the fact that the people running some of these onyos are 1) Not very good at security. 2) Not very good at programming with regards to best practices especially as they pertain to security. 3) Not very good at Operational Security. -
2021-07-13 at 6:07 AM UTCIf there was a Tor mirror I would probably use it, but like Ajax has mentioned, I'm not attached to this place enough to feel like it's needed. I come here to shitpost and say nigger. There's not a whole lot the government would be interested in.
-
2021-07-13 at 7:06 AM UTC
Originally posted by D4NG0 If there was a Tor mirror I would probably use it, but like Ajax has mentioned, I'm not attached to this place enough to feel like it's needed. I come here to shitpost and say nigger. There's not a whole lot the government would be interested in.
It's about redundancy, and giving people such as cyber security folks the possibility to use the mirror should they feel it is appropriate for their particular threat model an extra layer of protection to do so.
Secondary benefit is having a presence on the derpweb, which may appeal to other people concerned with matters of anonymity to come hang out in preferably the tech forum so that we can get some more content and robust discussion going on there. -
2021-07-13 at 9:30 AM UTC
Originally posted by Sophie It's about redundancy, and giving people such as cyber security folks the possibility to use the mirror should they feel it is appropriate for their particular threat model an extra layer of protection to do so.
Secondary benefit is having a presence on the derpweb, which may appeal to other people concerned with matters of anonymity to come hang out in preferably the tech forum so that we can get some more content and robust discussion going on there.
Originally posted by Ajax knock your socks off.
Nigger.
