/srv/irclogs.ubuntu.com/2020/09/22/#ubuntu-discuss.txt

Bashing-omtomreyn: LOL ubottu link is pretty slick too :D01:10
lotuspsychjegood morning02:19
Maikgood morning03:55
Maiktoo bad i'm not a ubuntu member (yet)03:56
cucumberhi there everyone06:30
cucumberGenerally speaking06:30
cucumberhow can an OS be protected against exploits?06:30
cucumberor monitorred for exploits?06:30
lotuspsychjekeeping the Os up to date is one thing you can do06:31
lotuspsychjeand harden your system06:31
cucumberwell not exactly06:31
cucumbersometimes this over crazed thirst for the very latest updates ended up with installed unwanted code06:32
cucumberlike the most recent version actually contained bad wares, like monero client06:32
lotuspsychjeany Os has unwanted security flaws06:32
cucumberyes exactly06:32
lotuspsychjethere's no magic red button against it06:32
lotuspsychjebut you can do alot to secure things06:32
Maiklotuspsychje:  pretty sure he knows06:33
Maikhe's been using buntu for years now06:33
cucumberbut the general "keep it fully updated" doesn't necessarily work all the time06:33
lotuspsychjei didnt say that cucumber06:33
jdgrBuild a turing machine out of lego, hand transmit data, swap your paper/magnetic tape when it's not in use06:33
jdgr???????06:33
lotuspsychjei said, 1 thing you can do06:33
jdgrUNHACKABLE!06:34
cucumbersometimes, like with Huawei if not mistaken, even a backdoor was injected into the source code but the community detected it early on cause it followed a simplistic pattern,06:34
jdgrRun all your software step-by-step06:34
cucumberlol, that would take for ever06:34
cucumberI mean it wouldn't be practical06:35
jdgrWhat do you need your machine to do that a graphing calculator can't?06:35
cucumberheh06:35
cucumberright06:35
cucumberI mean I harden my OS, to the best of my ability06:36
cucumberbut I always feel eyes on me06:36
jdgrRussian intelligence don't even use computers for confidential information06:36
Maikcucumber: that's called paranoia06:36
cucumberjdgr well what do they use? papers?06:36
jdgrYes.06:36
cucumberMaik I know, but realistically how wrong am I?06:37
jdgrThey have special typewriters that encrypt everything06:37
akemIf you don't offer internet service and are behind a router, incomming connection will be blocked, the only way for a backdoor is reverse connect, so install a statefull firewall and block any non trusted connection to the outside world.06:37
lotuspsychjeoffline machines can get compromized too06:37
lotuspsychjepapers can get stolen06:37
cucumberjdgr : well papers have to be either printed or hand written, calculations can't be done using hand, papers if not encrypted are much more dangerous for highly classified material06:37
akemOnly if you kernel is rootkited it can go trought.06:37
Maikyou're simply exaggerating imo cucumber06:37
lotuspsychjenothing is safe06:38
akemlotuspsychje, ofc :)06:38
lotuspsychjewhat i always do it burry a hole in my yard, and hide my sensitive data usb in there06:38
jdgrThe US airforce used to calculated missile trajectory by hand06:38
jdgrs/calculated/calculate06:38
jdgrThe reality is not much of your data is all that sensitive06:39
lotuspsychjethats for me to decide06:39
cucumberakem : well what you do if you want to update software and the softwares contain backdoors, or the next updates contain reverse proxies, or that some hackers keep watch on you just to feed you "bad" stuff, how well would your firewall protect you realistically?06:39
jdgrCircumventing firewalls is trivial... modern malware can exfiltrate data via DNS06:40
jdgror using the Twitter API06:40
lotuspsychjekeep your data off the system and use honeypot and IDS06:40
jdgrThere's PoC malware that uses Twitter as the C&C infrastructure06:40
cucumberjdgr : so damn true you are06:41
cucumberhow well can you protect yourself against those?06:41
jdgrOn a large enough network you're bound to overlook something06:41
Maikstill not on a irc client cucumber?06:41
cucumberMaik no06:41
cucumberwhy?06:41
Maikwhy not06:41
jdgrWhitelist only approach, hard coded ARP tables06:42
jdgrUse fiber only06:42
cucumberI think IRC clients can be a tiny bit easier to hack or execute directly on the PC, less private, while web can also be used for those purposes, you have a more degree of freedome for virtualization06:42
jdgrCompromising someone using a web client is harder06:43
Maikcucumber: you think using web based chat is safe? Everything is logged, so forget about your privacy stuff. Even your provider stores your data and tracks what you're doing.06:43
Maikcucumber: if you want privacy cut yourself off from the internet and world.06:43
cucumberjdgr yes, realistically not that HARD, but using web interface is a bit more restricted06:43
jdgrI mean cucumber could in theory encrypt everything before inputting into the form on the web client and hitting enter06:44
jdgr*it into06:44
cucumberMaik I didn't say safe al together, I said safer, web client can also be injected with stuff06:44
akemcucumber, Usually you inspect a system to the bone, and you freeze to that version, and do only critical updates.06:45
cucumberjdgr like encrypted text for the text box? then how would you guys be able to read my stuff?06:45
jdgrWe wouldn't, but neither would the server administrator or the person hosting the client06:45
jdgror anyone inbetween06:45
jdgrunless they had the key to decrypt it06:45
jdgrKey exchange can be done in person06:46
cucumberakem : very good point, awesome, yes, that is what I do for the most part, upgrade freeze using dd, and stuff, compare find the stuff, alert the good guys, BUT what if ....06:46
jdgrAll I do really is limit user access06:46
jdgrChecksum everything06:46
Maikmust be a new COVID-19 level that causes paranoia with certain people on this planet. :P06:46
cucumberjdgr I have much respect for you sir or mam06:47
jdgrHave logs shipped to numerous remote hosts06:47
lotuspsychjei like healthy paranoia, aka knowing whats possible06:47
jdgrEach of which is configured differently06:47
cucumberMaik no my covid infection is almost over, I am thankful that I wasn't hospitalized06:47
cucumberdoc said you don't need it06:47
jdgrMy girlfriend just out of the ER... all she had was a prolapsed uterus and a UTI06:47
jdgrI mean she needed to go because we couldn't find her IUD... but now I'm worried will end up with COVID06:48
jdgrOh well off to Taco Bell bbl06:48
akemI wonder if i have a backdoor in my lovely chinese phone :P06:48
jdgr*we'll06:48
cucumberakem heh06:49
cucumberyou "wonder" ?06:49
cucumberlol06:49
cucumberand abit more lol06:49
lotuspsychjehuawei just got new exploits again06:49
cucumberreally????06:49
cucumberagain?06:49
cucumberwow06:49
lotuspsychjehttps://www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/06:49
cucumberI mean not really that surprising but...06:49
cucumberoh yeah06:50
lotuspsychjemaybe you can install HIlinux next time cucumber06:50
akemThey will install tiktok in my back and steal my MP3s :P06:50
cucumberthat one I have read already06:50
Maikall smartphones keep on listening and recording stuff 24/7, even when turned off06:50
cucumberlol I thought something new06:50
cucumberHIlinux  ?06:50
cucumberNo I think I can trust Ubuntu better, many eyes on it and stuff06:50
lotuspsychjecucumber: so you didnt read the article :p06:50
cucumberbut the new background was super scary so I changed it06:51
cucumberlotuspsychje what article?06:51
lotuspsychjehuawei06:51
cucumberyes I did06:51
cucumberthe ip tv and such that is almost a wekk old06:51
cucumberweek06:51
cucumberanyways06:54
cucumberthank you guys06:54
cucumberfor all the suggestions06:54
cucumberI mean from time to time I need to let off a little steam about these things06:54
cucumbernothing can be done06:54
cucumberbut it is nice to talk to someone abut them06:55
lotuspsychjea lot can be done06:55
cucumberlike what?06:56
cucumberplease help me if you can man06:56
cucumber:(06:56
lotuspsychjelike dont use a lot of services on your machine06:56
cucumberI don't06:56
cucumberok what's next?06:56
lotuspsychjedont run your machine 24/706:57
cucumberwell, not exactly possible for soe of my machines06:57
cucumberbut I usually don't06:57
lotuspsychjethen you are a target06:57
lotuspsychje24/7 boxes are hunted for their uptimes06:57
cucumberyeah06:58
lotuspsychjethe moment you connect a machine to the net, you get scanned06:58
cucumberbut lets say a router, or a wifi access point, or a laptop hosting a website, or a tiny raspberry pie for dns how can you turn them off?06:59
lotuspsychjeturn what off?06:59
cucumberyou say don't keep your machines on 24/706:59
cucumbersome machines, while vulnerable, have to be on 24/706:59
Maikso... as i said, cut yourself off from the internet. THE best way imo.06:59
lotuspsychjea lot of Iot & routers are scanned for weakness these days, so if you dont want them exploited put em offline :p07:01
lotuspsychjeeven if they are up to date, someone invents a new 0day for them07:01
Maikin ubuntu's case... Livepatch to fix vulnerabilities without needing to reboot07:01
cucumberyeah07:01
cucumberbut I keep most of the systems offline when possible07:02
cucumberwhat's next?07:02
lotuspsychjeeven offline they can grab your machine physically when you're not around07:03
cucumberlotuspsychje yeah that has happened to me before i college07:03
lotuspsychjesomeone plugs an infected stick in the back07:04
akemAluminium hat on your head so that no one steal your passwords with mind reading technology :P07:04
cucumberI came back I noticed the back of my latop was opened07:04
cucumberI could never trust that laptop again so I sold it07:05
lotuspsychjelol07:05
cucumberwhat?07:05
Maikwhat's next? Nothing. Just live and try not to be paranoid or make yourself crazy in your head.07:06
lotuspsychjefresh format07:06
cucumberMaik How can I when I see a config running that I didn't recall asking for07:06
cucumberlotuspsychje fresh format can probably never manage to get rid of hardware issues07:07
lotuspsychjecucumber: security always starts from the users needs, what is it you wanna protect from really?07:07
Maikcucumber: seriously, get a grip and life :) I for one had enough of the same conversations all over again07:08
cucumberwell, as a simple example I want my codes not to be tampered with. Like if I write a python script and I notice it had been changed or stolen, I mean generally speaking how can anyone grow in such a world?07:09
cucumberthat is like asking "if you have nothing to hide why protect in the first place" is all I am saying07:09
akemIt can't be stolen if it is open source, so open source all your code :)07:10
lotuspsychjecucumber: keep your scripts offline07:11
cucumberwell, even if opensource when it grows gradually, and lets say you want to submit it somewhere, and the people with "hidden" access to your system change it, and the "good" people who you send the code to will never be able to trust you anymore07:11
akemThere is checksums to fight this.07:12
Maikakem: after all these years using buntu/linux he should know that.07:12
cucumberyeah, ok, lets say you have your project with thousand of lines open, working on it, and when you change something another file is being changed, or aother part of your file is being changed07:12
cucumberhow can you checksum while you are working on the files07:13
cucumbercheck sum works before and after the changes are done07:13
cucumbernot when you are actively working on the code07:13
akemYou really think some ghost hackers will be modifying your files while you're working on them and you won't notice it? :P07:14
cucumberyes07:14
cucumberI do07:14
cucumber:(07:14
Maikseriously?07:15
cucumberyes07:15
cucumberseriously07:15
Maikthat's not good, seriously.07:16
cucumberWell, I don't know07:17
Maiki know07:18
akemThen the only solution is Neo, he will bend space and time inside your RAM and CPU to protect you :P07:18
Maiklol07:18
cucumberLOL07:22
cucumbercome on07:22
lotuspsychjehaha07:22
cucumberI mean I know you are trying to help, but the state of security is fucked up really07:22
cucumberhahahahaha07:22
Maiklanguage07:22
cucumberreally?07:22
cucumberok sorry07:23
Maikyes07:23
cucumberalright man chilax mate07:23
Maiki'm chillaxed07:23
Maikyou... are not07:23
Maik;)07:23
cucumberno I am chilaxated relatively, only feel insecure and paranoid07:24
Maikcucumber: i'm just realistic and stand with both feet on the ground, if i were you i'd seek some professional help to get rid of the paranoia.07:24
lotuspsychjelol07:25
Maikyou'd do yourself and others a big favor07:25
cucumberno doctor can help me, I mean I have had two doctors before and they ended up not trusting their phone and computer after trying to help me and they never accepted to visit me any more07:25
cucumberI feel so left out and alone :(07:27
Maikcucumber: i doesn't only depend on the doc but most of all on you and you alone07:27
cucumberyeah users can do a lot of things that can make everything go wrong07:28
Maikcucumber: what i'm trying to say is that no one can help you but yourself07:29
Maiki know where i'm coming from so i know what i'm talking about07:29
cucumbercall it human error or accidental mistake or the after math of a bad break up or a broken heart, but "heartbleed" period was not a good time!07:29
cucumberMaik Waht? you been a paranoid too? :D07:30
cucumbergreat07:30
cucumberwhat did you do to fix things?07:31
MaikBreakups.... that's part of life, get over it, move on and do things you like.07:31
cucumberMaik : no not for me, forget it man, I meant more like as a result why "bad coding" makes into the code base sometimes....07:32
cucumberI mean human errors in coding happen for a variety of reasons07:32
cucumberlike being mentally saddened07:32
Maik......07:35
Maikflatline07:35
Maiki'm afk07:35
cucumberlol, I am that depressing and disappointing huh?07:35
Maikrather annoying07:36
Maik:P07:36
Maiklaters07:36
cucumberthat is a bit rude07:36
cucumberbut ok07:36
cucumberI can take a constructive criticism07:36
cucumberhttps://en.wikipedia.org/wiki/Heartbleed07:37
Maiknot rude...just the reality07:37
cucumber:)07:37
cucumberI sense some feminine traits of behavior a little bit07:38
cucumbera cucumber with senses and feelings, you don't see that everyday :D07:39
Maikwe know you've been playing us ;)07:49
Maikand for now gnite07:49
cucumbernot really playing you07:49
cucumberjust letting off some steam07:50
cucumberI hate to play anyone as much as I hate being played with07:50
cucumberhave a good night Maik07:50
cucumberMostly think of it as trying to find someone to share the pain with07:50
cucumberthe current state of privacy and security is so painful07:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!