log☇︎
204 entries in 0.753s
feedbot: http://qntra.net/2019/12/vpn-breaking-zero-day-effective-against-many-nix-systems-burned/ << Qntra -- VPN Breaking Zero Day Effective Against Many *nix Systems Burned
asciilifeform: for what do south-chukchas use fg ? ( maybe, ar is simply where them redditi keep 'vpn proxies' naodays )
trinque: trying the vpn thing is cheap, could be done easily while you still have coffers to try something else
asciilifeform: mircea_popescu: for my education, work through example where vpn customer starts sending spam. how do i even determine ~which one it was~ w/out loudly and publicly breaking the promise to the customers which makes the idea of relay appealing to start with ?
trinque: but average derp can install a vpn client by clicking on something.
trinque: if I can go briefly upstack, the proposal from me is to try things. vpn is just the first thing that came to mind.
mircea_popescu: you're allowing yourself to be misdirected. just get the peopel looking for the item called "vpn" in empire universe on a rk or w/e the actual item is
mircea_popescu: most people buying a vpn spent 5-10 bucks a month on 12 cents or so worth of usage
trinque: there's a thread right this moment on one of the heathen pits on which vpn should I use
snsabot: Logged on 2019-08-25 13:20:14 BingoBoingo: http://p.bvulpes.com/pastes/wyswl/?raw=true << Their list of gateways shows what one would come to expect from shitgnomes. Clustered around places where USG already clusters their stuff, which... is probably the only way to build a VPN service that offers speed. This means UCI, sucking off the enemy, or a sad indefensible inbetween.
BingoBoingo: http://p.bvulpes.com/pastes/wyswl/?raw=true << Their list of gateways shows what one would come to expect from shitgnomes. Clustered around places where USG already clusters their stuff, which... is probably the only way to build a VPN service that offers speed. This means UCI, sucking off the enemy, or a sad indefensible inbetween.
snsabot: Logged on 2019-08-25 00:08:42 asciilifeform: trinque: that being said, mircea_popescu's 'uci' is prolly closest thing to 'sane vpn'. but not exactly in scope of piz, we dun have a fleet of 1e6 pwned boxen or anyffin of the kind.
BingoBoingo: http://logs.nosuchlabs.com/log/trilema/2019-08-25#1930847 << This is my understanding of the VPN thing. It's a market that demands Germany's subway tunnels of fiber because folks want to eat all the torrents they can through them.
mircea_popescu is rater on alf's side re vpn product notion ; though this may be borne of ignorance, i don't think i ever bought one.
snsabot: Logged on 2019-08-24 23:57:09 trinque: I'm not addressing whether he actually needs a VPN, but how hard is it to take p crypto and make a VPN?
asciilifeform: trinque: that being said, mircea_popescu's 'uci' is prolly closest thing to 'sane vpn'. but not exactly in scope of piz, we dun have a fleet of 1e6 pwned boxen or anyffin of the kind.
trinque: I'm curious whether there's a market for the VPN item. gets the republican network layer paid for, if so.
asciilifeform: trinque: principal difficulty re 'vpn' is 1) it's a fundamentally dumb product 2) attracts nuisances which reliably draw fire ( spam, frontal baitings of usg , etc ) 3) reqs ridiculous amt of pipe
trinque: I'm not addressing whether he actually needs a VPN, but how hard is it to take p crypto and make a VPN?
trinque: my dear old dad never once asked me whether he needed a server, but he has asked me whether he should have a VPN
nocredit: as it's doing VPN host tasks
nocredit: my problem is that i don't have a static ip at my premises, so at home it's a pain with the myip parameter. I was trying with a pico vps to bypass this by set up a private vpn, but as now i'm stuck
asciilifeform never was able to fathom what 'vpn' subscribers have in their crankcases instead of brains, to fall for such a thing
asciilifeform: what else is a 'vpn'
brazilish: wix is the AS that host the VPN, the city is not petropolis (indeed, a very good city)
pete_dushenski: couldn't find this in the logs (so apologies if it's a repost) but holy shit is usg.btc scraping the bottom of the barrel if fatso karpeles is being resurrected as "cto" of privateinternetaccess (vpn) http://archive.is/XusOQ
asciilifeform: ( afaik their world begins and ends with shitazon/vpn/etc market )
asciilifeform: and, the cherry on the cake, will be the box where you put ip (e.g. own) and it probes ssh/ssl/vpn/etc ports and makes key submission that user can bookmark
asciilifeform lulz in particular re the heathen 'vpn' ads in the pastebin link
ckang: https://www.skadligkod.se/vpn/vpn-speedtest-asus-rt-ac86u-merlin-firmware/
ckang: https://www.skadligkod.se/vpn/wireguard-speed-tests-on-asus-rt-ac86u/
mircea_popescu: "It turns out that this strength might actually be a weakness for some. A small commercial VPN provider approached me recently about the fact they could see the allowed IPs mapping easily with WireGuard, whereas with OpenVPN it was hidden deep inside a process they didn't know how to debug. "Great," I thought. Not so fast. They were concerned that when compelled to retrieve this kind of information, they would no longer be ab
ckang: stateless VPN
mircea_popescu: if you know enough of computers to set up a vpn switcher, you might as well join douchebag in his multi-mn security venture to come, neh ?
spool: sorry im back, mircea_popescu, i use a random vpn switcher because im banned on 4chan at home
RagnarDanneskjol: I am just busywith work, often reading the logs in several weeks behind and doing extensive requisite study to actually keep up with you boys. I'm happy to commit some time when it avails.... I've even gone and upset the boss now because I didn't have enough time to train ornamental candidates on VPN/irc stuff
shinohai: vpn doesn't have ability to run znc obviously
asciilifeform: vpn/privateinternetaccess/aegis << ahahahahalol
mircea_popescu: http://btcbase.org/log/2017-12-30#1761182 << eh, if he's looking for a "vpn" rather than renting a box, there's no divorcing on the table. gotta buy a box before you can buy two boxes. ☝︎
a111: Logged on 2017-12-30 19:53 jawbone2: I would like to run the bitcoin node and a small webserver. My ISP would require a much more expensive business account to open port 80. A VPN with a static IP on the other end would allow me to get around this limitation.
jawbone2: I would like to run the bitcoin node and a small webserver. My ISP would require a much more expensive business account to open port 80. A VPN with a static IP on the other end would allow me to get around this limitation. ☟︎
trinque: what's the vpn for?
jawbone2: I would like to set up a full republican node. I have the hardware and the instructions from the bitcoin foundation are pretty clear. I would like to know if you have any recommendations for a VPN service with port forwarding of course.
phf: major reason i gave up ios is because getting a working connection proxy requires a full blown vpn going
a111: Logged on 2017-11-22 11:41 RagnarDanneskjol: mircea_popescu I may have someone worth inviting to chan for interview in the coming days. Most of the folks I know over there are primarily oral translators, so having to look around a bit. Just got back yesterday - BJ is a real shithole but the people are adorable, lots of good duck. FYI - 'VPN AC' (Romanian) seems to be the only one working well/consistently behind the firewall (I've used many) and
RagnarDanneskjol: mircea_popescu I may have someone worth inviting to chan for interview in the coming days. Most of the folks I know over there are primarily oral translators, so having to look around a bit. Just got back yesterday - BJ is a real shithole but the people are adorable, lots of good duck. FYI - 'VPN AC' (Romanian) seems to be the only one working well/consistently behind the firewall (I've used many) and ☟︎
a111: Logged on 2017-10-25 16:13 asciilifeform: meanwhile, in heningerlandia, http://archive.is/iA4rk >> 'Traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary...' etc
asciilifeform: meanwhile, in heningerlandia, http://archive.is/iA4rk >> 'Traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary...' etc ☟︎
asciilifeform: upstack, in http://btcbase.org/log/2017-10-17#1725998 is mentioned a https://twitter.com/AlgoVPN , 'Set up a personal IPSEC VPN in the cloud. We are an open source project supported by @trailofbits' , which -- hilariously and not at all secretly -- is nsa contractor ☝︎
AlfredAlfer: Oh, how did you see my vpn?
mircea_popescu: looks like they got a vpn for the lulz.
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FA957720DCF5C8CC42191CD73108FC89575AEB7E3601626A6926F1ABBE9EDBD2 << Recent Phuctorings. - Phuctored: 1529...0253 divides RSA Moduli belonging to '38.96.45.137 (ssh-rsa key from 38.96.45.137 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (CSR2117MT750G-VPN-MiVi-Or-Ca-c2677. US CA)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FA957720DCF5C8CC42191CD73108FC89575AEB7E3601626A6926F1ABBE9EDBD2 << Recent Phuctorings. - Phuctored: 1381...7957 divides RSA Moduli belonging to '38.96.45.137 (ssh-rsa key from 38.96.45.137 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (CSR2117MT750G-VPN-MiVi-Or-Ca-c2677. US CA)
CompanionCube hasn't used tincd as a VPN-to-the-internet, only as a virtual LAN equivalent.
phf: i suspect back in the day it allowed vendors to optimize for usage patterns. "unlimited traffic vpn" vs running it on a tightly metered box
asciilifeform: ben_vulpes: i never understood 'vpn service' -- why not hire a cheapo commercial linux box and route whateverses through it.
asciilifeform: ain't that a vpn co ?
ben_vulpes: has the stones to "make a vpn" whatever that means to the average bu tard, but not to make a key and get in the wot
mircea_popescu: yes ; but doesn't use sshtunnel. more vpn-ish sort of architecture.
ben_vulpes: in other radiation damage, $client calls up, "hey latest chrome doesn't work with $app from inside the muni vpn" "...can you swing a vpn or shall i get on a plane?"
thestringpuller: asciilifeform: weird heathen survey connects on my VPN machine but not from my local network?
asciilifeform: 'One of PIA’s biggest selling points (like other VPN providers) is that it does not log anything, and thus has little data to actually hand over to law enforcement.' << lel
mats: its a vpn service
asciilifeform: 'verified no-log VPN' << lul
a111: Logged on 2016-07-12 01:29 pete_dushenski: "The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN p
pete_dushenski: "The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN p ☟︎
BingoBoingo: ration of VPN and PKI services. The company CRYPTO-PRO adapts crypto CryptoPro SSP, are widely used, in particular, for the authorization of electronic signatures in the documents. Adaptation also tested cryptographic USB-tokens Rutoken S and Rutoken electronic signature for secure two-factor authentication in computer systems and storage of key information."
maqp: Sure it has it has it's problems. But the only alternative is secure-by-policy VPN
danielpbarron: heh, dat vpn
mats: looks like garza hostname belongs to a vpn
asciilifeform: the first mode can be disregarded as it does not result in a public node. it is useful for running hotwallets on your own lan, for running mircea_popescu-style 'dark' nodes over ad hoc vpn with kim jong il, etc.
assbot: Logged on 17-01-2016 21:18:20; phf: (what the hell happened to linux ecosystem? 5-th tutorial on "openvpn on linux" is basically "make sure you have file a, file b and file c. now click open in open-gnome-vpn-assistant..")
phf: (what the hell happened to linux ecosystem? 5-th tutorial on "openvpn on linux" is basically "make sure you have file a, file b and file c. now click open in open-gnome-vpn-assistant..") ☟︎
ascii_field: 'During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections.'
pete_dushenski: not like vpn's are good for much but working around paywalls and geo-locationtardation anyways.
pete_dushenski: " The vulnerability relies on the fact that a direct route exists between the VPN client and server. If the client accesses a forwarded port on the VPN server that is maliciously set up by an attacker, the client will use the direct route using the user's default route, bypassing the VPN entirely."
pete_dushenski: e-mail from private internet access : ""Dear Valued Customer, On November 17, we were privately notified of an IP address leak vulnerability affecting the port forwarding feature of our service. Essentially, anyone connecting to a forwarded port on any of our VPN gateways could have their real IP address leaked to an attacker specifically targeting a PIA user."
assbot: PRQ - Colocation, Dedicated Servers, Web hosting, VPN Tunnels, Privacy services. ... ( http://bit.ly/1X8nqOz )
mircea_popescu: "PGP is not as important as people think. As long as both parties use an encrypted email (and connect with a VPN, TOR, TAILS, whatever) you're fine. This is because if they get access to the webmail all information is decrypted either using automatic PGP decryption (eg: Countermail) or locally on their computer (somewhere this information is going to be stored)."
trinque: your IP already connected, not much point in using a vpn... lol
asciilifeform: 'An interim injunction handed down by a judge in Canada has granted forensic experts under MPAA supervision access to hosting accounts and domains operated by Popcorn Time, including VPN.ht, its official VPN service. Nevertheless, VPN.ht remains defiant, insisting that its service exists outside Canada and has not been compromised.'
assbot: MPAA Can Access Popcorn Time Services & VPN, Court Rules - TorrentFreak ... ( http://bit.ly/1PhLP51 )
asciilifeform: https://torrentfreak.com/mpaa-can-access-popcorntime-services-vpn-court-rules-151104 << from same rag
thestringpuller: i can hit it from VPN tho
ascii_field: mircea_popescu once alluded to a dirty ad-hoc implementation of this by chinese operators, where nodes had vpn links to one another
ascii_field: 'The fix for this issue seemed to be modifying the file verification process to only allow a signed file which also has in its version information the original filename of vpndownloader.exe. This, along with the name change makes it clear you only want to execute the VPN Downloader application. However the code doesn’t limit the location of the executable file, so one exploitation vector is DLL planting. The downloade
shinohai: heh I get "under maintenance" page on my direct ip, and endless load from vpn
asciilifeform: guess this means i'ma have to set up vpn between the nodez
punkman: can just vpn?
asciilifeform: as in, folks who paid for the vpn key.
mircea_popescu: or they could just rent vpn access like anyone ever since forever.
punkman: http://www.tinc-vpn.org/documentation-1.1/Libraries.html#Libraries uses openssl
asciilifeform: btw, my local telco quasimonopoly - 'verizon' - had a hilarious tamer version of this for some years, where you pay a few hundy for a box that opens a vpn to their end and gives you cell signal in your house, via your own net pipe. and they had the audacity to still charge for the 'minutes' and per MB of data.
funkenstein_: vpn is slow over there but works as you'd expect
assbot: 'Free' VPN Hola is LITERALLY flogging access to users' devices • The Register ... ( http://bit.ly/1ARQHbg )
copypaste: http://www.theregister.co.uk/2015/05/29/hola_vpn_used_8chan_takedown_botnet_or_not/
nubbins`: this vpn doles out a paltry 17mbit/s
nubbins`: brb testing vpn
decimation: yet somehow it's the defacto standard for 'vpn'
mircea_popescu: but people who actually care about 0tx are currently in practice and are in theory much better served by just keeping vpn links to actual main nodes.