Thread: Forum feedback

  1. #1
    Registered User
    Join Date
    Dec 2009
    Posts
    83

    Forum feedback

    Hi.

    When I visit the forum in Tor, with the weak cyphers turned off, the site is inaccessable because there are no matching cyphers between my browser and the site.

    I switched over to a non-Tor Firefox. I wanted to search (I'm looking to find out about casting away volatile) and in the top right there is a text field for searching.

    I entered "cast away volatile" and hit return.

    This took me not to a page of search results, but rather to a form - an empty form - for performing searches.

    There were no messages about what happened or what might need to be done to make search work.

  2. #2
    Registered User MutantJohn's Avatar
    Join Date
    Feb 2013
    Posts
    2,665
    People use Tor for everyday browsing? O_o

  3. #3
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by MutantJohn View Post
    People use Tor for everyday browsing? O_o
    The utterly and wholly unacceptable but only alternative is having every State between you and your web-site log every HTTP request you make.

  4. #4
    Registered User MutantJohn's Avatar
    Join Date
    Feb 2013
    Posts
    2,665
    If it makes you feel any better, no one's really looking anyway :P

    It's like the NSA reading your emails. They're just looking for terrorists, man. Which is why I've started filling my emails with bomb, Allah, hate, America, etc.

  5. #5
    Make Fortran great again
    Join Date
    Sep 2009
    Posts
    1,413
    From what I've read in the past year, using Tor basically makes you questionable and a target for the FBI anyway. The FBI and other agencies have nodes and have been taking over nodes to spy on Tor users. Kind of pointless to use Tor if you ask me.

  6. #6
    Registered User MutantJohn's Avatar
    Join Date
    Feb 2013
    Posts
    2,665
    Quote Originally Posted by Epy View Post
    From what I've read in the past year, using Tor basically makes you questionable and a target for the FBI anyway. The FBI and other agencies have nodes and have been taking over nodes to spy on Tor users. Kind of pointless to use Tor if you ask me.
    Actually, I've heard the same. I just wasn't sure :P

    I heard a really big way to get yourself noticed is to go out of your way to be invisible. Basically, if you can access a site through google, it's "safe" in that sense, imo. Maybe not from giving you a virus or anything like that. But the FBI won't assume you're into looking at horribly illegal things.

  7. #7
    Registered User Codeplug's Avatar
    Join Date
    Mar 2003
    Posts
    4,981
    Hey Toby. Still playing with liblfds?

    gg

  8. #8
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    I wasn't gonna reply to this thread because I thought webmaster would get to it but:

    I'm pretty sure the search thing is working as designed. If you are not logged in and perform a search, you should be bounced to that page in order to solve a captcha first.

    Also, the site isn't HTTPS. The only time it is encrypted at all is when the logins are authenticated, but I do think the servers should use stronger ciphers if they aren't, somehow.

  9. #9
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    It is possible to browse the site using HTTPS, at least when logged in. I am right now.

    That said, the encryption settings are really behind time and needs to be updated. Chrome warns that the settings are obsolete, so there's a chance it might stop working somewhere in the near future.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  10. #10
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by MutantJohn View Post
    If it makes you feel any better, no one's really looking anyway :P
    The NSA practises full take (as do GCHQ, and I think this is in general normal practise in all countries), which means ALL Internet traffic is captured.

    This full take is then scanned by various software agents, according to both general searches which are always run, and specific searches for matters which are of current relevance or particular interest. All traffic from given individuals can be specifically monitored more closely, again initially by software agents.

    If a software agent flags something to be of interest, it is then examined more closely.

    In other words, eveything is being scanned. What is scanned *for* is decided by humans, and that which matches is examined by humans.

    Given the sheer volume of data, the initial scan must be by software. In the Soviet Union, one in three people were informers, and the KGB and GRU employed incredible numbers of people - because, of course, they lacked software to do the job. Our societies are not ready to accept so many people being employed watching each other, and software is much cheaper, and then the NSA can claim "we are not collecting mass data" where they use the word "collecting" not as the dictionary meaning but to mean "a human has looked at it" (and when this was said, it was known that the people hearing it would be using the dictionary meaning of the word; it was a simple, pure lie).

    Full take has profound implication, which become apparent as you think it through. It becomes almost impossible to have privacy. Every single byte you emit is captured.

    There's more, in fact. Everything sent through the post has a photo taken and the time and location of sending, and the destination, are recorded. Remember that all bytes are captured; this means your credit card payment at the post office has been recorded, as have the video streams from the cameras in the post office.

    Every printer prints on each sheet it prints an almost invisible set of dots, which uniquely identify the printer used.

    We all know that phones constantly trasmit your location, and this can easily be used to follow your location in real time. All voice is sent over IP, so all calls are recorded. Etc.

    This is why I use Tor, and why I use the Signal app on my phone. I no longer use email for anything except the most public of information. I no longer send emails to Gmail accounts (and similar) as those providers also permanently record all conversations.

    If the State reads everything you write, then what happens in the end is very simple : you stop writing. It is oppressive. Thank God for Tor and thank God for encryption. Without them, I would hardly use the web any more, either, or even talk to people other than those I could physically meet.
    Last edited by Toby Douglass; 12-30-2016 at 08:52 PM.

  11. #11
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by Epy View Post
    From what I've read in the past year, using Tor basically makes you questionable and a target for the FBI anyway. The FBI and other agencies have nodes and have been taking over nodes to spy on Tor users. Kind of pointless to use Tor if you ask me.
    Tor is not currently known to be cracked.

    Taking over nodes does not allow you to decrypt the data flow. Each Tor circuit passes through three hops, each in a different country. Each packet is encrypted three times, each layer being peeled off by one of the nodes in the circuit. Taking over any one node allows you to know the IP address of the previous node and the IP address of the next node.

    In short, as I understand it (and I may be wrong), taking over an exit node allows the attacker to see the decrypted data stream. If you are using HTTPS however, this means the attacker then gets to see HTTPS, i.e. encrypted data. Compromising an exit node will allow the destination IP to be seen. Compromising an entry node allows the source IP to be seen.

    Using Tor does make you a target for special attention. The FBI closely monitor the Tor site itself, to see who is downloaded Tor.

    The more people who use Tor normally, the less effective this spying becomes.

  12. #12
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by Codeplug View Post
    Hey Toby. Still playing with liblfds?

    gg
    Yes! I emailed you a long time ago, about the work you did, and the parts of it which were used. Did you get it?

    I implemented hazard pointers yesterday.

    The next big thing will be making an unbalanced btree, but which supports delete.

    I have ARM64 hardware now.

  13. #13
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by whiteflags View Post
    I wasn't gonna reply to this thread because I thought webmaster would get to it but:

    I'm pretty sure the search thing is working as designed. If you are not logged in and perform a search, you should be bounced to that page in order to solve a captcha first.
    It's not apparent what has happened, or that it is intentional. There is no informational message. It appears like a broken site - if you are given a search text field, and enter a search, you expect results, not the search form; for the site not to meet this very strong expectation, it appears broken.

    Also, the site isn't HTTPS. The only time it is encrypted at all is when the logins are authenticated, but I do think the servers should use stronger ciphers if they aren't, somehow.
    I'm not sure I agree. I am looking at this page over HTTPS.

  14. #14
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by MutantJohn View Post
    Actually, I've heard the same. I just wasn't sure :P

    I heard a really big way to get yourself noticed is to go out of your way to be invisible. Basically, if you can access a site through google, it's "safe" in that sense, imo. Maybe not from giving you a virus or anything like that. But the FBI won't assume you're into looking at horribly illegal things.
    The more people who take steps to be private, the less effective this special monitoring will be.

    Frankly, it's appalling. Privacy is a default; unless there is reason to believe I am harmful, then I must be left alone. This is no longer the case. Everything byte sent is examined - and moving to prevent this is taken to mean you need extra-special surveillance.

  15. #15
    Registered User
    Join Date
    Dec 2009
    Posts
    83
    Quote Originally Posted by Elysia View Post
    It is possible to browse the site using HTTPS, at least when logged in. I am right now.

    That said, the encryption settings are really behind time and needs to be updated. Chrome warns that the settings are obsolete, so there's a chance it might stop working somewhere in the near future.
    The cypher my brower is using is DHE_RSA_WITH_AES_128_CBC_SHA, 128 bit keys

    I think that means SHA1, which is obsolete. I think regular DHE is a bit obsolete, too.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Looking For Feedback
    By Matty_Alan in forum C++ Programming
    Replies: 2
    Last Post: 05-27-2010, 04:33 PM
  2. General forum question - if in wrong forum...
    By ulillillia in forum A Brief History of Cprogramming.com
    Replies: 28
    Last Post: 05-14-2007, 05:00 AM
  3. Feedback?
    By CornedBee in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 01-02-2004, 11:01 PM
  4. feedback, please...
    By major_small in forum C++ Programming
    Replies: 5
    Last Post: 08-24-2003, 08:17 PM
  5. Replies: 7
    Last Post: 09-08-2002, 02:20 PM

Tags for this Thread