Beep Boop Bip
[Return] [Entire Thread] [Last 50 posts]
Posting mode: Reply
Name
Email
Subject   (reply to 2209)
Message
BB Code
File
File URL
Embed   Help
Password  (for post and file deletion)
  • Supported file types are: BMP, C, CPP, CSS, EPUB, FLAC, FLV, GIF, JPG, OGG, PDF, PNG, PSD, RAR, TORRENT, TXT, WEBM, ZIP
  • Maximum file size allowed is 10000 KB.
  • Images greater than 260x260 pixels will be thumbnailed.
  • Currently 1064 unique user posts.
  • board catalog

File 161580064478.jpg - (75.71KB , 1280x960 , IDK.jpg )
2209 No. 2209 [Edit]
tfw I'm posting from an e90 communicator. idk how to update internet (I tried everyhing, trust me) and this chan is one of the few sites which my phone is able to surf.
Expand all images
>> No. 2210 [Edit]
This site is intentionally meant to be backwards compatible with old shit after all.
>> No. 2211 [Edit]
>>2210
I don't know if that's intentional so much as just a glorious by-product of the fact that it's a mostly static site written in old-school php. And it's unfortunate that so much of the modern web is inaccessible from older devices because they use HTTPS. Gone are the days when you could just open up a socket, blit out your "HTTP GET" and receive back glorious ascii. Now you have to drag in openssl, and can't even query the time in Albania without needing to establish a secure tunnel and all that entails – and heaven forbid that your cipher suite is out of date or the root certs expired, no text for you. Of course I'm exaggerating a bit and TLS is crucial to a lot of uses of the web (and more generally having a standardized protocol for this is better than everyone rolling their own). But for plain-text static websites it really hurts older devices to require https.
>> No. 2212 [Edit]
What other notable sites work on it?
>> No. 2213 [Edit]
>>2212
(Sorry if I'm posting now from the pc, but wtf my ugly nokia doesn't load the comments in this post)
Well, I tried only some boring blogspots, old pages of http://www.cjas.org/ and http://www.oocities.org/#gsc.tab=0, wtf also this http://lain.angelic-trust.net/ and this http://psxdatacenter.com/
>> No. 2219 [Edit]
>>2209
Cool.
>> No. 2222 [Edit]
OP here again: I'm a dumb person with many projects but few results and trying to update this shit was a funny hobby in the quarantine, however my results are still zero. Any advice? I tried also to install DOSBox but it doesn't work
>> No. 2223 [Edit]
>>2222
Get a better machine.
>> No. 2224 [Edit]
>>2223
Lmao like? Old computers just for remaining in nostalgic vibes?
>> No. 2299 [Edit]
>>2222
Write a proxy to do the HTTPS negotiation and serve back old school HTML w/images, If you do this right you should be able to navigate to most websites and get an experience at least as good as lynx + images.
>> No. 3402 [Edit]
>>2209
I'm posting from a 3ds haha i know this is an old thread but I'm impressed with the way this board handles "old technology".
>> No. 3403 [Edit]
>>3402
If it weren't for the javascript plague (and the security theater of https enforcement), more sites would work fine on all devices.
>> No. 3412 [Edit]
>theater of https
If your site has any input fields, I don't want anyone knowing what I type into them. And you block tor here on tc. I use vpn, but still nothing stops them from analyzing me. Thankfully I'm the junk kind of person, so there is no value in targeting me, but I still feel uncomfortable. I don't comprehend why you people are so resistant to https in the age of total and very aggressive mass surveillance.
>> No. 3414 [Edit]
>>3412
> I don't want anyone knowing what I type into them.
Yeah... wouldn't want anyone knowing what messages you post onto a messageboard.
>> No. 3415 [Edit]
>>3412
As a web-host, having to renew your certificate is annoying and basically guarantees every site has an expiration date. Too many times I've been unable to access a site because of weird HTTPS DNS conflicts.
>> No. 3416 [Edit]
>>3415
There is nothing that prevents you from not enforcing https. If you cert expires for some reason, people just access http.
>> No. 3417 [Edit]
>>3416
Depends on the server config. A lot of sites will redirect all http traffic to https
>> No. 3418 [Edit]
>>3417
But you're not required to do so.
>> No. 3419 [Edit]
File 171549165923.jpg - (125.53KB , 800x800 , 14442915_p0.jpg )
3419
>>3412
>in the age of total and very aggressive mass surveillance.
Tohno-chan is the website I most appreciate on the internet because it doesn't fall for this monster-of-the-week type plot where it has to freak out about the next new outrage thing. It hasn't changed shit. I don't even think it'll change if you ask. I can run this site on Lolifox browser from 2008 any time I want, and I like that a lot and it should be the same website forever.
>> No. 3420 [Edit]
>>3419
>I can run this site on Lolifox browser from 2008 any time I want,
Jesus, someone else here uses lolifox too?
>> No. 3421 [Edit]
> monster-of-the-week type plot where it has to freak out about the next new outrage thing
It is the new reality and it will last for a bit longer than a week. TC can remain to be whatever it wants to, I do not care. You just keep in mind that with modern enormously large data centers the only safe assumption is that most of internet traffic is analyzed and fingerprinted. Imageboards have been considered an enemy for a long time, hence involvement of imageboards such as 4chan with governments. I have no idea how many resources they have, but considering current world's unstable situation I think it is safe to assume that amount of intelligence is growing, so most likely you have been spied upon.

So the question of http or https has not so much of a technical aspect as of ethical. Certain kinds of people are fine with equipping themselves in Google/Microsoft/Apple products and basically exposing all their lives for intelligence. Certain kinds of people are more repulsed by this. So question of using TC is a question of your tolerance to intelligence.
>> No. 3422 [Edit]
>>3421
If you're that concerned, you shouldn't rely on the integrity of website admins. Plenty of HTTPS sites(including 4chan) use Cloudflare and keep IP logs; are they still better than TC in that regard? If you want privacy, use TOR or a self-hosted VPN.
>> No. 3423 [Edit]
>are they still better than TC in that regard?
Not in the least. But I believe admins of many small imageboards are more trustworthy than an average ISP. Such as TC, for example.
>use TOR
Blocked here.
>self-hosted VPN
In term of intelligence it does not prevent your traffic from being analyzed. It is unlikely your RAM image is going to be monitored, but nothing prevents them from listening to traffic that goes to and from your system. After all they own the switch.
>> No. 3424 [Edit]
>>3421
You seem to have a fundamental misunderstanding of the guarantees TLS gives you. Could you please clearly the define threat model and type of attack that you believe TLS will protect you from, for sites like TC where there are no non-public messages.

Post edited on 12th May 2024, 12:05pm
>> No. 3426 [Edit]
>type of attack that you believe TLS will protect you from
In the developed world I think it is most likely going to be limited to sniffing.
>there are no non-public messages
TLS provides padding of data, so AFAIK there is no plausible way to tell that you made a certain post just by observing the encrypted stream of data.
>> No. 3427 [Edit]
>>3426
>TLS provides padding of data
No, only tls 1.3 does, with an optional extension (I also don't know whether this is actually used in practice). Padding also only reduces the granularity of content length that can be observed (because there is an inherent tradeoff between padded cipher text length and overall throughput). Moreover, you are completely forgetting about the whole suite of traffic correlation attacks that are trivial when messages are public. Even if you use DoH and use TLS with ECH or ESNI (which are both perpetually in draft state, and currently not widely deployed), the destination IP is sufficient to deduce the site you are visiting (even on "shared host" sites like TC.) From there, correlate packet timestamps with post time and content length again allows you with high probability to attribute a post to a given source IP. That's not even mentioning the wealth of metadata present in the TLS handshake itself (even with ECH, other side-channels like the cipher suites the client/server negotiate, packet latency, etc. make targeted deanonymization feasible).

All of these are table stakes for the adversary you are concerned about, because they are pretty much the same techniques use to deanonymize TOR traffic.

Post edited on 12th May 2024, 3:53pm
>> No. 3428 [Edit]
>>3427
Seems TLS 1.3 padding is not used much in practice (based on anecdotal experiments in wireshark by others). Go doesn't support it either [1]. Makes sense since no one wants to waste bandwidth for a feature that's made pointless by the bevy of other side-channels anyway.

[1] https://github.com/caddyserver/caddy/issues/5145

>>3423
>admins of many small imageboards are more trustworthy than an average ISP.
That really doesn't matter if things are not self-hosted. TC uses DreamHost I believe. They are based in LA, the implications of which should be clear. In fact apparently in the past they've already had a warrant to hand over all info.

Post edited on 12th May 2024, 4:23pm
>> No. 3429 [Edit]
>Seems TLS 1.3 padding is not used much in practice
OK you win. The only more or less valid point I have left is that targeting plain text traffic is sweeter than elaborating with timing attacks.
[Return] [Entire Thread] [Last 50 posts]

View catalog

Delete post []
Password  
Report post
Reason  


[Home] [Manage]



[ Rules ] [ an / foe / ma / mp3 / vg / vn ] [ cr / fig / navi ] [ mai / ot / so / tat ] [ arc / ddl / irc / lol / ns / pic ] [ home ]