Synnr

@Synnr@sopuli.xyz

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Synnr,

Survivor bias and and an ad all in one post!

When I see posts like this it gets my glowie senses tingling.

Synnr,

You may not like it, but this is what peak machine learning performance with 4chan training data looks like.

Synnr,

In the guide you linked, the docker container automatically sets up a hidden service. You don’t need to do anything beyond firewall rules if it’s not working for you.

Synnr, (edited )

Can any late teen-early 20s armchair philosophers once-over this for me?

I have a theory. Never before on the internet (going on 30 years of it) have I seen so many curses used but not fully spelled out (‘f*ck’ for example).

I believe the change has to do with social media and specifically short-form video apps (Tiktok, IG Reels, Youtube Shorts) - not all of which I am familiar with, but I know at least YT and I believe TT does as well. When curse words or words like rape and murder are used in text (or ‘subtitle’ text on screen) the video reach can be penalized in some way. I assume it’s similar in comments.

So you have a ton of the younger generation consuming hours each day of censored curse words, and in their mind it becomes just what you’re supposed to do, socially. They end up doing it with each other over text, and consequently in comments. I have a younger co-worker who will gladly say “Fck that dude hes a btch” in group chat, and when I asked him why he doesn’t just say the words he’s using, he said “I just don’t like to curse.” Which makes no sense to me, as it’s the same word and intent.

I know some Lemmy instances will remove words, but generally only ‘bitch’ and derogatory slur words.

So I hypothesise it’s simply unexamined social conditioning, where they see their peers doing it so they do it too, never questioning why.

Synnr,

That’s true, there is the Scunthorpe problem. I guess we’re just doing another 20 year cycle like we have for all of civilization. If someone centuries in the future finds this comment chain, please name the solution to your 20 year repeating fractal math problem something like the CockSyn Solution. I want to be like Shadow from American Gods. Or more accurately like Pythagoras with his stealing murder cult.

Synnr,

I saw they removed some 600 guards that were running old end of life versions of tor. Was your contact information correct and have you checked that email?

Synnr,

There’s been a major DDoS against guard nodes lately as well, causing many of them to lose connecting clients so it may have been unaccessible for long enough that it kicked back to relay but I’d ask on the relay-operators mailing list/forum. They’ve been posting a lot of firewall rules and scripts to fend off attacks.

Synnr, (edited )

I have no idea what this is but I don’t like it and you should feel bad.

This is both a primally philosophical and a pointed statement, but I mean the latter.

Synnr, (edited )

And have eyes good enough to look very closely and detect any small . or `s that are out of place, and be current on all methods of sanitization, catching any and all confusing variable names doing funny things, and never getting mentally overloaded doing it.

I wouldn’t be surprised at all if teams at NSA & co had game months where the teams that find the highest number of vulns or develop the most damaging 0day exploits get a prize and challenge coin. Then you have the teams that develop the malware made to stay stealthy and intercept data for decades undetected, and the teams that play mail agent and intercept packages containing core internet backbone routers to put hardware ‘implants’ inside them.

These are the things Snowden showed us a small sliver of in 2013, over a decade ago, some of which was well aged by that point.

The days of doing illegal things for funsies on the internet, like learning how to hack hands-on, are over if you don’t want to really risk prison time. Download vulnerable virtual machines and hack on those.

But if you’re worried about a random maintainer or packager inserting something like a password stealer or backdoor and letting it hit a major distro with a disastrous backdoor that doesn’t require a PhD in quantum fuckography to understand, chances are likely big brother would alert someone to blow the whistle before it hit production, as they likely did with xzutils.

How to randomly pad files before encryption to prevent file fingerprinting?

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn’t pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn’t find anything. Haven’t found any...

Synnr,

GPG/PGP turns takes the file and turns it into random bits that only someone with the private key can unrandomize. There is no file metadata left. There is no nothing left. I believe the sizes are even consistent (0-1024kB files will be the same output size.)

Synnr,

www.thc.org/segfault/

Synnr,

Honeypot? Dunno. Good discussions about it on hacker news.

Synnr,

Oops I was wrong, it looks like I have a penny left in the sending wallet so it was just a lucky coincidence on amounts sent during testing.

Synnr,

I just noticed your username. Thank you for the project, Feather is amazing. I have a question though. I know Ruckinum ran an analysis and thinks this is not a black marble flood, but I can’t help but think it’s a way go somehow break the anonymity of monero, whether just sent amounts, or received amounts, which would still give a wealth of information.

I don’t believe this is a random (D)DoS/spam. This is a deanon attack. I know it in my gut. I don’t know enough about the internals of monero but I think you might.

Specifically…

The bug was triggered when the number of RingCT outputs on the blockchain exceeded 100 million

For instance, this transaction was constructed using a manipulated output distribution. Can you determine what the true spend is? Notice that all ring members are older than 1y 200d except for one 6-day-old output. Unless the user checks the ring on a block explorer and knows what to look out for, they would not notice that their transactions are being fingerprinted.

My understanding is that the 16 (or 15+real?) rings are all real, prior transactions. Are the transactions reused? If not, then they exhaust the supply of rings and now have great statistical advantage going forward. If they are reused, then they can tell the real spend by discarding any spend that’s been used more than once. Is that correct?

I can’t help but believe this is part of something larger, along with all the previous attacks in the last 2 years and now Samourai, Liquid pulling out of US, attacks on tor, RISAA and mandatory KYC on US cloud providers and domain registrars…

On that note, we’ve known LE has tools for years now (Chainalysis and 1-2 others) that can in some circumstances give a lead on who a target is, likely via statistical analysis. The tools are only available to law enforcement so the methods aren’t known. My thoughts are, in no particular order:

  1. They run or have compromised a lot of ‘activist’ nodes and xpubs are sent to the nodes in light wallets, unsure if this is how it works, or if that was unique to Samourai’s whirlpool design. If this was the case, light wallets use currently online available servers, so chances are a user connects their wallet to tens of servers. Users who run their own nodes would be unaffected but I think the majority of monero users use light nodes.
  2. They have tools that monitor public ledger chains, and watch the amounts in/out. You use an exchange service to trade $500 of BTC to XMR, the amounts (fees included) are correlated over time, leading to known persons selling via KYC services. Probably least likely option but unsure how XMR works in depth.
  3. They run and/or work with (gag order) no-KYC major services that would have that information, as well as other more ‘centralized’ helpful no-KYC exchange services that know exactly what amount and address the funds are going to and where they came from.
Synnr,

Thank you for answering my questions. Having much more knowledge in this area, what is your gut feeling about it being not random spam DDoS, but a way to get some type of sensitive data, that can make identifying users easier? Happy to receive a PM and won’t share.

Large loans in monero

How would you go about doing this? As an example, if you loaned someone 167 monero to buy a car and expect them to pay you back in 7 years like a bank does you would be requesting 167xmr*6.02% (to counter xmr inflation) for a total of 177.053xmr. 177.053xmr/84 (months in 7 years) would be 2.107xmr a month. At the moment that is...

Synnr,

The only way this would work is to peg it to fiat or commodity. Or expect that your ROI will either be nothing or an insane amount.

Synnr, 

<span style="color:#323232;">XMR PRICE
</span><span style="color:#323232;">
</span><span style="color:#323232;">(2/4/24) $165
</span><span style="color:#323232;">
</span><span style="color:#323232;">(4/13/24) $115
</span>

That’s a 30% decrease in about 2 months. As an aside, 30% is the APR for most high-interest loans.

The idea is there, but something like DAI would be better to look at, although it remains to be seen how long crypto will be used and accessible (especially once CBDC rolls out and legislators getting even more heavy-handed with non-CBDC coins.)

Synnr,

When gold was used as currency, it would be shaved off using a scale to confirm the weight (gold is a very soft metal, easily ‘sliced’ off the coin/bar. Shopkeepers had their own scales but wary customers could carry gold pocket scales to confirm the weight.

Just like you can spend fractions of a cryptocoin, you can spend fractions of a precious metal coin.

Are you running a Tor Relay?

Hiya, so been on the lookout for different services that I could help host for others to benefit from. I think TOR is a great project, and I’d like to contribute. So been thinking about hosting a TOR relay lately, and wondering how people’s experience is with running one? Please correct me if I’m wrong - but as far as I...

Synnr,

Just don’t run an exit node? We need more guard and relay nodes anyway. I fail to see the issue.

Synnr,

Question. Does this somehow generate a new subaddress for every request? I ask because address reuse is dangerous for the privacy of monero. While most people don’t know this, I assume you do.

Synnr, (edited )

FTA:

The key thing to note is that no observer can link two addresses together. However, it is possible for the sender to link payments together if the receiver re-uses addresses.

For example, if you withdraw from ExchangeA using AddressA, and then go on to issue another withdrawal from ExchangeA using AddressA, the exchange will easily be able to link these two withdrawals together by simply comparing the withdrawal addresses (even if you used different accounts). Furthermore, if ExchangeA is cooperating with ExchangeB, it would be possible for both exchanges to link address-reusing withdrawals together.

Additionally, even if the sender is not cooperating with other entities in order to link transactions together, it is still possible for the sender to unwittingly link transactions together if their software is poorly implemented and erroneously re-uses the same random data for multiple transactions. Basically, the receiver is relying on the sender to generate good random data in order to generate a one-time key. If the sender fails to use good random data, then the “one-time” key isn’t “one-time”, and transactions can possibly be linked.

So, for maximum protection against linkability, it’s a good idea to generate a new addresses for transactions that you don’t want linked.

Further reading: localmonero.co/knowledge/monero-subaddresses?lang…

I think this can easily be achieved by generating a new subaddress for every request. ( I don’t know how OpenAlias works, maybe it already does this.)

Synnr,

You can’t with privacy.com or other big services, but there are other services that let you either generate a no-KYC reloadable credit card, or buy a prepaid international card that works for almost everything.

Synnr, (edited )

Some of them, sure. Usually old people that ran out of neuroplasticity 40 years ago. But there are a lot more that function well enough and IT guys (specifically the guys, IT gals usually either have a better idea or hide it better) have a tendency to think of them as useless, where if they had to do their job for a day they’d be as lost as an old guy spooked by the window location change.

Synnr, (edited )

Based on this interaction alone and his dad deciding the price for him, I’m going to make the wildly assumptious assumption this is a 20s/30s(/40s?) unemploymed guy living at his dad’s house rent free.

If my assumptions are incorrect, sorry mate, you did not win the dad lottery.

Synnr, (edited )

Chances are this is a kid or NEET and all his friend wants is a super simple website with basic info for his local business. Dad is either doing him a favor, or giving him some pocket change so he’ll stop bothering him for money for a month. This is what happens when you don’t teach your children to be adults, and give them everything instead. Seen it too many times.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • cubers
  • mdbf
  • everett
  • magazineikmin
  • Durango
  • Youngstown
  • rosin
  • slotface
  • modclub
  • kavyap
  • ethstaker
  • provamag3
  • ngwrru68w68
  • thenastyranch
  • cisconetworking
  • khanakhh
  • osvaldo12
  • InstantRegret
  • normalnudes
  • Leos
  • tacticalgear
  • tester
  • megavids
  • anitta
  • lostlight
  • All magazines
    •