/k/ - Weapons

Weapons, militaria, outdoors

Want your event posted here? Requests accepted in this /meta/ thread.

Max message length: 5120

Drag files to upload or
click here to select them

Maximum 5 files / Maximum size: 20.00 MB

More

(used to delete files and postings)


(31.78 KB 600x442 the trooper.jpg)
Julay (at the moment) is down. Strelok 09/30/2019 (Mon) 05:18:13 No. 2
I'll make this thread so that if any stelo/k/ remembers this place can see it, hopefully in the frontpage.
>>119 >>120 you can't use it with open nic tlds
>>120 >>119 Isn't (((Chrome))) going to force fags to use HTTPS only? I mean Chrome users probably can't work out how to access it anyway but still. Personally I'm more concerned about the security implications of not being able to verify you're reaching the correct site.
>>124 >Namely, can the EFF LetsEncrypt program be used to offer HTTPS for our own OpenNIC clone? No. Part of the requirement for LetsEncrypt to keep being accepted by everyone else is that they only support 'normal' sites. If they started supporting OpenNIC domains they'd no longer be a trusted authority for standard domains. At least that's what the link says and it sounds about right. Nothing stops OpenNIC or someone else from running their own one but as an anon further up the thread said browsers tend to come with hardcoded lists of certificate authorities and it can be a pain to add to these, along with some security concerns here and there.
General Notice For the record it was just announced that Anoncafe has backup domains now in addition to https://anon.cafe there are also https://anoncafe.org and https://anoncafe.co so bookmark those too.
>>124 >>127 Also fwiw once you start going manually you could remove the idea of a centralised authority and use this web of trust model. Non-technically imagine that instead of getting a certificate from a trusted authority you get a certificate you know you can trust because a bunch of other users or other organisations have signed it saying they say it's the right one. Or you could meet up with the site owner in person and he could give you one you know for sure is correct and then you'd use it and sign it saying 'I'm certain it's his, there are usually different levels of how sure you are you can sign with. There are pros and cons here. But more practical is to have someone set up a OpenNIC-supporting authority. Think of it like this a lot of lies and simplification here, someone else jump in if I've said anything outright retarded: >you ask for a site by url >DNS server gives you back its actual location >you want to be sure it's definitely the right site >ask certificate authority for the site's certificate >check this against the one provided by location the DNS server said was correct there's complicated maths involved here and it's not really like a simple check, but trust me the site can't spoof this part >now you know both that it's the correct site and also all of your communications from this verification onwards are end-to-end encrypted so anyone who comes along later or was there from the start and sits between the two of you can't read them or intercept them and replace them with faked versions The second part is key because even if you trust the DNS server you can't always be sure there's not a man in the middle elsewhere in the system. Obviously the question is 'but how do I know the certificate authority is real without getting a certificate from them?' and that's why they get built into browsers. You can, on paper, chop out the certificate authority entirely if you've got a reliable alternative method of acquiring a known correct version of the certificate. So we could meet up and swap them in real life or whatever or use an alternative secure method to communicate them. SSH uses similar tech and generally doesn't need centralised authorities, for example, and you also can do this with email. This is the same basic technology hotwheels used to us to sign his posts so you knew that he definitely made them. /tech/ may now come and shout at me for saying something incorrect.
>>134 You’re wrong. The DNS server only gives you an IP address of the name. What happens after that is that the server at that IP address says “hello, here is a certificate that says I am somesite.tld, and this other guy who you trust to verify me also says so”. Your browser performs maths to make sure that a) the guy giving you the very actually owns it (the guy doing this uses their private key that corresponds to the cert) and that b) the signature from the guy you trust (the CA) is valid for that cert. So in the end you know two things: The site giving you the cert actually owns the cert and that the guy you trust endorsed the cert. So really the basis of trust in modern certificate HTTPS is the guy you trust, who jumps through all kinds of hoops to make sure browser and OS makers will include them as trusted in their browsers and OSes.
>>127 >>134 Good explanation Anon, thanks for taking the time to break it down for us.
>>136 Yeh, I was simplifying that a bit because introducing the idea of the cert authority signing it seemed like an extra bit of explanation i.e. what's signing. >So really the basis of trust in modern certificate HTTPS is the guy you trust, who jumps through all kinds of hoops to make sure browser and OS makers will include them as trusted in their browsers and OSes. One of those hoops, apparently, being not to use alternative domain systems. >>139 I've only got a very shallow knowledge, but it's something everyone should know to at least that lies to children level and it's retarded we're not taught it in school.
>>142 The CA industry used to be an absolute Wild West that lead to some well-publicised breaches of the CA infrastructure by intel agencies and scammers. It’s not surprising that they’d be slow to embrace something that is the Wild West of TLDs by design. There’s nothing stopping you from trying to run your own CA for these domains but trust me when I say there’s a fuck-ton of careful work involved in making sure you don’t fuck up, plus you’d have to convince people to install your trust root. And then, once they learn how to trust random trust roots, what’s to stop a bad dude from MITMing your cert with theirs or scamming others into installing your trust cert and MITMing everyone? What about when you issue a cert to someone who’s MITMing someone else? Onion addresses at least have built-in trust.
>>142 >and it's retarded we're not taught it in school. actually, i'm sure that's by design. can't have anon getting out from under the thumb now can we? anyway, it helped me out and others i'm sure. again, thanks.
It looks like with Firefox at least adding an additional cert authority is piss easy: https://wiki.mozilla.org/PSM:Changing_Trust_Settings#Trusting_an_Additional_Root_Certificate If anons could manage to get OpenNIC working they could handle this. >>143 Yeh that's the concern really. A web of trust style system would maybe be better but that's a lot harder to get normalfags into and can be a pain to scale up. I don't know enough about other technical options. Bare HTTP is pretty bad itself though since you're always open to MITM there as well even with a trusted DNS server. >Onion addresses at least have built-in trust. How do they get around the issues above? I know the basics of how tor works but I never really looked into it in depth. I know that it's more secure to have a proper onion service since it prevents hypothetical traffic analysis attacks between the entry and exit nodes, possibly some other benefits too. >>144 >actually, i'm sure that's by design. can't have anon getting out from under the thumb now can we? I guess so.
>>142 >>144 Two seconds on a search engine pulls up many very simple and well-explained primers in simple non-technical language on how HTTPS works. Nobody’s keeping you down if you’re too lazy to go look it up. Here’s one: https://howhttps.works/
>>146 >Nobody’s keeping you down You might try being a bit less asinine about your knowledge, Anon. I have plenty of other things on my plate besides mastering the intricacies of certificate authorities, which you yourself just pointed is both highly technical as well as labyrinthine. And the context was the public education system. That is most definitely as system designed to keep the niggercattle under the thumb. Regardless, thanks for taking the time out of your day to clarify things, unironically. The link and advice is appreciated.
>>146 >Two seconds on a search engine pulls up many very simple and well-explained primers in simple non-technical language on how HTTPS works. Nobody’s keeping you down if you’re too lazy to go look it up. The point is teaching normalfags this during their period of mandatory education not teaching anons this. Normalfags rarely seek out knowledge for themselves. Hell plenty of anons won't look into things if they're otherwise busy. >Here’s one: https://howhttps.works/ Horrifying. If anons want to educate themselves I'd suggest something like computerphile it's a series on (((youtube))) but fags like videos, I've found it more effective than recommending anything text heavy or plain old wikipedia. Could be useful for normalfags though.
>>145 >web of trust system A lovely dream that died in the late 1990s and irrelevant to x509 certs, unless it’s being used to verify trusted certs out of band. Look, Anon, I think it’s great that you’re sincerely trying to think around this. But you’re stumbling into a lot of really dangerous mistakes without realising it that we’ve already made years or decades before. You admit that you’re not across the details but let me tell you that in security and trust infrastructure the details matter a lot. Please go and learn as much as you can before trying to convince others to go modifying their root trust stores. A good place to start would be by asking why the CA forum doesn’t cover OpenNIC TLDs. All their deliberations are done over open mailing lists so you can do some digging.
>>147 > I have plenty of other things on my plate besides mastering the intricacies of certificate authorities, which you yourself just pointed is both highly technical as well as labyrinthine. If you want to run one, yes, it absolutely is. If you want to use it and understand enough to know the basics without being plain wrong then it’s sufficient.
>>149 >A lovely dream that died in the late 1990s and irrelevant to x509 certs, unless it’s being used to verify trusted certs out of band. I did say web of trust seemed impractical, but what other alternative would you suggest? I'm being more hypothetical than anything here since I'd think bare HTTP is a pretty high price to pay for using OpenNIC in general so surely they've thought about the problem themselves. I'd be posting using a VPN anyway so there wouldn't be a personal security worry with an imageboard, just one of not being able to be sure you were getting the right site back to look at. >Please go and learn as much as you can before trying to convince others to go modifying their root trust stores Wasn't advocating it, just noting it as possible in the hypothetical situation you had a trustworthy one to add. Adding an untrustworthy one is obviously not worth it just to shitpost. >A good place to start would be by asking why the CA forum doesn’t cover OpenNIC TLDs. All their deliberations are done over open mailing lists so you can do some digging. Mailing lists take a lot of work to dig through but worth a shot just for information I guess. It wouldn't resolve the issue either way though.
>>149 >>151 I say use a VPN as security as, for an imageboard, I wouldn't be doing anything like entering details that worry me if they're intercepted nor does much hinge on being certain I get the right site back but what might be a concern is some glow-in-the-darks sitting between the pair of you and using it to link IPs to post content. Obviously if you were hypothetically entering personal data or credit card details etc you'd be a bit more worried since a VPN doesn't magically protect you from that.
>>150 Again, thanks and understood. I'm simply trying to expedite understanding for all concerned in this current 'crisis'. I wouldn't have much likelihood of running such a setup personally, I have far too much on my plate as is.
>>153 >expedite understanding How do you do that when you don't have the understanding yourself verybusyanon?
>>149 >A good place to start would be by asking why the CA forum doesn’t cover OpenNIC TLDs. All their deliberations are done over open mailing lists so you can do some digging. Apparently it's mostly because it might result in conflicting namespaces and thus ambiguity.
>>155 That makes sense.
>>156 Not just cross-alternative either but also if one of the alternative domains later becomes official.
Julay is back and /v/ has now been entirely deleted.
[03:18:34] <kimeemaru> I just pulled off webring 9/11 https://prolikewoah.com/japan/res/125.html#q2610
>>159 WEWLAD E W L A D
Open file (18.08 KB 228x227 jesus christ.jpg)
>>160 I REALLY hope the BO knows how to transfer the threads from julay to here, Robi fucked up but he did give a guide on how to do that.
>>162 Where's the guide?
>>163 I don't fucking know
Open file (205.08 KB 468x345 Billy.png)
Anyone from the RTS general here? I'm so fucking sick of getting nuked bros, holy shit.
>>165 Antares has some start of an RTS thread.
>>166 what the fuck is Antares?
>>167 I realize it's an IB but I still don't know what it is focused on and how to access it.
>>169 Danke anon
>>86 >>82 We could try /geimu/
>>166 Use the one on Antares or just make one here if the BO ok with it, i think alot of RTS thread anon is a strelok. The new /k/ should be comfy since /k/ kinda slow too, bring back S.T.A.L.K.E.R. thread and we get EXTRA comfy.
Open file (703.78 KB 3133x2050 Kaga_Ikari_1930_B.jpg)
>>172 I'm all for maximum comfy but we just need to be careful about having rts threads, don't want the /v/ermin thinking they belong on /k/. However if a lot of the anon's in the rts thread were Strelok's then it shouldn't be a huge problem. Just need to monitor very closely for any /v/ermin activity.
>>173 Just make a /k/ vidya thread and call it a day then
>>173 > a lot of the anon's in the rts thread were Strelok's They are and so was plenty of /vg/
>>165 I'm here. >>173 The rts thread was mostly older european fags rather than the shitty part of /v/.
>>159 >>160 Well if anything that just proves the old BO and JCaesar were right but were too late to realize it.
FRONT PAGE!
Open file (159.37 KB 1024x911 scared.jpg)
Is this the bunker I've been searching for?
>>3541 So long are you lurk more, and keep your mouth shut. Welcome.
>>3541 i know what thread brought you here
Open file (141.37 KB 960x960 void_man.png)
>>3542 heeheehee. Just one question so I'm not completely fucked. Apparently there was another bunker? And now everyone's here? What happened?
>>3544 After 8chan took forever to come back as 8kun, several bunkers decided to bootstrap themselves together in a webring. Julay is one of the biggest and was were /k/ was. It got so big Robi, the admin, started having trouble managing it, so while sorts his shit out we moved over here to anon cafe, another part of the webring. We may or may not go back. We lost some people in the transfer and the Happenings threads are taking up much of the traffic right now so things are bit slow, but we're still the most active alternate /k/.
>>3547 >leaving out the part where one of julay's global cuckpockets allowed CP spam on /v/ because he was butthurt about 2D loli shit not being deleted >leaving out the part where the owner not only didn't punish said butthurt hotpocket for openly allowing CP spam, but defended him >leaving out the part where not only /k/, but pretty much every other board bailed because of this If anyone goes back to julay they are a cuck and a retard, the faggotry among the admin and his vols is nearly as bad as what happened with 8kun.
Open file (964.12 KB 1300x1300 jewlay world julay.png)
>>3547 >It got so big Robi, the admin, started having trouble managing it Never believe Rabbi's lies

Report/Delete/Moderation Forms
Delete
Report

Captcha (required for reports and bans by board staff)

no cookies?