Welcome to the php ebenezer's messageboard
see bottom for more info

HOME



back to main board collapse thread
Web 3.0  (11/01/22 12:36:41) Reply
    Interesting perspective on the new web 3.0 liked the following assertions:

    Centralised vs decentralised decision making:

    "After 30+ years, email is still unencrypted; meanwhile WhatsApp went from unencrypted to full e2ee in a year. People are still trying to standardize sharing a video reliably over IRC; meanwhile, Slack lets you create custom reaction emoji based on your face."

    Web 3.0 Distributed apps:
    "
    At this point, there are basically two companies. Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!
    "

    The NFT art is just an address to the museum

    "
    Instead of storing the data on-chain, NFTs instead contain a URL that points to the data. What surprised me about the standards was that there’s no hash commitment for the data located at the URL. Looking at many of the NFTs on popular marketplaces being sold for tens, hundreds, or millions of dollars, that URL often just points to some VPS running Apache somewhere.
    "

    There are much more good points in there, which beg the question will we go back to centralised after this experiment on decentralised? After all it's all about cycles

    -rf

    https://moxie.org/2022/01/07/web3-first-impressions.html
Rf

Re: Web 3.0  (12/01/22 17:33:24) Reply
    Thanks for the link.
    So Web 3.0 isn't what they say. Good to know. Well researched by the author.

    At the beginning we thought that the internet would be a growing outlet for facts and wisdom and conveyor of international friendship. We blocked spam. We didn't imagine that legions of vicious political criminals would pop up, sponsored by vicious big money, and that their activities would poison not only the Web, but the whole world.
e

Re: Web 3.0  (13/01/22 17:37:43) Reply
    funny seeing this here.
    i just started reading the code of https://github.com/moxie0/knockknock
    wow, 10 years ago...

    oh yeah, for e https://en.wikipedia.org/wiki/Moxie_Marlinspike
jm

Re: Re: Web 3.0 portknocking (14/01/22 00:03:37) Reply
    Well if you go and read FX implementation it goes 20 years back
    https://packetstormsecurity.com/files/22121/cd00r.c.html

    I did play around with portknocking around that time, it was a nifty concept but limited to computer enthusiasts circles. But never met anyone, or know of usecases that it was used in a enterprise setting..

    Well NSA certainly saw the value as they used it in their toolset CTRL+F "dewdrop"
    https://en.m.wikipedia.org/wiki/The_Shadow_Brokers

    Actually there is a recent blog regarding reversing engineering dewdrop:

    "
    You can definitely see that architecture and code are carefully thought and engineered. They have been doing this for a long time and definitely have more resources than most (nation state) attackers. This isn’t some random proof of concept code. Almost every operating system is a target so their catalog is impressive. The problems of SIGINT and wanting to collect all the things.
    "
    RF
rf

Re: Re: Re: Web 3.0 portknocking (14/01/22 15:06:47) Reply
    ashamed to say i didnt know about port knocking until a few weeks ago.
    i must admit that before reading your post the thought about using it as a backdoor/exploit havent entered my mind (yet!).
    anyway, i think most implementations are simply too complicated for my needs.
    moxie0 one is the closest to my needs but...

    my setup (just in case anybody cares :) is like so:

    a raspberry pi running apache and motion(2 cameras)
    eth0 is connected to a router.
    wifi is in AP mode with various clients such as wether station, sprinklers, wifi security cams, other sensors etc... (sortof a "smart home")
    both legs are isolated by proper iptables rules and access from the outside world denied (i was getting ddosed from china and iran almost on daily basis)
    at this point im considering attaching a sim module and just controlling the whole thing from telegram/signal or similar (sms is so annoying)
    so i guess if i go that route then i would simply disconnect eth0 and avoid the whole knock thing.
    otoh this would limit my access to motion.
    then again, my main need when on the road is to control the sprinklers and pull sensor data so...
    we shall see...(unless you have a better idea)

    sorry for all the useless details, its friday and im a little tipsy ;)

    anyway, thanks for the blog. worth reading!

    especially this gem: "Sunday I got locked out of Twitter because some random asshole made an harassment complaint because I called him “dumb fuck” and “dumb idiot”, pretty normal things around my feed."

    lol. and ppl say im rude. almost makes me want to start a rewatch of mr robot...(not gonna quote, not gonna quote... well something about facebook and the hunger games ;)
jm

Re: Re: Re: Re: Web 3.0 portknocking wireguard (15/01/22 13:17:40) Reply
    Have you considered using wireguard?
rf

Re: Re: Re: Re: Re: Web 3.0 portknocking wireguard (19/01/22 16:32:20) Reply
    both use case scenarios wont work and i cant be bothered with setting up a vps (i should have mentioned that the cellphone uplink is cgnat)

    i havent considered initiating a motion to telegram/signal bridge though...

    it will have to wait until other shit in my life gets sorted out...

    ~

    thank you for all your input, i actually learned something.
jm

@ jm: Thanks. Took my breath. (n/t) (14/01/22 08:53:15) Reply
e


come again

messageboard's PHP script is a courtesy of Laurent

 This board has been visited 195302 timesCurrent time is 24/05/22 21:59:56