Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 23 24 [25] 26 27 ... 249
361
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 21, 2013, 07:07 pm »
Quote
In Australia, the legal age of consent is 16. However, it is illegal to view any form of pornography where any of the participants are under 18 years of age. Australia is very strict on the policing of CP, and rightly so.

So fuck 16 year olds all you want, but if you dare look at a picture they took of themselves flashing their mirror, you deserve to go and be raped to death in prison for the rest of your life because you are a sick dangerous sexual deviant? That makes a lot of sense! I guess if I ever go to Australia I should just find 16 year olds to have sex with instead of look at jailbait pictures on the internet, lol.

Quote
It's not tolerated in any part of the community. Good on the US for putting pressure on countries with lax CP laws. Keeping sustained pressure on these countries will eventually force them to reconsider their positions and clean up their acts.

I doubt that some of these countries ever change, CP is very culturally accepted in Japan and all the US imperialism in the world is not going to get them to ban it. If anything the war on CP viewers is going to fizzle out as the diplomatic power of the imperialist US continues to fall. There is no real gain to be had by putting people in prison for viewing CP, other than brainwashed emotional fucktards such as yourself will feel warm and fuzzy about it.

362
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 21, 2013, 07:54 am »
In fact I think Spain is one of the most recent countries to completely outlaw pedophilic relationships, in 2013 they raised (or are in the process of raising, I am not sure) the age of consent above 13 years old. Today pedophilic relationships are only allowed in a few countries (Japan for example has age of consent at 13, also they have legalized possession of child pornography and about 90% of their citizens are against censoring access to CP, and they only made hardcore CP illegal to distribute in 2003 after heavy international pressure to do so, while keeping softcore CP legal to distribute), many countries have never made hebephilia completely illegal (attraction to 11-14, 14 is age of consent in several developed countries today, including Germany), and the majority of countries still have ephebophilia partially or completely legal, with a few exceptions, primarily the USA has completely outlawed ephebophilia in many of its states, and Australia and the UK have partial bans on it as well.

The US is the primary force leading to the global criminalization of CP viewers and ephebephiles, with the UK and Australia being almost but not quite as bad. If not for US influence the global age of consent average would likely be a good bit lower, for example they pressured Canada into raising the age of consent from 14 to 16. They also pressured Japan into making the distribution of hardcore CP illegal.

363
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 21, 2013, 07:43 am »
Of course I have to admit this is somewhat of a technicality, most people would think of pedophiles as attracted to those who have not reached puberty with hebephiles attracted to those who have reached the early stages of puberty. However, by the clinical definition of pedophilia today attraction up to age 13 counts, and some people are pushing (so far failing) to get it raised to 14. I call it pedophile age range creep. Their ultimate goal is probably to get it raised to 16 and merge pedophilia hebephilia and ephebephilia, but so far hebephilia is hanging on to its uniqueness by a thread (the age 14 is the only thing that distinguished it from pedophilia at this time, although technically hebephilia isn't considered a mental illness and includes attraction to those 11 to 14, pedophilia includes attraction to those 2-13).

So although it is fair to say pedophilia was indeed more accepted in the past, it was still generally shunned for most of human history, with hebephilia having been far more accepted in the recent past to the start of history. But since the rabid crusaders have merged pedophilia into hebephilia they have made it so that pedophilia was historically quite common and socially acceptable, which I find to be hilarious.

364
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 21, 2013, 07:35 am »
Quote
What a load of bullshit kmfkewm!  ::)  If you believe that, then you must believe in fairies!  :o :o So for example, in the US or Australia back in the 1850's, your suggesting a person storing and looking at photographs of children being brutally raped and abused against their will by adult pedophiles was considered "normal as shit"?? That's incomprehensible and a completely fictitious statement.  ???

I mean, you can verify this shit if you want to. Pedophilia is considered a proper diagnosis in any case where a person over 16 has sex with a minor 13 or under and I believe 4 years younger than the subject. In the 1850's the age of consent in Australia was 10.

Quote
1882    The age of consent for girls is raised from 10 to 14 years of age.

and didn't get raised to the reasonable age of 14 until 1882. I have no idea the average age of wives in 1850's Australia , but I imagine 12 and 13 year old wives were not rare by any means. Here is a citation for 13 and 14 year old wives being common in 18th century America

http://www.iroquoisdemocracy.pdx.edu/html/colonialwoman.htm

Quote
Both men and women had great social pressure on them to marry. Young girls were often married by the age of 13 or 14.

I can actually find many citations in any direction in regard to historic marriage of those 12-13, ranging from "it happened rather uncommonly" all the way to "it happened all the damn time".


prior to the 16th century:

Quote
Marriages were often arranged when the girls were only three of four years old. The law stated at the time that a girl as young as seven was capable of consenting to marriage. However, the marriage could not be consummated until the girl was 12 years old. In the 14th century courts were unwilling to convict rapists when the victim was pregnant. It was generally believed that her pregnancy signalled God's approval of the marriage.

Quote
Before modern history (16th century), child marriage was a common practice found everywhere in the world. With the advent of 20th century, the practice began to be questioned, discouraged by a majority but not all governments, and child marriage practice has been declining across the world.

that is the best I am going to do for right now, it shows citation for marriage to 13 year olds (pedophilia today) being common in 18th century America, and child brides 12 and 13 as being a common practice found everywhere in the world prior to the 16th century. The age of consent laws didn't make what today can be diagonsed as pedophilia illegal in Australia until the very end of the 19th century, but I don't know how widespread it was practiced at that point in time. I can find several citations for relatively high average ages of marriage in the 19th and 18th century European countries, but with legal marriage to those 12 and older practiced uncommonly. I can also find some citations that go against this and claim that child brides were more common during these periods.

So yeah the more modern you get the less widespread pedophilic practices were, with a sharp drop off in the 16th century but not totally extinguished and made illegal until the mid to late 19th century, with possible normality/popularity maintained into at least the mid 18th century according to some sources.

365
Security / Re: Let's talk about security
« on: August 20, 2013, 11:27 pm »
Quote from: StaticTension on August 20, 2013, 09:58 pm
Quote from: kmfkewm on August 20, 2013, 09:09 am
You also need to keep in mind that the ten bugs might not be obvious, in that you cannot fix them because you don't know about them. But then when you remove 1,000 lines of code, you remove the 10 bugs you didn't even know about. All programs should be expressed in as little code as possible, the more code you put into a program the more bugs you put into it.

Yeah I agree with that and also expressed the same thing about having a minimal code base. It took 24 hours for that exploit code to be analyzed but it wasn't one person analyzing it but a community effort. Back to my point though is that more lines of code doesn't always mean more bugs. To once again bring up the exploit code used, 1500 lines of code when it could of been written in a little over 500 lines of code. Does that mean they're more bugs in that code? It sure seemed to work properly to me. I think we're talking about code in two different contexts. In terms of software yes less code and the more minimal your code base is the more manageable it becomes. However your theory of more code equals more bugs is not always true in different contexts.

The security community says that more code equals more bugs. More code means more complexity, more complexity means more bugs. People make on average a certain number of mistakes per X lines of code. Removing X lines of code removes those bugs. If you can remove code and still meet your goal, you should always do it. A really good programmer might average one bug per 500 lines of code, removing 500 lines of code will likely remove a security vulnerability. A shitty programmer might average one bug or more per 50 lines of code, removing 500 lines of code will likely remove 10 security vulnerabilities.

Quote

The book "Code Complete" by Steve McConnell has a brief section about error
expectations. He basically says that the range of possibilities can be as
follows:

(a) Industry Average: "about 15 - 50 errors per 1000 lines of delivered
code." He further says this is usually representative of code that has some
level of structured programming behind it, but probably includes a mix of
coding techniques.

(b) Microsoft Applications: "about 10 - 20 defects per 1000 lines of code
during in-house testing, and 0.5 defect per KLOC (KLOC IS CALLED AS 1000 lines of code) in released
product (Moore 1992)." He attributes this to a combination of code-reading
techniques and independent testing (discussed further in another chapter of
his book).

(c) "Harlan Mills pioneered 'cleanroom development', a technique that has
been able to achieve rates as low as 3 defects per 1000 lines of code during
in-house testing and 0.1 defect per 1000 lines of code in released product
(Cobb and Mills 1990). A few projects - for example, the space-shuttle
software - have achieved a level of 0 defects in 500,000 lines of code using
a system of format development methods, peer reviews, and statistical
testing."

Seriously there is not much of a debate there are all kinds of studies showing that programmers tend to make an average number of errors per X lines of code (with more skilled programmers making less, and security oriented highly skilled programmers making very few), and that means the less lines of code your program has the less bugs it will have. The number one rule of security programming is express every program in as absolute little code as required to meet your objective. Any additional code is just introducing additional security vulnerabilities for no reason at all.


366
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 20, 2013, 07:59 pm »
Hey I am not saying we should run out and be allowed to fuck 12 year olds and have society celebrate the wonders of man boy sex again, I am just saying that your quote

Quote
It's always been the case that pedophiles are hated by society and are equivocally fucked in the head.

is actually completely wrong, in that for all of human history save the past 150 or so years, what is today considered pedophilia was considered to be normal as shit.

367
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 20, 2013, 04:11 pm »
Damn wazado you are one emotional motherfucker. Could you possibly make more emoticons in your post?

Quote
No one's rewriting history you uneducated dope.  ???  It's always been the case that pedophiles are hated by society and are equivocally fucked in the head.  ::) To suggest otherwise would only confirm what I've already said. I only hope you come to the attention of LE and are caught with CP. Then you can tell all your mates in jail what you're in for. I would love to see that.  >:( >:(

Well, technically speaking that isn't exactly true. In the Greek and Roman empires hebephilia and some pedophilia was largely accepted and quite common especially in homosexual relationships. A quick search shows other ancient cultures involved in such activities include Phoenicians, Persians and Galatians. Hm looks like China, Korea and Japan used to commonly have adult child male relationships as well. So actually historically hebephilia and upper age pedophilia were pretty much part of the culture of large parts of the world. In Afganistan the practice of Bacheh-baazi is common and tolerated to this day, and it entails the sexual use of some times even enslaved boys.

Additionally, for the majority of human history (up to about 1900) females were married at about age 12 or 13, both of which are technically in the pedophilic age range by the current definition of it under the DSM. So actually there is a good argument that for the majority of human history, what is now called pedophilia was typical, often the norm. Of course Hebephilia is likely more appropriate terminology for this, but people have been engaging in pedophile age range creep and it now goes up to 13 instead of 'the onset of puberty', which has the hilarious effect of making it so that pedophilia was dominant for almost all of human history lol.

Quote
You've been negged 9 times

I have been negged 42 times since I started this thread :D

368
Security / Re: Let's talk about security
« on: August 20, 2013, 09:09 am »
You also need to keep in mind that the ten bugs might not be obvious, in that you cannot fix them because you don't know about them. But then when you remove 1,000 lines of code, you remove the 10 bugs you didn't even know about. All programs should be expressed in as little code as possible, the more code you put into a program the more bugs you put into it.

369
Security / Re: Let's talk about security
« on: August 20, 2013, 08:40 am »
Quote from: StaticTension on August 20, 2013, 05:35 am
Quote from: kmfkewm on August 20, 2013, 04:47 am
Quote
In regards to Xen I don't agree Qubes developer with the fact that a minimal code base means it more secure though.

Pretty much nobody disagrees that less code means more secure. Amount of code essentially always correlates exactly with number of bugs. I have seen security programmers measure their skill in number of bugs per thousand lines of code. If you average ten bugs per thousand lines of code, removing a thousand lines of code removes ten bugs. If you remove a thousand lines of code, it means people auditing your software can spend more time looking for bugs in the remaining code. So removing lines of code directly removes bugs, and also makes it more likely that bugs will be found and fixed in other parts of the program.

That's assuming all programmers are the same skill level which is simply not true. So instead of fixing the ten bugs the solution for said programmers would be to remove a thousand lines of code? Yes your code shouldn't be verbose just for the sake of it. Some programmers do it some don't but my point is again if your source code is smaller someone that wants to exploit needs less time to analyze it and figure out a weakness.

 Did you look at the FH exploit code in javascript? They purposely made it very obscure using binary and hex values for javascript return calls and it was close to 1500 lines of code if I remember correctly. I'm pretty sure they could of achieved the same result with 500 lines of code but their purpose besides identifying people was to make the exploit code obscure as possible.

How did that work out for them? It took about 24 hours for their entire exploit to be entirely analyzed. Rule number one of secure programming is the less code you have the better. Security via obscurity is an oxymoron.

370
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 20, 2013, 04:53 am »
Quote from: Praetorian on August 20, 2013, 03:34 am
Quote from: titoprince on August 20, 2013, 03:06 am
Bro bro. You're so defensive you don't even remember who you're arguing with. I didn't say any of those things, I just made a Godwin joke. I've mostly lost interest in the topic, as you've laid out all of your cards.

I'm an ENTP myself, and do enjoy debating for the sake of the debate, but I prefer dynamic, evolving arguments where both sides learn and maybe even shift on ideas to your standard message board back and forth. I'm surprised you're not bored yet. But I may just have a shorter attention span.

Anyway. Carry on.

OP likes to debate for the sake of exercising his fingers.  I think everyone in this thread lost interest in what kmf had to say by about page 2.  But it's fun to continue to quote random shit off google and watch this guy attack it as if it were 14 year old snatch.

Debating with you have never been a debate, because all you do is quote random shit off Google. Nice to know you are just a troll though, for a while I thought you might really be a bit retarded.

371
Security / Re: Let's talk about security
« on: August 20, 2013, 04:47 am »
Quote
In regards to Xen I don't agree Qubes developer with the fact that a minimal code base means it more secure though.

Pretty much nobody disagrees that less code means more secure. Amount of code essentially always correlates exactly with number of bugs. I have seen security programmers measure their skill in number of bugs per thousand lines of code. If you average ten bugs per thousand lines of code, removing a thousand lines of code removes ten bugs. If you remove a thousand lines of code, it means people auditing your software can spend more time looking for bugs in the remaining code. So removing lines of code directly removes bugs, and also makes it more likely that bugs will be found and fixed in other parts of the program.

372
Security / Re: Let's talk about security
« on: August 20, 2013, 03:53 am »
On the one hand:

Quote
First, products such as VMWare Workstation or Fusion, or Virtual Box, are all examples of type II hypervisors (sometimes called “hosted VMMs”), which means that they run inside a normal OS, such as Windows, as ordinary processes and/or kernel modules. This means that they use the OS-provided services for all sorts of things, from networking, USB stacks, to graphics output and keyboard and mouse input, which in turn implies they can be only as secure as the hosting OS is. If the hosting OS got compromised, perhaps via a bug in its DHCP client, or USB driver, then it is a game over, also for all your VMs.

Second, those popular consumer type II VMM systems have not been designed with security as a primary goal. Instead, their main focus has been on easy of use, performance, and providing seamless integration of the guest OS(es) with the host OS. Especially the latter, which involves lack of good method to identify which domain a given application belongs to (so, lack of trusted Window Manager), support for shared clipboards which every other VM can steal, insecure file sharing methods, and others, all make it not a very desirable solution when strong domain isolation is important. (This is not to imply that Qubes doesn't support clipboard or file sharing between domains, it does – it's just that we do it in a secure way, at least so we believe). On the other hand, there are many usability improvements in Qubes that are specific to multi-domain system, and which you won't find in the above mentioned products, such as trusted Window Manager that, while maintaining great seamless integration of all the applications onto a common desktop, still allows the user to always know which domain owns which window, support for advanced networking setups, per-domain policies, the just mentioned secure mechanisms for clipboard and filesystem sharing, and many other. Qubes also focuses on making the VMs light-weight so that it was possible to run really a lot of them at the same time, and also on mechanism to allow for secure filesystem sharing between domains (templates).

Finally, the commercial hosted VMMs are really bloated pieces of code. They support everything and the kitchen sink (e.g. Open GL exposed to VMs, and various additional interfaces to allow e.g. drag and drop of files to/from the VM), and so, the attack surface on such a VMM system is orders of magnitude bigger than in case of Qubes OS.

on the other hand

Quote
Anti-exploitation mechanisms in the hypervisor
Currently Xen doesnʼt make use of any well known anti-exploitation techniques, like Non-Executable memory
(NX) or Address Space Layout Randomization (ASLR).
Adding proper NX markings on all the pages that do not contain code is usually an obvious first step in mak-
ing potential bugs exploitation harder. Particularly the combination of NX and ASLR is used most often, be-
cause NX protection alone can easily be circumvented using the so called return-into-lib exploitation tech-
nique, where the attacker jumps into the code snippets that are already present (as they are parts of the le-
gal code) in the address space of the target being exploited.

However, in case of Xen, the potential benefits of using NX marking are questionable. This is because IA32
architecture, as implemented on modern Intel and AMD processors, allows the CPU that executes in ring0 to
jump and execute code kept on usermode pages. So the attacker can always keep the shellcode in the us-
ermode, in this case, e.g. in the VMʼs kernel or process, and can bypass all the NX protections implemented
in the Xen hypervisor. The only solution to this problem would be to modify the IA32 architecture so that it
would be possible to disable this mode of operation (e.g. via some MSR register).
ASLR does make sense though. Particularly, one might modify all the memory allocation functions and also
attempt to make the Xen code relocatable, so that each time the Xen is load it gets loaded at a different ad-
dress. On the other hand such changes might be non-trivial, and perhaps might introduce some more com-
plexity to the hypervisor. Further research is needed to decide if addition of any anti-exploitation mechanisms
is worth the effort.

373
Security / Re: Let's talk about security
« on: August 20, 2013, 03:11 am »
Quote from: StaticTension on August 20, 2013, 03:02 am
Quote from: astor on August 14, 2013, 09:28 pm
Quote from: Hitch on August 14, 2013, 02:32 pm
These rankings seem to be biased towards systems that maximise security for individuals who will predominantly be committing their offences from a single location and/or using the same network repeatedly. More bluntly, people sitting at home ordering their drugs to be delivered to their door ;) While the set-ups you've described are brilliant, they're also involved and unwieldy, inelegant.

You're absolutely right. The first 5 setups are beyond the capabilities of the vast majority of people, but I've listed them because they really are the most secure. So now you have a fun challenge. Can you convert an old laptop into a Whonix Gateway, or install PORTAL on your router? If you never try anything hard, how will you ever grow?

In any case, I think Whonix on a Linux host or Tails with persistent bridges are safe enough for most people, and within their capabilities to setup. Either of these options is much safer than running TBB on Windows, which is what most people do right now. I want to lift the collective security of the community, and I've given them a variety of options.

Quote
I prefer Tails as not only is it a secure OS, but it's a means of encouraging secure behaviour. Used as recommended, the lack of persistent entry guards isn't really an issue. Used as recommended, I believe, tor bridges may be less safe, at best redundant, as you would want to randomise them as much as possible, also. Spoof your mac address, briefly access  random networks  to conduct your business, ram wiped, away you go. Easy as... :)

If by "used as recommended" you mean used as a mobile operating system where you log on to different, random wifi spots, then you're correct, your bridges should be different each time so you aren't linked to other logons (of course, you should randomize your MAC address in that case too, which unfortunately Tails doesn't give you an option to do during boot).

However, the vast majority of Tails users in this community don't use it as a mobile OS. They repeatedly connect from home. In that case, you want persistent entry guards, because choosing different ones all the time increases the chances that you pick a malicious node.

It seems with each set up you have to give up something though. According to Qubes documentation on their website using virtual machines adds a bloated layer to your OS that increases your attack surface. That makes sense to a point. I'm not sure if they're just trying to promote their own OS as it relies on Xen which in itself is a VM albeit one with a small sized source code compared to Virtualbox or VMware but I think it's pointless to run a Whonix on your host because if someone was actually targeting you that would provide little resistance. Whonix with physical isolation is a different story though but it still relies on virtual machines for the set up which according to Qubes is crap from what I understood reading the docs.

Everything has advantages and disadvantages. Virtualbox is going to be fine to stop most attackers from breaking isolation. In the FH attack the feds didn't even make an attempt to break isolation. If you use Virtualbox and Firefox, then to be pwnt without a zero day you will need to simultaneously be running both of them without the latest security patches. It reduces your window of vulnerability, because when one has a public vulnerability the other may not and vice versa. And getting a zero day for one or the other is much more expensive than using a known attack. Also, virtualbox still gives you ASLR which means a vulnerability in firefox in virtualbox could be harder to exploit than a vulnerability in firefox in xen.

On the other hand Xen has a really minimal code base compared to virtualbox and it will be harder for an attacker to break out of it probably. But it might be easier for an attacker to break into it. But Qubes lets you have so many domains that an attacker breaking into one of them shouldn't be a huge failure. If your firefox domain is pwnt, well you are using a Tor VM and firefox doesn't know your IP address, and you are using a GPG VM and none of your plaintexts can be accessed by Firefox and it also cannot access your private key.

Nothing gives you all of the advantages and none of the disadvantages yet. Hopefully Xen starts supporting ASLR and other security features in its guests. I don't even think dom0 can have ASLR, whereas virtualbox on a host with ASLR gives you ASLR for firefox in the VM and ASLR for virtual box on the host. Plus you can use mandatory access controls to isolate virtualbox and virtualbox to isolate firefox.

I would go with Qubes over Whonix and Xen over VBox. But Virtualbox has some advantages over Xen as well.

374
Off topic / Re: aanybody here card?
« on: August 19, 2013, 11:35 pm »
He is a high tech thief looking for a forum where people participate in credit card fraud

375
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: August 19, 2013, 11:19 pm »
Quote from: titoprince on August 19, 2013, 10:56 pm
Now convinced this thread was created for you to meet a Godwin quota.

Didn't you hear? Godwin is a thought terminating cliche, and I am not suffering from cognitive dissonance.

You: Say that you are against people viewing images of child abuse because it revictimizes the child, or whatever

I: Point out that pictures of the holocaust depict many victimized children, but that you are not against people viewing these pictures

You: Hold two contadictory beliefs at the same time

1. People should not be free to look at images of child abuse (CP)
2. People should be free to look at images of child abuse (Holocaust Pictures)

this induces cognitive dissonance: https://en.wikipedia.org/wiki/Cognitive_dissonance

Quote
In psychology, cognitive dissonance is the discomfort experienced when simultaneously holding two or more conflicting cognitions: ideas, beliefs, values or emotional reactions.

to deal with your cognitive dissonance, you invoke "Godwins law" which is a thought terminating cliche: http://philosophy.thecastsite.com/readings/anonymous2.html

Quote
A thought-terminating cliché is a commonly used phrase, sometimes passing as folk wisdom, used to quell cognitive dissonance. Though the phrase in and of itself may be valid in certain contexts, its application as a means of dismissing dissent or justifying fallacious logic is what makes it thought-terminating.

Pages: 1 ... 23 24 [25] 26 27 ... 249