Welcome to our New Forums!

Our forums have been upgraded and expanded!

Annoying security warning on JOS astro site

darkmonkey666

Well-known member
Joined
Aug 16, 2018
Messages
6,505
Screenshot-20220205-174709-Chrome.jpg


This has been going on for as long as it has been up. It doesn't easily dissappear either. I have gotten it to by pressing random stuff a couple times though.

If you click yes continue it takes you to astro.com
 
I'd pay to have a version of the site that works offline.
Giving away birth place, date and time is unacceptable.
 
AgainstAllAuthority said:
I'd pay to have a version of the site that works offline.
Giving away birth place, date and time is unacceptable.

It has been checked by Cobra and some people that know internet security as stated this is not storing this information. May be useful as a suggestion for the future though. I am sure you used astro.com or some other astrology site before this was put up so if you don't trust the JOS with this why trust them.
 
slyscorpion said:
AgainstAllAuthority said:
I'd pay to have a version of the site that works offline.
Giving away birth place, date and time is unacceptable.

It has been checked by Cobra and some people that know internet security as stated this is not storing this information. May be useful as a suggestion for the future though. I am sure you used astro.com or some other astrology site before this was put up so if you don't trust the JOS with this why trust them.

Why not make the code public or sell offline versions?
At least for JoS members.
 
AgainstAllAuthority said:
slyscorpion said:
AgainstAllAuthority said:
I'd pay to have a version of the site that works offline.
Giving away birth place, date and time is unacceptable.

It has been checked by Cobra and some people that know internet security as stated this is not storing this information. May be useful as a suggestion for the future though. I am sure you used astro.com or some other astrology site before this was put up so if you don't trust the JOS with this why trust them.

Why not make the code public or sell offline versions?
At least for JoS members.
Although I wasn't involved in that project, I suspect it involves web-server code and databases, which are not trivial to set up offline. For a portable offline app, it would probably take a lot of effort to redo the code. It is a good idea though.

Until an offline version exists, you can use a fake name with Tor and/or a VPN to enter your birth info if you're a little paranoid.
 
slyscorpion said:
It has been checked by Cobra and some people that know internet security as stated this is not storing this information.

Just because the code isn't made to store the information doesn't mean that it can't be intercepted by the mossad in transit or while it's being processed on the server.

Answer me these questions:
Is the server being hosted at a centralized provider?
What kind of OS is it running? Was every executable compiled twice on different machines?
How does the server boot? Was the boot code compiled twice on different machines?
What CPU are you using? Does the motherboard have IOMMU?
What security measures were put in place? Is there an SSH server? How is access protected? Are you using port knocking? Is the source code being regularly checked for modifications? Is there a canary in case the feds force the hosting provider or the developer to include a backdoor?
 
Soaring Eagle 666 [JG said:
" post_id=322590 time=1644123948 user_id=346]
AgainstAllAuthority said:
slyscorpion said:
It has been checked by Cobra and some people that know internet security as stated this is not storing this information. May be useful as a suggestion for the future though. I am sure you used astro.com or some other astrology site before this was put up so if you don't trust the JOS with this why trust them.

Why not make the code public or sell offline versions?
At least for JoS members.
Although I wasn't involved in that project, I suspect it involves web-server code and databases, which are not trivial to set up offline. For a portable offline app, it would probably take a lot of effort to redo the code. It is a good idea though.

Until an offline version exists, you can use a fake name with Tor and/or a VPN to enter your birth info if you're a little paranoid.

Even if I use a fake name, given my birth date, time and place it's easy to figure out who I am because that data is unique. Nobody else was born in the same place and at the same time.
Web server code and databases are fine with me. I have plenty of websites.
 
AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=322590 time=1644123948 user_id=346]
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.
Although I wasn't involved in that project, I suspect it involves web-server code and databases, which are not trivial to set up offline. For a portable offline app, it would probably take a lot of effort to redo the code. It is a good idea though.

Until an offline version exists, you can use a fake name with Tor and/or a VPN to enter your birth info if you're a little paranoid.

Even if I use a fake name, given my birth date, time and place it's easy to figure out who I am because that data is unique. Nobody else was born in the same place and at the same time.
Web server code and databases are fine with me. I have plenty of websites.
I suppose that's possible. Another option is to use existing offline chart generators, like Astrolog. You can double-check that it matches jos-astro using dummy data, then use it offline with your real data.
 
AgainstAllAuthority said:
slyscorpion said:
It has been checked by Cobra and some people that know internet security as stated this is not storing this information.

Just because the code isn't made to store the information doesn't mean that it can't be intercepted by the mossad in transit or while it's being processed on the server.

Answer me these questions:
Is the server being hosted at a centralized provider?
What kind of OS is it running? Was every executable compiled twice on different machines?
How does the server boot? Was the boot code compiled twice on different machines?
What CPU are you using? Does the motherboard have IOMMU?
What security measures were put in place? Is there an SSH server? How is access protected? Are you using port knocking? Is the source code being regularly checked for modifications? Is there a canary in case the feds force the hosting provider or the developer to include a backdoor?

I personally don't know a lot about computers or the internet so this is like a foreign language to me not sure even how to answer.
 
AgainstAllAuthority said:
slyscorpion said:
It has been checked by Cobra and some people that know internet security as stated this is not storing this information.

Just because the code isn't made to store the information doesn't mean that it can't be intercepted by the mossad in transit or while it's being processed on the server.

Answer me these questions:
Is the server being hosted at a centralized provider?
What kind of OS is it running? Was every executable compiled twice on different machines?
How does the server boot? Was the boot code compiled twice on different machines?
What CPU are you using? Does the motherboard have IOMMU?
What security measures were put in place? Is there an SSH server? How is access protected? Are you using port knocking? Is the source code being regularly checked for modifications? Is there a canary in case the feds force the hosting provider or the developer to include a backdoor?

Why dont you try to analyze the html and JavaScript code of the astro site than whining here? If you are concerned you can make a list of http/https requests being made as well as type of requests being made or if no requests are being made. I haven't looked into this as i am bad at this. If no http/https requests are being made by the page except when opening new html page then it is a frontend only application that can be run offline.
 
anonymous666 said:
AgainstAllAuthority said:
slyscorpion said:
It has been checked by Cobra and some people that know internet security as stated this is not storing this information.

Just because the code isn't made to store the information doesn't mean that it can't be intercepted by the mossad in transit or while it's being processed on the server.

Answer me these questions:
Is the server being hosted at a centralized provider?
What kind of OS is it running? Was every executable compiled twice on different machines?
How does the server boot? Was the boot code compiled twice on different machines?
What CPU are you using? Does the motherboard have IOMMU?
What security measures were put in place? Is there an SSH server? How is access protected? Are you using port knocking? Is the source code being regularly checked for modifications? Is there a canary in case the feds force the hosting provider or the developer to include a backdoor?

Why dont you try to analyze the html and JavaScript code of the astro site than whining here? If you are concerned you can make a list of http/https requests being made as well as type of requests being made or if no requests are being made. I haven't looked into this as i am bad at this. If no http/https requests are being made by the page except when opening new html page then it is a frontend only application that can be run offline.

All of the data is sent to the server through GET requests. It is not just a frontend application. On firefox you can verify this by opening the development console with F12, going to the network tab and then making a request on the site.
Btw the javascript code was obfuscated to make it as hard as possible to see what's going on: https://jos-astro.com/js/app.js
 
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.

The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.
 
Hidden Warrior said:
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.

The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.

It is insecure. It's just that you are too ignorant to see the security risks, until one day some mossad agent hacks the server, gets birth date, birth time and birth location (unique in the world) of all JoS members and then all JoS members get a knock on their doors at 3am, get arrested and convicted of some made up murder "in the name of Satan" as they do it.
 
Hidden Warrior said:
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.

The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.

If this doesn't scare you I don't know what will :
https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
https://en.wikipedia.org/wiki/Intel_Management_Engine#Assertions_that_ME_is_a_backdoor
https://www.youtube.com/watch?v=HNwWQ9zGT-8

It's not that your code is bad. It's that the fucking hardware is bad.
 
AgainstAllAuthority said:
Hidden Warrior said:
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.

The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.

It is insecure. It's just that you are too ignorant to see the security risks, until one day some mossad agent hacks the server, gets birth date, birth time and birth location (unique in the world) of all JoS members and then all JoS members get a knock on their doors at 3am, get arrested and convicted of some made up murder "in the name of Satan" as they do it.

I think your just trying to start arguments with this. No bite.
 
slyscorpion said:
AgainstAllAuthority said:
Hidden Warrior said:
The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.

It is insecure. It's just that you are too ignorant to see the security risks, until one day some mossad agent hacks the server, gets birth date, birth time and birth location (unique in the world) of all JoS members and then all JoS members get a knock on their doors at 3am, get arrested and convicted of some made up murder "in the name of Satan" as they do it.

I think your just trying to start arguments with this. No bite.

AgainstAllAuthority said:
I have a feeling of hostility from people here despite my best attempts at trying to help them.
 
AgainstAllAuthority said:
Hidden Warrior said:
AgainstAllAuthority said:
Why not make the code public or sell offline versions?
At least for JoS members.

The code is not public because we don't want that some little jew pop up and steal all the work that was done.

How can you distinct a true satanist from some jew even if it is a member here on the forum? The code is already accessible by HP Cobra; if he wants to share it with trusted members, I can only support this.

The javascript code is minified and codified, practices that are common in the web development. All the calls are in HTTPS, so every request that you send is encrypted, so no one in the middle can see what you are sending.

From your posts looks like you want to share the wrong idea that our site is quite insecure in the management of the requests.
It is insecure. It's just that you are too ignorant to see the security risks, until one day some mossad agent hacks the server, gets birth date, birth time and birth location (unique in the world) of all JoS members and then all JoS members get a knock on their doors at 3am, get arrested and convicted of some made up murder "in the name of Satan" as they do it.

If this doesn't scare you I don't know what will :
https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
https://en.wikipedia.org/wiki/Intel_Management_Engine#Assertions_that_ME_is_a_backdoor
https://www.youtube.com/watch?v=HNwWQ9zGT-8

It's not that your code is bad. It's that the fucking hardware is bad.
AgainstAllAuthority is correct that if the enemy really really wanted to, they could hack jos-astro and collect birth info. However, does that mean the site is insecure? Suppose you have a giant high-security boron carbide lock, is that "secure"? In most cases, yes. But not if a crook has liquid nitrogen and hydraulic cutters. Or how about the high-security computer room in the Mission Impossible movie? Was that "insecure"? The fact is, nothing is perfectly secure. Security is a relative term. It depends on the context and threat model. If you're considering everything possible, including mossad, the NSA, hardware backdoors, etc, then everything is insecure.

HOWEVER, most of these vulnerabilities are extremely difficult and costly to exploit. For instance, using a hardware backdoor risks destroying the reputation of the chip maker if it's caught in action, and makes people avoid those chips, thus limiting its usefulness in the future.

The concern here is that birth info can be used to identify a person, which supposedly makes JoS-Astro a very attractive target. However, when evaluating a security risk, isn't the low-hanging fruit the target of primary concern?

Many members log into these forums from their own IP address with no VPN or Tor protection at all. If the enemy wanted to identify Satanists, wouldn't it be far easier to just get a list from ISPs of who logs onto Ancient-Forums regularly? Why would they hack jos-astro when this is an option? And if they wanted to find specific members like me or you, who are careful and using Tor/VPN, it is hard because birth info does not say which member it belongs to. Of course, if they were looking for a few specific members, then they could also use those hardware backdoors on everybody's personal computer including yours, and only have it phone home if it finds the target.

Unless most JoS members start using top-notch anonymity measures, worrying about JoS-Astro is getting into the realm of "too paranoid". JoS-Astro is as secured as any other website that is called secure, like Amazon.com or PayPal.com, etc.
 
Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
AgainstAllAuthority is correct that if the enemy really really wanted to, they could hack jos-astro and collect birth info. However, does that mean the site is insecure? Suppose you have a giant high-security boron carbide lock, is that "secure"? In most cases, yes. But not if a crook has liquid nitrogen and hydraulic cutters. Or how about the high-security computer room in the Mission Impossible movie? Was that "insecure"? The fact is, nothing is perfectly secure. Security is a relative term. It depends on the context and threat model. If you're considering everything possible, including mossad, the NSA, hardware backdoors, etc, then everything is insecure.

HOWEVER, most of these vulnerabilities are extremely difficult and costly to exploit. For instance, using a hardware backdoor risks destroying the reputation of the chip maker if it's caught in action, and makes people avoid those chips, thus limiting its usefulness in the future.

Looks like you didn't read the wikipedia article I posted. If you had, you'd know that the hardware backdoors that they put into every intel and amd chip have unpatched vulnerabilities in them. The reputation of intel and amd is already destroyed. Plus, wtf is a hardware backdoor doing in there?
People should be switching to IBM's openpower which is much more powerful and has no backdoors. Less powerful but much more efficient options are risc-v and arm architecture.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
it is hard because birth info does not say which member it belongs to.
It does. Birth information is unique in the world.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
Of course, if they were looking for a few specific members, then they could also use those hardware backdoors on everybody's personal computer including yours, and only have it phone home if it finds the target.
I've disabled mine thanks to libreboot.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
Unless most JoS members start using top-notch anonymity measures, worrying about JoS-Astro is getting into the realm of "too paranoid". JoS-Astro is as secured as any other website that is called secure, like Amazon.com or PayPal.com, etc.
They better start using those top-notch anonymity measures or they'll never achieve any meaningful amount of power otherwise. Without power it's going to be impossible to change the world. If people here are not interested in gaining power (thanks to xian brainwashing) then it's all for nothing from my perspective and I should be investing my time and resources elsewhere.
 
AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
AgainstAllAuthority is correct that if the enemy really really wanted to, they could hack jos-astro and collect birth info. However, does that mean the site is insecure? Suppose you have a giant high-security boron carbide lock, is that "secure"? In most cases, yes. But not if a crook has liquid nitrogen and hydraulic cutters. Or how about the high-security computer room in the Mission Impossible movie? Was that "insecure"? The fact is, nothing is perfectly secure. Security is a relative term. It depends on the context and threat model. If you're considering everything possible, including mossad, the NSA, hardware backdoors, etc, then everything is insecure.

HOWEVER, most of these vulnerabilities are extremely difficult and costly to exploit. For instance, using a hardware backdoor risks destroying the reputation of the chip maker if it's caught in action, and makes people avoid those chips, thus limiting its usefulness in the future.

[1.] Looks like you didn't read the wikipedia article I posted. If you had, you'd know that the hardware backdoors that they put into every intel and amd chip have unpatched vulnerabilities in them. The reputation of intel and amd is already destroyed. Plus, wtf is a hardware backdoor doing in there?
People should be switching to IBM's openpower which is much more powerful and has no backdoors. Less powerful but much more efficient options are risc-v and arm architecture.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
it is hard because birth info does not say which member it belongs to.
[2.] It does. Birth information is unique in the world.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
Of course, if they were looking for a few specific members, then they could also use those hardware backdoors on everybody's personal computer including yours, and only have it phone home if it finds the target.
[3.] I've disabled mine thanks to libreboot.

Soaring Eagle 666 [JG said:
" post_id=335337 time=1647567117 user_id=346]
Unless most JoS members start using top-notch anonymity measures, worrying about JoS-Astro is getting into the realm of "too paranoid". JoS-Astro is as secured as any other website that is called secure, like Amazon.com or PayPal.com, etc.
[4.] They better start using those top-notch anonymity measures or they'll never achieve any meaningful amount of power otherwise. Without power it's going to be impossible to change the world. If people here are not interested in gaining power (thanks to xian brainwashing) then it's all for nothing from my perspective and I should be investing my time and resources elsewhere.
[1.] I did read it, and I had actually known about the Intel ME for years after stumbling across it while experimenting with x86 code. Yes, it has vulnerabilities, but so does everybody's software and hardware. However, it does not have a known backdoor; it's just likely. That gives people a little sense of hope (however misguided) that can dissuade people from switching to alternatives.

[2.] I'm talking about connecting a person's birth info with a name here on the forums. Birth info would only tell you that so-and-so used JoS-Astro, but not that so-and-so is [name] member.

[3.] That's a good precaution. Of course, if I were putting a backdoor into a computer chip, I would make it non-removable. There are other parts of the processor it can be hidden in, like the TEE. The bottom line is, most of the chips in our computers probably have multiple backdoors from various companies and governments.

[4.] I agree that anonymity is important. But the Joy of Satan is succeeding, no matter what. There will come a time when everyone on this planet knows about the Joy of Satan. And Satan does protect his followers. Not everybody is comfortable using computers and some people's situations make anonymity very difficult. We must do our best, and trust Satan to do the rest. HPS Maxine doesn't worry much about anonymity, and she has received many enemy attacks, and Satan has protected her each and every time. And she has achieved a very meaningful amount of power.

I agree with you that JoS-Astro would be more secure offline, but I don't think the risk of using it online is as bad as you say.
 
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[1.] I did read it, and I had actually known about the Intel ME for years after stumbling across it while experimenting with x86 code. Yes, it has vulnerabilities, but so does everybody's software and hardware. However, it does not have a known backdoor; it's just likely. That gives people a little sense of hope (however misguided) that can dissuade people from switching to alternatives.
It's certainly not the first time that the government tried to incorporate spying into people's computers. https://en.wikipedia.org/wiki/Clipper_chip
If it wasn't a backdoor, there wouldn't be a special switch made only for the government which can disable the chip in question. The special bit is called "High Assurance Platform" mode. If it was a good thing, why would the government want to deactivate it on their computers?

Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[2.] I'm talking about connecting a person's birth info with a name here on the forums. Birth info would only tell you that so-and-so used JoS-Astro, but not that so-and-so is [name] member.
Of course but they don't need to. Once you are identified as a potential threat you are done.

Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[3.] That's a good precaution. Of course, if I were putting a backdoor into a computer chip, I would make it non-removable. There are other parts of the processor it can be hidden in, like the TEE. The bottom line is, most of the chips in our computers probably have multiple backdoors from various companies and governments.
I'm sure that there are backdoors in the other chips as well. However, as long as the CPU has IOMMU, then those other chips can't read your RAM and thus you can safely perform cryptography.
A good alternative would be to switch to FPGA and upload a CPU to it. Then you are sure that it's really doing what it's supposed to be doing.

Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[4.] I agree that anonymity is important. But the Joy of Satan is succeeding, no matter what. There will come a time when everyone on this planet knows about the Joy of Satan. And Satan does protect his followers. Not everybody is comfortable using computers and some people's situations make anonymity very difficult. We must do our best, and trust Satan to do the rest. HPS Maxine doesn't worry much about anonymity, and she has received many enemy attacks, and Satan has protected her each and every time. And she has achieved a very meaningful amount of power.
My argument is that as JoS gets more and more powerful, the attacks will get more and more intense. Just because it's succeeding today, doesn't mean that it will keep succeeding in the future (if nothing changes).

Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
I agree with you that JoS-Astro would be more secure offline, but I don't think the risk of using it online is as bad as you say.

It's not just hardware threats, there's also the problem of the SSL certificate. I'm sure that the bad boys have access to any CA's private keys and can sign any certificate they want. That allows them to do MitM. At the start of the month the SSL certificate changed and nothing was said about the change. How was I supposed to know that it was not malicious?

Third problem is the physical security. Where is the server hosted? If it's at a third party then there is no security. If you are hosting it, how secure is the server? Is it being monitored? What happens during a physical breach? Are there other people that have physical access to it?

Fourth problem are the binaries that run on the machine. Have you compiled them all yourself?

Computer security is about trusting the least amount of people possible. I'm not in the business of trusting others. I'm in the business of assuming that everything is potentially malicious. Otherwise it'd be out of business.
 
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]...

I talked about FPGA in my previous post. Now I'm thinking, what if the FPGA is backdoored? I'm getting into super paranoid zone now.

In that case one would have to use multiple FPGA's from different manufacturers. Have one FPGA handle the RAM and another one handle instructions. Maybe put a third FPGA in between the other two. Maybe have a fourth FPGA only for performing cryptography.

What if they are all backdoored in the same way and can communicate between eachother on every pin?

I guess there's no other solution than to build a computer out of transistors yourself...
Looks like some people are already working on it.
https://www.youtube.com/watch?v=HyznrdDSSGM&list=PLowKtXNTBypGqImE405J2565dvjafglHU
 
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]...

Answer me this: why take the risk if it can be avoided? What's the rationale?
Would you send me your birth information? Do you trust me? Why should I trust you if you don't trust me?
 
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]...

I got it. You are just trying to defend the indefensible to spite me. We can go on arguing forever at this point. You know that you lost the argument and there's absolutely no valid reason to not offer jos-astro offline, other than to save face. The authority said that it's fine and so it must be fine.
 
I can offer help with cybersecurity (which is me telling you when something sucks and has to be fixed). If that's taken as a challenge to the authority because authority always does things perfect, then I can't help you. I've done my part for Satan.
 
AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[1.] I did read it, and I had actually known about the Intel ME for years after stumbling across it while experimenting with x86 code. Yes, it has vulnerabilities, but so does everybody's software and hardware. However, it does not have a known backdoor; it's just likely. That gives people a little sense of hope (however misguided) that can dissuade people from switching to alternatives.
It's certainly not the first time that the government tried to incorporate spying into people's computers. https://en.wikipedia.org/wiki/Clipper_chip
If it wasn't a backdoor, there wouldn't be a special switch made only for the government which can disable the chip in question. The special bit is called "High Assurance Platform" mode. If it was a good thing, why would the government want to deactivate it on their computers?
One valid reason is to reduce the attack surface. As we've both stated, the Intel ME has known vulnerabilities. Disabling unnecessary code is good practice when security is crucial. However, you are right that it does look suspicious in this case.

AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
[2.] I'm talking about connecting a person's birth info with a name here on the forums. Birth info would only tell you that so-and-so used JoS-Astro, but not that so-and-so is [name] member.
Of course but they don't need to. Once you are identified as a potential threat you are done.

Soaring Eagle 666 [JG said:
" post_id=335637 time=1647637232 user_id=346]
I agree with you that JoS-Astro would be more secure offline, but I don't think the risk of using it online is as bad as you say.

It's not just hardware threats, there's also the problem of the SSL certificate. I'm sure that the bad boys have access to any CA's private keys and can sign any certificate they want. That allows them to do MitM. At the start of the month the SSL certificate changed and nothing was said about the change. How was I supposed to know that it was not malicious?

Third problem is the physical security. Where is the server hosted? If it's at a third party then there is no security. If you are hosting it, how secure is the server? Is it being monitored? What happens during a physical breach? Are there other people that have physical access to it?

Fourth problem are the binaries that run on the machine. Have you compiled them all yourself?

Computer security is about trusting the least amount of people possible. I'm not in the business of trusting others. I'm in the business of assuming that everything is potentially malicious. Otherwise it'd be out of business.

Answer me this: why take the risk if it can be avoided? What's the rationale?
Would you send me your birth information? Do you trust me? Why should I trust you if you don't trust me?
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline. It's a question of risk vs. reward, and that is hard to quantify. In order for there to be a hack, you need a villain with an exploit, and there's a probability of occurrence associated with that. You believe that probability is much higher than I do. Given the same facts, two people can arrive at two different valid conclusions, and only time will tell the correct answer.

AgainstAllAuthority said:
I got it. You are just trying to defend the indefensible to spite me. We can go on arguing forever at this point. You know that you lost the argument and there's absolutely no valid reason to not offer jos-astro offline, other than to save face. The authority said that it's fine and so it must be fine.

I can offer help with cybersecurity (which is me telling you when something sucks and has to be fixed). If that's taken as a challenge to the authority because authority always does things perfect, then I can't help you. I've done my part for Satan.
This is not about challenging anyone's authority. It's a debate of how risky it is to use JoS-Astro online. My personal point of view does not side with you or the authority. If I had written JoS-Astro, I would make it available offline for convenience, but I also don't believe it's risky to use online.

You have been helpful, and I am not trying to spite you. We've both listed many important facts and voiced our opinions. That is valuable information for everyone, even if nobody agrees with either of us!
 
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.
The site is free to use. It doesn't require a subscription. It doesn't generate revenue. Nothing is lost if a jew makes a trillion copies of it.
That rationale doesn't make any sense to me.
 
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.

It is a test of faith? The emperor makes up an evident lie to test the faith of his followers. Is that what it's all about? Those that refuse the lie must be against the emperor and eliminated. That's how communism and dictatorships operate.
https://templeofzagan.org/2018/03/02/to-call-a-deer-a-horse/

I think that such exercise is foolish. Putting everyone's lives at risk, however small you think that risk is, for some unfounded fear or some test of faith, is just crazy.
 
AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.

It is a test of faith? The emperor makes up an evident lie to test the faith of his followers. Is that what it's all about? Those that refuse the lie must be against the emperor and eliminated. That's how communism and dictatorships operate.
https://templeofzagan.org/2018/03/02/to-call-a-deer-a-horse/

I think that such exercise is foolish. Putting everyone's lives at risk, however small you think that risk is, for some unfounded fear or some test of faith, is just crazy.

Most of your posts constitute rather a paranoia and a need for others to appeal for this paranoia, than reasonable complaints. Basically, this might be what very advanced cybersecurity leads to. I know most people in this space who are in the top tier, are not in particularly feeling well over the things they know. One needs to manage these fears.

What if this or that goes in and does that, past a point, that constitutes only paranoia and is a theoretical security complaint, not a really dangerous one.

You can keep ranting all around the city about a potential comet that might fall, that has a 0,001% chance of falling, but that does not necessarily constitute a service, since the likelihood is very low.

This paranoia clothes itself in that it's "for safety", but one can argue all day that no digital appliance is ever safe. Throw any computer you have outside. We are as a "populace" about 15 years behind in technology, since the 70's. If you believe that if certain organizations turn their eye on you, they cannot see you, then this is the product of delusion.

You also don't seem to understand how due process takes place, ie, maybe one could watch something [the theoretical comet coming scenario], but for the actual things to take place are impossible to do. Wouldn't like to go to details here, but I think you can understand the underlying meaning here.

It appears also your extremely high understanding of cybersecurity has alerted you to certain things that might be implausible or low likelihood, yet, might look bigger as theoretical dangers than real ones. One cannot live by addressing theoretical dangers as explicit real dangers. Not sure if I cohesively explained my point here.
 
HP. Hoodedcobra666 said:
AgainstAllAuthority said:
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.

It is a test of faith? The emperor makes up an evident lie to test the faith of his followers. Is that what it's all about? Those that refuse the lie must be against the emperor and eliminated. That's how communism and dictatorships operate.
https://templeofzagan.org/2018/03/02/to-call-a-deer-a-horse/

I think that such exercise is foolish. Putting everyone's lives at risk, however small you think that risk is, for some unfounded fear or some test of faith, is just crazy.

Most of your posts constitute rather a paranoia and a need for others to appeal for this paranoia, than reasonable complaints. What if this or that goes in and does that, past a point, that constitutes only paranoia and is a theoretical security complaint, not a really dangerous one.

You can keep ranting all around the city about a potential comet that might fall, that has a 0,001% chance of falling, but that does not necessarily constitute a service, since the likelihood is very low.

This paranoia clothes itself in that it's "for safety", but one can argue all day that no digital appliance is ever safe. Throw any computer you have outside. We are as a "populace" about 15 years behind in technology, since the 70's. If you believe that if certain organizations turn their eye on you, they cannot see you, then this is the product of delusion.

You also don't seem to understand how due process takes place, ie, maybe one could watch something [the theoretical comet coming scenario], but for the actual things to take place are impossible to do. Wouldn't like to go to details here, but I think you can understand the underlying meaning here.

It appears also your extremely high understanding of cybersecurity has alerted you to certain things that might be implausible or low likelihood, yet, might look bigger as theoretical dangers than real ones. One cannot live by addressing theoretical dangers as explicit real dangers. Not sure if I cohesively explained my point here.

Going up to the emperor and telling him that he's wrong, that the risk is higher than he thinks it is, puts me at great risk of retribution. That constitutes a great service from my point of view.
 
AgainstAllAuthority said:
HP. Hoodedcobra666 said:
AgainstAllAuthority said:
It is a test of faith? The emperor makes up an evident lie to test the faith of his followers. Is that what it's all about? Those that refuse the lie must be against the emperor and eliminated. That's how communism and dictatorships operate.
https://templeofzagan.org/2018/03/02/to-call-a-deer-a-horse/

I think that such exercise is foolish. Putting everyone's lives at risk, however small you think that risk is, for some unfounded fear or some test of faith, is just crazy.

Most of your posts constitute rather a paranoia and a need for others to appeal for this paranoia, than reasonable complaints. What if this or that goes in and does that, past a point, that constitutes only paranoia and is a theoretical security complaint, not a really dangerous one.

You can keep ranting all around the city about a potential comet that might fall, that has a 0,001% chance of falling, but that does not necessarily constitute a service, since the likelihood is very low.

This paranoia clothes itself in that it's "for safety", but one can argue all day that no digital appliance is ever safe. Throw any computer you have outside. We are as a "populace" about 15 years behind in technology, since the 70's. If you believe that if certain organizations turn their eye on you, they cannot see you, then this is the product of delusion.

You also don't seem to understand how due process takes place, ie, maybe one could watch something [the theoretical comet coming scenario], but for the actual things to take place are impossible to do. Wouldn't like to go to details here, but I think you can understand the underlying meaning here.

It appears also your extremely high understanding of cybersecurity has alerted you to certain things that might be implausible or low likelihood, yet, might look bigger as theoretical dangers than real ones. One cannot live by addressing theoretical dangers as explicit real dangers. Not sure if I cohesively explained my point here.

Going up to the emperor and telling him that he's wrong, that the risk is higher than he thinks it is, puts me at great risk of retribution. That constitutes a great service from my point of view.

There is no retribution nor anyone seeks anything negative out of you, nor Soaring or anyone. I am glad I read all these responses to understand these potentialities, even if very distant.
 
HP. Hoodedcobra666 said:
AgainstAllAuthority said:
HP. Hoodedcobra666 said:
Most of your posts constitute rather a paranoia and a need for others to appeal for this paranoia, than reasonable complaints. What if this or that goes in and does that, past a point, that constitutes only paranoia and is a theoretical security complaint, not a really dangerous one.

You can keep ranting all around the city about a potential comet that might fall, that has a 0,001% chance of falling, but that does not necessarily constitute a service, since the likelihood is very low.

This paranoia clothes itself in that it's "for safety", but one can argue all day that no digital appliance is ever safe. Throw any computer you have outside. We are as a "populace" about 15 years behind in technology, since the 70's. If you believe that if certain organizations turn their eye on you, they cannot see you, then this is the product of delusion.

You also don't seem to understand how due process takes place, ie, maybe one could watch something [the theoretical comet coming scenario], but for the actual things to take place are impossible to do. Wouldn't like to go to details here, but I think you can understand the underlying meaning here.

It appears also your extremely high understanding of cybersecurity has alerted you to certain things that might be implausible or low likelihood, yet, might look bigger as theoretical dangers than real ones. One cannot live by addressing theoretical dangers as explicit real dangers. Not sure if I cohesively explained my point here.

Going up to the emperor and telling him that he's wrong, that the risk is higher than he thinks it is, puts me at great risk of retribution. That constitutes a great service from my point of view.

There is no retribution nor anyone seeks anything negative out of you, nor Soaring or anyone. I am glad I read all these responses to understand these potentialities, even if very distant.

Then everything's good. Please HPHC understand that I'm not your enemy. I'm not here to take your place as I have enough responsibilities to manage already.
I guess you have good reasons to not make jos-astro's code public and I won't go against that, as long as I'm certain that you understand the risks.
 
I will write quickly just a few lines, to conclude what I have to say on my side.

As an answer to the OP, I think that the warning is due to your browser, trying to protect you from possible fake sites(in this case, astro.com is seen as the trustier one). Does it appear also from other browsers? Or from Desktop versions? Anyway I think that we cannot do much from our side.

On the project: I did the project as an online website because nowadays everything is on the web, and people are more reluctant (even lazy) to install applications rather than just visiting a website. The website has more impact than just making people install it, it creates more visibility.
Another point is that I know these technologies, so it was more easy to me to do it in this way, because I did it in my free time.

I appreciate all the points you have brought forward, but if the problem is the hardware, as you said, than you should just build your own machine, chips, and so on. Even in this way it is useless, because you would have a secure machine, but all the others no.

I don't preclude the possibility of an offline version. I look forward to it. But these things need time.
 
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.

AgainstAllAuthority said:
The site is free to use. It doesn't require a subscription. It doesn't generate revenue. Nothing is lost if a jew makes a trillion copies of it.
That rationale doesn't make any sense to me.
I am wondering where you two got all your knowledge from. This discussion is beyond me but I am wondering, if there is a real danger in putting birth date and place in the JoS Astro because there is a risk of it to be hacked, and converting it into an offline version that doesn't store this information on an online website (therefore potential prey to hackers) will prove to be a safer option, is there anything the jews can do with the offline version if is made available? They can indeed steal the code and manipulate it but what good for since the official offline version will only be advertised through JoS forum and websites?
Also considering the number of times the forums and websites have been attacked and taken down, the risk of JoS Astro to be attacked does exist although I wouldn't be able to tell how big this risk is, since this mostly was the main reason behind the discussion here. The forums and the previous ones have also been attacked many times before but never private information like passwords were obtained by the attackers (if they obtained them I assume they would have used them somehow).
 
The Alchemist7 said:
Soaring Eagle 666 [JG said:
" post_id=335773 time=1647673355 user_id=346]
The rationale is simply that the JoS believes it's more important to keep the website from being stolen and copied by jews than to provide it offline.

AgainstAllAuthority said:
The site is free to use. It doesn't require a subscription. It doesn't generate revenue. Nothing is lost if a jew makes a trillion copies of it.
That rationale doesn't make any sense to me.
I am wondering where you two got all your knowledge from. This discussion is beyond me but I am wondering, if there is a real danger in putting birth date and place in the JoS Astro because there is a risk of it to be hacked, and converting it into an offline version that doesn't store this information on an online website (therefore potential prey to hackers) will prove to be a safer option, is there anything the jews can do with the offline version if is made available? They can indeed steal the code and manipulate it but what good for since the official offline version will only be advertised through JoS forum and websites?
Also considering the number of times the forums and websites have been attacked and taken down, the risk of JoS Astro to be attacked does exist although I wouldn't be able to tell how big this risk is, since this mostly was the main reason behind the discussion here. The forums and the previous ones have also been attacked many times before but never private information like passwords were obtained by the attackers (if they obtained them I assume they would have used them somehow).
I agree, it would be nice if JoS-Astro was available offline. Especially given the past track record with JoS websites. Availability can be a real issue.

Whether or not using it online is a security risk is debatable, as you can see from this discussion. However, it is true that any risk that exists would be lower offline.

I don't know the exact reasons behind their decision to keep the code private. However, I do know the feeling of writing something really good, then putting the code out there, and watching somebody steal the code, make a few changes and call it their own. That hurts. But it makes me happy when others benefit from my code, so I still make my code public anyway. However, if the programmer(s) of JoS-Astro feel otherwise, that's their right, and we should be grateful they at least made it available online, rather than keeping it totally private.

---------

P.S. I got most of my knowledge from experimenting with computers for fun, and taking CS classes. I've always enjoyed computers and technology for as long as I can remember! I would bet that AgainstAllAuthority has a similar backstory involving a lot of reading and experimenting in his free time. That's what it takes to get such extreme knowledge of a subject. You really have to enjoy it!
 

Al Jilwah: Chapter IV

"It is my desire that all my followers unite in a bond of unity, lest those who are without prevail against them." - Satan

Back
Top