Basic tech facts a layman must know - Because we're stupid

Rabidcolombian

kiwifarms.net
Fuck reddit, but this answer to a question in a "Hackers of reddit what are some cool/scary things about our technology that aren't necessarily public knowledge?" thread really got me thinking. Second paragraph more so.

Screenshot_2019-11-07-06-18-57-1.png


Source

It got me to realize that I really don't know anything about tech. What is TPC, what's an OS model, fuck if I know. For exceptional individuals like myself, please explain (in baby terms because we're stupid) basic info about tech laymen SHOULD know.
 

Horrors of the Deep

kiwifarms.net
If you want a horror story, there's a chip on motherboards (in case of AMD it's PSP and in case of Intel it's IME) that, if hacked, allows invisible persistent control over your PC or laptop. These are used for remote administration when your server far away isn't starting so you need to connect to the box without OS. Oh, and there's no way to detect if that thing is hacked or misused.


When people show a terminal in trailers it's almost always something funny. I vividly remember watch dogs 2 trailer where "hacker" characters had a terminal open where they did `sudo apt-get install` (which is a basic application installation command for ubuntu) and then `rm profile`. Which would mean that their hacking is installing minesweeper on their computer and then deleting a file (from their own computer).


As for some basic knowledge, your PC consists of several things. Firmware, BIOS, UEFI is how your hardware works. Then comes in your OS Kernel - a thing that allocates your hardware resources to different tasks. Then there's a bootloader/partition table - a way for computer to tell where and how your files are stored and where your system is located. Drivers provide a way for applications to use hardware to its full potential. Then there are services and daemons - small programs that always run on the background, they will notify you if your disk space runs out for example. Then there's root/administrator level - a way for user layer programs to have full access to protected stuff on your PC. Then there's user level - programs run in a (theoretically) safe environment with restrictions that don't allow them to do a lot of damage.


If you're interested in being a cool kid, I'd recommend installing virtualbox and ubuntu on it (think of it like a fake computer in a file). Play around with terminal, read some bash tutorials - it'll be fun.
 

Never Scored

kiwifarms.net
First thing you should know. There are a lot of people who claim to be tech experts and make a living at it who don't know shit. They just know enough to fool you because you don't know shit. I'm just a hobbyist who likes to fix old electronics and try out different OSes and set up servers on my home network and whatnot for fun, and even I know more than these fuckers. They're like a French teacher who only seems like they know French because they're staying one lesson ahead of the student.

A company owned by some friends was using this egghead 50 year old IT guy who just throws meaningless word salad at people when they disagreed with him on something. They needed remote access to some accounting software because the nature of their business required them to work remotely a lot. So egghead sets up a Windows RDP server. They call me one day because among my friends I'm the "computer guy" even though I don't really know all that much. Their server was running slowly, egghead was on holidays and they were wondering if I could get them out of a jam. I looked at the event log and the computer was getting hammered by 60,000 failed login attempts a day. When egghead set it up, he changeed the port, forwarded the port on the router and called it a day. No lockout after a number of failed login attempts. He didn't hide it behind a VPN. He didn't even change the rules in Windows Firewall, he just straight up turned windows firewall off. Most of the login attempts were admin and administrator, but a cursory read through seem to reveal that they did somehow have actual usernames, so there was a chance that someone would eventually get in a be able to obtain all the banking information, employee addresses and social insurance numbers, everything. I turned off port forwarding, flattened the server and reinstalled windows, set up RDP, changed the port, set up new usernames and passwords, set up a ten minute lock after three failed login attempts, set up a VPN on a raspberry pi and forwarded the port on the router to that instead, so now they have to connect to the VPN and input a password to log into the RDP server. The whole time egghead was insisting everything was A-OK because he had a Cisco certificate or some shit.

Second thing you should know. The email accounts provided by ISPs, at least in my area, are a security nightmare. They charge you $6 a month, register a domain for you, and provide you with basic pop/imap/smtp access but none of it in encrypted and the only security on the outgoing mail server is the fact that it's locked to the ISPs network. One of the friends at the same company asked me why he couldn't send messages when he was out of the province. I took a look at his account settings Bell had provided him with and saw mail incoming over a pop connection through port 110(unencrypted). I tried switching to port 995. Didn't work. I called Bell. They told me encryption was not available. They told me they had no international outgoing mail servers. They recommended using their terrible webclient. I showed my friend how anyone with a connection to the Bell network could send an email from his domain by sending an email from mrt@companydomain.ca through Windows Powershell and he understood the obvious security concerns all this entailed. We ended up transferring the domain to Gandi and just using Gandi's mail service and the actually ended paying nearly the same amount on an annual basis.

So anyway, I'm pretty sure this is how someone got their RDP usernames. They travel a lot and egghead had sent them their login details through email. They probably connected to a fake wifi Network at a big airport or something, though through some miracle it seems like they didn't get the passwords. We'll see if someone end up with a bunch of credit cards in their name.

That was a bit long winded but here's what you should take away:

1) If you don't know a lot about computers, don't trust someone just because they know more than you. They could still be dumb, just not as dumb as you.

2) ISPs provide shitty email service and you shouldn't buy them for your business, get them somewhere else.

3) Never do anything that's unencrypted on a public network. Most websites are encrypted through HTTPs nowadays, but it seems a lot of small businesses are still using unencrypted email. If you're not sure if what you're doing is encrypted, don't connect to a public network.
 
Last edited:

AmpleApricots

kiwifarms.net
If you want a horror story, there's a chip on motherboards (in case of AMD it's PSP and in case of Intel it's IME) that, if hacked, allows invisible persistent control over your PC or laptop. These are used for remote administration when your server far away isn't starting so you need to connect to the box without OS. Oh, and there's no way to detect if that thing is hacked or misused.
It goes even farther than this. Intel's mangement engine runs it's own OS (in newer versions minix, or "mini-Unix") and has full access to everything your PC does and "knows" at all time. It also has network access completely transparent to the OS you are running. (means your OS has no influence over it, it isn't even aware of it) Oh intel also fiercely attacks anyone legalistically that tries to publish any reverse-engineering on it. You cannot turn it off. Also, if you try to sabotage it into not-running, it makes the computer useless by rebooting it every half hour and things like that. Some people were successful to some degree anyways on older versions and managed to sabotage this OS into infinite boot-loops and such. You can search for me_cleaner. I didn't keep up because I don't have intel hardware anymore. AMDs PSP at least claims to be able to be turned off. AMD still rejects open-sourcing it. In engines of both companies security exploits have been found.

Another security researcher found a non-documented flag on an older VIA chip not too long ago that basically gave you full Ring 0 access to the machine from whatever process. This was just something he found in the first random machine he picked off the shelf he knew nothing about. It took him quite a bit of work to find it, such things are not easy to find if they are there. To be fair this was probably not so much malice as dumbness of some BIOS programmers, still it shows how incredibly complex and in-transparent modern computers have become, and that chip was from the early 00s. It hasn't gotten better, exactly. You basically don't really know what your computer/smartphone/tablet does, even if you have full control over the OS. Computers are complete black-boxes only a handful of contract-gagged people really know the internals of. If anyone ever wonders what the fuss about "open hardware" is, this is why.
 
Last edited:

MrTickles

Ducking Fegenerate
kiwifarms.net
99.9999% of people don't know shit about tech, the devices they use every day might as well be magic blocks of wizardry. So that makes even the most mentally crippled basement dweller on this forum part of a tiny global elite. Let that sink in. Yep, humanity is doomed.

Unless...we promote social harmony, technocratic tradition and a strong central ruling elite drawn from the finest STEM graduates; steering far away from democracy/tyranny of the unwashed masses and their ruinous pursuit of neoliberal arts.
 

Horrors of the Deep

kiwifarms.net
Guess, I'll put some quick tips here:

- Incognito mode is not private at all. All it does is stops saving your pages in history of your browser.
- Check if your ISP provides you a DNS service. If it does, then your internet history can be tracked. Consider switching to Cloudflare's 1.1.1.1 DNS over HTTPS service (search on your own for more info)
- Chrome by default shares almost everything you do with Google. Consider switching to Chromium (this is the browser Chrome is made with) if you can't stand Firefox. Go into settings and turn off all recommendations and all the services that look like they're sending information somewhere.
- Antivirus software is laughably shitty in general. Don't think you're fully protected just because you installed that shit on your PC.
- Never EVER buy "smart" salt shaker or "smart" fridge or "smart" TV. That shit is extremely easy to hack and extremely easy to turn against you. PC and phone is nightmare enough. If you're in the need of smart TV, just buy a screen panel and connect it to Raspberry PI. You'll have a small computer you fully control.
- Look into things like elementaryOS if you're a fan of Apple or Kubuntu if you're a fan of Windows. Both are providing very sleek desktop experience and better protection in general.
 

xr95

pEoPlE aRe DyInG!
kiwifarms.net
99.9999% of people don't know shit about tech, the devices they use every day might as well be magic blocks of wizardry. So that makes even the most mentally crippled basement dweller on this forum part of a tiny global elite. Let that sink in. Yep, humanity is doomed.

Unless...we promote social harmony, technocratic tradition and a strong central ruling elite drawn from the finest STEM graduates; steering far away from democracy/tyranny of the unwashed masses and their ruinous pursuit of neoliberal arts.
But I make money being a wizard
 
  • Informative
Reactions: IAmNotAlpharius

Never Scored

kiwifarms.net
- Chrome by default shares almost everything you do with Google. Consider switching to Chromium (this is the browser Chrome is made with) if you can't stand Firefox. Go into settings and turn off all recommendations and all the services that look like they're sending information somewhere.
Or you can use Lynx in a terminal like a true tech chad.
 

Kiislova

Mostly non degenerate furfag
kiwifarms.net
Computers are dumb. Really dumb. They cannot do anything magical, we (programmers) just became very good at faking it.

Complicated things for humans can be easy for computers, simple things for humans can be impossible for computers. So PLEASE don't presume something will be easy to program.

The internet will never be as free (in freedom) as it was in the late 90s early 2000s.

You are being monitored, luckily for you, you are some irrelevant rando buried among other irrelevant randos, so you don't need to worry much yet...
 

AmpleApricots

kiwifarms.net
Check if your ISP provides you a DNS service. If it does, then your internet history can be tracked. Consider switching to Cloudflare's 1.1.1.1 DNS over HTTPS service (search on your own for more info)
I'm not sure about this. As long as you use your internet connection without VPN or Tor or such your ISP can see what you're accessing anyways, if the ISP gets your DNS requests or not on top of that doesn't really matter much if they're tracking you. DNS-over-HTTPS doesn't solve this. When you're in a country with reasonable privacy laws and your ISP isn't huge, there's actually less a chance that this data gets abused. It's not ideal, but it's not the end of your privacy either. Putting everything on the back of Cloudfare means there's just one company any government needs to tap into and lol if you think Cloudfare cares about protecting your data. If you're non-US also consider that in the US (the jurisdiction Cloudfare is in) it's perfectly legal for specific government agencies to tap into such services and they might share data with your government. It might not be legal to do the same with your provider in your country without explicit cause targeting a specific person. Also think about why they offer a free DNS service to begin with. I'm not really seeing the necessity for DNS-over-HTTPS really, seeing what is requested is something you can't really hide from your ISP like that anyways and any possible authentication fuckery is already taken care of with TLS. It just seems to make everything a lot more complicated with nebulous advantages and that's never a net positive for security. In situations where DNS-over-HTTPS makes sense (e.g.living in a horribly opressed country that watches DNS requests, being on a network with devices you don't trust etc.) it'd probably be smart to use a VPN anyways.
 
  • Like
Reactions: Yotsubaaa

c-no

Duck
True & Honest Fan
kiwifarms.net
99.9999% of people don't know shit about tech, the devices they use every day might as well be magic blocks of wizardry. So that makes even the most mentally crippled basement dweller on this forum part of a tiny global elite. Let that sink in. Yep, humanity is doomed.
On the bright side with that, even the dumbest fuck among Kiwis in this board gets to have fun with that power.

You are being monitored, luckily for you, you are some irrelevant rando buried among other irrelevant randos, so you don't need to worry much yet...
It's a basic tech fact everyone should know. Sure some government suit would know of whatever deviant shit you jack off too but in all honesty, he's seen it from millions of others he autistically cyberstalks to see if they had some link to a group like ISIS. Until someone manages to push some law to monitor thought crimes and arrest someone for simply using a certain word, there isn't much to fear yet.
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino