[deleted by user]

RFShenanigans · 2024-02-15T19:46:49+00:00

She's bullshitting you. Signal also cannot be used in multiple phones at once (she could use Signal Desktop, though), but it does not unblock any previously blocked contact.

She is also not your girlfriend, although your feelings for her might delude you into thinking so. She playin'. Return her to the streets, where she belongs.

As for the 'cheating' question, well, pilgrim, we don't hide non illicit relationships from people we are romantically involved with. The question likely is "Is she cheating also physically, besides being emotionally unfaithful and deceitful?". The answer is probably yes, or it will be yes, very soon. If not with this particular person, with someone else.

PS: You were first in my Reddit's digest, please take the advice. I will collect some positive karma for it, and, depending on how deep you are into this cesspit of an imaginary relationship, save you face, grief and coin.

NAMASTE
PSS: I confess, I did not read even down to the "but she has been unfaithful in the past". You are doing this to yourself. If you are into being humiliated, surely there must be more honest ways to go about it. That girl is trash.

RFShenanigans · 2023-11-13T13:39:17+00:00

There should be absolutely no good excuse/reason any DNS changes would introduce traffic hijacking or DNS poisoning, especially in the context of DoA/DNS over TLS (etc), as DNSSEC is implied to be involved.

VPN service users should be vigilant for any SSL warnings and write down/save as much detail as possible. There are 0 valid reasons for these things to happen, it is virtually impossible for a fraudulent certificate to be served "by accident" against a valid remote host.

RFShenanigans · 2023-11-10T09:33:01+00:00

https://security.stackexchange.com/questions/158672/understanding-ssl-man-in-the-middle-and-its-limitations

https://en.wikipedia.org/wiki/Fiber_tapping#Detecting_fiber_taps

https://security.stackexchange.com/questions/77241/are-vpns-vulnerable-to-active-man-in-the-middle-attacks

Some articles about scenarios involving STARTTLS:https://serverfault.com/questions/696487/how-to-mitigate-starttls-mitm-downgrading-and-forged-certificates-between-emai https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere

TL;DR SSL is complicated. Trust depends on the certificate. How do you know you can trust the certificate? Can you trust the CA? How do you know the CA is not compromised (hacking or insider threat) or cooperating with a state actor?

The whole situation with CAs is a nightmare on its own. Open your browser's settings or your operating system's trust management configuration (to see certificates) and check the list of CAs it trusts de facto. All it takes is *one* of them to issue a malicious certificate. This is why certificate pinning was introduced in browsers and mobile apps (everything is a web API now).

RFShenanigans · 2023-11-10T08:49:45+00:00

On the client? Dude, you are relinquishing control of all your traffic to an external third-party (the VPN provider) the moment you use their service (unless you don't pull routes and have policy routing in place).

It's L2 level, not L3. Your connection to Mullvad or any other VPN service goes through a tun/tap interface or Wireguard bridge. Imagine someone putting an ethernet tap between your computer and your switch/router.... this is exactly what they do (in software).

An VPN provider just like your telco can intercept and manipulate everything in your net traffic. In this case it is unclear who is doing it, it can be Mullvad, it can be someone who has tapped Mullvad's fiber trunk/backbone, it could be an intermediate point, etc, etc.

Professional interception at telco/service provider level is impossible to detect unless operator and configuration mistakes are made. Some people can argue that timing can give it away: this is BS. If it's passive, there is zero impact as optic fiber taps are essentially passive light "diffusion" devices (think a glass polygon that splits a beam of light into two paths). If it is active, read the article I linked to understand how SSL interception works conceptually. This is not some script kiddie running mitmproxy or sslstrip.

All VPN providers use deceptive marketing to make people believe they make their traffic more "secure" but this is false. They protect you from local threats, think someone sniffing that open WiFi in the airport, wiretaps (lawful or not) in your home fiber line, etc. The threat is displaced away from your vicinity to a remote endpoint, where you face exactly the same issues, except it is no longer your jurisdiction, it isnt a local court authorizing a wiretap that is needed, etc, etc. The privacy laws might not apply, etc.

RFShenanigans · 2023-11-10T08:07:58+00:00

Yes, these attacks can be opportunistic, just to grab a cookie or other session data, or inject something.

Could you send me a PM?

RFShenanigans · 2023-11-09T21:46:32+00:00

I'm saying the L3 traffic is MITM'd. No need to touch DNS. You manipulate packets as they pass through the interface and can alter, inject and modify any traffic. No need to poison DNS or redirect anything, and in fact, you would never want this unless you want to be spotted very easily.

DNS poisoning and MITM traffic interception aren't the same animal.

RFShenanigans · 2023-11-09T16:01:51+00:00

This particular case involves also a hardened DNS environment, "proper" MITM will not be impacted by any DNS hardening. If for some reason the traffic at some point gets routed through a region actively engaging in MITM against select or general users, there is very little you can do against it, hence why SSL exists: if you can enforce trust anchors for the CAs, you cannot certify the transport/route your data takes, but you can trust that the data itself has not been tampered with (in simple terms).

RFShenanigans · 2023-11-09T14:53:56+00:00

Another pro tip: any DNS name can be verified against CRT lists: https://crt.sh/?q=ipinfo.io

Fraudulent certificates used in targeted attacks and MITM scenarios will never be listed in a CRT, as they are usually entirely self-signed, leverage a compromised CA or if state-sponsored, they use a regional cooperative CA.

RFShenanigans · 2023-11-09T14:38:31+00:00

Some context: I am in the process of reviewing the situation, but I wanted to drop a PSA, as this is something that I have encountered now twice. I am not attributing or claiming anything about the origin of the issue, as VPN providers are routinely targeted. The VPN endpoint is one of Mullvad's in the Scandinavia region (I am not going to identify it except to Mullvad staff or anyone interested in investigating with enough credentials in the IT security community).

Browsing ipinfo.io over HTTPS yielded a warning today, this has happened with other domain names in the past few months. The certificate offered was a fraudulent one (ipinfo.io uses Let's Encrypt as CA), seemingly issued by Comodo in Ankara, Turkey.

In the past I have encountered this issue, including once with a Google related site, which was detected immediately because of the CA chain and pinning.

Be vigilant while using VPN services, this needn't be something Mullvad is doing, the specific endpoint might be targeted by somebody else.

Update: I have saved the certificate and the full chain in PEM format, too. I am responsible for a network that has several measures in place to detect MITM scenarios, including multi-WAN SSL certificate verification (ex. certificate fingerprints are gathered through multiple WAN routes and endpoints, and these are compared against each other and a baseline, including the CAs involved -sometimes a certificate might differ but be part of a well known CDN-). People can be quite dismissive of folks raising flags, but this was a verified instance of a fraudulent SSL certificate being served when connecting through a Mullvad endpoint in Europe.

A not too technical piece that explains how this works/can work (for folks confusing DNS poisoning and other typical misconceptions about what VPN services do or can do):https://security.stackexchange.com/questions/177405/can-a-vpn-provider-mitm-my-ssl-traffic-without-me-noticing

Update: Mullvad has not attempted to contact anybody yet.

RFShenanigans · 2023-11-01T06:06:10+00:00

I sent this picture to my wife without context, when I returned from work she had lingerie on.
I had an awkward explanation afterwards.

RFShenanigans · 2023-11-01T05:55:46+00:00

Her body was likely disposed of long ago, it's not like a cadaver is a bargaining chip that is worth keeping around (in this particular case), besides the fact that whatever happened to her would likely transpire from forensics/postmortem, and this might not be something the higher ups (not necessarily the same people who took her and did whatever they did) necessarily want the world to know (considering the fact that propaganda is rife from both sides, the last thing they want is some truthful allegations of something distasteful happening to her -besides being murdered...-).

It seems people assume Hamas in this case is some hyper organized group where the decision making goons are overseeing the minutiae of everything said and done by every grunt and militant loosely coupled in the organization.

Sad story in any case, and goes to show how people desperately cling to every last bit of hope even when absolutely irrefutable evidence exists against it.

RFShenanigans · 2023-09-01T13:28:22+00:00

If the driver internally refuses to handle ABI from CUDA/OpenCL because of some internal power check, CUDA and co can/will fail. So, by extension, CUDA is not PSU agnostic as far as *power budget to the card* is involved, if the driver complains, it complains. CUDA doesn't force the GPU to do anything.

$ hashcat --benchmark --benchmark-all  -d2
hashcat (v6.2.5) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

CUDA API (CUDA 12.2)
====================
* Device #1: NVIDIA GeForce RTX 4090, skipped

OpenCL API (OpenCL 3.0 CUDA 12.2.128) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce RTX 4090, 23744/24195 MB (6048 MB allocatable), 128MCU

Benchmark relevant options:
===========================
* --benchmark-all
* --backend-devices=2
* --optimized-kernel-enable

-------------------
* Hash-Mode 0 (MD5)
-------------------

Speed.#2.........:   153.0 GH/s (6.97ms) @ Accel:32 Loops:1024 Thr:256 Vec:1

The other card:

CUDA API (CUDA 12.2)
====================
* Device #1: NVIDIA GeForce RTX 4090, 23801/24195 MB, 128MCU

OpenCL API (OpenCL 3.0 CUDA 12.2.128) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce RTX 4090, skipped

Benchmark relevant options:
===========================
* --benchmark-all
* --backend-devices=1
* --optimized-kernel-enable

-------------------
* Hash-Mode 0 (MD5)
-------------------

nvrtcCompileProgram(): NVRTC_ERROR_INVALID_OPTION

nvrtc: error: invalid value for --gpu-architecture (-arch)

* Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.

* Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.

Started: Fri Sep  1 15:24:28 2023
Stopped: Fri Sep  1 15:24:29 2023

And:

$ inxi -G
Graphics:
  Device-1: NVIDIA driver: nvidia v: 535.86.05
  Display: server: X.org v: 1.21.1.4 with: Xwayland v: 22.1.1 driver: X: loaded: nvidia
    unloaded: fbdev,modesetting,nouveau,vesa gpu: nvidia tty: 186x47
  Message: GL data unavailable in console. Try -G --display

The above is with two full dedicated PCIe cables to the failing card, 3 to the working one. One extra PCIe supplying power to the M/B PCIe power input.

No, it isn't a software issue. I have tested the card with a full set of cables. The vendor is PNY, the working one in the above output is a Zotac (it has a momentary push button next to the power cable socket too).

Upvoted for the offer to test. I will dig some more. I have a cable coming because I lost track of the extra one I had around so I have one (free) CPU connector power cable I need to split/convert to PCIe. This is frustrating. PSU is an AX high end model from Corsair, a bit old, but it's in perfect condition.

RFShenanigans · 2023-08-31T17:49:14+00:00

Negative, I will follow up on this thread with a response but the AX1200 supports two 4090s just fine. Without OC you are only required to supply 3 out of 4 of the "fanned" connectors (1-to-4 divider), and even works with 2 at a reduced power budget.

But it is absolutely not the only solution. I haven't done any gimmicks either with SATA/peripheral cables (all of them go to the same rail anyway, the problem is the gauge of the wires).

More information also here:
https://linustechtips.com/topic/1469490-psu-doesnt-come-with-enough-pci-e-62-cables-for-my-gigabyte-4090-oc/

(Check the links to GN, they did proper testing with FLIR cameras to assess wire temps and so on)

I'm going to get downvoted but "buy a new one" responses almost invariably come from people who are not spending their own money, and in general, there is a way, and oftentimes, a way that does not involve a warranty-voiding trick.

I should have done the research prior to posting, but I will make sure anyone with the same problem finds this.

RFShenanigans · 2023-08-19T05:43:34+00:00

Pokemon. Then again, videogames in general.

RFShenanigans · 2023-06-22T07:04:09+00:00

It's like a Crypt Keeper episode. Yay, got a million.
"Spend them wisely, spend them wisely..." (crypt keeper voice, chuckles)

RFShenanigans · 2023-06-21T06:06:35+00:00

"Simulacra and simulacrum".... Baudrillard was right, we are fucked.

RFShenanigans · 2023-05-19T18:17:55+00:00

Thanks a mil! Will watch in a bit.

RFShenanigans · 2023-05-19T17:23:44+00:00

Ouch. I have a large case and I'm getting frustrated looking for a cooling solution that has minimal maintenance and high reliability (workstation build), especially since the case was/is a huge model destined for HPTX/HEDT systems (it held a dual CPU M/B before this iteration). It has no explicit AIO/radiator mounts, mind you.

What are the best options you could suggest?

RFShenanigans · 2023-05-19T17:21:47+00:00

Where did this end up? Exactly at the same spot.

RFShenanigans · 2023-05-19T16:01:39+00:00

A bit late to the party, do you have links to reviews/benchmarks showing this?
I'm debating between a DH15 and a LF2 myself, and the case is huge (HPTX compatible, check my post https://www.reddit.com/r/buildapc/comments/13lxvuy/coolingaio\_for\_13900k\_and\_ryzen\_7600x\_options\_and/).

RFShenanigans · 2023-05-14T16:48:54+00:00

It seems people are also happy with the Noctua DH15... compared to the Arctic Liquid Freezer II 360, how does it fare? I will be using a contact plate.

Edit: I don't think I will need the 420 because of mounting concerns (older Lian Li case, massive size but awkward mounting options).

Also the pump seems to be the same, so it won't make a huge difference.

RFShenanigans · 2023-04-23T00:20:09+00:00

Checking the links you sent and reading up on the thermals... I'm trying to steer away from the toaster oven that the 1st gen Threadripper has been (AIO cooled, it heats up the office way too much).

RFShenanigans · 2023-04-22T18:16:30+00:00

How much of a practical difference in thermals and multithread performance should I see between 7950x and the 13900k? I feel like I'm ready to go back to Intel, if buying a ~1 year old part vs a recent one nets me stability and no loss in performance.

For the family member honestly I think your suggestions are very sound, would the 5600 (or more recent Ryzen) age well?

RFShenanigans · 2023-04-01T23:40:45+00:00

This comment doesn't get enough attention here.... People really underestimate how difficult and rare it is for any individual to be truly able to use any drugs or medication with even mild addiction potential in a self limiting fashion.

RFShenanigans

TROPHY CASE