Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
The day Windows actually died
Hello, my friends! Let's hit 20K likes? Check out my website! https://enderman.ch
This isn't the type of video I commonly produce on this channel. I don't really talk about current topics, but this one I was following too closely to pass by on. The editor…
This isn't the type of video I commonly produce on this channel. I don't really talk about current topics, but this one I was following too closely to pass by on. The editor…
👍51❤10🤔3👎1
😢 The downgrade in software quality
It's not a secret that in recent years the software quality significantly degraded. Many bugs, previously unthinkable, started surfacing, but even more importantly, the developer communication skills have been lost. We've all experienced it with Microsoft's classic «Something happened».
Well, today I stumbled upon a new Blue Screen of Death concept on Twitter (figure 3). That looks awesome, doesn't it! It almost sends chills down my spine how great it actually looks. Seriously. Great job on that design. However, there's an inherent problem with such a design — it's a blue screen, it's designed to be lean and mean, and whatever it takes — let the user know why the computer crashed, as well as give helpful information about the crash to help prevent it in the future.
I've provided you with a chronological arrangement of Windows blue screens. The first one is the Windows XP blue screen, and as you can see, it gives you plenty of information:
▪️ The stop code;
▪️ The parameters;
▪️ The module that caused the crash;
▪️ Debug information for the module;
The Windows 10 blue screen looks nicer and cleaner, but lacks the module debug information, and hides the parameters behind a registry hack. They're not present in a BSOD by default.
The concept is looking so much better, but doesn't provide any information except the stop code! Now imagine your computer bootloops into a blue screen. Not a helpful wingman, I should say! You have better luck firing up WinDbg and analyzing the crash dump just to get the culprit module image name...
Regardless of that concept, it seems like we're headed that way anyhow, unfortunately. That's not the only problem. Let me explain why making the blue screen look nice is a bad idea.
Each element needs to be drawn out, and fancy graphics come at a cost. The computational cost doesn't matter in this case, any modern computer is capable of drawing basic geometry. The cost here is linking additional libraries to import necessary functions or implementing them within the lean bootvid library (I think they still use that).
The number one rule of software engineering — the more dependencies you have, the less reliable the system becomes. That's not what we want with the blue screen of death! We need it to fire each and every time, 100% of the time. The blue screen is actually a program in a sense that it's a routine that's being executed, when certain conditions are met, so it can also crash. The code may fail to execute, and all the user will see is a black screen.
That's certainly not favorable and shouldn't happen. That's why developers should always favor functionality over design.
— Enderman
It's not a secret that in recent years the software quality significantly degraded. Many bugs, previously unthinkable, started surfacing, but even more importantly, the developer communication skills have been lost. We've all experienced it with Microsoft's classic «Something happened».
Well, today I stumbled upon a new Blue Screen of Death concept on Twitter (figure 3). That looks awesome, doesn't it! It almost sends chills down my spine how great it actually looks. Seriously. Great job on that design. However, there's an inherent problem with such a design — it's a blue screen, it's designed to be lean and mean, and whatever it takes — let the user know why the computer crashed, as well as give helpful information about the crash to help prevent it in the future.
I've provided you with a chronological arrangement of Windows blue screens. The first one is the Windows XP blue screen, and as you can see, it gives you plenty of information:
▪️ The stop code;
▪️ The parameters;
▪️ The module that caused the crash;
▪️ Debug information for the module;
The Windows 10 blue screen looks nicer and cleaner, but lacks the module debug information, and hides the parameters behind a registry hack. They're not present in a BSOD by default.
The concept is looking so much better, but doesn't provide any information except the stop code! Now imagine your computer bootloops into a blue screen. Not a helpful wingman, I should say! You have better luck firing up WinDbg and analyzing the crash dump just to get the culprit module image name...
Regardless of that concept, it seems like we're headed that way anyhow, unfortunately. That's not the only problem. Let me explain why making the blue screen look nice is a bad idea.
Each element needs to be drawn out, and fancy graphics come at a cost. The computational cost doesn't matter in this case, any modern computer is capable of drawing basic geometry. The cost here is linking additional libraries to import necessary functions or implementing them within the lean bootvid library (I think they still use that).
The number one rule of software engineering — the more dependencies you have, the less reliable the system becomes. That's not what we want with the blue screen of death! We need it to fire each and every time, 100% of the time. The blue screen is actually a program in a sense that it's a routine that's being executed, when certain conditions are met, so it can also crash. The code may fail to execute, and all the user will see is a black screen.
That's certainly not favorable and shouldn't happen. That's why developers should always favor functionality over design.
— Enderman
😢104👍43❤6👎4
Enderman
Photo
🥲 There is a chance for software
The guy whose design I previously critiqued, shared an updated version of the blue screen concept!
Looking much better now, what do you think?
The guy whose design I previously critiqued, shared an updated version of the blue screen concept!
Looking much better now, what do you think?
👍213❤62🎉12😱7👎3🤔3😢2
Please open Telegram to view this post
VIEW IN TELEGRAM
😱96👍10❤6👎5🤔2
😢 Software quality rot
Did you know the Copilot key is simply a macro for Win + Shift + F23? I wonder why they didn't implement a separate keycode for their AI button. I guess the software quality in general just keeps degrading.
Did you know the Copilot key is simply a macro for Win + Shift + F23? I wonder why they didn't implement a separate keycode for their AI button. I guess the software quality in general just keeps degrading.
🤬138😱22😢13👍9❤8🤔6🎉2👎1
My ᣰљᥠѝૠѠ᧸ѝঀѠஐѠీѠ㒠ћѠ᪐ѝᲰљ㏀ћ꩐љꢰљᬨѝචѠ๐ѠᵰљༀѠᯀѝ᱘ѝ¢ў膐ѝ聰ѝ舠ѝᳰѝ芰ѝᶈѝ荀ѝ菐ѝ烈с煐сྰѠџၠѠꬠљᄐѠḠѝᇀѠḰљ㖀ћተѠẸѝ葠ѝ蓰ѝ薀ѝɩɩ룠ɢɩ륐ɢɩɩɩ롰ɢ?ɧ?ɧɩɩɩ?ɧɩ맀ɢ?ɧ먰ɢ?ɧ禐р몠ɢɩɩɩɩɩ?ɧɩɩ?ɧタрр蘐ѝ
ᾰљᚐѠ⁰љ襰ѝὐѝ膈р䊐ѭࠨɧߠɧ⭰ɩ붰ɢ脐рс舀р뵀ɢ븠ɢ뺐ɢ艸р苰р뼀ɢ뽰ɢ뿠ɢ荨р䌰ѭ䋠ѭ䎀ѭ䏐ѭ䐠ѭ䑰ѭࡰɧ䓀ѭࢸɧऀɧैɧঐɧ?ɧ?ɧ䔐ѭ䕠ѭਠɧ䖰ѭ쇠јⰰɩ䐂圅摩桴贃效杩瑨ᔂ合扡牏敤ɲЂ敔瑸आ片畯䕰楤t乔睥瑓瑡捩敔瑸匠汥捥却慴瑲敍畮潆摬牥牂睯敳慌敢Ѭ敌瑦 吃灯Ⰲ圅摩桴ꄃ效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠁ潗摲牗灡 乔睥瑓瑡捩敔瑸匚汥捥却慴瑲敍畮潆摬牥慌敢Ѭ敌瑦Ⰲ吃灯 圅摩桴甃效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠀ潗摲牗灡
捩敔瑸匐汥捥呴獡獫慌敢Ѭ敌瑦 吃灯 圅摩桴ꄃ效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠀ潗摲牗灡
敌瑦᠂吃灯ᰂ圅摩桴褃效杩瑨ᄂ䌇灡楴湯Ćܪ桃捥敫।合扡牏敤ɲ܂慔卢潴॰嘇獩扩敬 ༀ乔睥慒楤䉯瑵潴ၮ牐灥牡湩乧副摡潩䰄晥ɴ̘潔ɰԸ楗瑤ͨƉ䠆楥桧ɴܑ慃瑰潩ٮ⨁合扡牏敤ɲ܃楖楳汢ࡥ
敬ଇ灮獢乴牯慭l doesn't let the installer continue
ᾰљᚐѠ⁰љ襰ѝὐѝ膈р䊐ѭࠨɧߠɧ⭰ɩ붰ɢ脐рс舀р뵀ɢ븠ɢ뺐ɢ艸р苰р뼀ɢ뽰ɢ뿠ɢ荨р䌰ѭ䋠ѭ䎀ѭ䏐ѭ䐠ѭ䑰ѭࡰɧ䓀ѭࢸɧऀɧैɧঐɧ?ɧ?ɧ䔐ѭ䕠ѭਠɧ䖰ѭ쇠јⰰɩ䐂圅摩桴贃效杩瑨ᔂ合扡牏敤ɲЂ敔瑸आ片畯䕰楤t乔睥瑓瑡捩敔瑸匠汥捥却慴瑲敍畮潆摬牥牂睯敳慌敢Ѭ敌瑦 吃灯Ⰲ圅摩桴ꄃ效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠁ潗摲牗灡 乔睥瑓瑡捩敔瑸匚汥捥却慴瑲敍畮潆摬牥慌敢Ѭ敌瑦Ⰲ吃灯 圅摩桴甃效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠀ潗摲牗灡
捩敔瑸匐汥捥呴獡獫慌敢Ѭ敌瑦 吃灯 圅摩桴ꄃ效杩瑨ข䄈瑵卯穩ࡥ䌇灡楴湯Ćപ桓睯捁散䍬慨ࡲ合扡牏敤ɲࠀ潗摲牗灡
敌瑦᠂吃灯ᰂ圅摩桴褃效杩瑨ᄂ䌇灡楴湯Ćܪ桃捥敫।合扡牏敤ɲ܂慔卢潴॰嘇獩扩敬 ༀ乔睥慒楤䉯瑵潴ၮ牐灥牡湩乧副摡潩䰄晥ɴ̘潔ɰԸ楗瑤ͨƉ䠆楥桧ɴܑ慃瑰潩ٮ⨁合扡牏敤ɲ܃楖楳汢ࡥ
敬ଇ灮獢乴牯慭l doesn't let the installer continue
❤144😢25🤔20👍14😱11🤬7🎉7👎2
⛔️ Bypassing Internet censorship
In light of the recent events taking place in 🇧🇷, I decided to compile a list of state-wide Internet censorship bypass methods. Let's get ready to connect in the upcoming fragmented world!
🔻 DPI Bypass. A VPN might be unnecessary! While a virtual private network may be a solution, state restrictions are commonly implemented via DPI (Deep Packet Inspection). The software on the ISP's routing devices filters out packets based on certain conditions, and most of the time they are hardcoded. Which means there's room to contest it.
There are two kinds of Deep Packet Inspection:
▪️ Passive DPI cannot block the packets, but can inject them. Usually a TCP RST (connection reset) packet. If it is being injected on the client side, it's possible to configure the iptables to drop it, but RST might also be sent directly to the server, rendering the iptables method pointless.
▪️ Active DPI (used in 🇷🇺 and 🇨🇳) is an upgrade — it's a physical box, and it is capable of blocking the packets. The only way to bypass it is to break its detection algorithm. The algorithm is possible to break by sending data the inspection software doesn't expect to encounter and process.
For instance, by spec, you can split the application-layer HTTP request into TCP segments:
There is a myriad of ways to break the DPI algorithm aside from the ones I've mentioned. That's the optimal way to avoid state censorship. Naturally, it doesn't work for direct IP set blocks, but it's destructive and not all too common (at least in 🇷🇺). Luckily, there's open-source software that already does it for you!
▪️ zapret 🐧
▪️ GoodbyeDPI🪟
▪️ ByeDPI 📱
As time goes on, the states will eventually fix their DPI software to account for all the edge cases, so it's preferrable to know how the bypass strategies work to cook up fresh combinations they haven't defeated yet. It may quite literally be considered hacking, so it's not guaranteed to work, but if it does — it's significantly faster than any VPN, so give it a whirl.
🔻 Simple VPNs. If the above does not work for you, your next best option is a VPN. The VPNs aren't magic, they're virtual networks that coincidentally allow delegating sending packets to a different gateway. The problem with a VPN is that it adds a whole bunch of hops and overhead that comes with them for your packets to overcome. Almost 100% of the time it slows the connection down.
Personally, I have network-wide split tunnelling set up with the VPN interface used solely to bypass regional blocks. That's extremely advanced, and I suggest you starting by simply setting up a client and a server. Speaking of it, which one should you use? Well. Forget the free VPNs. These sell your data, show you ads, install malware and do other unspeakable things to keep their service free. The best way out is to host a VPN server yourself. The client and server always go in conjunction.
The biggest problem with hosting a VPN server yourself is that it costs money to rent a server. However, you can find a cheap VPS ($3-5/mo range) with a 100Mbit/s throughput practically anywhere right now. If you can't afford it, unfortunately, you have to resort to using a free VPN. I morally cannot recommend any free VPN, as you're being the product, but a decent pick would be ProtonVPN.
In light of the recent events taking place in 🇧🇷, I decided to compile a list of state-wide Internet censorship bypass methods. Let's get ready to connect in the upcoming fragmented world!
🔻 DPI Bypass. A VPN might be unnecessary! While a virtual private network may be a solution, state restrictions are commonly implemented via DPI (Deep Packet Inspection). The software on the ISP's routing devices filters out packets based on certain conditions, and most of the time they are hardcoded. Which means there's room to contest it.
There are two kinds of Deep Packet Inspection:
▪️ Passive DPI cannot block the packets, but can inject them. Usually a TCP RST (connection reset) packet. If it is being injected on the client side, it's possible to configure the iptables to drop it, but RST might also be sent directly to the server, rendering the iptables method pointless.
▪️ Active DPI (used in 🇷🇺 and 🇨🇳) is an upgrade — it's a physical box, and it is capable of blocking the packets. The only way to bypass it is to break its detection algorithm. The algorithm is possible to break by sending data the inspection software doesn't expect to encounter and process.
For instance, by spec, you can split the application-layer HTTP request into TCP segments:
GET / HTTP/1.1\r\nHost: google.com ... → GET / + HTTP/1.1\r\nHost: google.com .... It's also possible to alter the case of the header keys, as the header is case insensitive: Host: → hOst:. As a final example, a «DNS root» dot after the hostname is also allowed by spec, but may break the algorithm: Host: google.com..There is a myriad of ways to break the DPI algorithm aside from the ones I've mentioned. That's the optimal way to avoid state censorship. Naturally, it doesn't work for direct IP set blocks, but it's destructive and not all too common (at least in 🇷🇺). Luckily, there's open-source software that already does it for you!
▪️ zapret 🐧
▪️ GoodbyeDPI
▪️ ByeDPI 📱
As time goes on, the states will eventually fix their DPI software to account for all the edge cases, so it's preferrable to know how the bypass strategies work to cook up fresh combinations they haven't defeated yet. It may quite literally be considered hacking, so it's not guaranteed to work, but if it does — it's significantly faster than any VPN, so give it a whirl.
🔻 Simple VPNs. If the above does not work for you, your next best option is a VPN. The VPNs aren't magic, they're virtual networks that coincidentally allow delegating sending packets to a different gateway. The problem with a VPN is that it adds a whole bunch of hops and overhead that comes with them for your packets to overcome. Almost 100% of the time it slows the connection down.
Personally, I have network-wide split tunnelling set up with the VPN interface used solely to bypass regional blocks. That's extremely advanced, and I suggest you starting by simply setting up a client and a server. Speaking of it, which one should you use? Well. Forget the free VPNs. These sell your data, show you ads, install malware and do other unspeakable things to keep their service free. The best way out is to host a VPN server yourself. The client and server always go in conjunction.
The biggest problem with hosting a VPN server yourself is that it costs money to rent a server. However, you can find a cheap VPS ($3-5/mo range) with a 100Mbit/s throughput practically anywhere right now. If you can't afford it, unfortunately, you have to resort to using a free VPN. I morally cannot recommend any free VPN, as you're being the product, but a decent pick would be ProtonVPN.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍74❤6😢2🤬1
The VPN servers only differ by their protocol. So, the suggestions off the top of my head are WireGuard, OpenVPN, Outline. You'll need to read a lot and understand the UNIX terminal basics. There's a single one-click automated option I know of right now — AmneziaVPN. It's completely free, open-source and based on WireGuard. It uses Docker to completely automate the process, which allows even your grandma to set it up quickly and painlessly. It also offers options for when the state goes hog wild and blocks connections per protocol. (It's a thing in 🇷🇺 / 🇨🇳)
🔻 Advanced VPNs. When the state goes rogue as described above, the protocols separate out into three categories:
▪️ Easily detectable: all common VPN tunnel protocols — WireGuard, OpenVPN, and so forth... They can be easily regulated by the state.
▪️ Detectable: commonly obfuscated versions of the common VPN tunnel protocols, e.g. AmneziaWG (WG + garbage packet spam during handshake initiation), OpenVPN over Cloak, Shadowsocks. They require much more scrutiny to be sifted out by the censorship systems.
▪️ Undetectable: while in reality not 100% safe, they're state-of-art as of September 2024 and make it past the Great Firewall of China. Most of these protocols aren't documented in English. If you live outside 🇷🇺, 🇨🇳 or 🇮🇷, you likely won't need those for at least the next decade.
Let's go over them anyway. There's no nomenclature for them, but I'll try my best to sort them:
▪️ VMess
▪️ VLess
▪️ Naive
▪️ Trojan
▪️ Hysteria
The whole idea behind those «undetectable» protocols is to mask your VPN traffic as HTTPS (aka browsing a random web page). It is considerably slower than any of the VPN solutions shown before, but if there isn't any other option, that's what you're left with. Recent advancements include Xray + XTLS-REALITY, which has an ability to defeat Active Probing — previously uncontested state censorship method.
The bottom of the barrel, where everything above fails:
▪️ KCP
▪️ Meiru
▪️ TUIC
▪️ Brook
▪️ Pingtunnel — masks your traffic under ICMP! (pretty promising)
Umm, yea. You probably won't ever need those. But keep that in mind, there's no way to censor the internet.
🔻 DNS. It's a very important subject, because a DNS (Domain Name System) server is what resolves domain names into IP addresses for you, and censorship can also be applied to it.
That's what DNS does, and you can manually resolve domains using the
DNS is just like a hash-table, a dictionary of the Internet:
Chances are you are using a DNS server provided by your ISP free of charge. Let's say the state asked the ISP to block
In the best case scenario you can directly set custom DNS servers (
The solution to both of these digital rape cases is DNS over HTTPS or DNS over TLS. Now the idea is strikingly similar to that in the «undetectable» VPNs. The tools are also open-source and freely available, I'll list them here (OpenWRT packages as an example):
▪️ HTTPS-DNS-proxy
▪️ DNSCrypt-proxy
▪️ Stubby
🔻 Advanced VPNs. When the state goes rogue as described above, the protocols separate out into three categories:
▪️ Easily detectable: all common VPN tunnel protocols — WireGuard, OpenVPN, and so forth... They can be easily regulated by the state.
▪️ Detectable: commonly obfuscated versions of the common VPN tunnel protocols, e.g. AmneziaWG (WG + garbage packet spam during handshake initiation), OpenVPN over Cloak, Shadowsocks. They require much more scrutiny to be sifted out by the censorship systems.
▪️ Undetectable: while in reality not 100% safe, they're state-of-art as of September 2024 and make it past the Great Firewall of China. Most of these protocols aren't documented in English. If you live outside 🇷🇺, 🇨🇳 or 🇮🇷, you likely won't need those for at least the next decade.
Let's go over them anyway. There's no nomenclature for them, but I'll try my best to sort them:
▪️ VMess
▪️ VLess
▪️ Naive
▪️ Trojan
▪️ Hysteria
The whole idea behind those «undetectable» protocols is to mask your VPN traffic as HTTPS (aka browsing a random web page). It is considerably slower than any of the VPN solutions shown before, but if there isn't any other option, that's what you're left with. Recent advancements include Xray + XTLS-REALITY, which has an ability to defeat Active Probing — previously uncontested state censorship method.
The bottom of the barrel, where everything above fails:
▪️ KCP
▪️ Meiru
▪️ TUIC
▪️ Brook
▪️ Pingtunnel — masks your traffic under ICMP! (pretty promising)
Umm, yea. You probably won't ever need those. But keep that in mind, there's no way to censor the internet.
🔻 DNS. It's a very important subject, because a DNS (Domain Name System) server is what resolves domain names into IP addresses for you, and censorship can also be applied to it.
That's what DNS does, and you can manually resolve domains using the
nslookup utility, for instance:C:\Windows\System32>nslookup google.com
Server: AX4200.lan
Address: fd21:4bd3:61a3::1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4010:c0a::8b
2a00:1450:4010:c0a::66
2a00:1450:4010:c0a::65
2a00:1450:4010:c0a::8a
173.194.221.138
173.194.221.113
173.194.221.100
173.194.221.101
173.194.221.102
173.194.221.139
DNS is just like a hash-table, a dictionary of the Internet:
x.com → 104.244.42.129 Agoogle.com → 108.177.14.139 AChances are you are using a DNS server provided by your ISP free of charge. Let's say the state asked the ISP to block
shitter.com. The ISP might restrict access to that resource via DPI, but it also might resolve the domain name to localhost, or some RFC-private IPv4, 10.0.0.0/8 for instance.In the best case scenario you can directly set custom DNS servers (
1.1.1.1, 1.0.0.1 — CloudFlare; 8.8.8.8, 8.4.4.8 — Google) either network-wide or per device. Problem solved. However, this might not work! An ISP may very well hijack your DNS requests server-side and redirect them to their DNS server. Or, they could just block any outgoing UDP traffic on the port 53 when their servers aren't listed as an endpoint.The solution to both of these digital rape cases is DNS over HTTPS or DNS over TLS. Now the idea is strikingly similar to that in the «undetectable» VPNs. The tools are also open-source and freely available, I'll list them here (OpenWRT packages as an example):
▪️ HTTPS-DNS-proxy
▪️ DNSCrypt-proxy
▪️ Stubby
👍56👎2🤔2❤1
Please ask your questions in the comments if you have any. Also just in case, I am not suicidal.
🇷🇺🤝 🇧🇷
🇷🇺
Please open Telegram to view this post
VIEW IN TELEGRAM
👍76❤9😱5👎2
The changes took effect on my side ~5 minutes ago. Here is the block list, insert the following domains into your split tunneling setup in order to continue using the platform:
discord.com
gateway.discord.gg
cdn.discordapp.com
discordapp.net
googleapis.com
discord-attachments-uploads-prd.storage.googleapis.com
dis.gd
discord.co
discord.design
discord.dev
discord.gg
discord.gift
discord.gifts
discord.media
discord.new
discord.store
discord.tools
discordapp.com
discordmerch.com
discordpartygames.com
discord-activities.com
discordactivities.com
discordsays.com
discordstatus.com
Please open Telegram to view this post
VIEW IN TELEGRAM
😢134🤬43👍9🎉8😱5❤4👎3
Forwarded from ТАСС
Please open Telegram to view this post
VIEW IN TELEGRAM
🤬110😱9😢6👎4👍2🎉1