sarciszewski

{
    "Bookfresh": {
        "min": 50,
        "repo": null
    },
    "GlassWire": {
        "min": null,
        "repo": null
    },
    "Greenhouse.io": {

sarciszewski

... or more accurately, asleep at the wheel!                                  
           _______________________________________________________            
 _________/ STORY TIME (feel free to skip this if you don't care) \__________ 
|                                                                            |
| Recently, I made a quick analysis of all of the public projects listed     |
| on HackerOne. https://gist.github.com/sarciszewski/04ee71ad2bcddc9c33b9    |
|                                                                            |
| If you scroll to the bottom, I listed several projects in the "sweet       |
| spot": open source AND a minimum bounty. Outside of the Internet Bug       |
| Bounty project, there are only two projects listed: WP-API and Ian Dunn (a |

sarciszewski

http://web.archive.org/web/20100102015733/http://who.is/whois/nsa.gov

sarciszewski

<!DOCTYPE html>
<html>
    <head>
        <title>Something something dark side</title>
        <meta charset="UTF-8" />
    </head>
    <body>
        <h1>Title</h1>
        <p>
            Lorem Ipsum here

sarciszewski

What dis be?

This is a short summary of my unfinished projects, how they relate to each other, etc.

Onionimbus

• https://github.com/darkitecht/onionimbus_hub
• https://github.com/darkitecht/onionimbus_node
• https://github.com/darkitecht/onionimbus_system

sarciszewski

/**
 * License: WTFPL, CC0, ZAP (Zero For 0wned Anti-copyright Pledge), etc
 */
function secure_rand(min, max) {
  var i = rval = bits = bytes = 0;
  var range = max - min;
  if (range < 1) {
    return min;
  }
  if (window.crypto && window.crypto.getRandomValues) {

sarciszewski

// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console

sarciszewski

Let's say that you are an American whom produce software that respects user's privacy. And one day, the FBI comes knocking armed with a National Security Letter (NSL) and demands your signing key so they can distribute malware to your users, pretending to be you. There is no legal defense you can mount, they covered their bases.

What do you do? Lavabit fought, and was ultimately destroyed. If more companies pushed back, maybe the government would stop using it as an easy way to force compliance and silence. Or maybe they would just carry a bigger stick.

Here's another idea. Comply, then get "hacked" and have the keys they're demanding get leaked online and/or published via full disclosure.

Here, being "hacked" means either:

a) leaking the key to someone, discretely, over e.g. Tor with PGP and having them do it

b) leaking a backdoor to someone and having them actually hack in (over Tor) and steal the key

sarciszewski

<?php
$it = [ 1000, 2000, 4000, 8000, 16000, 32000, 64000, 128000, 256000, 512000, 1024000, 2048000, 4096000 ];
foreach ($it as $i) {
        $st = microtime(true);
        $c = \hash_pbkdf2(
            'sha256',
            'example of a simple plaintext message goes here',
            'something silly',
            $i,
            32,

sarciszewski

<?php
class switchNotMatched { }

function doInteger($i) {
    echo $i;
    if ($i < 100) {
        echo " is less than 100.";
    }
    echo "\n";
}