TW here.
So, WT, ideas on how I could share what I have written?
Format is made for desktop, haven't tested on mobile.
Frontend it will run on anything that has a relatively modern browser.
Backend needs node. Also ext4fs to store large collections of files, but this limitation can be removed.
>Learn how to archive offline.
The recent discovery on twitter post correction delta and Qclock means the tool would also speed up the dig.
The frontend runs on any modern browser.
Electron could be used to package the app for any platform, frontend and backend. I've started working on it but it needs more work, if this is the best packaging approach.
I host the backend in a (linux) virtual machine, but it could be a server in the cloud. Having everything available offline was the driving motivation, so could hosting would defeat that purpose.
The frontend is written in JS (modern, requires babel/JSX) and runs in any browser. GUI. (The command line is used to fetch resources, but I'll integrate that to the UI.)
Electron embeds a browser and would allow it to run like a native app on Mac & Windows.
Distributing in a safe way is my main concern.
>How can user trust that they don't get a malicious version of the app?
>How can I avoid doxxing myself sharing this?
If it were a safe solution I'd just put the code up on github, post a link here, and let someone address the packaging/distribution. I'm a simple codeanon.
A simple bootstrapper with code signing? Yes, it seems to solve the "anonymous distribution" part of the problem.
Why would users trust that I don't get comped resulting in malicious code getting pushed in updates?
More precisely, if the software is useful, how do I make sure it cannot be exploited as a troyan by Clowns? Or why is this not a concern?
This moves the trust to the anti-virus company. Do the Clowns have a copy of the CA? Is it not safer to use a self-signed CA? I don't know enough about this topic to make a decision.
Code signing solves the tampering problem, but it doesn't prevent malicious actors from getting at me and taking over the distribution infrastructure.
If sharing this is going to put me and everybody at more risk than keeping the code for myself, it seems rational not to?
Writing a great app and distributing it in an apparently safe and anonymous way is an excellent vector to compromise autists. I don't know why the Clowns haven't already done that. Too much effort? Risk of being exposed?
The code signing certificate is trusted by a CA. Anyone with a copy of the CA can produce signed code.
You are suggesting MD5, but is a very weak hash function.
There is no database, it's all in local plain files.
I understand. It is a difficult topic. I'll keep in mind the signed code bootstrapper idea, it is part of the solution.
Thank you for the discussion.
If Q team is reading this, maybe get in touch? Extract me and I'll happily write code for the community. Though it's perhaps not worth the hassle for you at this point.
Thanks & Shadilay bro!
Thank you for the input.
Not sure about LE certificates, I believe they are tied to a domain due to the verification process? I don't know that I would be able to secure a domain anonymously. Also LE certs expire after 3 months, they are not meant for code signing.
I am hesitant to go with a self-signed CA, it seems maybe risky but I haven't thought it through yet.
Local plain files by design. I don't rule out using one or several local DB engines, but they would only contain information that can be reconstructed from the local plain files.
Indeed corruption at the source could be a problem. I have a (python) 8chan thread archival tool that could be made available as a service (ran by independent sources), integrating the hashing process. Cross-checking sources would help detecting comped ones.
I'll work on this aspect as soon as paying job permits.
Is there such a thing as anonymous github without going to the dark web? A trustworthy (NSA/MIL) git server would be awesome, but I have no idea how I would get access to that and have reasons to believe it is safe to use. Also I am neither US resident nor citizen.
Demo.
Thank you Anon! SSB is precisely what I was looking for.
@ljtQyLKmVLKw/jGzA1lqugPLL+8sDO7AYnTJqr9lYcI=.ed25519
Still setting this up, I'll get there.
Yes, it loads a local JSON file that comes straight from qanon.news/api/posts. I plan to add support for more sources but time has been scarce lately.
Hopefully I can share this before Q starts wrapping up.
Wow. Thank you Anon, this is a fantastic response, very well thought out. Will re-read often.
Docker? Small images, reproducible builds. Not much isolation, but probably enough. Not very easy to run.
Virtualized Alpine-Linux-based iso image? A little heavier, perhaps not so much with careful decisions (go backend instead of python). I think I prefer this approach.
I'll try harder. Again, thank you!
I created a board for Q Research software development.
>>>/qcode/1
Something like this?
$(function(){ $(document.head).append('<style>#post-counter{position:fixed;top:20px;right:10px;font:24px sans-serif;opacity:0.5;color:#f60;}</style>'); $(document.body).append('<div id="post-counter"/>'); function updateCounter() {$('#post-counter').text($('.thread>.post.reply').length);} setInterval(updateCounter, 500);});
For smallish stuff there is pastebin. If necessary, archive, encode as base64, paste with instructions at the top.
Larger files (~4MB) can be attached to posts here.
Tor may help. Or a VPN if you were able to open an account anonymously (prepaid credit card, fake identity if legal).
I do not know if Mega can be trusted. I would not trust AWS (S3).
Regarding the related problem of anonymous hosting (i.e., providing services anonymously), I've been thinking about writing a client to (ab)use 8chan as an anonymous communication/storage backend (hopefully with Ron's blessing). There are neat things to do in that direction, including anonymous software distribution.
I see how PGP helps with trust, but I do not see how it helps with anonymity. Can you explain what you had in mind?