WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

672

Poal and Vid8 are gonna go offline (our host is giving up on us), but will be back.

Looks like someone got really butthurt with what has been discussed/shared here and reported us multiple times to our hosting.

They are now asking us to migrate to another host as soon as possible.

I asked them to provide me with details about the abuse. I'll keep you updated here in this post.

I also noticed they have recently updated their Terms and Conditions and added the following in it:

  • Fake news websites

  • Antisemitism or any other kind of hate speech

So I'll be looking for a new host that doesn't endorse censorship and migrate there.


In the meantime we'll stay in touch over Poal Chat that will remain online.

* https://chat.poal.co

Create an account (no email required) and join the #general room through the web version or with Element app (desktop and mobile) and make sure to use chat.poal.co for the homeserver.


Poal will grow stronger. Free speech will always prevail, no matter what.

——

Last update:

Poal will be going down on Monday morning. A static page will stay up with informations on how to join our chat.

Poal and Vid8 are gonna go offline (our host is giving up on us), but will be back. Looks like someone got really butthurt with what has been discussed/shared here and reported us multiple times to our hosting. They are now asking us to migrate to another host as soon as possible. I asked them to provide me with details about the abuse. I'll keep you updated here in this post. I also noticed they have recently updated their Terms and Conditions and added the following in it: * Fake news websites * Antisemitism or any other kind of hate speech So I'll be looking for a new host that doesn't endorse censorship and migrate there. ---- ## In the meantime we'll stay in touch over Poal Chat that will remain online. ## * https://chat.poal.co ## Create an account (no email required) and join the #general room through the web version or with Element app (desktop and mobile) and make sure to use chat.poal.co for the homeserver. ---- ## **Poal will grow stronger. Free speech will always prevail, no matter what.** —— # Last update: # Poal will be going down on Monday morning. A static page will stay up with informations on how to join our chat.

(post is archived)

[–] 0 pt

Nope, not true.

Yes it is true, that is literally the default functionality of the wheel group. Allowing users administrative access to a box grants them multiple ways to gain access to root. I can name dozens off the top of my head that you likely never thought of.

I can lock down SSL keys and also monitor them to see if I need to rescind if root protected fully.

To what purpose? Also the *nix nomenclature is "SSH Keys". If you give somebody wheel access with SSH and think I can't secure access to the system via a backdoor you are mistaken.

sudo can be controlled, and additionally via DTRACE mods at file hook level the SSL keys can be protected fully from an elevated "wheel" admin.

Yes Sudo can be modified, but you wouldn't do that at the wheel group level. There are better ways to do that don't deviate from system administration norms and best practices. Again, SSH Keys are not as important as you think they are. When a user has code execution on a machine they have almost infinite options for gaining access to the system via backdoors.

Anyway, generally you only give wheel to "Snowden IT workers" doing hard drive image backups.

NO NO NO, what the hell are you on about? You don't give full admin to somebody that only needs read level access.

Listen dude, I'm not trying to take a shit on you here, but don't spread misinformation like that with such confidence.

[–] 0 pt

I cannot explain all my motives and reasons. I cannot teach you all I know in a few comments.

All I wrote was 100% factual and as person who can infiltrate unix boxes, I have my reasons for all my statements.

You keep erecting straw men arguments and shifting narratives and putting words in my mouth.

You keep trying to shift conversation to SSH keys.

I never once typed the word "SSH" and I never discussed SSH. I was discussing files read only by web server code for HTTPS called a "SSL" key.

SSL and SSH are related, but my long priceless info has nothing to do with SSH, and you keep trying to debate SSH and even try to misprepresent "wheel" and try to misrepresent WHY a backup IT admin that does remote image wipes and restorations of databases might require R/W levels of access.

Since you do not know what SSL keys are used for, I know you are trying to play me for a "tool" and historically once I feel I am being toyed with, I exit the thread once I am convinced the naysayer is not only wrong, but unwilling to learn, and possibly a bad actor, as Jews dog me across the Internet.

I will provide you a layperson beginner link to SSLs (used for HTTPS implementations) :

https://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

And though it might boggle your mind, my unix builds and implementations have controls lower level than "ROOT" access and for file and file buffers, that access is not a named enumerated real user, but a DTRACE controlled gated logic trampoline because I NEVER NEVER NEVER trust OS vendors or soft-hypervisor vendors. Even the code that controls the lowest level code mods of my windows and unix machines is itself protected code and only in RAM after a boot (encrypted on images).

I am done talking in circles with you.

I am confident because I am right and I have never been hacked in my life and run machines that hundreds wanted shut down.

I am not Andrew A , despite various online dossiers comparing my paragraph structures, but I am as equally infamous in my own ways in the cyber universe. And of course my actions in dozens of national news events, blogs, magazines, etc. But no one on this site knows more about STEM (biology, medicine, normal chem, math, computers) than I do, but I grow weary defending my statements of facts, and statements of how to run a server , being opinions as they are, open the door to nitpickers and misunderstanding fools.

I recall many an argument with people defending the multiply exploited Brave Broswer here, people with your attitude, or people defending TOR and TAILS even as I showed them hot exploits of TAILS, etc. I generously try to close security holes via posting exploit zero day alerts, but do not do pen tests because no admins appreciate wasting three days wondering why they are being penetration probed, not even me.

you wrote :

When a user has code execution on a machine they have almost infinite options for gaining access to the system via backdoors.

That is factually not true for over 6 years on any servers I control, as I am interested mainly in protecting SSL keys and database files but explaining even that statement to you seems like it would take 40,000 words because you do not know what a SSL key is, or why I need to known when to rescind my SSL keys and roll new ones.

Whatever, you have no idea the level of courtesy you just got by me even bothering to reply one more time to you.

Listen dude, I'm not trying to take a shit on you here, but don't spread misinformation like that with such confidence.

All my many fun facts are 100% factual, and no misinformation. 100%. You found no errors.

[–] 0 pt (edited )

I cannot explain all my motives and reasons. I cannot teach you all I know in a few comments.

Teach me? Dude you're amateur hour at best. You sound like a script kiddy.

If you want to learn something. Spin up a server, drop me SSH access in wheel and I'll teach you a thing or two.

You keep trying to shift conversation to SSH keys.

Because you're confusing the shit out of everyone with your unorganized thoughts. We are talking about wheel and remote access, rogue sysadmins. Then you bring in SSL keys/certificates? I rightfully assumed you meant SSH keys, why are you talking about irrelevant things? Even if you do secure your SSL keys and certs, what do you think that will get you? Do you think that prevents data exfiltration from your box? We're still talking about rogue IT admins here, don't change the topic.

Whatever, you have no idea the level of courtesy you just got by me even bothering to reply one more time to you.

LOL, get bent buddy. You are a noob.

Like I said, put up or shut up. Set up a server with ssh and wheel access and I'll show you how to get root. That is what this is all about, don't change the topic. Hell I can even access your precious SSL keys in a way you won't even know who it was. You don't know what you're talking about here.

[–] 0 pt

What is your hourly consulting rate? PM me.