http://www.badblue.com/

This software can be easily customized, to block people's ips,password protect your files,use a proxy and other stuff.

You can host unlimited files of any size and connect to other people's pcs who are running badblue software.

random136 brings up a good point thats why I'm wondering if anyone knows anything about the security flaws behind how this program can allow only people you kno connect to it, and how anonymous the option this program has on using proxies.

It’s good to see new faces making an effort to contribute something to the community. Now, information technology is not my forte, but I will make a reasonable assumption as to why this software might not appeal to some members here. Although the topics discussed on this forum are only presented in hypothetical form, and although most of the home nations of our members have no laws against the dissemination of information pertaining to weapons and explosives, members here make an effort to be as anonymous as possible.

In today’s world simple speculation and suspicion by the ignorant masses, law enforcement agencies and, not to mention, the media can destroy the life of otherwise innocent students of our art. It is therefore in the best interest of anyone who has taken a serious interest to learning about these topics to keep as low a profile as possible.

Direct access to one’s computer, weather it is for the purpose of real time communication or for file sharing, puts the individual at risk of being tracked, located and persecuted by ambiguous laws and ignorant law enforcement agencies who can not accept one’s benign interest in these topics. It would be much more advisable to put as many barriers between one’s real identity and one’s virtual one, this is why anonymous file sharing services such as RapidShare are favored by the community.

Most senior members would not even entertain the idea of allowing others direct access to their personal computers and it is these members who have the most new and relevant knowledge to share. One notable current exception to this rule is tmp, who we are all grateful to for granting us access to his ftp server for the greater good of the forum.

At any rate it is good to see an effort being put into contribution by a new member.

My thoughts on this would be something along the lines of, "That might be useful for a server computer specifically off to the side, but if you're going to have a dedicated server, why not use specific Open-Source server software?"

I looked at that site. They claim to be easier to use than FTP servers. There
are learning curves involved in any software application. I say this as a
systems programmer/analyst with more than 18 years of professional
experience. Even FileZilla Server put me through a few hoops before I got it
running to my satisfaction. My current learning curve is PGP 9.5.3. Even
with my experience, it was NBK2000 who actually helped me through the
basics. Now it runs just fine although I haven't used all of the features. I'm
still looking at PGP 7.1.1 just in case PGP Corporation has lied to me about
which features become non-functional after the 31-day trial period.

One of the things I detest the most is programmers who don't take the time
to produce a "user-friendly" interface. One of the things I detest even more
is the programmer who doesn't produce an understandable help guide. Some
programmers seem to forget that the end user may not know even the basics
of getting around on a computer let alone using some complicated software
the programmer designed.

A significant part of my experience was designing programs for use by military
personnel. That came as a shock when my supervisor, a military commander,
informed me "You run it, I run it, but can the grunt on the ground run it
without alot of hassles or your program fucking up at a critical time when he
needs it ?". In other words, the applied princple of K.I.S.S. - Keep It Simple
Stupid(or SIR, depending upon whom you're talking to). This is how I learned
to design user interfaces.

The fucking up part was easy to certify. My supervisor would bring in a group
of 'boots', load up my program, and they would just sit there pressing keys at
random. If the program dies or freezes up it's not certifiable ! With the
introduction of the electrified rodent, THE MOUSE, certification becomes even
harder because as any experienced Visual C++ programmer will tell you, ANY
action involving the mouse generates a long sequence of events that the
program must filter and act upon. The good old days of command line
processing are long gone !

The user guide for these 'grunts' was an even bigger nightmare. Every guide
may as well be written with the "... For Dummies" on the end of it. That and
the program documentation took more time than writing the program itself !

Say what you want about the U.S. military. I'm grateful for having learned
the software standards the DoD set ! Now if only MicroShit and other
vendors would get a fucking clue from that, I would be eternally grateful !

As for cops looking at my computer - GO AHEAD ! I don't give a shit and I'm
already on FBI file with them for security clearance, being busted, etc., etc..
FUCK THEM ! The spread of information is more important than any personal
concerns !

I apologize for hijacking this thread, accompanied by my rant, but I'm drunk
and I couldn't help but respond to what I see as another vendor trying to
steer people towards THEIR product !

This looks pretty fucking stupid. For one thing how exactly will people that use UNIX like myself access such a server? We can't.

This product doesn't seem to follow any RFC known to man. If you want a very secure way to share information with a select few Freenet can easily allow you to do that and it is cross platform.

OT: I really don't understand why, with the sensitive stuff people talk about here, people don't make better use of more secure operating systems and programs. Cost is not an issue and if you can make explosives it seems you can also learn to use a command line tool.

For example:

A small OpenBSD(openbsd.org) installation on an extra partition, bootable USB device, live CD, or some cheap as dirt 6gig hard drive makes for a powerful and secure tool for file encryption, GPG(PGP) use, and has easy to use encrypted swap space, blowfish and much more. It's also built by people we can assume are better at making secure software then the run of the mill windows 'secure' disk encryption tool or whathaveyou. OPenBSD is secure by default as apposed to the windows and linux model of "hardening". OpenBSD is already hard and you make it "soft"(enable services, install software as needed.

GPG as a PGP replacement. GPG is free and while it can't do stuff like filesystem encryption it works with PGP messages and keyservers and I personally trust the GNU guys more than the PGP company because in PGP you can see(or rather cryptographic engineers can see) only the algorithms but in GPG they/you can investigate both the algorithms and the implementation.

Tor - I am pretty sure most people here know about Tor but I have seen many examples of people like in the now gone Shadowcrew who really needed it yet seemed to think "anon proxies" were the way to go. Pretty damn strange but there seems to be very little crossover between people that are informed on security matters and people involved in the more um profitable passtimes. The E&W however is much much better than most in this respect probably because many of us are well read and interested in computers - this leads to interest in cryptographic systems and this leads to security knowledge.

Freenet - the problem with Freenet is no one would ever know about your community if you made one on freenet and so it's obviously no replacement for the Web and probably never will be. For small hand picked communities it can't be beat and I would expect it's used very heavily for that. I've seen some people involved in sharing online drug shop info who wanted to use "offshore phpBB forums" thinking they were secure. I doubt anyone here would think that and for a community where it needs to be secure and it's invite only freenet is hard to beat. Like I said the use is vastly understated I would imagine and I dont wish to appear presumptious but just for completeness I feel I must talk about it just incase someone else is considering such a small community(for any topic) and *hasn't* heard of freenet.


Bruce Schneier - he's a guy not a program but reading his books and blog is fun and educational and really helps people see security in a big prespective. I know NBK reads it because I've seen him post but if everyone read some schneier stuff and other good engineers that work in the same field I think it would make them safer and more aware of some issues that are not really something you would come across otherwise. The E&W is very very aware of physical security, probably moreso than most 'experts' but some of the social and electronic aspects may be weak points that need strengthening.

I felt I had to speak up about this - I'm sure most of you know this stuff already but I see so many otherwise smart and well informed people in the overall chemistry/drugs/pyro/weapons community with obvious flaws in their personal security behaivors and a general lack of understanding of modern principles and theory. Hopefully it will be somewhat helpful to some people.

I use Linux myself. Although, I'm running my Window$ partition right now.

I like the idea of running OpenBSD as a security measure. The OS is a veritible Fort Knox and would be great for protecting the sieve of Window$.

The only reasons I keep Window$ is because of the programs. Using WINE under Linux is still a bitch for some of the applications I want to use. However, Linux is fast approaching Window$ in diversity. The free repostories of 20K programs is wonderful.

Getting back to security, OpenBSD would be ideal. Linux also has firewalls that you can use to dedicate an ancient computer as an active router. It just takes some research and a couple weekends of trial and error. Most of RS.org members enjoy such activities.

Why would you want to allow direct access to your PC when it's going to have this kind of information on it? Bad idea, although still useful if you're not doing anything naughty.

If you want to host information, use a dedicated server running Linux, preferably not in your home. And encrypt EVERYTHING.

Just from a quick look at the website in post 1, I would guess that it is a HTTP server. Which might mean webdav support, but probably not.
Personally I'd be tempted to run vsftpd, samba (for my local machihes) and apache.

I agree with James. I'd use Apache. It's free and proven. Why pay if you can get a much better product for free. Especially when Apache has infinitely more support (open source community) and a lot longer track record.

If you want to host information, use a dedicated server running Linux, preferably not in your home. And encrypt EVERYTHING.

Recently I started using Debian for browsing and storing "controversial" information on my computers.

Although Debian or any linux OS is a bitch to install if you have no experience or very old experience, when you install it you are set.

By using samba I even can move the files downloaded on my virtual Debian system to my encrypted volumes in Window$ XP.

In addition, the browser (i.e. Konqueror) has a built-in spell checker, which IMHO, may tidy up many "dude" like persons. Regards.