fix contribute and maintainers tutorial

2025-07-02 06:36:40 +00:00 · 2025-03-27 12:27:04 +01:00 · 2025-03-27 12:27:04 +01:00 · 7ed1de29b3
commit 7ed1de29b3
parent 03d1de142b
5 changed files with 40 additions and 5 deletions
--- a/opsec/contribute/64.png
+++ b/opsec/contribute/64.png
--- a/opsec/contribute/65.png
+++ b/opsec/contribute/65.png
--- a/opsec/contribute/66.png
+++ b/opsec/contribute/66.png
--- a/opsec/contribute/index.html
+++ b/opsec/contribute/index.html
@ -56,7 +56,7 @@

 	<!-- +++++ Posts Lists +++++ -->
 	<!-- +++++ First Post +++++ -->
-	<div id="anon3">
+	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
@ -69,7 +69,7 @@
 	</div><!-- /grey -->

 	<!-- +++++ Second Post +++++ -->
-	<div id="anon2">
+	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
@ -114,6 +114,25 @@ To be showcased:
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+<h2><b>What's Offtopic?</b></h2>
+<p>Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):</p>
+<p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially containa  vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>
+
+<img src="65.png" class="imgRz">
+<p>2) <u>Closed-source hardware privacy workarounds:</u> no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. <b>We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.</b> We do with the tools at our disposal, so until those tools are made available, we use what we can use. <b>We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.</b> (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)</p>
+<img src="66.png" class="imgRz">
+<p>3) <u>Unrealistic advice:</u> the advice we bring forth in this blog should be doable by 90% of the average joes out there, by explaining it correctly. For instance, no, <b>90% of the average joes out there are not going to go dressed up in black coats, wear an anonymous mask, sit in mcdonalds, to try and use someone else's public wifi anonymously for entire days on end just to browse the web anonymously and avoid it being tied back to their irl identity. NOBODY is going to do that</b>. Keep that unrealistic advice off this blog, as it doesn't help anyone. The realistic approach to this is to just do a (you -> vpn -> tor -> destination) setup, it defeats 99% of the attack vectors, and 90% of the joes out there can do it if you explain it properly. End of the story. <b>I don't care about the 1% most unlikely scenario that only the top 1% non-average joe can pull off.</b>  Simply mention the other options briefly, while focusing on the method that 90% of the people out there are the likely to be able to adopt.</p>
+<img src="64.png" class="imgRz">
+<p>4) <u>Overcomplications:</u> I want you to go for the simplest option that actually leads to the intended result. If, from point A you can go to point B, to arrive at result Z, then if you try to go from point A to B to C to D to E to G to H to then arrive at point Z, <b>you are offtopic because you are overcomplicating something that should have been simpler.</b> If a simpler solution exists, show that option only, do not waste diskspace writing innefficient methods that the readers don't need to read or know about. I will categorically refuse any overcomplications that isn't properly justified with adequate opsec scenarios and threat modeling.</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
 	<!-- +++++ Footer Section +++++ -->
 	<!-- +++++ Second Post +++++ -->
 	<div id="anon3">
--- a/opsec/maintainers/index.html
+++ b/opsec/maintainers/index.html
@ -56,7 +56,7 @@

 	<!-- +++++ Posts Lists +++++ -->
 	<!-- +++++ First Post +++++ -->
-	<div id="anon3">
+	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
@ -71,7 +71,7 @@
 	</div><!-- /grey -->

 	<!-- +++++ Second Post +++++ -->
-	<div id="anon2">
+	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
@ -88,7 +88,7 @@
 	</div><!-- /grey -->

 	<!-- +++++ Second Post +++++ -->
-	<div id="anon3">
+	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
@ -125,7 +125,23 @@ to be showcased: (How)
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
+    <div id="anon3">
+        <div class="container">
+            <div class="row">
+                <div class="col-lg-8 col-lg-offset-2">
+<h2><b>What's Offtopic?</b></h2>                                                                                                                                                               <p>Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):</p>                                                            <p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially containa  vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>

+<img src="../contribute/65.png" class="imgRz">                                                                                                                                                               
+<p>2) <u>Closed-source hardware privacy workarounds:</u> no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. <b>We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.</b> We do with the tools at our disposal, so until those tools are made available, we use what we can use. <b>We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.</b> (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)</p>                                                                                                                      
+<img src="../contribute/66.png" class="imgRz">                                                                                                                                                               
+<p>3) <u>Unrealistic advice:</u> the advice we bring forth in this blog should be doable by 90% of the average joes out there, by explaining it correctly. For instance, no, <b>90% of the average joes out there are not going to go dressed up in black coats, wear an anonymous mask, sit in mcdonalds, to try and use someone else's public wifi anonymously for entire days on end just to browse the web anonymously and avoid it being tied back to their irl identity. NOBODY is going to do that</b>. Keep that unrealistic advice off this blog, as it doesn't help anyone. The realistic approach to this is to just do a (you -> vpn -> tor -> destination) setup, it defeats 99% of the attack vectors, and 90% of the joes out there can do it if you explain it properly. End of the story. <b>I don't care about the 1% most unlikely scenario that only the top 1% non-average joe can pull off.</b>  Simply mention the other options briefly, while focusing on the method that 90% of the people out there are the likely to be able to adopt.</p>                                                                                                                    
+<img src="../contribute/64.png" class="imgRz">                                                                                                                                                               
+<p>4) <u>Overcomplications:</u> I want you to go for the simplest option that actually leads to the intended result. If, from point A you can go to point B, to arrive at result Z, then if you try to go from point A to B to C to D to E to G to H to then arrive at point Z, <b>you are offtopic because you are overcomplicating something that should have been simpler.</b> If a simpler solution exists, show that option only, do not waste diskspace writing innefficient methods that the readers don't need to read or know about. I will categorically refuse any overcomplications that isn't properly justified with adequate opsec scenarios and threat modeling.</p>
+
+                </div>
+            </div><!-- /row -->
+        </div> <!-- /container -->
+    </div><!-- /white -->
 	<!-- +++++ Second Post +++++ -->
 	<div id="anon2">
 	    <div class="container">