I've moved this to an org and added you, csn you confirm you can merge these yourself now?
Pinned
noisetorch/NoiseTorch
6.4k
⚡ Real-time microphone noise suppression on Linux.
lawl/opensnap
56
⚡ Aero like snap feature for openbox.
lawl/devolotools
1
⚡ devolo configuration file decrypter and 1337 root exploit
Activity
May
20
1 day ago
lawl issue lawl/NoiseTorch
lawl
lawl
OWNER
createdAt 9 hours ago
Future of noisetorch
Some people seems to still want to maintain this. I don't know if i still can.
What of we move this project to an org, add some people, and then end me here.
lawl issue comment lawl/NoiseTorch
lawl
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
Found a very suspicious process in htop. Paniced. Later straced it and it was looking for wallet.dat. The OS itself was fairly fresh (q3 ish?).
Sorry i dont think i have any logs or anything that isnt deleted. As you may see from my history, i paniced fairly hard.
May
19
2 days ago
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Delete vendor folder - Go mod allows developers to keep dependencies local
During this audit, it would be helpful to remove unnecessary code from this repository. Currently, the project is storing it's dependencies in git; however, since it's using Go mod this is not necessary.
It's common practice to keep the vendor folder in the .gitignore file to keep repository size down. You can repopulate the vendor folder locally by running go mod vendor.
@lawl you mentioned that the most likely area for unauthorized code would be in the large commits containing dependencies. This change should eliminate that possibility.
lawl
that depends entirely on what you want to achieve. i don't feel like debating the pros and cons of pushing the vendor folder right now.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
@fuomag9 as i wrote somewhere else, this is an IPv4 NAT server with like 20 ports per VM, this is entirely expected.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
since someone asked, my assumption right now is that it was most likely just someone looking for bitcoin wallets. still not sure how they got in exactly, and now sure if we'll ever know, but as i already said, probably nothing. and no bitcoin either.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
Wouldn't it be good enough to check the latest commits?
i'm now assuming it must likely have occured sometime in the second half 2021.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
yeah you can remove the remote server that's being pinged by people's builds by... shipping a new binary. otherwise, yeah the whole update code has to be ripped out at some point, but that's easy and not a problem.
lawl pull request lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Delete vendor folder - Go mod allows developers to keep dependencies local
During this audit, it would be helpful to remove unnecessary code from this repository. Currently, the project is storing it's dependencies in git; however, since it's using Go mod this is not necessary.
It's common practice to keep the vendor folder in the .gitignore file to keep repository size down. You can repopulate the vendor folder locally by running go mod vendor.
@lawl you mentioned that the most likely area for unauthorized code would be in the large commits containing dependencies. This change should eliminate that possibility.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Delete vendor folder - Go mod allows developers to keep dependencies local
During this audit, it would be helpful to remove unnecessary code from this repository. Currently, the project is storing it's dependencies in git; however, since it's using Go mod this is not necessary.
It's common practice to keep the vendor folder in the .gitignore file to keep repository size down. You can repopulate the vendor folder locally by running go mod vendor.
@lawl you mentioned that the most likely area for unauthorized code would be in the large commits containing dependencies. This change should eliminate that possibility.
lawl
if you can repopulate it the exact same way, why does it matter to you? self contradictory.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 1 day ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
@Xunjin litterally all of them. These are just where i'd hide as an attacker, probably. As always absence of evidence != evidence of absence.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
Its a tiny vm with natted ipv4.
May
18
3 days ago
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
Ok ive pointed the readme to this thread. If we can get enough people to check the code, maybe we can work from there.
lawl push lawl/NoiseTorch
lawl
Community code review?
commit sha: b4bb8e6466fef1201b195fd86f9a768ac1a6e5b1
push time in 2 days ago
lawl issue lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Do I have a virus now? :eyes:
I've been running noise torch from source off nixpkgs: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/audio/noisetorch/default.nix. Has the source itself been compromised? Or just whichever compiled binaries?
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Do I have a virus now? :eyes:
I've been running noise torch from source off nixpkgs: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/audio/noisetorch/default.nix. Has the source itself been compromised? Or just whichever compiled binaries?
lawl
Nobody knows, and absence of evidence isn't evidence of absence. You'll need to use your own risk judgement for now, sorry.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
82.118.227.155 have you checked this isnt the update server? Does noisetorch.epicgamer.org resolve there?
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
Yes upx was on purpose, but ypu shouldnt trust me when i say hjat because i already said my sytem(s?) were compromised.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
This project is not dead. Because is live in our heart
@lawl thank you for this awesome project.
we will always love you and this project. ❤️
lawl
For speed's sake, I'm going to assume that official GoLang packages are safe to use
yes, i consider golang/org part of my trusted computing base, since well, i'm using their compiler, so....
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Alternative / Spiritual Successor https://github.com/werman/noise-suppression-for-voice
lawl
how can it be a spiritual successor if i contributed the algorithm people seem to like about noisetorch there before actually making noisetorch :thinking: ?
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
This project is not dead. Because is live in our heart
@lawl thank you for this awesome project.
we will always love you and this project. ❤️
lawl
https://github.com/lawl/NoiseTorch/commit/8c34658b64f1efeab501bef57d2bfa9579fe34e2 https://github.com/lawl/NoiseTorch/commit/38787e4195f2a34d7ec4421caf17cb99bc31fa2b
are imo the least likely candidates where one would hide a backdoor, i had reviewed the entire diff i vendored. I take dependencies seriously. But who knows, if my system was compromised, was it showing the right things?
How would one trust your review?
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
This project is not dead. Because is live in our heart
@lawl thank you for this awesome project.
we will always love you and this project. ❤️
lawl
To move forward, however, I need to know the scope of the breach, including how long this has been going on for. What's the nature of the compromise? I need to know if my systems are still secure, or if I need to delete everything.
I'd like to know that too.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
No, dont give money. Patreon is scheduled for deletion cant do it instantly.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
Conduct an Audit
I assume you have regained control of your security keys.
I think this project is large enough to fund an open source audit to alleviate any concerns about security compromises.
These things can happen and there are things the repository owners can do to address it.
Initial research shows an audit taking about US$100/1000 lines of code.
Perhaps consider starting a fundraiser for it @lawl ?
lawl
No i havent. I believe its unrelated to noisetorch, but better safe than sorry. I am dead right now and dont have the energy to rebuild and rebuy my compiting devices from scratch.
lawl issue comment lawl/NoiseTorch
lawl
lawl
NONE
createdAt 2 days ago
This project is not dead. Because is live in our heart
@lawl thank you for this awesome project.
we will always love you and this project. ❤️
lawl
@contraexemplo is correct. Sorry i feel dead right now. I don't have any energy to deal with this right now.
I believe the compromise is unrelated, but again, better safe than sorry.
lawl push lawl/NoiseTorch
lawl
commit sha: 2663bcc8d6aea1e15d0e52e47ce55f60283ef53b
push time in 2 days agolawl push lawl/NoiseTorch
lawl
Project compromised.
commit sha: 014236037eb5ba456c4dae24a0ebaf2caeb1510f
push time in 2 days ago
lawl in lawl/NoiseTorch create published release POTENTIAL COMPROMISE
createdAt 2 days ago
Previous
Next
update README.md
Adding information about removal procedure