How will running a CA limit access? eg. Do you want to do client side cert validation? That sounds like an overcomplication. Also not ideal to run a CA (have signing keys) on the proxy server.
Just a regular Joe.
- 0 Posts
- 33 Comments
Joined 1 year ago
Cake day: July 7th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
5·26 days agoIt’s a trade off. “Free services” typically require more leg work and can come with legal or security risks. I used to have a great XBMC & torrenting setup years ago. I spent significant time customizing it and various plugins, extending scripts etc. I had fun, and took necessary precautions. Millions wouldn’t. Some are happy to pay €9/month to another evil corp for convenience (where it works for them).
Oh, they do have an plan with ads. You can’t really complain about ads if that is what you subscribed to, I guess. The price difference is €6 vs €9/month in Germany, btw.
The no browser support on phones kind of sucks though.
Disney+ has ads? I’m in Germany and I don’t see any. Where are you?
edit: removed comment about browser, as OP meant on the phone
22·2 months agoLots of ideas are patented, especially by large companies. Some ideas are pursued by the company themselves, while others sit in the patent war chest to (maybe) generate passive income and help with future litigation. Very occasionally they are used for prevention.
Regardless, such a system would be a reason for many people to avoid buying a particular car or brand of car.
2·2 months agoA nanotube garrote would be the talk of the town.
7·3 months agoAmd o stoll jsve pne tp thos dau!
3·4 months agoDeemix is a good way to build up your local cache from Deezer, at which point you can serve it locally.
It will mess with artist renumeration though (which seems important to you), so you might want to find another way to compensate your favourite artists.
You need training material for negative prompts too.
PFS matters where a party hasn’t already been compromised. Not so hard.
Read up on perfect forward secrecy and TLS.
And yes, a jurisdiction could compel them to break their security, depending on laws and ability to threaten.
IF TLS is used AND configured optimally on both ends, THEN the in transit message contents should be very secure, in that transient session keys were used.
I would be interested to know how often those two preconditions hold true though.
Of course, this is only one small link in the chain. There aint no magic bullet.
In some countries private law firms chase down infringers on behalf of copyright holders. They then attempt shakedowns with the threat of legal action if you don’t pay. They have a financial interest to catch people, and moral compasses vary.
Also, mistakes can happen (you, your family, guests using your wifi, in the courts, in the ISPs, in the law firms, in the tech they are using to identify people). Shit happens.
And if (when) it happens, then you would still have to deal with it, costing you time and money.
Understand the risks and make choices to minimize them if you can.
Apparmor profiles can be applied to an executable - the profile is then (if so configured) inherited by subprocesses. In my case I have a launch script to run lutris in a safe mode. It also changes the effective gid to be matched by some iptables rules (it was easier than creating a new network namespace, which is also possible). The script then checks that the Internet is inaccessible and that reading/writing to secured paths is denied before launching lutris.
Similarly I have a “safe” script to wrap other commands with an apparmor profile that stops most writes to my homedir/reads from some secure locations, which I often use to run scripts/programs from the Internet.
My sudo also requires a password (or a special keyboard combination, thanks to a custom pam configuration).
All that said and done, I’m sure I’ll be caught off guard one day.
I run a particular online windows game in a modded offline mode under Linux in network isolation and with a restricted apparmor profile. So far so good. Logs show no attempts to break out, except for the smoke test I run to ensure the sandbox is working. This is as much because of the random mods I install as the original devs (who could ban my online account).
On Windows, a VM would indeed be safer. GPU passthrough is possible … I guess easier with Windows using an onboard GPU, then passing a discrete GPU to the VM. You’ll lose some performance with a VM regardless, but it’s easy to disable networking, back up and restore from a known good state, and burn it to the ground when needed.
Your friends will find you wherever you are and will continue asking you such questions. There is no escape.
Where in the world is Carmen Sandiego and Commander Keen … wait a second, the time machine’s dial is broken.
Saved 0% of original text.
Still a good bot. pats diodes
Welcome to the world of Carrier Grade NAT. 100.64.0.0/10 is reserved for this.
If you are lucky, you also have an IPv6 address. The catch is you need IPv6 on the client-side too.
A VPS or similar running wireguard and a proxy might bridge the gap.
It might also be possible to ask your provider for some port forwarding. Probably not, but check anyway.
Good luck!
NFSv3 (udp, stateless) was always as reliable as the network infra under Linux, I found. NFSv4 made things a bit more complicated.
You don’t want any NAT / stateful connection tracking in the network path (anything that could hiccup and forget), and wired connections only for permanent storage mounts, of course.