Linux Software to pirate
Max-P @ Max_P @lemmy.max-p.me Posts 2Comments 1,625Joined 2 yr. ago
Max-P @ Max_P @lemmy.max-p.me
Posts
2
Comments
1,625
Joined
2 yr. ago
Now is not the fucking time to give governments unlimited access to user data. If the UK has it, the US will have it too.
AWS does have plenty of VPN solutions for this, but likely not with the credentials you have because they're usually very specific. And it's probably intentional, if they wanted to give you VPN access they'd give you VPN access.
Maybe if he had an actual platform and an actual plan that's not based entirely on undoing what Trudeau did...
The website requests an image or whatever from 27748626267848298474.example.com, where the number is unique for the visitor. To load the content the browser has to resolve the DNS for it, and the randomness ensures it won't be cached anywhere as it's just for you. So it queries its DNS server which queries your DNS provider which queries the website's DNS server. From there the website's DNS server can see where the request came from and the website can tell you where it came from and who it's associated with if known.
Yes it absolutely can be used for fingerprinting. Everything can be used for fingerprinting, and we refuse to fix it because "but who thinks of the ad companies???".
A computer can never be held accountable, therefore a computer must never make a management decision.
IBM, in 1979.
This is wide open to send a nuke on allies and blame the AI.
They could also just be spawning Windows VMs directly in AWS, no point doing nested virtualization for something like this. Pretty sure they have a service for doing exactly what you described. No need for a VPN, it can spawn your VM on the right network already (they call it VPC). They can even put real GPUs for AutoCAD and stuff on those things.
It's going to depend on how the access is set up. It could be set up such that the only way into that network is via that browser thing.
You can always connect to yourself from the Windows machine and tunnel SSH over that, but it's likely you'll hit a firewall or possibly even a TLS MitM box.
Virtual desktops like that are usually used for security, it would be way cheaper and easier to just VPN your workstation in. Everything about this feels like a regulated or certified secure environment like payment processing/bank/government stuff.
but I'm curious if it's hitting the server, then going the router, only to be routed back to the same machine again. 10.0.0.3 is the same machine as 192.168.1.14
No, when you talk to yourself you talk to yourself it doesn't go out over the network. But you can always check using utilities like tracepath, traceroute and mtr. It'll show you the exact path taken.
Technically you could make the 172.18.0.0/16 subnet accessible directly to the VPS over WireGuard and skip the double DNAT on the game server's side but that's about it. The extra DNAT really won't matter at that scale though.
It's possible to do without any connection tracking or NAT, but at the expense of significantly more complicated routing for the containers. I would do that on a busy 10Gbit router or if somehow I really need to public IP of the connecting client to not get mangled. The biggest downside of your setup is, the game server will see every player as coming from 192.168.1.14 or 172.18.0.1. With the subnet routed over WireGuard it would appear to come from VPN IP of the VPS (guessing 10.0.0.2). It's possible to get the real IP forwarded but then the routing needs to be adjusted so that it doesn't go Client -> VPS -> VPN -> Game Server -> Home router -> Client.
Not seeing much, but given the subreddit deletions were attributed to an automated system error and stuff it's not nearly as big of an event as the apicalypse was. The bigger bump I see seems to be linked to the TikTok ban and Pixelfed and Loops climbing to the top of the app store charts.
No idea, never used it, I just happen to know it exists.
You probably want something like Aether instead of the fediverse: https://getaether.net/
It's peer to peer, encrypted, anonymous, ephemeral and all that.
The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.
End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
That could work probably, it's a lot of work and will break interoperability but could be done. You'd still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.
Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
There's a fair amount of instances already that will let you sign up with a disposable email
Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don't because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.
Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
That'd be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.
Ephemeral content: auto-deleting posts, messages, etc after a set period.
As an admin, I can literally just restore last month's backup and undelete everything that got deleted. If someone's seen it, you must assume it can at minimum have been screenshot.
Instance chooser that flags which instances are in unsafe countries.
Anyone can get a VPS in just about any country, so you'd have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.
Once again however users have plenty of choices already for that, if you trust your instance's admins.
Defederate from instances in unsafe countries?
Same as previous point. Plus, one can still use the API to fetch the content anyway.
Better opsec around instance owners, admins and moderators
Also pretty hard to enforce.
And then he's gonna whine about a "refugee problem"
You absolutely can if you want to. Xen have been around for decades, most people that do GPU passthrough also kind of technically do that with pure Linux. Xen is the closest to what Microsoft does: technically you run Hyper-V then Windows on top, which is similar to Xen and the special dom0.
But fundamentally the hard part is, the freedoms of Linux brings in an infinite combination of possible distros, kernels, modules and software. Each module is compiled for the exact version of the kernel you run. The module must be signed by the same key as the kernel, and each distro have its own set of kernels and modules. Those keys needs to be trusted by the bootloader. So when you go try to download the new NVIDIA driver directly from their site, you run into problems. And somehow this entire mess needs to link back to one source of trust at the root of the chain.
Microsoft on the other hand controls the entire OS experience, so who signs what is pretty straightforward. Windows drivers are also very portable: one driver can work from Windows Vista to 11, so it's easy to evaluate one developer and sign their drivers. That's just one signature. And the Microsoft root cert is preloaded on every motherboard, so it just works.
So Linux distros that do support secure boot properly, will often have to prompt the user to install their own keys (which is UX nightmare of its own), because FOSS likes to do things right by giving full control to the user. Ideally you manage your own keys, so even a developer from a distro can't build a signed kernel/module to exploit you, you are the root of trust. That's also a UX nightmare because average users are good a losing keys and locking themselves out.
It's kind of a huge mess in the end, to solve problems very few users have or care about. On Linux it's not routine to install kernel mode malware like Vanguard or EAC. We use sandboxing a lot via Flatpak and Docker and the likes. You often get your apps from your distro which you trust, or from Flathub which you also trust. The kernel is very rarely compromised, and it's pretty easy to cleanup afterwards too. It's just not been a problem. Users running malware on Linux is already very rare, so protecting against rogue kernel modules and the likes just isn't in need enough for anyone to be interested in spending the time to implement it.
But as a user armed with a lot of patience, you can make it all work and you'll be the only one in the world that can get in. Secure boot with systemd-cryptenroll using the TPM is a fairly common setup. If you're a corporate IT person you can lock down Linux a lot with secure boot, module signing, SELinux policies and restricted executables. The tools are all there for you to do it as a user, and you get to custom tailor it specifically for your environment too! You can remove every single driver and feature you don't need from the kernel, sign that, and have a massively reduced attack surface. Don't need modules? Disable runtime module loading entirely. Mount /home noexec. If you really care about security you can make it way, way stronger than Windows with everything enabled and you don't even need an hypervisor to do that.
Lemmy is decentralized, there is no singular Lemmy as a whole unless you're talking specifically about the server software. As a user you interact with your home instance, in your case lemmy.world.
Most connectivity problems and slowdowns are instance-specific unless you're talking about a federation problem specifically, for example you posted but it doesn't show up on other instances, that's a problem between your instance and the community's instance.
In your case you most likely just hit something on lemmy.world's side. Lemmy as a whole is way too small for them to even care about it.
I've been having sub second response times consistently on mine. This post submitted instantly.
None, it's just a terminal emulator like xterm or Konsole or alacritty or whatever else. It doesn't actually emulate anything.
It's all native ARM binaries shoved into a container pretty much the same as Docker. The performance hit is basically zero. Android runs the Linux kernel, it's just a fancy chroot to make it look like regular Linux.
It makes the fediverse look about as bad as Lemmy did when the Reddit apicalypse happened.
I think we mostly need to communicate the state of things well and frequently to keep users aware this is super alpha preview software and that the the technology is sound but just needs time to mature properly. It's the cost of freedom: patience. As long as the fixes and improvements keeps coming, buggy shouldn't be that much of a problem.
So we spent like what, 20 years saying China censorship bad and finding sneaky ways to get them in the global Internet via VPNs and Tor and Tor bridges, and now we want to make our own?
That'll go well.
This is the privacy community, not the piracy one.
You might want !piracy@lemmy.ml