dragonfly4933 @ dragonfly4933 @lemmy.dbzer0.com

Posts

1

Comments

62

Joined

2 yr. ago

No, you should keep both udp and tcp port 53 open going out. blocking dns vc/tcp will result in dns being partially broken.

Why would you strip ipv6 if mullvad supports it. The reason people disable or block v6 are for 2 reasons, ignorance, and/or the vpn providor doesn't support ipv6. V4 and v6 can and usually do run at the same time (this is called dual stack), so if the vpn only touches the v4 side of things, v4 will be tunneled while v6 will be unaffected.

Also, the firewall doesn't matter if you use a torrent client that can just bind to the wg interface (assuming there is no nat being performed from the wg interface to the physical interface). The client will take one or all of the ips on the interface, which will make it impossible to leak IP directly assuming your switch or router doesn't also have an ip in the same subnet as your wg interface ip.

I don't know UFW, but if you run iptables-save or nft list ruleset i can take a look to see if it is sane.

But what i can tell is that it might work. You appear to be only allowing public traffic to wg. It should be noted that this setup will likely fail at some point because you are hard coding the IP. It should fail safe, but the public internet will not work.

Bottles is pretty good. It's available on flathub.

It's basically how widevine works. The hardware "secure" boots the OS, and the OS only loads signed code. And there is a chain of custody all the way to the hardware, so the software that communicates with the server can attest that it is the same as what they expect.

The simple explanation is that they wish to further erode property ownership by the proletariat by locking down operating systems such that they can't do as their owners wish, but only what the corporation wants.

The likely retaliation RH/IBM would take is simply banning the account, not starting a lawsuit immediately. However, rights holders may attempt sue before or after such an event, but likely after.

RH thinks they have the right to distribute code in this manner, and they can keep doing so until challenged in court. You can do actions in general without asking the court every time, I think the same applies here as well.

I personally think it is a violation in a strict sense, but at the same time I don't think it really matters too much realistically. Stream is upstream RHEL, and they are very similar, and at some points in time, should be identical. It's also not clear what you get exactly by suing RH/IBM. The likely case is that they settle or rule to have that section removed from the ToS.

Maybe, but in practice nothing happens. Microsoft has had numerous issues reported to them before, years ago, and the issue reported to them was never fixed or taken seriously. Then years later, the issue is sometimes rediscovered and they find the report from years earlier, and nothing happens.

Until legislation gets passed to force companies to take liability of their software, nothing will change.

Tbh, I don't think encryption matters that much for are usually public chat channels.

The private communication should be safe since i think the users will usually pin the keys for each other.

Insurance doesn't work very well for things like hurricanes. When big events happen that cause large percentages of their policy holders to file claims at the same time, it results in large payouts which causes increases in price. When prices go up, people don't insure. This combined with the fact that florida gets hurricanes means prices for insurance are high.

Maybe the state could help by introducing laws to help combat insurance fraud, but that could lead to consumers getting fucked by their insurance companies.

Probably. But wear and tear on all road infrastructure will accelerate due to more weight, and funds to fix it will go down until additional tax structures are put into place to replace gas taxes.

Tbh, just stop using software well past it's prime, or pay the cost of developing the fixes.

Everything can't be free, at some point it's gotta cost something.

I more or less was just looking for a general survey of what other people used.

I agree installing a binary for this small kind of thing might be excessive.

As long as your ISP is handing out a block of IPs, you don't need NAT for v6.

If you want to, then sure. For torrenting, it's not necessary, but may be helpful. I do occasionally see ipv6 peers.

Many ISPs are no longer handing out even 1 public ipv4 address per account, and instead opting for CGnat which further breaks and stratifies the internet.

Tmobile for example is 464xlat which is even worse than cgnat since it requires tampering with dns responses.

Given the situation many ISP are in, most serious companies offering services on the internet have supported ipv6 for a long time now in order to offer the most competitive service possible. And with cloudflare now serving up a large amount of traffic, a lot of all traffic is v6.

Believe it or not, but IPv6 is here and gaining ground.

BitTorrent v2 allows this also. In v1, torrents with multiple files are hashed continuously (cat) together without respect to file boundaries. A side effect of this that many people notice is that to grab a specific file may require downloading some of the files before or after the one you want.

Under v2, each file is hashed separately, so this fixes the aforementioned problem and should allow sharing of files across torrent files.

Wouldn't advise turning off ipv6. We are probably getting near the point where some public services will disable or offer v4 as only best effort, and when this happens, your connectivity will be broken for certain things if you disable v6. Heck, it's to the point now where all my home hosted services are v6 only.

The better solution is to just get a VPN that supports ipv6 like airvpn or mullvad. I think pia disables ipv6 while the tunnel is up, which is better than disabling ipv6 altogether.

To validate the tunnel is working properly you can use something like this.

https://ipleak.net/

There is also a Torrent Address detection section, that when you activate it, will provide a magnet link that will show your ip to ensure that it is tunneled properly.

Google and other search engines can crawl lemmy just fine. The only downside is that the information will be split across domains unless google puts in a special case for lemmy/fediverse or something.

Email isn't that secure anyway (don't use email if your life or freedom depends on it), so I don't see that as much as a downside.

Could be a bad dock or usb controller, try a different one. Otherwise just snap the sata connector off, and most people will not bother to get anything off.

I don't think NixOS is used by many companies, so it's not really a skill that will likely lead to employment. Most companies use containers and tools like ansible which is accomplishing something similar to nix.