I agree with you wrt a UFO. However, yes, people have 1080p on a cellphone, but unless the UFO is about 15-30 feet in front of you, the longer lenses on cellphones are mixed quality at best still. So if someone is pointing a recent "100x" phone at a UFO in the sky, the footage still isn't going to be very clear / good. It's also difficult to track these "UFOs", probably because of all sorts of interesting optical and atmospheric events even making them unidentified. But even trying to "zoom in" on a commercial plane from miles away to the extent you could make out much detail is not exactly easy, and there it's usually going in a at least in theory predictable flight path, and moving "slowly" - just the distance giving such a tiny FOV from the camera ...
Ok, but now you're masquerading as HTTPS. I was talking about most VPNs use known ports (openvpn port for instance). I also have heard a lot of external sites are blocked in China, so I was referencing that I would guess most commercial VPN servers get blocked also. If you're running your own endpoint (not paying for a commercial service) and making it look like SSL, and China isn't blocking that IP address outside the country at this time, then it should work, though I'd still worry about timing and network correlation attacks - if a nation state wanted to. There's a lot of wiggle room in that if, and I wouldn't put it past them to just backdoor your hardware on entry (or the US customs inspection either FWIW).
Honestly - nothing . You need to not use the Internet for anything sensitive if a nation state is after your traffic, even moreso if you're inside their network, even more so if it's controlled as tightly as China does.
In the US you might hide among the other traffic if you really know what you're doing and very careful. Especially if they're not suspecting you and so aren't directly targeting you. And that's a big if. China blocks traffic so you just end up. Screwed.
I'm very much WFH a huge percentage of the time. I don't think I'm ever going to willingly go back daily or even weekly. There's little to no point. Our society also should want to encourage WFH as much as possible just for environmental benefits.
I think both attacks are actually DNS vulnerabilities from my reading of the paper which is now available. It has nothing whatsoever to do with VPNs, except in so far as you can abuse DNS to redirect traffic to a hostname somewhere else. I suppose the first attack does suggest that commercial VPN companies should update their configuration to require the non-routed IPs to be the local network unless otherwise overridden by the customer. That should completely kill the first attack from what I can tell. Customers can also just look at their route tables after connecting to a random wifi and see if it looks weird (the local net not being 192.168.0.0/24, 172.16-20.0.0/16[IIRC, google the range],10.0.0.0/8)...
The second attack still requires the attacker to control DNS, so again, is basically either the ISP or a rogue AP. I still think DNSSEC helps, DoH would help (but OSs don't use this, and generally for good reason - we really really need PKI for DNS as the new standard IMHO, which I think DoH is trying to do), but also hardcoding the DNS server you use to a known good server (this might be hard, but like 1.1.1.1 is going to be harder to intercept) would stop it.
This is also why people say VPN doesn't provide full security on it's own (Though I question the ability to pull these attacks off in most practical situations - quite a lot depends on your threat model) and redirecting HTTPS traffic for instance outside the VPN leaks that you connected to that site, but none of the contents of the traffic.
The first one is just split tunneling which is a design feature for most organizations using VPN, so any company paying for this for their employees, and many using stuff like OpenVPN explicitly want that feature for good reasons.
The second requires both intercepting DNS (which I think is getting harder all the time with DNSSEC etc) and you not using a server certificate to authenticate the actual VPN server (unless I really misunderstand what's happening here). Most public VPN servers don't seem to be configured to work as you say (not send traffic for their server / site over the tunnel) - at least OpenVPN with common configurations will send traffic over the tunnel as far as I've been able to determine. Some details to reproduce this would be helpful. The paper isn't currently available, but I'm still wondering how they're adding a static route to the client unless they can in fact terminate the VPN connection and pass back config rules different from the client config file.
What's interesting is this is also kind of a circle of tech moment too. At least for me, search has been sort of killed (or google search anyway), but it's just back to the Internet of 1997 again, where we have "sort of useful" "search engines", some walled gardens like AOL was, and maybe webrings or the original sort of Yahoo! curated link / subject sites / lists.
Fair enough. Last time I checked, I saw enough people warning against btrfs that I just figured it wasn't going to catch up to ZFS and kind of forgot about it. Now I realize that may have been awhile ago, and if it's not in RHEL, I haven't considered it as enterprise ready - which recently is changing with Red Hat / IBM losing their darn minds, but my "working knowledge" is limited on stuff I don't watch all the time.
Didn't google basically kill XMPP by "working" with the standard and then getting a huge amount of users on Google, then dropping the standard leaving most people who wanted to communicate on the now locked in google program? I swear I heard that.
I'm going to say avoid btrfs, it's still basically in beta. I want to see wide use in industry and functions like competitors - a la mdadm / vdev and ZFS have.
My point is just that most headphones that are cheap can't reproduce MP3 quality, so until you get good enough headphones to hear the difference, getting a FLAC of the same song isn't going to really be noticable.
Oh, I have a pressure sealed rice cooker, but it's the top of the line Zojuroshi and is more like $600. It's also not fast, takes like an hour, but the rice is divine. Sadly, I rarely cook rice. I got it for my sister, who lived in China for a while and used to eat rice all the time, but then moved into a tiny house and gave it back to me... I can't really bear to throw it out - but I only use it if I'm making a huge amount of rice randomly.
I think it is smaller capacity, has a "fryer basket" and maybe hence can concentrate the power more effectively on the small space so is faster? IDK, the NuWave used to be sold as an air-fryer too, but I've never air-fried in a "real one" so I can't personally compare. I just find that the much larger "Oven" and throw everything in the dishwasher is way more useful for way more foods and types of cooking (like if I want to bake a potato etc).
Next problem, there’s a good reason we all chose cloud. Even huge corps realized it would save them a ton of money to switch from their expensive private datacenters and staff. They were already paying money to some bomb shelter style server host, now they are just doing it virtually. And your engineers no longer have to drive out to wipe drives or replug wires, it’s all perfectly managed
This part is just not true. Many companies are moving things back in house because of the cloud costs, along with how poorly the cloud actually turns out to be managed (at least the Microsoft one that most companies used for e-mail and collaboration). And the cloud never got easy enough to not need specialized employees, and in many cases, they're more expensive than "on prem" employees were because it was the hot new buzzword for a while.
I can go into lots of technical details, but it's worth pointing out that many huge corps are doing hybrid and using the cloud strictly for burst usage because the constant state costs are way way way cheaper if you own the servers. Which kind of makes sense - if you need a car for 2 days a year, you rent, but if you use it for hours a day, you buy.
You might think this, and I bought into it. Then I saw the recent Azure and M365 issues and responses to cloud security and nation state hacking of gov cloud stuff with consumer outlook accounts. I realized the cloud providers have all the incentive to sell that they hire better people because of economies of scale and do more things than you might locally, but in reality to outsource everything to the cheapest bidder in a different low cost of living country.
Businesses who have a clue and a budget actually also have a need for local data control IMHO. Look at the hacking case with M365. And there's decent local collaboration software too - wikis, things like syncthing, some of the newer 0 trust stuff.
Let's face it, the thing the cloud is good for is serving up completely public websites.
I believe a committee of corporate policy people given a couple of months could. But for a post on a forum? Yea, a chatbot helped.