tal @ tal @kbin.social

Trying a switch to tal@lemmy.today, at least for a while, due to recent kbi

---

Read more

Posts

11

Comments

458

Joined

2 yr. ago

I suspect that if things continue in the trajectory that they seem to be heading, that people from Russia who exit may likely be better-off too, as much as moving countries is a significant barrier.

Is OpenVPN not just SSL traffic?

It’s not, it’s an IPSec VPN by default which runs over UDP. You can run it via TCP and it operates over the same port as HTTPS (443), but it’s not the same protocol and can be differentiated that way.

I think that either I'm misunderstanding what you're aiming to say, or that this is incorrect.

OpenVPN can run over UDP or TCP, but it's not IPSec, not even when running over UDP. IPSec is an entirely separate protocol.

Unless the whole of the inner IP packet is encrypted,

It is, because they're inside an encrypted stream of data.

The way OpenVPN works is this:

1. OpenVPN establishes a TLS connection to the OpenVPN server.
2. Your computer's kernel generates an IP packet.
3. OpenVPN sucks that up, shoves it into the TLS connection. That connection is encrypted, so the network provider cannot see inside it, know whether the data is IP packets or anything else, though I suppose maybe traffic analysis might let one classify a connection as probably being a VPN.
4. The data in that connection is broken up into IP packets, went to the OpenVPN server.
5. The OpenVPN server decrypts the data in the TLS stream, pulls the original IP packets out.

So the original packets are always encrypted when the network sees them. Only the OpenVPN server can see the unencrypted packet you originally sent.

What @raltoid is saying sounds plausible, though I can't confirm it myself off-the-cuff -- that OpenVPN is detected by looking at somehing unique in the initial handshake.

I imagine that in Sherri Threepenny's claimed world, it'd be kind of like magnet fishing -- you'd wind up covered in metal shavings and little pieces of metal picked up as you traveled through your daily environment.

So, that's definitely better than nothing, but your browser isn't the only thing -- though these days, it is a very important thing -- that talks to the Internet. If, for example, you're using a lemmy client to read this, I'd bet that it's good odds that it doesn't have SOCKS support.

Though I wouldn't be surprised if someone has made VPN software that intercepts connections and acts as a proxy SOCKS client, which would make it work more like a traditional VPN if you can reach a remote SOCKS server, though maybe with a performance hit.

googles

Yeah, okay, looks like stunnel can do this on Linux. So it's a thing.

You don't need a 100% solution, though, to have a pretty big impact on society. Combine technical barriers with it just being easier to not think about what's going on outside, maybe some chilling effects from legally going after people who do start doing things that you don't like (viewing websites, spreading information, etc), and you can control people's information environment a lot. Make using circumvention solutions illegal -- okay, maybe you can bypass their system if you don't get caught, but do you want to risk it? Make creating or spreading circumvention solutions really illegal. Do you want to risk getting in a lot of trouble so that random other person can get unrestricted or unmonitored Internet access?

On that note, I was reading about the way North Korea does it in an article from someone who got out of North Korea. That is about as close as it gets to a 100% solution. Only a few thousand people are authorized to get Internet access. You need to apply to use the Internet with a couple of days lead time. Each pair of computers has a "librarian" monitoring what the Internet user on each side is doing, and every five minutes or so the computer will halt with whatever you were doing on the screen and require fingerprint re-authorization from the "librarian" to continue. Users are not allowed to view pages in Korean, just English and Chinese (I assume because most information out there that you'd have to go outside North Korea to get access to is likely available in either English or Chinese, and they definitely don't want people seeing anything out of South Korea).

That pretty much screws North Korea in terms of access to information, is a costly solution, but if you place an absolute priority on control of the information environment, North Korea does prove that it's possible to take a society there.

No, I'm not. Chiropractic is also snake oil, sure, but that doesn't make osteopathy real medicine.

https://en.wikipedia.org/wiki/Osteopathy

Osteopathy (from Ancient Greek ὀστέον (ostéon) 'bone', and πάθος (páthos) 'pain, suffering') is a type of pseudoscientific system of alternative medicine that emphasizes physical manipulation of the body's muscle tissue and bones.[1][2] In most countries, practitioners of osteopathy are not medically trained and are referred to as osteopaths.[3][4][5]

Osteopathic manipulation is the core set of techniques in osteopathy.[6] Parts of osteopathy, such as craniosacral therapy, have no therapeutic value and have been labeled as pseudoscience and quackery.[7][8] The techniques are based on an ideology created by Andrew Taylor Still (1828–1917) which posits the existence of a "myofascial continuity"—a tissue layer that "links every part of the body with every other part". Osteopaths attempt to diagnose and treat what was originally called "the osteopathic lesion", but which is now named "somatic dysfunction",[6] by manipulating a person's bones and muscles. Osteopathic Manipulative Treatment (OMT) techniques are most commonly used to treat back pain and other musculoskeletal issues.[6][non-primary source needed][9]

Osteopathic manipulation is still included in the curricula of osteopathic physicians or Doctors of Osteopathic Medicine (DO) training in the US. The Doctor of Osteopathic Medicine degree, however, became a medical degree and is no longer a degree of non-medical osteopathy.

Yeah, that too.

Honestly, one thing that I've found to be surprisingly consistent across a lot of the apparently-bonkers-on-the-surface conspiracy crowd is that someone is selling "alternative wellness" products at the bottom of it.

I remember discovering that Alex Jones was off selling a bunch of "alternative wellness" stuff too and saying "oooohhhh, okay, that makes more sense".

I think that the business model looks something like this. You take some issue that someone doesn't like. I don't know, being told to wear a mask. You say "this is unnecessary". Okay, fine, that's something of a values call, weighting risks against benefits. Then you promote related stuff that they agree with. So, okay, say someone goes to church, and they pray for someone to get better, and that's a normal part of the culture, right? But in the case of Sherri Tenpenny, it looks like she's off encouraging people to perform prayers that include a lot of the other kinda wonky products she's promoting. She's trying to leverage the cultural norm of praying for someone to get better to associating the stuff she's promoting with getting better.

So you put out stuff that people agree with to draw them in. Do a wide range of things targeting sometimes-totally-different groups. Some people don't like 5G -- that's not new with 5G, as there have always been people worried about the health effects of cell phones and radios. Some people don't trust vaccines. Some people don't like being told what to do and don't like being made to wear masks. Some people are pissed off with overseas competition for the field they work in, so opposition to global trade goes over well. Some people are concerned about the effects that industrial chemicals might be having on their bodies. Some people have the idea that there are some sort of ties between life or biological processes and magnets (though that tended to be more of a left-wing than a right-wing thing in the US in the past, but I suppose the same mechanisms work on people either way). I mean, run down the list, doesn't need to have much to do with each other. You're just trying to pick up people who don't agree with the mainstream on one point or another, so that you look appealing to them on that point. You're saying something that the mainstream isn't that they like.

You keep constantly promoting communication channels you run. In Sherri Tenpenny's case, she's promoting a ton of podcasts and newsletters and mailing lists. The near-term aim is to get an audience subscribed to those channels, so that you can have as many shots as possible as putting a sales pitch for your products in front of them. The long-term aim is to ultimately use those channels to shift as many as possible onto regularly buying whatever snake oil you're peddling.

And that explains why you have some weird agglomerations of different views. I mean, she's talking about chemicals, 5G, anti-vaccines, magnetism, faith healing...it seems incredibly unlikely for someone to have honestly picked up all of those highly-abnormal views and also have honestly come to the conclusion that they are an expert on them. But, if your goal is to just try to do a broad shotgun marketing blast towards anyone who might be upset with the mainstream in any sense and hook them in, you're just looking to convert anyone you can get to following and listening to you.

The final goal is to use those communication channels you've established with them to get them sending you money for whatever product you're trying to sell. "Alternative wellness" products are hard for the end user to evaluate the efficacy of, and you can mark them up to whatever, so snake oil makes for a good fit.

It's not that people like Sherri Tenpenny are idiots and believe what they're saying. It's that they're trying to perform a scam, and the collection of conspiracy or at least outside-the-mainstream ideas are "hooks" to try to draw people into the channel used to sell the scam.

Apparently in the US, they required osteopaths to start studying real medicine as well at some point, but it looks like in a lot of countries, osteopathy continues to be pure bunk.

It sounds like she may be a scam artist rather than an idiot.

https://en.wikipedia.org/wiki/SherriTenpenny

she is the author of four books opposing vaccination

Tenpenny promotes anti-vaccination videos sold by Ty and Charlene Bollinger and receives a commission whenever her referrals result in a sale, a practice known as affiliate marketing.

If you look at her website, the front page is mostly selling her books and various snake oil treatments, like "heavy metal detox" substances. looks further And what appears to be faith healing stuff.

Getting a medical degree doesn't mean that you can't be a scam artist.

I am pretty confused by the article.

What I'd expected based on what I've seen so far was that the Kremlin would not care what protocols are used, just whether the a given VPN provider was in Russia and whether it provided the government with access to monitor traffic in the VPN.

So, use whatever VPN protocol you want to talk to a VPN provider where we can monitor or block traffic by seeing inside the VPN. You don't get to talk to any VPN providers for which we can't do that, like ones outside Russia, and the Russian government will do what it can to detect and block such protocols when they pass somewhere outside of Russia.

But that doesn't seem to fit with what the article says is happening.

The media in Russia reports that the reason behind this is that the country isn’t banning specific VPNs. Instead, it’s putting restrictions on the protocols these services use.

According to appleinsider.ru, the two protocols that are subject to the restrictions are:

• OpenVPN
• WireGuard

A Russian VPN provider, Terona VPN, confirmed the recent restrictions and said its users are reporting difficulties using the service. It’s now preparing to switch to new protocols that are more resistant to blocking.

I don't see what blocking those protocols internal to Russia buys the Kremlin -- if Terona conformed to Russian rules on state access to the VPN, I don't see how the Kremlin benefits from blocking them.

And I don't see why Russia would want to permit through other protocols, though maybe there are just the only protocols that they've gotten around to blocking.

EDIT: Okay, maybe Terona doesn't conform to state rules or something and there is whitelisting of VPN providers in Russia actually happening. Looking at their VK page, it looks like Terona's top selling point is "VPN access to free internet" and they have a bunch of country flags of countries outside of Russia. So maybe Russia is blocking VPN connectivity at the point that it exits Russia, and it's affecting Terona users who are trying to use a VPN to access the Internet outside Russia, which would be in line with what I would have expected.

You are talking to someone who has Stalin's portrait as his avatar. You might not want to be investing the time into talking to him.

I have to say that of all things in China for Marxist-Lenninists to be defending, the Chinese urban real estate sector of 2023 seems like a pretty odd choice.

googles for numbers

https://energyguide.org.uk/average-cost-electricity-kwh-uk/

To repeat a comment I made a bit back, I'm a little disappointed even by the state of English-language Android FOSS onscreen keyboards.

Reading the article that OP's article linked to, two points:

• It seems that other manufacturers are also running into this problem on phones with AMOLED displays too.
• It sounds like some vendors may be telling their service centers to replace the issue if a user shows up with it, but not announcing the fact publicly:https://www.androidauthority.com/how-to-fix-green-line-issue-on-phone-screen-3342058/

  Some OEMs like Samsung, Apple, and OnePlus have advised their service centers and support channels to assist users affected by green line issues and repair devices for free, even outside the warranty period.

  However, such advisories have not been issued by way of announcements in the public domain. Instead, they are offered as solutions at the customer support and service center level on a case-by-case basis.

My bet is some drama on one community or another that happens to be on lemmy.world.

DDoS attacks were not a terribly uncommon occurrence on nodes on IRC networks.

https://www.cato.org/policy-report/january/february-2017/megaprojects-over-budget-over-time-over-over#

THE IRON LAW OF MEGAPROJECTS

Performance data for megaprojects speak their own language. Nine out of ten such projects have cost overruns. Overruns of up to 50 percent in real terms are common, over 50 percent not uncommon. Cost overrun for the Channel Tunnel, the longest underwater rail tunnel in Europe, connecting the UK and France, was 80 percent in real terms. For Boston’s Big Dig, 220 percent. The Sydney Opera House, 1,400 percent. Similarly, benefit shortfalls of up to 50 percent are also common, and above 50 percent not uncommon.

One may argue, of course, as was famously done by Albert Hirschman, that if people knew in advance the real costs and challenges involved in delivering a large project, nothing would ever get built — so it is better not to know, because ignorance helps get projects started. A particularly candid articulation of the nothing‐​would‐​ever‐​get‐​built argument came from former California State Assembly speaker and mayor of San Francisco Willie Brown, discussing a large cost overrun on the San Francisco Transbay Terminal megaproject in his San Francisco Chronicle column:

News that the Transbay Terminal is something like $300 million over budget should not come as a shock to anyone. We always knew the initial estimate was way under the real cost. Just like we never had a real cost for the [San Francisco] Central Subway or the [San Francisco‐​Oakland] Bay Bridge or any other massive construction project. So get off it. In the world of civic projects, the first budget is really just a down payment. If people knew the real cost from the start, nothing would ever be approved. The idea is to get going. Start digging a hole and make it so big, there’s no alternative to coming up with the money to fill it in [emphasis added].

Rarely has the tactical use by project advocates of cost underestimation, sunk costs, and lock‐​in to get projects started been expressed by an insider more plainly, if somewhat cynically.

Maybe there needs to be the introduction of new mechanisms to deal with assessing the cost of very large projects.

The actual bar for treason in the US is a very high one and she almost certainly does not meet it.

https://en.wikipedia.org/wiki/TreasonlawsintheUnitedStates

Fewer than 30 people have ever been charged with treason under these laws.[3]

In popular discourse, people assert that something is treason in a vastly wider range of cases than where the law is really applicable.

Man, I knew that COVID-19 caused reductions in spending, but I hadn't realized that it had caused such a significant payoff of debt. Like, I could have believed it causing an increase rather than decrease in credit card debt.

I'm surprised by the increases before and after, though. You'd expect some increase over time just due to inflation and growth of the economy. And that chart isn't zero-valued.

Lets check how much is just inflation...

gets inflation calculator

Okay, so inflation is responsible for a 32% increase between 2013 and 2023.

There was a 49% increase in credit card debt over the same period.

So most of the increase in the chart is just inflation.

Population increased by 6.5%.

So that explains a 40% increase, together.

And there's a gradual increase in the size of the economy over time. I don't know how that'd best be measured in terms of what should translate into credit card debt.

But point is, while there's probably some increase there, it's not a huge one in real, per-capita terms, which is what you'd care about.

Yeah, I ran into this on /r/europe when there were some EU legislation issues. The EFF does have some activity in the EU, but it does have a mostly-US focus, and there isn't really a direct analog.

It depends on what your interest is.

EDRi (European Digital Rights) in Europe has come up on a couple of advocacy issues I've followed. If you're in Europe, they might be worth a look. They don't feel quite the same to me, but maybe that's what you're looking for.