InnerScientist

@InnerScientist@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨The Browser Wasn’t Enough, Google Wants To Control All Your Software⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Yeah that’s their excuse, luckily the law explicitly says that:

(19) Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties.
⁨Comment⁩ on ⁨The Browser Wasn’t Enough, Google Wants To Control All Your Software⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
You can switch banks you know, it’s not convenient but easier than switching your email.
⁨Comment⁩ on ⁨The Browser Wasn’t Enough, Google Wants To Control All Your Software⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
It isn’t, now that apple is using that to block installation of third party apps I’m expecting the EU to once again step in.
⁨Comment⁩ on ⁨Google will block sideloading of unverified Android apps starting next year⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Does anyone read these or does it just go through ai?
⁨Comment⁩ on ⁨Google will block sideloading of unverified Android apps starting next year⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Linux mobile phones won’t have to be ready if smartphones become un-ready.
⁨Comment⁩ on ⁨Google will block sideloading of unverified Android apps starting next year⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
If you sue now you can get a second lawsuits for free!
⁨Comment⁩ on ⁨Google will require developer verification for Android apps outside the Play Store⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
And here I thought I wouldn’t root or flash my next phone.
⁨Comment⁩ on ⁨Argentina wants to monitor social media with AI to ‘predict future crimes’⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Just because it’s a bad idea doesn’t mean it wont be implemented.
⁨Comment⁩ on ⁨Looking for an RSS aggregator/summarizer/maybe-LLM thing⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’ve searched dor something like this in the past and didn’t find anything.
I’ve though of hacking together a few scripts or 8n8 to interface with freshrss to do this but it’s far down my list™
⁨Comment⁩ on ⁨number box o number box⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
He’s doing numbers!
⁨Comment⁩ on ⁨Copilot Broke Your Audit Log, but Microsoft Won’t Tell You⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Just great.

Obviously the customers don’t need to know that their audit logs not only could have been turned off for conversations without any extra authentication, but also are so easy to turn off that it happens by accident without any extra intervention.

Also their entire Vulnerability disclosing guideline is security/compliance/image theater.
⁨Comment⁩ on ⁨Report: Microsoft's latest Windows 11 24H2 update breaks SSDs/HDDs, may corrupt your data⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Well yes, but actually this is a security update
⁨Comment⁩ on ⁨Report: Microsoft's latest Windows 11 24H2 update breaks SSDs/HDDs, may corrupt your data⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
rm -rf is way more difficult than doing literally nothing, yes.
⁨Comment⁩ on ⁨Can't access exposed rootful podman container from outside of host device⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Disable the firewall if you can to check if that’s the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.

Is caddy-caddy really the correct image?

Try with this command, it’s the minimal setup that works by default (on my machine): podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest
⁨Comment⁩ on ⁨Can't access exposed rootful podman container from outside of host device⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Use ss -tlpn or podman ps to show what ports podman I’d listening on, my guess is it is only listening on localhost.
⁨Comment⁩ on ⁨🤝🤝🤝⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Too inefficient, I’m just going to pump it all out and start again with fresh blood.
⁨Comment⁩ on ⁨⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Protip: Don’t try to play multiplayer games in a VM.

Tap for spoiler
Don’t
⁨Comment⁩ on ⁨IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

is kludging NAT for IPv6 not a better solution versus ULA addresses?

There are very few hosts that allow only ipv6 (though there are many who only do ipv4). Ipv6 would improve internet stability and long-term communication when you’re not using a nat but that isn’t what you’re trying to build.

Or is the clear answer just use IPv6 as intended and let the devices handle their privacy with IPv6 privacy extensions?

It’s my clear answer at least.

You can also use ULA addresses for now and later add GUA ipv6 addresses. ULAs are meant to be used when you only have a dynamic ipv6 prefix so that internal devices can have ipv6 internet (GUA) while also having a static ipv6 address(ULA).
⁨Comment⁩ on ⁨IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Use ULA addresses for hosts inside your LAN, they are static, cannot be used to reach outside your LAN and use IPv6. Then give your server/VPN endpoint a real ipv6, that’s your VPN endpoint. This doesn’t require any nat and can be easily changed to GUA when you want to.

CGnat is a “solution” for running out of ipv4 addresses, it has the same problems as any other nat but the problems are even more noticeable because the out-facing ipv4 address changes more often than the typical home nat configuration and tricks like FTP- and other helpers don’t work as well.

Ipv6 would not only avoid the issues of cgnat, it would avoid cgnat entirely because you don’t need to Nat when you have enough ips.
⁨Comment⁩ on ⁨IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Most (all?) advantage of ipv6 when compared to ipv4 don’t work behind Nat. Thus there’s no reason to use it.

Either use Nat with ipv4 or don’t use Nat with ipv6.

Why did you want to use ipv6 when you don’t want what it represents? (End to end communication/IPs)
⁨Comment⁩ on ⁨IPv6 & Opnsense & Not Exposing Machine-Specific IPv6s to Corpos⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Either use ipv6 privacy extension (enabled by default, so this can just be called ipv6) or don’t enable ipv6.

That way you have working ipv6 or wait until you come to your senses. Using nat6 ipv6 isn’t worth it.
⁨Comment⁩ on ⁨Debatable⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
He looked in the mirror
⁨Comment⁩ on ⁨Debatable⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Why
⁨Comment⁩ on ⁨Fun fact⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
So?
⁨Comment⁩ on ⁨Exposing docker socket to a container⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I just follow the software release pages with RSS.
⁨Comment⁩ on ⁨OpenAI will not disclose GPT-5’s energy use. It could be higher than past models⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Not really, if it were they would be announcing their new highly efficient model.
⁨Comment⁩ on ⁨DNS server⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Because pi-hole asks the configured DNS the whole domain, the root server will promptly <access denied> because that’s not how DNS is supposed to work.

There’s a difference between asking about the individual domain parts of the domain to the corresponding authorative DNS server and just sending the whole thing to a root server. If you did that then the root server would get ddosed to death.
Pi-hole can’t ask the root servers, it can only forward. Unbound can forward or be authorative or ask the root servers or do all of those at once.
⁨Comment⁩ on ⁨DNS server⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
There are 13 root name servers, they container info about which DNS is authorative (can tell you about) a given TLD (like .com or .de) then that repeats for every part of your query with that given server.

Something. Foo. Bar. Com. (<root name server>) ^ most of the time the same as. ^ DNS for baz or bar dns again ^ DNS for Bar ^ DNS server for the .com tld ^ the one unbound asks first, not part of the domain

The root server ips are known to unbound and static.

Then it will ask that server? Like I said unbound remove the middle man and somewhat increases privacy (debatable if only you use it but anyway)
⁨Comment⁩ on ⁨DNS server⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

Forwarding: just passes the DNS query to another DNS server (e.g. your ISP’s). Home routers use forwarding to pass DNS queries from your home network’s clients to your ISP’s DNS servers. For example, for foo.example.com, a forwarding DNS server would first check its cache (did it already ask this question before), and if the answer is not in its cache, it would ask its forwarder (your ISP’s DNS server) for the answer, which would respond with either a cached response, or would perform recursion until it figured out the answer.

Recursion: the DNS server receiving the query takes it upon itself to figure out the answer to that query by recursively querying authoritative DNS servers for that domain. For example, for foo.example.com, a recursor would first query the root servers for what DNS servers are responsible for the .com TLD, then it would ask those servers for example.com, then it would query the servers for example.com for foo.example.com, finally getting the answer to the original query.

Copy-pate from here.

Basically, it remove one middle man from the DNS resolving.
⁨Comment⁩ on ⁨DNS server⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Pi-hole forwards the requests to another DNS server. Unbound can ask the root servers and go down the DNS chain.