Nyfure
@Nyfure@kbin.social
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 6 months ago:
Strong argument, anything else?
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 6 months ago:
To be fair, any proper VPN setup that only relies on the routing table like this is flawed to begin with.
If the VPN program dies or the network interface disappears, the routes are removed aswell, allowing traffic to leave the machine without the VPN.
So it is already a good practice to block traffic where it shouldnt go (or even better, only allowing it where it should).Many VPN-Programs by Providers already have settings to enable this to prevent "leaking".
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 6 months ago:
To be fair, any proper VPN setup that only relies on the routing table like this is flawed to begin with.
If the VPN program dies or the network interface disappears, the routes are removed aswell, allowing traffic to leave the machine without the VPN.
So it is already a good practice to block traffic where it shouldnt go (or even better, only allowing it where it should). - Comment on Here’s How That Disney 360° Treadmill Works 6 months ago:
Unikely.. Kinda why VR also didnt get too popular, most players just prefer "classic" controls and not movement-controls.
But this is huge for VR and other usages of this, probably even useful for production routing, but i dont have any knowledge of that. - Comment on Google Kneecaps Loads Of Very Big Websites After SEO Change 6 months ago:
to be fair, they specifically target the way google ranks these websites. If google would rank them with less impact of what the website "bastardizes", this could be generally less of an issue in the first place.
- Comment on Academics reckon Apple's default apps have privacy pitfalls 7 months ago:
We cant read Apples mind, so thats wishful thinking. But sending telemetry (even if hidden) means it can be used.
Thats why e.g. Apple is using Differential Privacy for apps to use.. to not have to give the Apps full access to e.g. usage data.
Of course Apple themselves isnt necessarily bound to that system themselves, who knew..And why not allow other Apps to replace your default Apps if you want to? Why not have access to that Freedom?
After all you should be able to do anything you want with your system.. or maybe you dont believe in this kind of freedom. Could just buy an Android phone. Fuck the person who wants to actually own their hardware, right? How could they be so dumb and want actual freedom, haha.
No, we play pretend while Freedom is further taken away under "Privacy" claims. Maybe that replacement battery will send your usage pattern via shortwave radio to an agent nearby.. - Comment on Rakuten launches cloud storage with unlimited file transfers, targets businesses and individuals, with free 10GB storage 8 months ago:
Hetzner Storagebox is $3.5/M for 1TB
- Comment on I love Home Assistant, but... 9 months ago:
As far as i understood tailscale funnel its just a TCP-tunnel.
So you handle TLS on your own system, which makes sure tailscale cannot really interfere.If you already trust them this far, might aswell do the same with a VPS and gain much more flexibility.
I'd connect the VPS and your home system via VPN (you can probably also use tailscale for this) and then you can use a tcp-tunnel (e.g. haproxy), or straight up forward the whole traffic via firewall-rules (a bit more tricky, but more flexible and can preserve original source IP without PROXY-Protocol, which doesnt always work, but do what works and is easy).
This way you can use all ports, all protocols, incoming and outgoing traffic with the IP-Address of the VPS.And as you terminate TLS on your home-system, traffic flowing through the VPS is always encrypted.
If you want to go overboard, you can block attackers on the server before it even hits your home-system (i think crowdsec can do it, the detector runs on your home-system and detects attacks and can issue bans which blocks the attacker on the VPS)
And yes, its a bit paranoid.. but its your choice.
My internet connection here isnt good enough to do major stuff like what i am doing (handling media, backups and other data) so i rent some dedicated machines (okay, i guess a bit more secure than a VPS, but in the end its not 100% in your control either) - Comment on I love Home Assistant, but... 9 months ago:
Many systems dont support subpaths as it can cause some really weird problems.
As you use tailscale funnels, you really want incoming traffic from the internet. I am not sure thats a good idea for e.g. homeassistant that is limited in access anyways.
Might aswell use tailscale and access the system over VPN.And for anything serious i wouldnt use something like funnel anyways. Rent a VPS and use that as your reverse-proxy, you can then also do some caching or host some services there. Much simpler to deal with and full support for such things as you then have an actual public IPv4/IPv6 address to use.
- Comment on Are Instacart tipping reccomendations insane or am I being miserly? 9 months ago:
In an more ideal world, getting less money because people tip less, would push you to reconsider the job choice and ultimately switch to something more lucrative.
With less workers, the company would be forced to pay more to even get employes.Problem with this idealised scenario is, it doesnt work in the US, because workers are getting screwed so much and have so little choices at those low paying jobs, they'd be the ones loosing massively in the short-term.
And with little support structures my the states and federal government, they would fail.. and the 2 party system would fail them even harder, noone cares about them in the government.. too much invested in fighting imaginary culture wars.But then again, using less services of the business leads to the same outcome in the end, so even that wouldnt work well.
The business will always win in the short-term.
So as it is ineviteable, maybe its better to think long term anyways.And everyone wants tips these days, no longer just a gratitude or paying low wage workers, but now also a 'bid'.. (sure not every worker might like relying on tips, but specially well paid servers prefer it as they make bank)
I dont see you getting iut of tipping either way very well without government intervention.. which i dont see happening, but you have orher big issues too.. - Comment on Is HTTPS a scam? 9 months ago:
You can not only use that information for e.g. blackmail, but alsoto build material to manipulate you to do things without you knowing.
Information is a powerful tool. - Comment on Is HTTPS a scam? 9 months ago:
Yes, you need an organization which signs your certificate, so it is trusted by default. This is our trust-anchor so we know the certificate presented was validated and is was given only to the website owner.
There are numerous around the world for that.
And if that is no longer offered, you can just not have your certificate signed, which means browsers will complain about it.
But you can trust your own certificate yourself. Or create your own certificate authority which can then give our certificates for the community to trust as their new trust anchor.You can even not have certificates, but keep an weak form of TLS (no idea if browsers support TLS_DH_anon_*), but its still encrypted and can only be broken by an active Man-in-the-Middle-attack. (which is theoretically detectable later on)
Diffie-Hellman is an awesome key-exchange. - Comment on How much 1 TB of egress costs by cloud provider 9 months ago:
When i was with a customer who was using one of ther VPS offers, performance was unexpectedly low and upon contacting support it was clear the small fish dont get great support answers, but rather pushed to the FAQ.
And i personally find their offerings and marketing scummy. Big promotional prices, but always some small print with a higher price after x Months.
Or just stuff thats not included by default.
I never had that with other (also very cheap) providers.As long as it works great for you, i wouldnt see a reason to leave.
There arent that many providers offering such small ressources at all or at such a price. To be fair, not much one can do with those specs.. 10GB storage is very limited already.
But for those specs.. always free oracle tier would work too (though requires a credit card). - Comment on How much 1 TB of egress costs by cloud provider 9 months ago:
Ionos.. not a good provider.
Great it works for you, but i wouldnt touch them with a long pole.
Created by an old internet provider (which is also not very good..), pulling every shady marketing trick weird "cloud" providers have..Contabo is very cheap too, but i wouldnt trust them with critical stuff.
Netcup is next, quite good and still cheap.
Hetzner is very nice, but the cloud offers are expensive. the dedicated server offers though.. holy sweetness, specially the auction servers.Over the years hosting i learned that paying slightly more is often worth it depending on the needs.
And as my requirements went up, i moved up in the tiers. If you have a need for the dedicated servers, gets cheaper for what you get (though you need to manage the hardware side then too..)Oh and dont forget the Oracle free offers. I dont really trust Oracle, but free compute is free.. maybe dont store sensitive stuff though
- Comment on How much 1 TB of egress costs by cloud provider 9 months ago:
Hetzner is wild at how cheap you get hardware and included traffic.
German providers in general, everywhere is very expensive compared to these prices. - Comment on Councils call for pavement parking to be banned across England 9 months ago:
So you want the city to freely give public space for your private vehicle?
- Comment on FLOSS communities right now 9 months ago:
WebCord is a beast! Maybe runs better for you.
Basically Discord desktop client experience, but privacy (well.. as much as you can have with discord) from the browser-version. (minus discord desktop client exclusive features of course) - Comment on Sudo is coming to Windows 11 9 months ago:
afaik they also alias common linux/gnu commands like curl.. but the syntax isnt like curl at all
- Comment on Mozilla’s new service tries to wipe your data off the web 9 months ago:
To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally. - Comment on FCC to declare AI-generated voices in robocalls illegal under existing law 9 months ago:
We sometimes get weird scam-sms, but thats about it
- Comment on Proposal for GitLab to support ActivityPub 9 months ago:
afaik, PRs arent decentralized as they arent git features, as such so far you need an account on the same git-platform e.g. github to be able to use such features.
Having such features decentralized would be huge. - Comment on In search for free domain I got one but some questions 10 months ago:
Just pay the few dollars per year and have a stable and reputable domain.
Certainly for fediverse i'd want a stable domain, these are usually hard to migrate. - Comment on In search for free domain I got one but some questions 10 months ago:
The performance is absolutely abysmal and the error-rates high. For personal use, just have a normal VPN.
- Comment on European Union set to revise cookie law, admits cookie banners are annoying 10 months ago:
Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, ..)
And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before) - Comment on European Union set to revise cookie law, admits cookie banners are annoying 10 months ago:
You dont need a cookie banner if you dont want to invasively track the users.
So its really the fault of the websites for wanting to use categories of cookies which do require a banner (ad and tracking). - Comment on Should I use Restic, Borg, or Kopia for container backups? 10 months ago:
Index of repositories is held locally, so if you use the same repository with multiple machines, they have to rebuild their index every time they switch.
I also have family PCs i wanted to backup too, but borg doesnt support windows, so only hacky WSL would have worked.
But the worst might be the speed of borg.. idk what it is, but it was incredibly slow when backing up. - Comment on Should I use Restic, Borg, or Kopia for container backups? 10 months ago:
Was using borg, was a bit complicated and limited, now i use kopia.
Its supposed to support multiple machines into a single repository, so you can deduplicated e.g. synced data too, but i havent tested that yet. - Comment on Should I use Restic, Borg, or Kopia for container backups? 10 months ago:
I mean the tools mentioned also support these features, how does duplicacy and its prorpietary software make them better?
- Comment on Best way to set up cloudflare dynamic DNS in late 2023? 10 months ago:
No, then they only handle your DNS setup, which is still okay in my eyes.
Its certainly far away from scanning all HTTP traffic. Not to forget the juicy metadata they get about the users across a big chunk of the internet, perfect tracking machine in a neat package with easy access by the government. - Comment on What are some essential browser extensions for "quieting down" the internet? 11 months ago:
In found this often breaks sites, so the combination is still better.