VPN dependent.

  • 5 Posts
  • 50 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.

    There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.

    I don’t think they have skin the in shipping game but their algorithms are over optimized that they don’t even show what your searching for, but trying to infer why you’re searching for it. That or whoever pays them more. Certainly a search risk




  • For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

    I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

    I also have a policy to sync specified folders (and subfolder) with my family’s devices. No more " hey can you send me all the pics from the XYZ trip"

    We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.





  • People like having choice, it was never about saving space in phones.

    If you look at which company (apple) and the time of removal of headphone jack (around the time their wireless buds were announced), you’ll notice they removed choice so the consumer can only buy more expensive wireless buds, or many many dongles.

    The “save space” is an absolute lie. The international (EU, Asia, etc) version of the iPhone has a dedicated SIM card tray. The US model? No tray, just a freakin placeholder where the international version has the SIM tray. Yes, there is a volume of space that can fit 2 headphone jacks on the US iPhone that is just empty.

    Look at this iFixit video where they call apple out on it. The placeholder is huge. at ~1:17+



  • I agree that by design Flatpak aims to provide a secure environment through sandboxing; in practice, the implementation has gaps that can lead to security risks, particularly when apps are granted extensive filesystem access. This can undermine the effectiveness of the sandbox and potentially expose systems to vulnerabilities. HOWEVER, being on an immutable system, these risks are mitigated to some degree.

    I’m particularly hopeful for Flatpak’s promise of fine grained permissions. Flatpak is developing a fine-grained permission system with portals for external interactions, BUT this system relies on integration with toolkits like GTK, rather than app-specific APIs, complicating its implementation. There is more info in the linked article in the previous post, and here it is again.

    Admittedly I’m not familiar with distrobox, but my caution is for any approach that distributes containerized programs with their own runtimes; they proved to be a real headache on my “mutable” system and my nvidia GPU until I switched to rolling OS.

    I’m glad you found some candidates to potentially resolve your issue. What distro did you end up using? I’m curious to give it a go next chance I have some free time. Cheers.


  • TL;DR: If I were to choose an immutable OS to run on my propriety graphics cards I’d choose an immutable distribution with rolling releases or hardware enablement packages, which tend to do a better job of keeping these graphics libraries up-to-date for new hardware.

    I don’t have a recommendation but I just learned about immutable Linux OSes from this post. I could see benefits of immutable OS files, but I’ve been skeptical about package distribution like flatpak and snap, at least in their current state.

    Dont get me wrong, the workflow of flatpack is great, but in my experience, apps from flatpack typically ship with their own runtime and don’t rely on system runtimes (likely why you have GPU driver issues). As a software developer, I obviously prefer to ship with all dependencies and runtimes so I don’t have to rely on the system to be updated but this comes with downsides:

    A major problem with alternate runtimes is drivers. New graphics hardware needs new graphics libraries which have a ton of dependencies. Mesa depends on LLVM for compiling shaders. The NVidia driver depends on a kernel module whose version must exactly match that of the library. All of these libraries have their own transitive dependencies like libdrm, libstdc++ and glibc. If you want new hardware to work, you need to be using new versions of all of these libraries.

    Linux distributions, especially those with rolling releases or hardware enablement packages, do a great job of keeping these libraries up-to-date for new hardware. Bundled runtimes do not. Source.

    I’d recommend checking out that article I linked as source. There are also security concerns of using apps, some of which are mitigated by having an immutable filesystem, but there are more points and this comment is long enough as it is.

    EDIT: I reread my comment and it comes off as “immutable bad, blah blah”. Truth is I don’t know much about these OSes but I wanted to point out that distributing apps in containers comes with its own challenges; which I gather is necessary for immutable OSes. So my TL;DR is to narrow down to a distribution that is immutable and has a rolling release or distributes hardware enablement packages.


  • The statement is very informative. The bug happens under increased read/write operations to the same file causing a race condition.

    I also found interesting:

    Despite the bug being present in OpenZFS for many years, this issue has not been found to impact any TrueNAS systems. The bug fix is scheduled to be included in OpenZFS 2.2.2 within the next week



  • The letter is a post on his own blog . Hard to distill into a summary so I recommend reading it get more context. But it seems to have boiled down to:

    • How It Was:

      • Strong adherence to the “don’t be evil” ethos, focusing on societal good over profits.
      • Open, transparent communication and decision-making processes.
      • High morale, with a culture of learning from successes and failures.
      • Work focused on benefitting the web and users, rather than Google’s immediate interests.
      • Collaboration and lack of internal silos, encouraging innovation and autonomy.
    • How It Is Now:

      • Shift from user-centric to Google-centric, and then to individual-centric decision making.
      • Eroded transparency and increase in organizational silos.
      • Decline in morale and a culture of distrust between employees and management.
      • Focus on short-term financial gains leading to layoffs and defensive employee behavior.
      • Lack of clear vision and leadership, resulting in confused and ineffective management.
      • Overall deterioration of Google’s unique, innovative culture and values.

  • Brave has superior fingerprint protection, they achieve this by randomizing the browsers fingerprint. Visit EFF’s cover your tracks to test your browser.

    To achieve the same functionality that brave achieves out of the box with Firefox I need many extensions and then when I profile both browsers, Firefox is more resource intensive. Brave’s blocking is native to the browser. I will give Firefox the W because I’ve read that uBlock is technically more capable. But as a long time Firefox/uBlock user who switched to brave - this has not been noticable.

    As for accessibility, I can configure brave to be really aggressive at ad blocking, tracking blocking, fingerprint blocking, and restricting JS even, and all those options I can set from one place instead of in different settings/extensions. When a website breaks, I click on the button next to the URL and immediately have options to granularly dial down the “protection” or add a website to my trusted list. In Firefox I was annoyed to having go through settings for the extension.

    Brave plans to continue supporting Manifest V2 after Google kills it. For Ungoogled Chromium, however, it’s still undecided, likely depending on whether UG contributors are willing to maintain it.


  • Brave has superior fingerprint protection, they achieve this by randomizing the browsers fingerprint. Visit EFF’s cover your tracks to test your browser.

    To achieve the same functionality that brave achieves out of the box with Firefox I need many extensions and then when I profile both browsers, Firefox is more resource intensive. Brave’s blocking is native to the browser. I will give Firefox the W because I’ve read that uBlock is technically more capable. But as a long time Firefox/uBlock user who switched to brave - this has not been noticable.

    As for accessibility, I can configure brave to be really aggressive at ad blocking, tracking blocking, fingerprint blocking, and restricting JS even, and all those options I can set from one place instead of in different settings/extensions. When a website breaks, I click on the button next to the URL and immediately have options to granularly dial down the “protection” or add a website to my trusted list. In Firefox I was annoyed to having go through settings for the extension.

    Brave plans to continue supporting Manifest V2 after Google kills it. For Ungoogled Chromium, however, it’s still undecided, likely depending on whether UG contributors are willing to maintain it.



  • nothing wrong with being self taught, you could follow these basics topics before poking holes in firewall.

    1. VLANS: learn how to separate your LAN into networks with different security requirements. For wireless, try to make a “main” and “IoT” network so that IoT network that can’t talk to your “main” network but “main” can reach IoT devices. For wired, try to have a Management network, and a “Dirty network” etc.
    2. Firewalls and Routing: You will need to be able to route between your VLANS and set firewall rules to allow certain traffic. Best practice is block everything and allow only what you need.
    3. NMAP: learn how to do NMAP scans of your network to discover hosts and their open ports/services. This is a similar approach that “hackers” and script kiddies use on the public internet to find vulnerae and open services. Being able to probe your own network is crutial in understanding how others might approach in penetrating it.
    4. Wireguard VPN: Learn to access your network remotely by setting up a wireguard VPN. Wireguard is preferred because it is “stealthy” and will not respond to unsolicited attempted to probe your network. Start small by using wireguard to access between VLANs so you don’t run the risk of using the internet.
    5. NGINX and Reverse Proxy: If necessary, learn to expose your services or blog or website by only exposing nginx and proxying to your services. Many guides on securing NGINX exist. Try not to expose anything, but sometimes necessary if you want others to reach your website/blog/hosting etc.

    That’s a rough outline that you can use to guide yourself and achieve milestones with hands on experience. In your pursuit you’ll run into certificates and domain name hosting and stuff. But all this is on the web so let your curiosity (and paranoia) drive! Have fun!!





  • Yes, some guy was streaming live on YouTube talking about a subject that he does not otherwise have, and he showed that before talking about the subject, there were no ads for dog toys, and after talking about dogs, there were ads about dog toys. The video isn’t really that great because he goes and clicks on an ad about a dog toy and proceeds to get more of them, so he kind of tainted his results.

    I wish I didn’t waste my time watching this video