ShellMonkey

ShellMonkey , 3 days ago (edited 3 days ago)

It can also be an awesome idea, depending on your perspective. Having an instance without all the cruft is a pristine peaceful thing at times. For a while I ran one of those subscriber bots on Lemmy and pretty quickly found it to be so full of shitposting spam as to be unusable. Just don't start an instance and expect it to be a raging party and you won't find it disappointing.

ShellMonkey , 4 days ago

Well if my recollections from way back in the time of being a barista is right, a typical shot of espresso is about 80mg while a full size cup of coffee is about 200mg. The common caffeine pills like viverin/no-doze are also around 200mg. The general recommendation for average adults is to keep it under 400mg per day.

So all that said the whole pack would be about 4 times the daily recommended.

ShellMonkey , 8 days ago

Interesting note on not putting on the ground, guessing they don't need a lot of runway to take off though. The ones I've caught I would bring out in whatever I caught them in and just open it. Even the one that had a part of the wing skin missing (my cat caught it first) seemed to take off without issue from a standing height.

ShellMonkey , 8 days ago

I'm guessing it's just a short drop to take off thing, very quick critters. Mostly these little ones.

https://lemmy.socdojo.com/pictrs/image/38e9c46d-eaca-4df2-93ee-06e42038e703.png

ShellMonkey , 8 days ago

Long ago I used a system called hushmail that promised a lot of the same as proton. Eventually I set up my own but it still has the problem of having to relay outgoing external mail through another box because of all the restrictions on home based dynamic IPs, so it's largely relegated to system alerts in house rather than general use.

It's a balancing act to be sure. VPNs stop local ISP inspection in exchange for potential viewing by the VPN host. DNS filters can only filter known threats. Things like P2P private nets can be infiltrated by 3rd parties via the '6 degrees of separation' premise or even tracking pixels.

Making the picture muddy is about the best we can do, but it's always worth the effort to not be another data point in the profile machine.

ShellMonkey , 14 days ago

Not so sure the difference ripping a disk would make unless you have a super insulated room, but CPU heat is very much a consideration. Each summer I keep contemplating moving my rack with ~100 cores to the basement only to be dissuaded by the dampness and cable runs.

ShellMonkey , 18 days ago

3 things I'm still looking to get in one distro and Windows will be gone. Not looking to have my desk/lap turn into another ad platform like phones did.

Easy drive mapping for remote shares, most have this but some are a bit clunky.

Solid games support, mostly a WINE thing. One called Bazzite looks promising with a pile of pre-configured profiles.

Easy and reliable connection to a DC so the same creds can be used across multiple machines. This is probably the hardest part in Nix at this point.

Otherwise pretty well every app I use is web based and hosted on some local server, or has a Nix native variant.

ShellMonkey , 18 days ago

Probably worth a shot. I've gotten it working on a version of Ubuntu in the past, but it was far from the simplicity of select domain, give join creds, and reboot that it is with Windows yet.

ShellMonkey , 17 days ago (edited 17 days ago)

I have not, the last time I made a real effort at moving to Nix for games was quite a while ago. The big factor is if I can get GOG working since that's the preferred platform here.

ShellMonkey , 17 days ago

I know it exists, have gotten it working with one of those AD compatible samba based DCs before, but not without some messing about. I'd really like to see it as simple as it is in Windows before saying it's a drop in replacement.

Tried the other day with Mint and ran into something where one of the searches promoted manually editing the hosts file to point to the DC and Kerberos address. That kind of thing shouldn't be required and is the kind of buggery I'd like to see sorted out.

ShellMonkey , 19 days ago

I've been a user of GOG for a while principally because of the no-drm ability to download a copy of what you bought. When the library starts getting past a certain size though you start to wonder about those things like what if the producer has a falling out and wants to yank it from the platform, does it vanish from my library then too? Are there contracts that say 'forever' when they offer it? Would love to find some 'download all' option to take a full copy offline of the bought items at once but it'd probably overrun the monthly ISP limits even if they had one.

Seen too many things on Netflix or Spotify that I liked vanish because 'fuck off, we can' and although I never anticipated it being 'bought' in those cases it does give a lot of justification to find alternate means to reestablish that access.

ShellMonkey , 23 days ago (edited 23 days ago)

Claim: if you use HTTPS you are safe!

Overall a solid writeup, but this part could use some clarification. Assuming the VPN client doesn't leak DNS this is only a concern after exploitation by DHCP option.

Another thing that might be noted, since this is a DHCP based issue the window for compromise is largely going to be at the time of connection unless the server has a particularly short lease time. If there are multiple DHCP servers on the same network answering requests it's bound to raise some alarms if someone is watching the network so it makes 3rd person exploitation a very noisy method since you would have a race for who offered the lease first.

Edit: Really this attack isn't just a problem for VPNs but could apply to any network connectivity. A rouge DHCP sever can cause all sorts of havoc. There used to be an single button APK called 'firesheep' that would do similar to this by presenting itself as the gateway, although that wouldn't have allowed for the specific split routing config option push.

ShellMonkey , 23 days ago

https://lemmy.socdojo.com/pictrs/image/7e31cdc7-384b-4791-b637-ddbd9be198fc.png

Discover/offer/request/acknowledge since it didn't make a pretty picture for me.

Basically it's just a case of who answers first. A DHCP discover is a broadcast message since the client doesn't know where or even if there is a server on the net. Whoever gets back to the client first with an offer though will end up with the request/ack following up and get to provide whatever options they push along with the offer.

ShellMonkey , 23 days ago

It says right in there that they can't see what you are sending or receiving, but seeing the SNI provides content on what you're doing. Not seeing where it's false at all.

Using that SNI header profile though if one was inclined and the site doesn't enforce HSTS it would be simple enough to proxy traffic through their gateway, or to creating a phishing duplication of the site with a DNS redirect.

ShellMonkey , 22 days ago

WiFi pineapples are fun that way. I've taken one out on a drive going to our cabin in scanning mode and picked up 100+ different SSIDs along the way. It can also respond as a wildcard to any request that comes by or just be obnoxious and advertise them all at one.

Never setting an 'auto connect' for unsecured WiFi is a must in that case. Secured not so much an issue unless the interceptor has the key for the network at least.

ShellMonkey , 22 days ago

Most mobile devices these days default to using a random spoofed MAC, so I have a hard time seeing how that's effective unless it's done as a whitelist only.

ShellMonkey , 22 days ago

It's pretty much the same thing that 'tile' does, it's scary that they do this as an opt-out though. Having that as a system level function effectively means they can enable or disable it at will without having to have a separate app.

One more bug to sort out with notifications and I'm full time onto GraphineOS.

ShellMonkey , 22 days ago

As useful as tile is ideal to me. Don't allow for the global tracking but let's me make my keys or wallet make a noise when I misplaced them.

ShellMonkey , 26 days ago

Short version of this attack, it involves split routing for the tunnels. A lot of clients will have a default route-all to send traffic through the VPN. There is however a limitation to this because the tunnel itself needs a route from the local nic to connect to the VPN endpoint and establish the tunnel, otherwise you end up with a chicken and egg where you can't establish the VPN. By taking advantage of the DHCP option to set preferred routes (really anything more specific than 0.0.0.0/0) it can tell the host system to send the specified traffic through the local gateway rather than the tunnel's virtual adapter.

One relatively simple fix if you happen to have a fancy router/firewall on the edge of the network that handles the VPN would be to use policy based routing rather than relying on the underlying network configuration. Static route tables would be possible too, but in theory that could be overridden by just sending a more specific route again than what was set statically.

ShellMonkey , 28 days ago

https://ipleak.net/

A favored test by the AirVPN people. Gives a decent picture of your print. Thing is, they can pick all the scree resolutions and browser types they like, but it only does good with a location

ShellMonkey , 27 days ago

Shortly after the net neutrality rules where first revoked mine sent a message asking me to opt out of gathering data for sale, so defiantly not always the case. Not trusting some checkbox to prevent them from doing so in the future got everything that can be put through tunnels since.

ShellMonkey , 30 days ago

It's a tired tale, someone throws a few rusty old rockets towards Israel that land in a cow field, so it gives carte banche to level everything withing a couple hundred miles for 'defensive purposes'.

ShellMonkey , 1 month ago

That'll only ever pass of the big cloud vendors allow it. No way that Azure/AWS/Google wouldn't object if a sizable portion of their user base get upset and threaten to leave. How much of that user base argues is unknown though.

ShellMonkey , 1 month ago

Generally yes, it would matter a lot how it was structured. Today you couldn't call up AWS and ask for the details on a service owner out of privacy reasons and there are ways to register things by proxy. If they started stripping those kind of protections away though there's bound to be some pushback.

ShellMonkey , 1 month ago

Mealie previously, now Homechart. Mealie is probably better suited to the specific purpose, but Homechart includes a mess of other functions.

ShellMonkey , 1 month ago

The rise of check cards and normalizing paying for everything on plastic was a big tipping point. There's even a Monopoly game that uses electronic cards these days. It lets activity tracking run rampant and of course the banks get to skim a fee off everything.

Franky I see it as having nothing to do with fiscal responsibility (can't overspend the cash on hand) and more just a way to funnel more to those with means than anything. It's funny how cash advances on cards charge a higher rate than purchases despite neither offering a security interest to the card issuer.

ShellMonkey , 1 month ago (edited 1 month ago)

And yet Europe gets held up as this bastion of liberty and personal rights...

Things like the GDPR are lovely and all, but then ask for the ability to have real-time access to private communications, pick a lane folks the rest of the world needs an example to live up to

ShellMonkey , 1 month ago

The problem with that line of thought though, while people generally expect/wish for private communication, few actually care to understand the mechanics of it. Nor should they have to, that's what security engineers are for, to do all that archaic setup so people can just use it without having to check certificates and protocols and all that stuff.

I'd say that if we could just have a simple to use, no-click pgp style system things would be good and we no longer have to keep nagging people to set things up the 'right' way, but so much of the hassle comes in by people using 100 different communication platforms.

Of course though: https://xkcd.com/927/

ShellMonkey , 1 month ago

At range sure, nearby though an open choke shotgun would be pretty viable. Skeet shooting has been a thing for a while and unless it can change direction between the trigger and the pellets reaching it the drone's likely at least impaired.

ShellMonkey , 1 month ago (edited 1 month ago)

Crowded spaces it's a problem, I was more talking to notion of just plain shooting them rather than a use case. A rifle would be dang near impossible, but a scattered spray, you really only need to stop one prop and it's probably on the ground for a standard 4 prop deal. At least mine got real screwy when a blade split mid flight.

Edit: It also could be noted that while a lot of pellets would miss, they would pose a lot less risk that a rifled bullet coming back down. The weight of an individual shot pellet is a fraction of the weight of a bullet, so less momentum, plus the don't have a ballistic spin to maintain their speed that a rifle round does. Basically someone shooting a shot round in the air would come down with about as much force as a handful of gravel once the air resistance slows it a bit.

ShellMonkey , 1 month ago

I can do the same in something like adguard or pihole...

ShellMonkey , 1 month ago

How much simpler can I make this...

You have a primary 'master' server in the pool.

Replica/cache servers periodically ask the master for any updates.

Master gives a new update, which is a sinkhole for a marked malicious domain.

Replica/cache server now resolves malicious domain to the sinkhole address.

This is not a 'feature' you have to implement, it's a basic function of running a redundant DNS system.

ShellMonkey , 1 month ago (edited 1 month ago)

This has been a theory for a while, just not sure it was a specifically ruled precedent. The notion being similar to how they can force fingerprinting but not testimony. Access to a physical lock or location you can't simply say 'stay out' but they can't force you to divulge a password since it's a thought in your mind.

Also, relying on biometrics is terrible, quick but immutable keys are a big no-no.

ShellMonkey , 1 month ago

Misused the &, meant to be 'are'

ShellMonkey , 1 month ago

Looks like a copy machine with all the artifacts, go to a library and it's probably $0.01 a page

ShellMonkey , 1 month ago

We really do need to just upgrade the version number, all these variants of 19 are sounding like bad sequels.

ShellMonkey , 1 month ago

For all the scarcity of TP that marked the beginning of the pandemic, why do they waste paper on this?

ShellMonkey , 1 month ago

If you don't have concerns about it being private I've used one of these for similar purposes in the past. Just a little portable DLNA server. The original project stopped but there are forks or the last version of the original out there.

https://en.m.wikipedia.org/wiki/PirateBox

ShellMonkey , 1 month ago

Of course toaster man begot us powdered toast man.

ShellMonkey , 1 month ago (edited 1 month ago)

Ah yes, the 'oh we can't give credit for something good, it must just be lazy accident and/or incompetence' crowd. After initially being blocked by the courts and Congress these forgiven loans are active actions where he could get around restrictions placed on him.

ShellMonkey , 1 month ago

Look up how filibusters work, then explain to me how, with a not even certain 51 vote majority in the Senate they codify abortion into law...

Also, please explain how the Democrats have any say whatsoever in how the supreme Court rules on Roe when the Republicans managed to stack the court with a 6/3 slant? Hint for you, the executive branch doesn't get to tell the court what to do...

ShellMonkey , 1 month ago

https://www.spokesman.com/stories/2020/jun/25/control-house-and-senate-1900/
https://en.wikipedia.org/wiki/Roe_v._Wade

If you look at these two links, Roe V. Wade was decided January 22, 1973, since that time there have been two congresses where a super-majority with a filibuster proof 60+ votes in the senate and the house in 75 and 77. A Republican (Ford) was in the president's office for one of those leaving a single time with Carter in 1977 when it would have been possible without altering the senate rules to codify the decision, assuming that the R's would have objected as they have from the beginning. I guess you can take it up with Jimmy that it wasn't pushed into law back when the SC had just made their stance clear a couple years prior.

The next most viable times would have been in 1993 with Clinton and and 2009 with Obama, and both of those would have needed to either amend the rules or convince some R's to go for it. It seems you're overestimating the power they've had since the matter was before the SC the first time, particularly when it had been seen as a settled matter for more than 2 decades before the earlier of those.

ShellMonkey , 1 month ago

Lol, do you think history is only the last 4 years? They’ve had more than 50 years and multiple instances of having the supermajority.

You also cited that they've purportedly had several instances where they could have passed it at will when there has been realistically 1 viable time just 4 years after the original SC ruling.

https://www.history.com/topics/us-government-and-politics/history-of-the-filibuster

A brief history of one of the biggest obstructions and also notably important tools at the disposal of the Senate. Interestingly enough one of the few times that the rules on it where changed actually was at the behest of the Democrats to allow for placing judicial nominees without the Republicans getting in the way. Actively doing away with it or making significant modifications has been kicked around for a while but outright removing it would all but nullify any input by the minority party. By forcing a 60 vote barrier to things you set the table for either working with people of different stripes (not a bad idea, we did use to get a lot more done that way) or if you happen to be in a space to have those 60+ all yourself then you can consider that a free ticket and strong demonstration of the will of the voters.

Do you think their corporate sponsors accept these kinds of excuses?

I'm sure that they're probably held to a higher standard of performance than their Republican counterparts who tend to come from poor states with low educational standards. The R's can be bought off for a relative bargain price to be sure, so less pressure to get on the ball.

ShellMonkey , 1 month ago

I don't so much look to defend the D party as it stands, but rather the functional operation of the nation. The D's are a far broader scope than the R's and frankly I'd have loved to see something like a Sanders/AOC ticket created for president, but that's not happening soon.

The Republicans have long been the party of NO. For them, a government de-fanged and paralyzed is a perfectly good thing, it would let the rich and businesses pillage and plunder unchecked. Let them oppress whomever they wish and force arbitrary rules on vulnerable populations at local and state levels where party plays a much smaller role. Matters like Roe and Dobbs wouldn't exist without pressures from national level lelft-ish parties.

The Democrats often as not get the short end of the stick on deals in an effort to get anything whatsoever done. The ACA was a fairly large accomplishment given the opposition in play seeking to protect the existing middlemen and preclude those damn poor people from taking care away from the rich. They often give up things in exchange for protecting some group, the 'fine you can keep the 47 round clips on your guns, but you have to stop shooting migrants for fun' sort of deals.

We would all likely be better off if the existing parties where shattered up and the entire system overhauled to provide a more proportional representation, however that's not in the cards as things stand. The other potential problem there of course is that the R's would likely end up with maybe 10% libertarian, 20% boring basic conservatives, and the remaining 70% insane swastika wearing nuts. The D's on the other hand would end up with a dozen tiny slices of varied groups who all want some very specific thing with great fervor. Where that to happen then the larger few groups born out of the R's would run rampant over society more than they already do.

ShellMonkey , 1 month ago

The bing needed some new clientele after Tony and the rest of the family stopped coming in...

ShellMonkey , 1 month ago

Can't think where I've seen any there, some software but not even really games since those have largely gone for distribution via Steam or similar.

ShellMonkey , 2 months ago

https://www.npr.org/2021/12/07/1062240467/kellogg-to-hire-replacements-for-striking-workers-who-rejected-a-proposed-contra

One of the more recent things here.

ShellMonkey , 2 months ago

Wut? Too early for me to try and make up context...