- 0 Posts
- 27 Comments
Your current setting is the “loopback” address. You’re listening for traffic to this address, and the only thing that can send to the loopback is yourself. This is a safe default, it means only the computer running the software can talk to it. Generally 0.0.0.0 listens on all available addresses. If that doesn’t work, use your local / internal ip.
This ui smells like it’s trying to hide the implementation details, but that makes things extremely difficult when troubleshooting
Vscode already supports linting yaml against a schema file. Once you start configuring your code with configuration-as-code, you’re just writing more code.
If I need to “generate” some insane config with miles of boilerplate, I would use js to build my json, which can be ported to just about anything. This would replace js in that process.
I’m not sold on the need for this.
Even with something like k8s, I’d reach for pulumi before I put another layer on top of yaml.
You can reduce doorknob turning dramatically by running on a non-standard port.
Scanners love 80 and 443, and they really love 20, but not so much 4263.
I used to run a landing page on my domain with buttons to either the request system / jellyfin viva la reverse proxy. If you’re paranoid about it, tie nginx to a waf. If you’re extra paranoid, you’ll need some kind of vpn / ip allow-listing
I gave their protocol page a look; it’s extremely in-depth. I have no idea what a vector clock is but now I get to learn. I like how they explain why blockchain isn’t a good fit.
I’m a touch worried about the extensability of the protocol, but I haven’t given it a deep read yet. I very much appreciate the share!
You’re running docker inside a vm? Why?
The first thing I would do is learn the 5-layer OSI model for networking. (The 7-layer is more common, but wrong). Start thinking of things in terms of services and layers. Make a diagram for each layer (or just the important layers. Layers 3 and up.)
If you can stomach it, learn network namespaces. It lets you partition services between network stacks without container overhead.
Using a vm or docker for isolation is perfectly fine, but don’t use both. Either throw docker on your host or put them all in as systemd services on a vm.
Spread-spectrum audio watermarks will survive multiple re-encodings and are extremely difficult to detect.
Iirc google widevine will embed a device code, and if a pirated copy of some content is found, they will blacklist the gpu’s device code so it can’t receive 4k content anymore. That’s video, but it’s the same idea.
- Yes, because:
- It could
- And if it does, you probably can’t remove it
Streaming sites can embed an unhearable data stream into audio signal. It’s possible
That being said, it’s extremely improbable, given the costs to do it at scale.
If you’re part of a large company’s beta program and have access to some unreleased product, maybe worry.
If you grabbed a file from some mega host updown whatever site, don’t worry.
And if you’re still worried, take a sha256 hash and put it into google search. If you get any results that even mention your file’s title, then you’re good.
I must disagree.
We need not wait for marginalized groups to be impacted to decry T1 ISP censorship. Ban whatever speech you want; the method of enforcement should be to arrest the perpetrators - not stop the sale of paper, the delivery of mail, or blocklist class A ip ranges.
On a more philosophical level, this is the question of “kindergarten policy” - do we punish those who crayon on the walls, or do we take away everybody’s crayons. To punish the ability to do wrong, or the act of doing wrong. Like most philosophical questions, there’s no good answer to this.
The supreme court was non partisan. Do you expect the truth arbitration department to go any better?
The 50% of people who believe false things are going to vote for truth arbiters that we don’t like. Surely it will be amazing when the correct party is in control, but inevitably the wrong party will be in control sometimes too.
The issue is that bad truth arbitration is “sticky”. Once a bad actor is in control, they have the power to silence their own opposition.
In order for this to work, we must either make sure a bad actor never ends up at the wheel - which will eventually fail, or neuter the truth arbitration process to the point of inefficacy.
The risks here are probable and tangible. We may have the techniques to do it eventually, but I don’t think we have them right now.
This is an excellent way of looking at it, that is very different from my initial understanding.
This changes the concern profile entirely, from “who decides what is false” (big concern) to “how do we define advocating, how do we define violence, etc” - which are valid concerns, but apply to just about every law.
Off topic, the cyber security world has been wrestling with “unauthorized access” - is there implicit authorization when a device is attached to the internet? Nobody authorized me to use google - are web requests access? Is bypassing authentication access? It’s a mess.
So… what? Are you arguing for an expansion of “punitive models”?
Iraq has exceptional consistency in thought leadership. There are no drug addicts in Singapore.
Moxie marlinspike has an excellent blog post on “perfect enforcement” - if the law were applied perfectly, we would not have the lgbtq marriage rights we have today. If America had perfect consistency of thought, we would all be protestant catholic.
Consistency is not a world I strive for, and therefore, to return to the start of this thread, I do not believe the us gov should apply censorship to our communications, and I do believe that doing so would be a slippery slope, precisely and purely because censorship may prevent its own regulation.
No single body can wield this power, and therefore multiple should.
/pol/ self-censors through slides and sages, and even maintains at least some level of toxicity just to dissuade outsiders from browsing or posting - you could call it preventative censorship.
Fortunately, we don’t have to go there. We have the choice to coexist on Beehaw instead.
Even on reddit, different subs could have different moderation policies, and so if you didn’t like ex. Cyberpunk, you could go to lowsodium_cyberpunk.
Freedom to choose communities allows multiple diverse communities to form, and I think that’s the key - that there are many communities.
When the scope of truth arbitration moves from lemmy instances to the us gov, the only alternative choice for any who disagree would be to go to another country.
The beauty of the internet is that there are no countries. Any website could be anywhere - there are hundreds of thousands of choices, from twitter hashtags to irc rooms.
I do not want one hegemony of information. I do not want 5, or one for each nato member. I want as many as possible, so I may find one (or more!) that I like.
Who is the arbiter of truth? What prevents the power to censor from being abused?
The power to censor inherently includes the ability to silence its own opposition. Centralizing this power is therefore dangerous, as it is neigh impossible to regulate.
Currently, we can choose our forums - beehaw does a good job, /pol/ silences all but one worldview, and therefore I am here and not there. What happens when that choice is taken away, and one “truth” is applied universally, with no course for opposition?
Perhaps you believe you hold the correct opinions, and will not be affected. Only those who disagree with you will be silenced. Or perhaps you change your opinions to whatever you are told is correct, and therefore you do hold the correct opinions, though only by definition.
Consider that 50% of the country disagrees with you politically. If you follow a third party, it’s 98%. A forced shared truth is only “good” if it goes your way - but the odds of that are so incredibly small, and it gets much smaller when you consider infighting within the parties.
Wireguard creates a new network interface that accepts, encrypts, wraps, and ships packets out your typical network interface.
If you were to create a kernel network namespace and move the wireguard interface into that new namespace, the connection to your existing nic is not broken.
You can then use some custom systemd units to start your *rr software of choice in said namespace, rendering you immune to dns leaks, and any other such vpn failures.
If you throw bridge interfaces into the mix, you can create gateways to tor / i2p / ipfs / Yggdrasil / etc as desired. You’ll need a bridge anyway to get your requester software interface exposed to your reverse proxy.
Wireguard also allows multiple peers, so you could multi-nic a portable personal device, and access all your admin interfaces while traveling, with the same vpn-failure-free peace of mind.
You’re out here solving impossible problems. You’re “The Fixer” from Pulp Fiction. Fools look at story points. Pros see an unsolvable story that languished for years until you came along and defeated it. A single point for you is an entire epic to other teams.
Everything is a differentiator that can be spun to your advantage. The points aren’t accurate, and you’re the only one with enough guts to step up to the plate and finally work these neglected tickets; even if it won’t “look good” on some “dashboard” - that’s not what’s important; you’re here to help the organization succeed.
If the system doesn’t make you look good, you have to make yourself look good. If you weren’t putting in the effort, it would be hard - but as you say, everyone who takes a deeper look clearly sees the odds stacked against you, and how hard you’re working / the progress you’re making; despite those odds.
Don’t let some metrics dashboard decide your worth, king!