HackerTrans
TopNewTrendsCommentsPastAskShowJobs

LinuxBender

no profile record

comments

LinuxBender
·tahun lalu·discuss
What would happen if we didn't use TCP or UDP?

One would have a hard time communicating with anyone. The internet has standardized around TCP and UDP. There are too many devices in most paths that will not be able to handle other protocols. Replacing all the hardware on the internet would take even longer than deprecating IPv4 in my pessimistic opinion. To get around this there would have to be some significant gains of the new protocol that would warrant big expenses in every corporation and government and all the hardware manufacturers would all have to agree on implementing support and further agree on interpretation of the new RFC.
LinuxBender
·tahun lalu·discuss
I disabled IPv6 as my little ISP has not yet figured out how they want to bill for or assign/segment it out for static assignment. I have multiple static IPv4 addresses. I only use static IP's but that is a requirement specific to me. The firewall is very simple and just forwards packets and uses a simple IPv4 SNAT. The only time I've had it set up more complicated was when a guest was abusing P2P so I had to block it using string matches on the unencrypted commands.

My setup is honestly simple enough that a write-up would not benefit many. My Unbound setup to block many malicious sites is also fairly well documented by others. The null routing of commonly used DoH servers is straight forward. My Chrony setup would just annoy people as I only use stratum-1 servers and the options would just look like cargo-culting to some.

About the only thing not commonly discussed is the combination of thc_cake and some sysctl options to keep buffer bloat low but OpenWRT has their own take on that topic already.
LinuxBender
·tahun lalu·discuss
Same here. Alpine Linux on top of that + Unbound DNS, dnsmasq for DHCP, netfilter, chronyd for time. I've never been able to make them break a sweat.
LinuxBender
·2 tahun yang lalu·discuss
I understand the desire to push for this but I also know first hand it would make things worse specifically around competency. I've had countless calls and meetings with state and federal agencies that could not grasp even the simplest of technical issues and this was with the very people charged with the responsibility for their systems. On the state level, explaining to the California DMV repeatedly that they may not use RC1918 address space in public MX records and expect emails and faxes to get through. That was an actual battle. Or arguing and escalating with 3 letter federal agencies that we will not "install their server certs" on our tens of thousands of servers and they must install the intermediate certs correctly. I wish I could share who that was because nobody would believe me... There are countless battles I've had with these agencies. I do not want more of these people running critical and sensitive systems. It's bad enough that leaders in companies like AT&T bend over backwards to just hand over data to them. I've had to hand over the data, looking the other way, giving unfettered unlimited unmonitored access to mainframes without warrants. This was at a company that was gobbled up by AT&T. Or being told to let a scammer with access to an SS7 link scam infinite people because they are paying for the link. Governments running these systems would be the wolves running the hen-house.
LinuxBender
·2 tahun yang lalu·discuss
Not unrealistic. I used to have a tail of all SMS texts running 24/7 and was required to grep for specific terms for certain agencies until they eventually had their own access. This was only SS7 based texts and was long before RCS existed. I could have saved it all to my workstation but knew better than to do that. Either way SS7 and text messages are very insecure.
LinuxBender
·3 tahun yang lalu·discuss
I should add that if this were safe I could envision body builders doing this even if they were already big. They seem to be willing to do just about anything to get that edge on others.
LinuxBender
·3 tahun yang lalu·discuss
Grow taller is not a controversial goal and growth can be resumed because previous knowledge of growth plate was flawed.

Has this been tested in animals, showing that the growth can be resumed and then stopped without going out of control into a disease like Acromegaly? [1]

[1] - https://www.niddk.nih.gov/health-information/endocrine-disea...
LinuxBender
·3 tahun yang lalu·discuss
This looks very useful. In the past I've used smtp-sink which is part of Postfix-(stone) and logs to syslog but having a web interface that shows attachments is a big improvement over the smtp-sink method. I could see also using this to replace my SMTP tarpits which are just Postfix logging to single text files per node. I could envision a few other unorthodox uses for this as well.

With an optional installation step this could run on port 25 as a regular person. Or authbind [1]

    setcap cap_net_bind_service=+ep /path/to/mailpit
[1] - https://stackoverflow.com/questions/413807/is-there-a-way-fo...
LinuxBender
·3 tahun yang lalu·discuss
Archive [1]

Use cash instead of a card.

[1] - https://archive.ph/vO2Ug
LinuxBender
·3 tahun yang lalu·discuss
Funny you should mention that. I have a few Squid-SSL-Bump proxies that I use for a few devices. For several years I even used that to visit HN and to my surprise was rarely rate limited or blocked when accessing from a VPS. With Squid I can also make decisions on content types, file sizes and more. There are only a handful of sites it doesn't work with because they for whatever reason are still using public key pinning. A few google sub-domains, eff.org, paypal but interestingly no banks.

This only works with devices that I can install my own CA key onto. I have not figured out how to do that with the vehicle diagnostic tool.
LinuxBender
·3 tahun yang lalu·discuss
I've used many smartphones and never registered any of them.

When I say register, I meant sign up for the wireless service. I did not already have an account. I was on my wifi and browsed to the wireless provider to activate my sim card and get a phone number. I could have done this on my PC but doing that on my cell verified with the vendor that my phone was supported since I am using an off-brand device. It was easier to copy the IMEI that way.

For Googles app store I used a throw away Gmail address that is not used anywhere else. I would love to put a new image on the phone but AFAIK there are no custom roms for my make/model of device. I would love to install GrapheneOS but they have sadly limited device support to Pixel. I am learning more about using adb since this is my first smart phone and with time I will neuter Google without replacing the rom, hopefully. It's mostly harmless for now since I rarely have the phone on.
LinuxBender
·3 tahun yang lalu·discuss
I confine everything on my network and if anything is able to resolve any one of the sanctioned countries or if the domains I override resolve to their correct address I will see it. I can only think of one opaque device I have that could even try to do that but I know it doesn't because I have to unblock .cn to get vehicle updates for it. I should add that I do not let random IoT's onto my network and that vehicle diagnostic tool from China is only on my network about once per year for a few minutes. I should also add that I have fascist firewall rules for anything I do not trust and all new SYN packets are logged. DoT and DoH use TCP.
LinuxBender
·3 tahun yang lalu·discuss
Blocking DoH is largely whack-a-mole

Maybe this is so but I have yet to see it. AFAIK all the DoT/DoH are on known dedicated IP addresses. I know they don't have to be. They could be on generic Akamai/CF/BunnyCDN/etc... end points but I have yet to come across one utilized in the wild. Have you found any? What are their IP addresses? I would like to add them to my DNS timing/monitoring scripts.

I null route about 24 DoT/DoH IP addresses and my one smartphone seemed to figure out automagically that my router was serving up DoT on 853. I can tell if something is bypassing Unbound because there are things I know should not resolve correctly.
LinuxBender
·3 tahun yang lalu·discuss
I'm still here. I've used a browser on my phone exactly once to register my phone. With exception to that one time I only use Firefox on Linux on an old PC.
LinuxBender
·4 tahun yang lalu·discuss
Most of the [dead] I see are from newly registered accounts and most are for sites I would expect to see flagged. I am just guessing but I would suspect new spam bots being created and tested during certain times of the day. Only @dang could say for sure as he would have access to the logs.

I try to vouch the submissions that look legit but there are so many to review it starts to feel like a job and I am supposed to be retired and relaxing.
LinuxBender
·4 tahun yang lalu·discuss
Yes, Shutup10 [1a][1b] and misc other powershell scripts people have written can disable some things with varying degrees of success.

[1a] - https://www.oo-software.com/en/shutup10 [freeware]

[1b] - https://www.virustotal.com/gui/file/86bf0b60f97f72bdbbf01e45... [scan results]
LinuxBender
·4 tahun yang lalu·discuss
Anecdotally a friend had a computer store that sold Amiga's and had his entire inventory bought out by the CIA of whom never paid him so they must have been powerful for something. This was in the late 90's. No idea what they were using them for. I used one to help a friend run a BBS. I could play games with incredible graphics whilst the BBS was running in the background.
LinuxBender
·4 tahun yang lalu·discuss
To be fair he never lived in a rain forest. He was always around people and often managed to upset many of them.
LinuxBender
·5 tahun yang lalu·discuss
One might use the ExoneraTor [1]

[1] - https://metrics.torproject.org/exonerator.html?ip=68.164.57....
LinuxBender
·5 tahun yang lalu·discuss
Yup, aware what ZFS could do. I was not going to suggest it since they are talking about a personal git server. ZFS likes memory, lots of it. Rsnapshot is a simple perl script that uses rsync. The backups and snapshots are wherever you point it to. Local, remote, both, 20 other locations if you are so inclined.