r00ty

When you’re alone, and life is making you lonely you can always go… Downtown Abbey!

Wireguard vpn into my home router. Works on android so fire sticks etc can run the client.

It’s in the app list for me. I set it to disabled.

Phone is Samsung s24 ultra.

Gemini is an app, I disabled that. I also shut off the key press and there’s some other places you can turn off some of the automatic AI features, and also there’s a setting to disable the “online” AI in general.

But that’s why in another comment I said, I am still not sure I turned it all off (or even if it is possible to).

Doesn’t the motorola phone have a settings screen for defining what the button does? For Samsung they like to re-purpose the power button.

First of all, it brought up bixby. I turned it back to powering off the phone and disabled bixby.

Then, with the new update they re-assigned the power button to gemini. So, I turned it back to powering off the phone and disabled gemini too.

However, the problem these days is that I’m never completely sure I’ve turned off all of the AI nonsense on my phone.

Pretty sure I disabled Gemini as one of the first things I did when I got my phone. But, yes when I read that, to me it did seem like a serious overreach for something that was going to be “on by default” for most users.

Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.

There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.

They send fake (non-existing) actor ids for votes to obfuscate the identity of the real user. It is “compliant”, but completely against the spirit of a public social network.

There have been discussions about how to implement this before. But it has to be done in a way that is agreed by other threadiverse software. Unless they actually provide profiles for these fake actors there will be problems since some software will look up the profile info to cache it, even for likes…

Personally I’m of the opinion of a standard header to mark a favourite message as a private one and use a random ID that the originating instance can use to validate the message as genuine. But, this needs to be adopted properly by all.

I bought my first HDD second hand. It was advertised as 40MB. But it was 120MB. How happy was young me?

Yeah, but asking film/tv producers for permission would kill my content collection!

Actually how is your ISP giving out IPs to you? Mine uses IPv6 PD to give me a /48. And I then use SLAAC locally on the first /64 prefix on my LAN. Plus another /64 for VPN connections.

If you mean receiving RA/ND packets from your ISP (which are used to announce IPv6 prefixes) then you need to allow icmpv6 packets (if you don’t want to be able to be pinged, just block echo requests, ICMP in v4 and v6 carry important messages otherwise).

If your ISP uses DHCPv6 Prefix delegation you will need to allow packets to UDP port 546 and run a DHCPv6 client capable of handling PD messages.

If you have a fixed prefix, then you probably don’t need to use your ISPs SLAAC at all. You could just put your router on a fixed IP as <yourprefix>::1 and then have your router create RA/ND packets (radvd package in linux, not sure what it would be on pfsense) and assign IPs within your network that way.

If you have a dynamic prefix… It’s a problem I guess. But probably someone has done it and a google search will turn up how they handled it.

EDIT: Just clarified that the RA/ND packets advertise prefixes, not assign addresses.

I believe the privacy concerns are made moot if all consumer level routers by default blocked incoming untracked connections and you need to poke holes in the firewall for the ports you need.

Having said that, even knowing the prefix it’s a huge address space to port scan through. So it’s pretty secure too with privacy extensions enabled.

But for sure the onus is on the router makers for now.

I used HE for ages until my isp gave native ipv6. I also used sixxs back then too. Both provided good connectivity for the few sites that were around using it at the time.

This is my biggest bugbear about a lot of UK isps. They are dynamically allocating ipv6 prefixes for absolutely no good reason.

I’ve only ever done ipv6 using Linux directly as a firewall or a mikrotik router. So cannot help with pfsense I’m afraid.

You start by adding ipv6 and serving both. One side needs to move first. Content providers or isps.

The big tech companies are using ipv6. In the UK the isps are mostly offering it too.

Host both and help us move towards dropping Ipv4 some day. It’s not going to happen in a day.

When I was at school we had rulers that had both inches and centimetres on. 1-12" and 1-30cm. Now they didn’t perfectly line up. But as a good rule of thumb, 6" = 15cm and 12" = 30cm.

I never heard that. But it seems entirely believable.

It’s for backup purposes mainly. A lot of cloud backup providers don’t store permissions.

So if I restore the data I can then restore the permissions after. So these are the folders I am backing up (with some exceptions in /var)

OK so it’s fairly simple. You need to install the acl package (or whatever equivalent package contains getfacl/setfacl. Then you can use that to dump the data from an entire structure into a file (I also then bzip that). Then I backup all installed packages to help with a restore too.

So the script looks like:

#!/bin/bash
cd /etc
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /home
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /root
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
cd /var
/usr/bin/getfacl -R . | /usr/bin/bzip2 -9 >PERMISSION_BACKUP.bz2
chmod 600 PERMISSION_BACKUP.bz2
/usr/bin/apt list --installed | /usr/bin/bzip2 -9 >/root/INSTALLED-PACKAGES.bz2
chmod 600 /root/INSTALLED-PACKAGES.bz2

To restore you change to the folder the backup was taken from, unbzip the file (or uncompress live via pipe) and use setfacl --restore=<file>

Yeah. Only on my phone right now but will get it and post here later/tomorrow.