Album

That’s not half bad.

Ayyyyy!

Love systemd thanks for the writeup 👍🏽

Wrt lan deny all for the fam, it’s mostly hard on gamers cuz games tend to use wide port ranges and outbound IPs are potentially home isp networks not the game servers. But yeah it takes some time and research to really lock it down.

Most stuff is running through web protocols though. So right off the bat you create allow rules for any LAN device to hit ports: 80, 8080, 443, 8443 which are your common http and https ports. That’s gonna get most ppl what they need.

I do ASN based allows for certain applications like Google, Facebook, etc.

For consoles they’re pretty locked down so just give them full allow to the Internet. I don’t do that actually but it’s probably the better way.

IOT devices get only the ports they need to the IPs they need.

when you said you are using unbound instead of using DoT forwarding, you mean instead of allowing clients to DoT forward, right?

No I mean my unbound resolves DNS for something like microsoft.com all by itself. It calls up the root name servers, finds the com nameservers, then asks the com nameservers for Microsoft. And for any subdomains it asks the MS name servers. This is instead of relying on external forwarding services like 8.8.8.8 or 1.1.1.1 or quad 9 or whatever. At least the former two are sure to be aggregating this data.

Additionally I do not allow devices on my network to reach out to external port 53, or 853 to circumvent lookups on my unbound by reaching out directly, which would then bypass the DNSBL. Anything for port 53 gets NAT’d to the unbound server. You can’t redirect TLS attempts so those get hard blocked.

Curious to your IDS solution

Securicata is what opnsense uses. Pretty easy to set up.

I have an n100 box that I put opnsense on for routing, firewall, DHCP, DNS and IDS. It uses unbound for DNS and so I’m leveraging the blocklist functionality in unbound. And then I use unbound to resolve instead of using DoT forwarding.

Dnsbl is only a small component of effective network security. Arguably the firewall is most important and so I have a default deny all for any device on my LAN trying to reach the Internet.

All applications need specific allows. Thus internally no device can use dns over tls because 853 is blocked by default. Then I use a DNSBL to catch known DoH by domain since the cert is provided by domain name.

It’ll also be wrong in every application you run in your browser. Even local sites.

You clearly don’t know what you’re talking about. You don’t even seem to understand what a non sequitur is. Good luck moving cash in material volumes in any way that’s meaningful. You can’t. No one is going to let you buy your yacht or your house in cash unless you can prove it’s Source because of AML controls. They won’t be able to deposit it into their banks so they won’t let you deposit it with them either.

I feel like the link you just provided completely invalidates the way you started “if you are a giant bank you can ml all you want” but then you show the fines that show you can’t do this all you want.

Keep in mind the banks are profiting from others laundering money not from laundering their own money.

“It’s big brothers attempt to monitor capital flows.”…yes exactly…

No it doesn’t. It posits that if you don’t think they are necessary you need to accept and be ok with money laundering on your network.

Lmao who writes this shit. The solution to KYC is just no KYC! And then offer nothing to explain how to implement AML controls!

If you want to use a kycless network you then have to know and accept that it’s going to be used for money laundering and that others are not going to transact with you or that platform because you accept that kind of risk.

The banks are obligated by the govt to not take that risk. It doesn’t benefit the banks… We’ve seen they’d much rather not do KYC and take on the money laundering risk because it’s far more profitable.

Weird I was looking for my 10mm yesterday and couldn’t find it :(

Imo it’s hotspot temp. At least on my 2080ti if my hotspot reaches 104C (from thermal paste pump out) then the blower fan will go 100% which is insanely loud like a hair dryer.

A repaste will fix it till it pumps out again so next time I’m using a phase change material.

Do you understand what an analogy is?

Yes, hence it being a shit one.

Anyways, Firefox is the project. All of those other “projects” are mostly configuration changes of the upstream project- not even code changes.

No, for example fennec for fdroid which is the base for mull or ironfox has multiple code deletes to remove unsolicited data sent to Google.

When Firefox decides to become hostile to those “other” browsers you use- they’ll be able to do fuck all about it.

That’s not how open Source works…

As someone who has never used Firefox only librewolf/mull/ironfox this analogy is asinine. Switching browsers is trivial and not at all like dealing with the threat of violence. It’s exactly bullshit like this that is tiring. No one is really thinking just making unintelligent quips and reactions or parroting the bullshit of others.

Ddg obviously hasnt updated it’s cache. Safetnet is new. Had a high rating at 4k reviews and the obviously social media misrepresents it and ppl flock to the store to drop 56k+ reviews on something they now misunderstand. So in just a few weeks the rating has changed dramatically and now ddg needs to update the cached review score.

Not that reviews matter for this app.

Yes like most things this is misunderstood, bandwagoned and thus overblown.

Getting tired of social media. Even Lemmy.

The other one is the Firefox tou update… Not saying it won’t eventually be a problem but as of today it’s not sending your data to Mozilla. You have time to see how this pans out.

The dev that supported Mull also made significant contribution to fennec, though it still has it’s maintainer, So I’m nervous about fennec’s long term suitability.

https://www.reddit.com/r/fossdroid/comments/1hlg8zx/seeking_collaborators_for_mull_browser_fork/m3tsp0p/?context=3

Isn’t that the whole point? But no to the latter question. Your shoes rub your toes but you probably forget about it after a while. Ever wear sandals? There’s comfy pairs and uncomfy pairs.

https://xyproblem.info/

Don’t give people your solution and ask them how to do it. Start with your problem out of the gate.

Instead of checking for audio maybe you can write a usescript to run actions based on what’s happening on the website. Dunno tho cuz Im making assumptions at what the problem is.