Joe

In Germany and no doubt some other countries, private law firms can (on behalf of the copyright holders) request people’s identity based on residential IP addresses and then send extortionist legal threats. Apparently an IP appearing on a public tracker can be enough to trigger it, without any confirmed data transfer.

VPNs are common and usually sufficient.

Mandatory coat check-ins, here we come!

What are your geographic constraints, if any?

With apparmor, you could enable and disable profiles that could restrict access to files and paths by name.

For network traffic, it’s possible to use dnsmasq to blacklist or whitelist some domains.

Heh. Tax returns and music should have been the giveaways, although I know someone who takes great satisfaction in taking every tax deduction they legally can, down to the last cent. :-P

TV and games sure, but embrace music - (try to) learn to play an instrument, and you will appreciate listening so much more!

I use labwc … it’s basically OpenBox as a Wayland Compositor. Some things/programs work better than Hyprland, other things worse. No animations - just get out of your way functionality.

I found a patch that allows manual tiling and focus (eg. alt-tabbing just for windows in the left half of the screen), which is cool.

Scriptability isn’t there, but the code looks pretty clean.

The config file is similar to OpenBox. I miss multi-layer keybindings though.

Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right … but it can help in many cases. There are evolving techniques to do this.

In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.

That’s the advanced stuff. Many games don’t even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don’t get fixed for years.

Not everything will be open source. For whatever reason, they decided to make this obfuscator open source. It might also just be an interesting side project that someone got permission to release.

Obfuscation can make it harder to reverse engineer code, even if the method is known. It might also be designed to be pluggable, allowing custom obfuscation. I haven’t checked.

We also know that obfuscation isn’t real security … but it’s sometimes it is also good enough for a particular use case…

ALSA is lowest level, and is the kernel interface to audio hardware. Pipewire provides a userspace service to share limited hardware.

Try setting “export PIPEWIRE_LATENCY=2048/48000” before running an audio producing application (from the same shell).

Distortion can sometimes be related to the audio buffers not getting filled in time, so increasing the buffering as above gives it more time to even out. You can try 1024 instead of 2048 too.

There is no doubt a way to set it globally, if it helps.

Good luck!

Except my crazy relative (just 1, thank dog) also has telegram and feels the urge to forward every damn whackjob conspiracy theory reinterpretation of truth that they find to me and my wife, despite us never replying except to ask them to stop. eg. Cloud seeding, windmills and electric cars are responsible for destroying the atmosphere (not co2 and other greenhouse gases); Bill Gates etc. are spreading microchips through vaccinations; judges ruling that measles doesn’t exist; Ukraine is full of nazis; and yes, even regurgitated feelgood fairy tales and random cat pictures from Facebook. So glad they are in a country far far away from me. They “do their own research”, of course.

So bloody sad that so many people are in a similar situation of avoiding friends and family for their own sanity (and sometimes safety).

I have an API to generate vanity crypto keys. Does that count? 🤑

But not Fire tablets (kids profile) or Samsung TV or many others that Plex currently supports.

JellyFin android phone app’s UI is a little weird at times, but does work pretty well for me.

…

What I would adore from any app would be an easy way to upload specific content and metadata via SFTP or to blob storage and accessible with auth (basic, token, or cloud) to more easily share it with friends/family/myself without having to host the whole damn library on the Internet or share my home Internet at inconvenient times.

Client-side encryption would be a great addition to that (eg. password required, that adds a key to the key ring). And of course native support in the JellyFin/other apps for this. It could even be made to work with a JS & WASM player.

In many countries the onus is on the connection owner to point the finger at the next person, or to otherwise prove it wasn’t them / their responsibility. Even if they can, fighting off lawyers who are experts in this area is costly (time & typically money).

Exactly the same problem exists with a VPN. What makes it personal? It’s just a service you bought, which can be used by multiple people and devices. The source IP typically links it to the user. So … back to the point of picking a trusted VPN provider in a trusted region.

For civil matters (like copyright infringement in most jurisdictions), a standard VPN (with egress in another jurisdiction) and client-side precautions will be fine, crypto or no crypto. Frankly, it’s quite normal for people to use VPNs these days. My employer even recommends employees use personal VPNs for their personal devices.

For the despicable shit, espionage etc., onion routing and crypto might be better. The police and agencies have many more tools at their disposal, and any mistake could be one’s undoing.

A firm dropping crypto is hardly a reason to declare a holy war against a VPN provider. For those who care, they already do.

There is near-zero privacy when a VPN has your real IP address and could log connections (source/dest/proto/port). Don’t fool yourself into thinking that using crypto payments adds much, unless you are constructing your own VPN onion OR you are concerned about what shows up on your CC bill directly (eg. to hide it from your family)

When you use a VPN provider, you are trusting them with your anonymity - that they don’t keep logs of connections that could lead back to your identity, and/or they won’t hand that info over to others (law enforcement, courts, some spook slipping an employee $500).

It’s also quite likely that your the average VPN user uses the same webbrowser (full of fingerprints and tasty cookies) to identify themselves in 10 different ways as they visit their shady torrent/porn/zuckerberg/fetish/gambling/bezos site, removing another layer of the obscurity onion.

Don’t they know that the kids deserved it, because they like Hummus. Yes, I’m sure that was it.

I used to love Pocket … I remember they changed something, and then I refused to use it since. I don’t remember what it was now, though. I assume enshittification of some kind.

And contributions to codebases that have developed with the goal of meeting the team’s own needs, and who similarly don’t have the time or space to refactor or review as needed to enable effective contributions.

Enabling Innersource will be a priority for management for only two weeks, anyway, before they focus on something else. And if it even makes it into measurable goals, it will probably be gamed so it doesn’t ruin bonuses.

Do you also work for $GenericMultinationalCompany, per-chance? Do you also know $BillFromFinance?

Yeah, at that point I wouldn’t worry. If someone has docker access on the server, it’s pretty much game over.

Encryption will typically be CPU bound, while many servers will be I/O bound (eg. File hosting, rather than computing stuff). So it will probably be fine.

Encryption can help with the case that someone gets physical access to the machine or hard disk. If they can login to the running system (or dump RAM, which is possible with VMs & containers), it won’t bring much value.

You will of course need to login and mount the encrypted volume after a restart.

At my work, we want to make sure that secrets are adequately protected at rest, and we follow good hygiene practices like regularly rotating credentials, time limited certificates, etc. We tend to trust AWS KMS to encrypt our data, except for a few special use cases.

Do you have a particular risk that you are worried about?