ShellMonkey

ShellMonkey, 3 days ago

How long do we have to put up with this charade of her being an impartial judge? Hardly a day goes by that she doesn’t entertain some absurd request to impede the case in whatever way possible.

ShellMonkey, 3 days ago

Someone pulled that formula straight out their ass

ShellMonkey, 7 days ago

Stop using southern Indians as your drinking vessel and that wouldn’t be a problem. Daft auto written headlines…

ShellMonkey, 8 days ago

I’m fairly sure if they took porn off the internet, there’d only be one website left, and it’d be called “Bring Back the Porn!”

ShellMonkey, 9 days ago (edited 9 days ago)

I recall using an app way back when I used to root and haxor all the mobiles that would do this. Kind of a virtualbox for the Nexus phones/tablets, but it needed root to do it. Will have to look into this, would be interesting if it can do so in user space somehow.

Edit: Damn, still needs root. Was a longshot to be able to hook into system resources without it but was hoping for some bridge function.

ShellMonkey, 8 days ago

Makes sense, I’m so accustomed to making virtual machines and such that it becomes just a thing but inevitably at some point admin access was required to create the hypervisor, the vnic, a virtual switch, etc. Without that restriction a piece of malware could readily exfiltrate data past a local protection by just making it’s own new pathway through on the fly or any number of other unpleasant things.

ShellMonkey, 10 days ago (edited 9 days ago)

Anyone who thinks muting a mic is going to keep things civil and with any level of decorum hasn’t been paying attention.

ShellMonkey, 9 days ago

I might just be too cynical at this point. It’d be fun to see, but at this point I suspect that any attempt to keep Trump, and I won’t pretend to think it’s about anyone but him really given the history, in check will be brushed off as ‘the biased,unfair moderators are just trying to silence him’ rather than convincing any of his followers he might be a bit too volatile for public office.

ShellMonkey, 13 days ago

Because anyone needs a few hundred rounds a minute for hunting or personal defense of course. Wonder if there’s a path to sanity by attacking the proponents of these things obvious lack of skill (spray and pray) that they need to compensate for. Can’t let anyone question their abilities right?

ShellMonkey, 13 days ago

www.softsheen-carson.com/…/shaving-powder

So rumor is that for some people it burns like the fires of hell, but I’ve never had such problems so YMMV.

ShellMonkey, 15 days ago

How convenient, make sure to wheel him out in a chair with an O2 tank to really get them sympathy points.

ShellMonkey, 18 days ago

“See now, the press will take that, and they’ll say, ‘He said a horrible thing.’”

Ok, so the guy is a fuckwit and all, but the article has right in it where he pretty plainly put it as a joke. We don’t need to feed the new cycle with every crass bs thing that comes out of his mouth.

ShellMonkey, 18 days ago

He’s always on about how much the media hates him, so it’d be right in character as a way to troll them, and it’s an easy click bait headline. He may not be that concerned with the people, but it’d be a bad look to gather a bunch of people in dangerous conditions to let them die of heat stroke.

ShellMonkey, 17 days ago (edited 17 days ago)

My thoughts exactly. Things have gotten so absurd ‘OMG Turnip sed WHAT?’ that it makes it all the more difficult to sort out and find the actually bad things. With all the noise it just makes it easier for his followers to claim whatever is the latest was ‘out of context/misinterpreted’.

ShellMonkey, 19 days ago

Never miss an opportunity to jump in and waive that big ‘Biden Bad’ flag do ya?

ShellMonkey, 20 days ago

I guess do you mean with the cartoonish demeanor or just boxing ones as a whole? Have seen a few on playstation systems like knockout kings but they try and be all serious with it.

ShellMonkey, 17 days ago

gamingonlinux.com/…/energetic-boss-rush-big-boy-b…

Just saw on another post

ShellMonkey, 20 days ago

Same as with fortune tellers and horoscopes, say enough things in vague enough terms and some of it’s bound to be able to fit into something that happens later. If someone wants something to be true then any wedged in ‘correct’ prediction is just validation of the expected result.

ShellMonkey, 23 days ago

Although the conspiracy movement emerged out of fringe imageboards in 2017,

4chan, /pol/ if I recall

It’s an interesting story for sure, just have to wince when articles like this treat some sites like it’s a big secret place. I’d guess that in some part it’s so you don’t get those people that go to check the source and get sucked into it.

ShellMonkey, 25 days ago

Oh there are folks already claiming the ‘not until appeals’ bit. Basically anything to calm the dissonance between ‘law and order party’ and ‘convicted felon is out nominee’

ShellMonkey, 27 days ago

…a swift kick in the arse.

ShellMonkey, 27 days ago

George Floyd murdered in the streets by police: “People are out of line and should be jailed for their reaction”

Old white dude gets convicted by a full jury of white color crimes: “BURN IT ALL DOWN!!!1!1”

Perfectly rational folks there.

ShellMonkey, 28 days ago

Well there goes the one piece of politics that held some semblance of not being about the money.

On a secondary note, that seems like a time when having your ad is a super dangerous thing. Political ones aside, who wants their product attached to a situation where the viewer is probably all emotionally riled up and pissed off?

ShellMonkey, 29 days ago

Well if my recollections from way back in the time of being a barista is right, a typical shot of espresso is about 80mg while a full size cup of coffee is about 200mg. The common caffeine pills like viverin/no-doze are also around 200mg. The general recommendation for average adults is to keep it under 400mg per day.

So all that said the whole pack would be about 4 times the daily recommended.

ShellMonkey, 1 month ago

www.xbrowsersync.org

Created my own docker pod and has worked for a long time. No updates in years, but how many features does it need really?

ShellMonkey, 1 month ago

Can you FF sync to a chromium browser?

ShellMonkey, 1 month ago

Interesting note on not putting on the ground, guessing they don’t need a lot of runway to take off though. The ones I’ve caught I would bring out in whatever I caught them in and just open it. Even the one that had a part of the wing skin missing (my cat caught it first) seemed to take off without issue from a standing height.

ShellMonkey, 1 month ago

I’m guessing it’s just a short drop to take off thing, very quick critters. Mostly these little ones.

https://lemmy.socdojo.com/pictrs/image/38e9c46d-eaca-4df2-93ee-06e42038e703.png

ShellMonkey, 1 month ago

Long ago I used a system called hushmail that promised a lot of the same as proton. Eventually I set up my own but it still has the problem of having to relay outgoing external mail through another box because of all the restrictions on home based dynamic IPs, so it’s largely relegated to system alerts in house rather than general use.

It’s a balancing act to be sure. VPNs stop local ISP inspection in exchange for potential viewing by the VPN host. DNS filters can only filter known threats. Things like P2P private nets can be infiltrated by 3rd parties via the ‘6 degrees of separation’ premise or even tracking pixels.

Making the picture muddy is about the best we can do, but it’s always worth the effort to not be another data point in the profile machine.

ShellMonkey, 1 month ago

Pretty sure the separation of church and state has something to say about this.

ShellMonkey, 1 month ago

3 things I’m still looking to get in one distro and Windows will be gone. Not looking to have my desk/lap turn into another ad platform like phones did.

Easy drive mapping for remote shares, most have this but some are a bit clunky.

Solid games support, mostly a WINE thing. One called Bazzite looks promising with a pile of pre-configured profiles.

Easy and reliable connection to a DC so the same creds can be used across multiple machines. This is probably the hardest part in Nix at this point.

Otherwise pretty well every app I use is web based and hosted on some local server, or has a Nix native variant.

ShellMonkey, 1 month ago

Probably worth a shot. I’ve gotten it working on a version of Ubuntu in the past, but it was far from the simplicity of select domain, give join creds, and reboot that it is with Windows yet.

ShellMonkey, 1 month ago (edited 1 month ago)

I have not, the last time I made a real effort at moving to Nix for games was quite a while ago. The big factor is if I can get GOG working since that’s the preferred platform here.

ShellMonkey, 1 month ago

I know it exists, have gotten it working with one of those AD compatible samba based DCs before, but not without some messing about. I’d really like to see it as simple as it is in Windows before saying it’s a drop in replacement.

Tried the other day with Mint and ran into something where one of the searches promoted manually editing the hosts file to point to the DC and Kerberos address. That kind of thing shouldn’t be required and is the kind of buggery I’d like to see sorted out.

ShellMonkey, 1 month ago (edited 1 month ago)

Claim: if you use HTTPS you are safe!

Overall a solid writeup, but this part could use some clarification. Assuming the VPN client doesn’t leak DNS this is only a concern after exploitation by DHCP option.

Another thing that might be noted, since this is a DHCP based issue the window for compromise is largely going to be at the time of connection unless the server has a particularly short lease time. If there are multiple DHCP servers on the same network answering requests it’s bound to raise some alarms if someone is watching the network so it makes 3rd person exploitation a very noisy method since you would have a race for who offered the lease first.

Edit: Really this attack isn’t just a problem for VPNs but could apply to any network connectivity. A rouge DHCP sever can cause all sorts of havoc. There used to be an single button APK called ‘firesheep’ that would do similar to this by presenting itself as the gateway, although that wouldn’t have allowed for the specific split routing config option push.

ShellMonkey, 1 month ago

https://lemmy.socdojo.com/pictrs/image/7e31cdc7-384b-4791-b637-ddbd9be198fc.png

Discover/offer/request/acknowledge since it didn’t make a pretty picture for me.

Basically it’s just a case of who answers first. A DHCP discover is a broadcast message since the client doesn’t know where or even if there is a server on the net. Whoever gets back to the client first with an offer though will end up with the request/ack following up and get to provide whatever options they push along with the offer.

ShellMonkey, 1 month ago

It says right in there that they can’t see what you are sending or receiving, but seeing the SNI provides content on what you’re doing. Not seeing where it’s false at all.

Using that SNI header profile though if one was inclined and the site doesn’t enforce HSTS it would be simple enough to proxy traffic through their gateway, or to creating a phishing duplication of the site with a DNS redirect.

ShellMonkey, 1 month ago

WiFi pineapples are fun that way. I’ve taken one out on a drive going to our cabin in scanning mode and picked up 100+ different SSIDs along the way. It can also respond as a wildcard to any request that comes by or just be obnoxious and advertise them all at one.

Never setting an ‘auto connect’ for unsecured WiFi is a must in that case. Secured not so much an issue unless the interceptor has the key for the network at least.

ShellMonkey, 1 month ago

Most mobile devices these days default to using a random spoofed MAC, so I have a hard time seeing how that’s effective unless it’s done as a whitelist only.

ShellMonkey, 1 month ago

Edwards described critics of his underage marriage stance as “an army of control freaks that want to entice a pregnant woman into an abortion rather than allow a marriage”

The guy goes on about personal freedom but then puts it as an either/or that someone gets pregnant and they have one of two choices…

ShellMonkey, 1 month ago

It’s pretty much the same thing that ‘tile’ does, it’s scary that they do this as an opt-out though. Having that as a system level function effectively means they can enable or disable it at will without having to have a separate app.

One more bug to sort out with notifications and I’m full time onto GraphineOS.

ShellMonkey, 1 month ago

As useful as tile is ideal to me. Don’t allow for the global tracking but let’s me make my keys or wallet make a noise when I misplaced them.

ShellMonkey, 1 month ago

github.com/smdgames/reactle

Easy enough to change that

ShellMonkey, 1 month ago

Such a charming and rational fellow that one

ShellMonkey, 1 month ago

Short version of this attack, it involves split routing for the tunnels. A lot of clients will have a default route-all to send traffic through the VPN. There is however a limitation to this because the tunnel itself needs a route from the local nic to connect to the VPN endpoint and establish the tunnel, otherwise you end up with a chicken and egg where you can’t establish the VPN. By taking advantage of the DHCP option to set preferred routes (really anything more specific than 0.0.0.0/0) it can tell the host system to send the specified traffic through the local gateway rather than the tunnel’s virtual adapter.

One relatively simple fix if you happen to have a fancy router/firewall on the edge of the network that handles the VPN would be to use policy based routing rather than relying on the underlying network configuration. Static route tables would be possible too, but in theory that could be overridden by just sending a more specific route again than what was set statically.

ShellMonkey, 1 month ago

Hardly the only, but not always the case either. I’d put some of it down to rose-colored nostalgia, some to the given fact that so much today is buying a base framework game and then selling 276 ‘addons’ to make it complete, and part to that back when systems didn’t have the power they do now developers couldn’t rely so much on all the flashy imagery and effects so they put more effort into the story and unique gameplay. A lot of smaller studio games pull that latter part off today still, but they’re sometimes harder to find.

ShellMonkey, 1 month ago

I guess it depends on what you’re looking for and what you consider flashy. I tend to do most of mine from GOG these days just out of a preference for avoiding DRM on principal. Found a few interesting ones just of the ‘cheap enough that it doesn’t matter if it’s not great’ types.

A major marker of quality for me tends to be if something just feels polished, like the menus make sense rather than looking like someone just stuck things where they could without though, but it could still run on a potato without making things melt.

ShellMonkey, 1 month ago

Shortly after the net neutrality rules where first revoked mine sent a message asking me to opt out of gathering data for sale, so defiantly not always the case. Not trusting some checkbox to prevent them from doing so in the future got everything that can be put through tunnels since.