• 0 Posts
  • 107 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle
  • Dropping instead of blocking might technically be better because it wastes a bit more bot time and they see it as “it doesn’t exist” rather than an obsticle to try exploits on. Not sure if that is true though.

    For me:

    • ssh server only with keys

    • absolutely no ssh forwarding, only available to local network via firewall rules

    • docker socket proxy for everything that needs socket access

    • drop non-used ports, limit IPs for local-only services (e.g. paperless)

    • crowdsec on traefik for the rest (sadly it blocks my VPN IPs also)

    • Authelia over everything that doesn’t break the native apps (jellyfin and home assistant are the two that it breaks so far, and HA was very intermittent so I made a separate authelia rule and mobile DNS entry for slightly reduced rules)

    • proper umask rules on all docker directories (or as much as possible)

    • main drive FDE with a separate boot drive with FDE keyfile on a dongle that is removed except for updates and booting to make snatch-and-grabs useless and compromising bootloader impractical

    • full disk encryption with passworded data drives, so even if a smash and grab happens when I leave the dongle in, the sensitive data is still encrypted and the keys aren’t in memory (makes a startup script with a password needed, so no automated startups for me)

    For more info, I followed a lot of stuff on: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server



  • So then it comes down to whether enough military personnel will have the morals to stand up to fascist orders from the executive branch and disobey them, displaying that they are at odds, or if they will simply obey unlawful, fascist orders to not get prosecuted under the UCMJ.

    Also, I would be extremely hesitant to believe that the host of pilots, mechanics, MPs, and logistics did not notice at all women and children being dragged in chains, likely crying, and if on-video behavior is anything to go by, also likely being harassed by ICE handlers and thought there was nothing wrong enough to bring it up to their COs. Cargo is quickly inspected at the very least. And the fact that they didn’t have any prior clearance to land at the airport they were going to… They aren’t complete idiots…

    Sorry, but these things do not happen quietly. That is like saying the train drivers and the people loading them into the cars carrying the Jews only knew they were carrying “personnel, material” and happened to be going to “a labor camp”.


  • Sorry, but it doesn’t matter one. single. bit. that the US military “isn’t a monolithic entity” if, when it comes down to it, they act like a monolithic entity and follow corrupt, unlawful, and treasonous orders like how the USAF has been wordlessly transporting kidnapped legal residents and greencard holders to foreign countries without any semblance of legal process or even a criminal act done.

    US military personnel love saying “we don’t follow unlawful orders” who have never had to make that decision until they are given an illegal order and they follow it. Just see every war that the US (and most other nations to be honest) had ever fought and what is currently going on.

    It is the exact same as the argument of ACAB. If there are 50 “good” people who actively shield, enable, and do nothing about 50 “bad” people doing horrible, illegal, and/or immoral things, you have 100 bad people.



  • They are a massive megacorp though. It always leaves me to wonder “how much”.

    Tons of capitalist companies do stock options where “technically” the employees own a share of the company, though that percentage is usually extremely small, even collectively such that they have no decision power. I can’t help but think that it is similar with huawei, but with better marketing.




  • Hey, I have done something similar to this.

    I turn the VPN on every time I connect to a WiFi without the SSID of my trusted places.

    Super easy with tasker.

    Here is the XML to import and experiment with OP:

    <TaskerData sr="" dvi="1" tv="6.4.15">
    	<Profile sr="prof7" ve="2">
    		<cdate>1693206728189</cdate>
    		<edate>1742652330550</edate>
    		<flags>8</flags>
    		<id>7</id>
    		<mid0>8</mid0>
    		<mid1>9</mid1>
    		<nme>VPN Automation</nme>
    		<State sr="con0" ve="2">
    			<code>160</code>
    			<pin>true</pin>
    			<Str sr="arg0" ve="3">HomeWifi/telenet-C6DE3/My VW 4685</Str>
    			<Str sr="arg1" ve="3"/>
    			<Str sr="arg2" ve="3"/>
    			<Int sr="arg3" val="2"/>
    		</State>
    		<State sr="con1" ve="2">
    			<code>110</code>
    			<pin>true</pin>
    			<Int sr="arg0" val="1"/>
    			<Int sr="arg1" val="1"/>
    			<Int sr="arg2" val="1"/>
    			<Int sr="arg3" val="1"/>
    			<Int sr="arg4" val="1"/>
    			<Int sr="arg5" val="0"/>
    		</State>
    		<State sr="con2" ve="2">
    			<code>160</code>
    			<Str sr="arg0" ve="3"/>
    			<Str sr="arg1" ve="3"/>
    			<Str sr="arg2" ve="3"/>
    			<Int sr="arg3" val="2"/>
    		</State>
    	</Profile>
    	<Task sr="task8">
    		<cdate>1693214693841</cdate>
    		<edate>1694095080534</edate>
    		<id>8</id>
    		<nme>Turn On VPN</nme>
    		<pri>100</pri>
    		<Action sr="act0" ve="7">
    			<code>365</code>
    			<Bundle sr="arg0">
    				<Vals sr="val">
    					<net.dinglisch.android.tasker.RELEVANT_VARIABLES>&lt;StringArray sr=""/&gt;</net.dinglisch.android.tasker.RELEVANT_VARIABLES>
    					<net.dinglisch.android.tasker.RELEVANT_VARIABLES-type>[Ljava.lang.String;</net.dinglisch.android.tasker.RELEVANT_VARIABLES-type>
    				</Vals>
    			</Bundle>
    			<Str sr="arg1" ve="3">WireGuardSetTunnel(true,BE-wg)</Str>
    		</Action>
    	</Task>
    	<Task sr="task9">
    		<cdate>1693214759029</cdate>
    		<edate>1693374826981</edate>
    		<id>9</id>
    		<nme>Turn Off VPN</nme>
    		<pri>100</pri>
    		<Action sr="act0" ve="7">
    			<code>365</code>
    			<Bundle sr="arg0">
    				<Vals sr="val">
    					<net.dinglisch.android.tasker.RELEVANT_VARIABLES>&lt;StringArray sr=""/&gt;</net.dinglisch.android.tasker.RELEVANT_VARIABLES>
    					<net.dinglisch.android.tasker.RELEVANT_VARIABLES-type>[Ljava.lang.String;</net.dinglisch.android.tasker.RELEVANT_VARIABLES-type>
    				</Vals>
    			</Bundle>
    			<Str sr="arg1" ve="3">WireGuardSetTunnel(false,BE-wg)</Str>
    		</Action>
    	</Task>
    </TaskerData>
    
    



  • I also use ubiquiti. It is the apple of WiFi systems, for better or worse.

    I have yet to be able to find if they are privacy respecting or not. I am leaning more towards no since everything is by default through their cloud (my brand new UCG-ultra wouldn’t even let me set it up locally, it would break when trying to set it up locally via the app and DNS & IPs would be messed up so I couldn’t even contact it to fix it, I had to hard reset it and do it via their cloud)