tkchumly

joined 1 year ago
[–] tkchumly@lemmy.one 5 points 1 year ago (2 children)

Signals registrar is Markmonitor and is hosted from the US. Should everyone stop using signal?

[–] tkchumly@lemmy.one 0 points 1 year ago (2 children)

Op didn't ask for security practices.

[–] tkchumly@lemmy.one 2 points 1 year ago

Everybody that you meet Has an original point of view (That is now recorded)

[–] tkchumly@lemmy.one 3 points 1 year ago (1 children)

What is the benefit to using your own key on top of protons encryption? Why not just use your own encryption with any other provider?

[–] tkchumly@lemmy.one 19 points 1 year ago* (last edited 1 year ago) (1 children)

This privacy community and the conspiracies or flat out misunderstandings that are coming back from the Reddit grave feel like they are coming from the anonymouse joker and Rob Braxman.

[–] tkchumly@lemmy.one 5 points 1 year ago

I agree the balance is difficult and I agree asking later sometimes yields different results. My for instance about a sub and corresponding question asked endlessly is the privacy guides sub where people ask something like: "I'm using brave or firefox browser how do I be more private?"

Like my man you are on a discussion sub for a website literally full of instructions and recommendations with a link to that site pinned to the top of the sub. My goodness it can barely slap you in the face any harder.

It's not as bad as it was but the question is so vague that it almost demands follow up questions like what country, what threat model and what OS? It's not as bad anymore but it got super old and its the questions that are too general to be helpful and repeated hundreds of times over that really depressed me to read.

[–] tkchumly@lemmy.one 2 points 1 year ago (1 children)

The middle legs are those the horse half or the centaur half?

[–] tkchumly@lemmy.one 22 points 1 year ago (4 children)

Asking questions that are asked all the time in a sub or are already answered in the wiki. Not doing even basic searching for information before asking.

[–] tkchumly@lemmy.one 17 points 1 year ago* (last edited 1 year ago) (1 children)

It took me a couple reads but I think its supposed to say wipe your paws but the A, W and S in paws aren't really correct cursive.

[–] tkchumly@lemmy.one 1 points 1 year ago

Calendars, contacts and mail are not end to end encrypted on icloud even with advanced data protection.

 

I see so many YouTube videos of people running blatantly red lights and getting in accidents or other videos of people stopped and gunning it backwards, hitting something, then they put it in drive and launch full speed forwards and hit something else. What is going through these peoples mind? I just don't get how there is such a high quantity of these videos.

[–] tkchumly@lemmy.one 0 points 1 year ago

I changed all my comments to: u/spez is no longer deserving of my contributions to monetize. Comment has been redacted.

So that its more of a campaign across about 1000 comments I've done over the years so there is a chance of awareness and there is more junk and basically no value to the content.

I might delete it but knowing that someone might not be able to get the answer they want and push people to Lemmy or other sources feels good.

[–] tkchumly@lemmy.one 2 points 1 year ago

You are the first person I've ever heard of that referred to the framework as thicker and clunkier. That's good for you that you buy used and have had your desktop PC running with the same processor for 4 years but also that's upgradable. You don't need to get a new case or power supply to upgrade components. It's not just about upgradability but reparability in case something breaks or you break something. Even supporting second hand market a macbook only has so much life. The hardware can go EoL and no longer get software updates but your screen and keyboard still work fine. Would be great to just upgrade your chipset instead of the whole laptop because the processor is so old that companies don't want to support it anymore.

 

If someone you know constantly makes reproductive anatomy or other borderline jokes and you think they should stop just play dumb. After the joke just say (with a straight face) that you don't get it. When they have to explain it it the joke satisfaction is gone and then more technical words need to be used to explain it making red flags pop up for them and anyone listening. They might get in trouble and you won't need to confront the behavior directly.

Works especially well in the military (even better if it's a superior).

 

Go to Njalla and create your dynamic DNS record. Once you do that It should show you something like this:

https://njal.la/update/?h=&k=&auto

On your records page it will fill in your subdomain and key automatically. on their documentation page it does not do this. You don't need the one from the documentation page. the one next to your dynamic DNS entry is what we want anyways.

Now on the pfSense box:

Make a new Dynamic DNS client. Service Type: Custom Interface to monitor: WAN (but might be something else depending on what you are doing) Interface to send update from: WAN (but might be something else depending on what you are doing)

In the update URL box paste in the URL Njalla gave you.

In the result Match paste in this:

{"status": 200, "message": "record updated", "value": {"A": "%IP%"}}

Now your pfsense box should know if it did a successful update or not. In your pfsense Status > System logs you should see this:

/services_dyndns_edit.php: phpDynDNS (): (Success) IP Address Updated Successfully!

Then I ran into an issue where it seemed like njalla wanted an update sooner than every 25 days and pfsense would say oh it hasn't been 25 days so I'm not telling njalla my IP is the same. well ok then. I pulled some inspiration from this thread:

https://www.reddit.com/r/PFSENSE/comments/hhvxdl/force_dynamic_dns_update_every_7_days/

So thanks u/WetwareLabs

I installed the cron package on the pfsense box and then I edited the /usr/bin/nice -n20 /etc/rc.dyndns.update command to run on the 1 minute of every hour (I think you see where this is going).

I then created a new cron to run every hour on the 0 minute that just runs this command: rm /cf/conf/dyndns_wancustom\'\'0.cache

So now every hour the firewall doesn't have the current WAN IP cached and he goes "Holy barnacles, I gotta tell Njalla my new IP!"

Now Njalla knows every 1 hour that something is still saying "hey I'm alive and here is my IP"

I know this solution is kind of ugly, but it works. I am sure almost nobody will read this or do anything with it but if you are living the real privacy lifestyle running local nextcloud and want to get at that sucker from the internet AND you don't want to pay for a static IP or use another dynamic DNS provider then maybe this is for you.

 

I’ve been tooling around with this for a few days now and I think I stumbled into a couple pretty useful things.

1.) having multiple VPN destinations with proton (because proton wont just load balance you to country specific plus servers):

If you already have a working openvpn config you can go to the custom options and add this to it at the bottom:

remote x.x.x.x 1194; remote y.y.y.y 1194; remote-random;

where x.x.x.x and y.y.y.y are different proton VPN IPs or DNS names. I picked plus servers because for some reason proton doesnt have us-plus.protonvpn.com or any country based DNS entry that just does that for you.

I was manually changing VPN IPs when each one would go down for maintenance and that got old quick.

2.) Split DNS

Maybe you want to have your firewall do DNS lookups for VPN tunnel establishment and then have your clients route their DNS through the tunnel to 10.8.8.1 to stream BUT you need your pfsense box to be the DNS option because you have a host override entry for local resolution of a public DNS entry (nextcloud would be a prime example).

System > General Setup add your external DNS servers here (1.1.1.2 and 1.0.0.2 for me). Check box for Disable DNS forwarder and uncheck DNS server Override

Then go to Services > DNS Resolver

Enable DNS resolver

For outgoing Network interfaces you will want your VPN interface

probably uncheck Use SSL/TLS for outgoing DNS Queries but this will depend on your DNS server you are putting in there

In custom options (if you are using UDP:

server: forward-zone: name: “.” forward-addr: 10.8.8.1@53

Hopefully that made sense and is useful to at least one person out there and you don’t need to struggle like I did. Or maybe everyone here is a pfsense guru and i’m just repeating the obvious.

 

Why YSK: An airbag typically deploys at 100-200 MPH and if your phone is sitting there it will be launched towards you and probably impale you. Don't put your phone on your steering wheel over your airbag. Don't put any alternate logos or bedazzling on your airbag. Basically don't do anything to or put anything on your airbag because anything you put on it will launch on impact.

Shameless crosspost from my reddit as I move over.

 

I see stories about how election is rigged or that there are security vulnerabilities and lots of people don't believe the outcome. Why don't they just open source everything so that anyone can look at the code and be sure the votes are tallied correctly?

 
view more: next ›