Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - la xasop

Pages: [1] 2 3 ... 100  Next >
Technology & Information / Re: Laptop Help
« on: March 01, 2021, 03:24:16 PM »
So I found a refurbished 2017 Thinkpad or a new Ideapad at comparable cost, both from Newegg. Anyone have an opinion on which will be better value?

Refurbs are almost always better value than new laptops. Unless you want to run the latest AAA games or bleeding-edge video editing software, hardware doesn't advance rapidly enough that you'll notice a difference between what they can do, and the older laptop will have depreciated in price.

That said, look at the specs before making a decision. My suspicion is that the refurb will have better specs (or perhaps comparable specs and better build quality) if it's comparably priced, but it's good to be sure.

They dont handle aggressive multi tasking very well.... if I have two GIS programs up and then fire up chrome to troubleshoot issues I'm having, things slow down to a crawl. And they're pretty heavy.

This really depends on which model you have. Lenovo is a brand, and they produce a very wide variety of laptops. My previous laptop (an X1 Carbon) was extremely lightweight, and my current one (a T14 AMD) has an 8-core Ryzen that handles parallelism very well.

Technology & Information / Re: Ask Rushy about Bitcoins.
« on: February 23, 2021, 08:59:10 PM »
Here is the latest from Rushy on Bitcoin:

<Rushy> it could go up or down from here

Technology & Information / Re: New laptop
« on: February 10, 2021, 06:34:11 PM »

Looks like the M1 may actually be useful soon.

Technology & Information / Re: New laptop
« on: February 10, 2021, 03:56:57 PM »
They have an SOC.

Oh, well that changes everything. ::)

Technology & Information / Re: New laptop
« on: February 10, 2021, 03:12:46 PM »
You took an ARM chip that was optimised for a job and gave it a completely different job making it useless. I intend to use the chip as Apple designed it to be used. And 7 years later, it does a lot more than that awful crap you bought all those years ago. That Ævan guy was right. You are an idiot.

So you are just regurgitating corporate hype. Here's a hot tip: ARM laptops are, in general, no more specialised for doing one task than x86 laptops are, you've just bought into some marketing drone telling you they are. They're just another kind of machine.

Technology & Information / Re: New laptop
« on: February 10, 2021, 02:55:08 PM »
The future isn't power hungry x86 chips that compute generic workloads. Its going to be ARM with SOC tech, tuned to match the silicon to the software. I'm not running complex fluid dynamics computations. I watch youtube videos, make a the odd website, browse the internet and make a spreadsheet here and there. I want fast response times, low noise, low heat.

That's interesting. When I wanted that 7 years ago, this is what you said:

You bought a computer that is optimised for the internet and now you intend to unoptimise it for the internet?

You picked a computer with an Arm cortex A15 chip on it. And then put Debian on it. Do Debian have an app store? This is a tablet chip. Not x86. What could you possibly be intending to do on this computer? The only thing it is good for is browsing the internet ... and you just made it slower at doing that.

You're an idiot.

Why the change of heart? Are you sure you're not just regurgitating corporate marketing hype again?

Technology & Information / Re: New laptop
« on: January 10, 2021, 07:22:18 PM »
So yeah, I returned the hunk of shit and bought an M1 Macbook Air.

How can you return something before buying it?

Technology & Information / Re: Who loves or hates their VPN?
« on: December 28, 2020, 07:58:42 PM »
Very interesting. I've tried the IP Blocker in the Cpanel to block the IPs and their ranges but it does nothing to stop the hits. They're not really hurting anything but these 'GET's are consuming bandwidth and showing up in my metrics as traffic. It's annoying.

Speaking as a professional computer somebody for the past decade, this is just the Internet. If you are going to put services on the public Internet, you will need to get used to the fact that this happens.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 28, 2020, 02:44:32 AM »
Don't get me wrong - I don't actually disagree with you here. It's just that... Yeah, things that shouldn't happen happen all the time. I see no merit in just saying "but it shouldn't happen" - I'd rather mitigate the effect of it happening. It is extremely important to address these flaws in the general use case as they crop up, but the paranoid use case of "I'm doing something I shouldn't be doing" warrants a few more layers of hardening.

That's fair, I suppose. I guess where I differ is that I don't consider this protection to be worth the added complexity, but then I was also looking at it as a way of running a web browser, where elevating privileges to root is basically never needed.

You explicitly stated that you don't like pre-made solutions in the field of security. I know you, and thus I have a good idea of what you meant, but I am going to be relatively unique to see your meaning despite your choice of words.

Well, to be more specific for the benefit of others: I prefer general-purpose tools that can be easily configured and composed to work the way I want them to, rather than tools that come pre-configured the way someone else thinks they should work. I don't think of configuration to suit your needs as reinventing the wheel, and I would never in any situation advocate reinvention of wheels in security. (Reinvention of wheels in other fields is sometimes, though rarely, justified.)

I suppose the 5 users of OpenBSD might indeed be restricted there. I know for a fact that OP is not one of them, so I didn't concern myself with it when making my recommendation.

OpenBSD is but one example. I actually edited my last post while you were replying, so to expand upon that, the Whonix installation instructions for Linux provide options for Virtualbox and what they call "KVM" (which is actually libvirt managing KVM guests). My Linux systems with VMs do use KVM, but they do not use libvirt, in part because libvirt does not support using the isolation features of QEMU that I use to mitigate the risk of VM escape attacks. It is a tad ironic that a project based on security by isolation would force me to reduce the isolation of my system in order to install it.

Other situations in which this is limiting are that you cannot use it on non-x86 hardware, or on old x86 CPUs without virtualisation extensions, or on a VM without nested virtualisation support (which is its own can of worms). In case you think I am contriving scenarios that will not arise in practice, I have personally encountered users who wanted to run VMs for isolation but could not for all three of these reasons.

Granted, this likely does not apply to the OP, but it is one of my concerns about using multiple VMs for this. (If it were a single VM, it could — at least in principle — be installed onto bare hardware as a workaround.) Even if we accept that the approach improves security, it does so at the cost of portability, which reduces the number of users that can take advantage of the improved security.

Yeah - I am working with limited information, and I filled the gaps in what OP told us with my own experience with similar activities. I have some confidence in my guessed, but it obviously does not replace a well-defined spec. However, I also suspect that OP doesn't exactly know what he wants - hence my suggestion of looking at a tool and seeing if it feels right.

Agreed on that point, which is why I suggested OpenBSD as well, as an option that comes with a privacy- and security-enhanced Firefox installation by default (albeit without Tor). Hopefully one of these options will suit.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 28, 2020, 02:05:12 AM »
You're massively overthinking this and consequently missing the point. By the time you need to ask yourself which software you "trust", you already have problems big enough that you should be wiping your entire computer and moving to Argentina.

The very existence of such a setup is contingent on not trusting some of your software, otherwise you could just trust the web browser (or whatever other tools you're running) not to leak information about your client.

This design decision can be, arguably only slightly, beneficial in case of user error.

For certain classes of user error, which I'm still not convinced are significantly more likely than the user revealing personal information directly over the "private" transport.

If you install malware on your computer, it doesn't matter how much you "trust" your kernel.

It does if you are running that malware as an unprivileged user, which should always be the case in this scenario.

This, by the way, is why we generally teach people not to reinvent the wheel when it comes to security. It usually ends very, very badly, because a single person, no matter how smart, is more likely to miss some holes than a team of dedicated people working on a solution for years.

Agreed. I can't tell if you're implying that I've suggested reinventing the wheel or not.

You're also making this assessment based on one short remark I've made about a single design decision, without having read anything else about the project. This is extremely unhelpful to this discussion, and you're potentially scaring people away from a tool which appears to be a near-perfect match to their needs.

Indeed — I don't know anything about the project and I had never heard of it until you mentioned in this thread. My reaction was based on the all-too-common approach of "put it in a VM, then it will be perfectly secure" from people with no understanding of what they are talking about, and that does make me initially sceptical of projects which rely heavily on virtualisation for isolation. I accept that it may not be warranted in this specific case — I simply don't have enough information to express anything more than wariness.

The approach has flaws (though I disagree that you identified one), but it's the least-worst option available for a relatively competent computer user who doesn't do professional-computer-somebody work for a living.

I would not go so far as to say I identified a flaw. I have concerns — and I would not personally use this project without more research to answer the questions that come to mind. But it also doesn't seem to run on my OS — actually, it doesn't have instructions to run on any system I use, since its Linux instructions assume that you use either Virtualbox or libvirt (while calling libvirt "KVM") — so there is no sense in me doing that research. This, by the way, is one of my concerns about using VMs for this, as it means they can only feasibly target a fairly narrow range of host system configurations.

Also, whether or not it is the best option depends on exactly what you want to isolate. I still think that restricting a web browser's access to OS resources is a better approach to improving privacy on the web specifically, but Whonix seems to aim for isolation of a complete OS. Depending on user needs, this may be overkill if they just need a privacy-enhanced Firefox, or it may indeed be a perfect fit.

Also, can we please just agree that, regardless of our disagreements, Thork shouldn't be further engaged in this thread?

That much is patently obvious.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 27, 2020, 10:31:04 AM »
And memeing OpenBSD as the answer to every problem is hardly much help either.  ::)


Technology & Information / Re: Who loves or hates their VPN?
« on: December 27, 2020, 09:45:27 AM »
What a mess . The tl;dr

@Dr Nostrand ... spent $30 and do it right.

This does not address all of the concerns raised in this thread, but thanks for trying. It turns out that "just throw a VPN at it" is not a complete solution to privacy online.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 27, 2020, 01:52:54 AM »
There is a lot of opportunity for me to fuck up permissions and own myself even without any inherent architectural issues.

If we aren't taking user caution for granted, there is also a lot of opportunity for you to send personal information over Tor or a VPN, which applies no matter what technical solution is used.

But still, don't you need IP addresses if you don't want people to see your face?

Well, this thread was asking about VPNs in general, and my initial reply was in response to that. It only became clear later that you meant using a VPN as your gateway. Also, I don't understand your question.

Also, to clarify my previous post: No work is needed to use pledge and unveil for privilege restriction, that happens for Firefox on OpenBSD by default. The work involved is to set up routing domains and pf to block non-Tor traffic, if that's a thing you want to do.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 27, 2020, 12:59:21 AM »
I don't know about "good", but the reasoning is that if you manage to compromise the client/workstation, you still have very little information about its network setup. The gateway is not meant to be used interactively by the user, which mitigates some routes of compromise.

I'm very sceptical of such arguments because any network clients on the workstation VM should be running unprivileged, so escaping a network namespace sandbox would require a root privilege escalation vulnerability in the kernel. It's difficult to imagine a scenario in which consumer virtualisation software is trusted, but the Linux kernel is not. To me, just throwing more VMs at a problem seems like security by people who don't understand security, which is why I'm very wary of such off-the-shelf solutions.

An alternative to consider is OpenBSD, which I've been using as my daily driver for the past 5 years now. Without diving deeply into details (there are plenty on the website), OpenBSD has two complementary mechanisms to restrict process access — pledge(2) for system calls, and unveil(2) for filesystem paths. Firefox on OpenBSD makes use of these to severely restrict what things it can do, so even without network isolation, it should not be able to inquire about hardware details or network interface configuration, nor read any of your files other than those necessary for it to function. (It is, of course, possible to add or remove capabilities to/from the default set, if you need it to access some specific files or want to remove the ability to play sound, for example.) It is straightforward to couple this with rdomain(4) and pf(4) to block any network access from Firefox to the outside world, forcing it to proxy via Tor (or wherever else you may want it to go).

Of course, that approach involves a bit more work, and probably a lot of learning if you are not already familiar with Unix, but the great benefit is that you end up with a system you understand, rather than a product somebody else created with dubious design choices. The other bonus, if you run it on bare metal, is that instead of accessing all hardware via a virtual machine — which tends to make things like hardware-accelerated graphics difficult or impossible — Firefox has direct access to only the hardware it needs. But the extra work involved means it may or may not suit you, so consider carefully whether it's a trade-off you want to make.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 27, 2020, 12:17:25 AM »
In a nutshell, you run 2 VMs: one acting as a Linux box that routes all network traffic through the other - a gateway that routes all Internet traffic through Tor.

Is there a good reason to use two VMs instead of just using network namespaces to isolate the client and gateway on one Linux system?

Technology & Information / Re: Who loves or hates their VPN?
« on: December 19, 2020, 10:47:08 PM »
Of course, the traffic is from Russia.


Russians sending out dodgy requests to random web servers? Must be a Tuesday.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 15, 2020, 10:18:54 PM »
This is something I've also wondered about. Even a amateur geolocator can tell you're on a VPN. There are all kinds of fingerprints from the originating computer and application layer in a deep packet analysis. Can a civilian VPN really hide all that shit?

Using a VPN as a proxy to the public Internet can't hide anything except network addresses — and even then, some application protocols may provide ways to elicit this information from the client. Whether a VPN will be sufficient for your requirements, or be able to form part of a solution that is, depends on what your requirements actually are.

Technology & Information / Re: Who loves or hates their VPN?
« on: December 15, 2020, 07:30:05 PM »
I've been playing with tinc. My main reason for using it is that it is the only VPN that will run on every OS I use, but it's also a lot easier to set up than OpenVPN. Also, it's a mesh VPN, which means that once you connect to any node in the network, it will automatically route traffic along the most efficient route it can.

Arts & Entertainment / Re: Cyberpunk 2077 E3
« on: December 10, 2020, 12:18:13 AM »

Pages: [1] 2 3 ... 100  Next >