Skull giver

Votes federate, but only for communities followed. I won’t see your votes in a community that I don’t follow, but I can see when you upvoted or downvoted what post in the community.

A scraper could simply follow every community on a Lemmy server and, barring Lemmy performance issues, will receive all comments and votes.

Just a quick and dirty SQL query of which votes of yours are in my server’s database:

select comment_like.score as score,comment_like.published as when, person.actor_id as who, comment.ap_id as what from comment_like join person on person.id = comment_like.person_id join comment on comment.id = comment_like.comment_id where person.actor_id = 'https://lemmy.ml/u/GolfNovemberUniform' order by comment_like.published desc; 

The same info is also available for posts, of course, I just didn’t want to bother making the query any longer.

Server admins/mods on Lemmy also have a button to see who upvoted and downvoted each post. This is just the inverse of that.

deleted by creator

I know several companies that, because of bad network planning, have ended up using public address ranges as internal IP addresses. IPv6 would’ve solved this easily, but I don’t think the relevant network admins ever bothered to learn network configuration beyond 1990. But hey, who needs that arbitrary /8 anyway, right? Not like anyone’s going to host DNS on 1.0.0.0/8!

Seems to me like they just want to greenwash (open wash?) their company by making it work with others. Saves a hell of a lot of trouble with legislators when it comes to stuff like the Digital Markets Act.

I’m sure they’re selling ads to their users, but I think that’s about it. There’s no money to be made analysing random internet accounts if you can’t show them ads when you’re big enough for EU regulators to care.

Why would they need threads for that? A whole bunch of companies are already doing that without running actual social media services.

They can analyse your likes and you wouldn’t even know it. All they need to do is follow the same servers you do here on Lemmy. On Mastodon they can set up a basic puppet domain, follow every user they can find, and then your Mastodon server will deliver your posts, likes, and re-tweet for them, no scraping or interaction necessary.

If you’re trying not to get analysed, the Fediverse is not for you. It’s simply not designed for privacy.

A factor in favour of jet fuel is that as the plane burns fuel if becomes lighter, thus consuming less fuel. Batteries stay the same weight. The difference between a full plane and an empty plane can be 18 metric tonnes. Super cheap operators tend to carry only a small extra margin of fuel over the amount technically necessary to make a trip, because it makes a real difference.

That means the energy density you need in this comparison isn’t really linear. If you’re doing Taylor Swift flights to the couch and back, you can save a lot of weight by having a minimal amount of fuel in the tank, but with an electric plane you’ll always have to have the full battery in case you need to go somewhere further away.

The difference between servers and countries is that servers aren’t countries and countries aren’t servers.

Servers aren’t a democracy. Well, most of them anyway.

The difference between a violent, oppressive authoritarian regime and a fee Fediverse server is that you’re free to join other servers. Multiple at the same time, even! You can just leave, no passports, no refugee status, no paperwork.

You can even set up your personal little server where you decide on the rules. A server for you and your friends can cost as little as ten dollars per month. Try that in any real country and you’d be considered an insurrectionist or a traitor, do it online and it’s just everyday business.

The unfortunate reality of most “everybody is welcome” servers is that hey generally attract a lot of people who have been banned elsewhere. Some for stupid reasons (like calling any criticism of the CCP “orientalism”), some for very valid reasons. You need some form of moderation, or your server is going to be a cesspool. Some server admins preemptively decide to block servers that don’t have moderation that’s up to their standards, others wait for abuse to spread to their server.

If you still use MBR, and Windows has an update to its bootloader, yeah.

I don’t even know if Windows 11 still supports MBR, though. Maybe it’ll happen if your firmware is broken and always boots from the fallback bootloader instead of the normal boot entry? But in that case Windows is right and the firmware needs an update.

My GPU is a 10 series, actually. Same generation as my laptop’s GPU, though that’s technically a Quadro I think.

In the instance of UDP handshakes yes, you need local software to initiate the connection on one of your devices somewhere (I highly doubt that your home router verifies the origin of those packets, so a hacked printer or IoT crap can open ports to your desktop no problem). Other problems are harder to solve.

NAT is great at what it does, but it does not guarantee security. It blocks straightforward attacks, but brings in tons of edge cases and complexity that sophisticated attacks can abuse. At the same time, the same security can be achieved using IPv6 and a firewall without all the complexity.

It’s a neat workaround that means you don’t need to mess with subnetting and routing tables when you do stuff like run virtual machines and when your ISP doesn’t offer IPv6. It was designed so larger businesses with 10 machines could access the internet without spending a lot of money on a /30, not to replace firewalls, and it still works well for what it’s designed to do.

I’ve been using Wayland on Ubuntu 24.04 with Nvidia’s 555 driver and I have yet to see something seriously break because of it. 545 was unstable as hell, but 555 has been running perfectly. I’ve even got a working external display on my laptop with the 555 drivers, something I’d previously given up on with Wayland.

Plasma is much further along (having stuff like HDR and VRR working for instance) but things have gotten a lot better quickly with Nvidia+Wayland.

Even if they’re marketing BS, some decent mainline support for Qualcomm chips is always welcome. It’ll help projects like postmarketOS and mobile Linux distros massively to have more usable Qualcomm code.

Could be that your phone lacks the necessary certificate authorities. I don’t think I’ve seen this happen on anything newer than Android 7 before, but maybe some root cert expired that I don’t know about.

If you haven’t already, try a reboot. The WebView server may be initialized once, and if you’ve just activated the cert in Magisk then you may need a reboot to activate it.

If not, I’m guessing the app explicitly does something to only use a particular system trust store.

Damn, they really overfit their music models. With image generation and text prediction it’s very hard to prove a direct connection, but with four or five of those songs it’s unmistakable that the original songs were used to generate the music output

I wonder what the effect will be of fixing the models’ overfitting. I’m guessing it’ll generate worse music, or they would’ve done so already.

Quite sad that it took the music industry to notice before any lawsuits with a chance of succeeding got off the ground.

Not really, though. It was never designed as a security boundary. You can “open” a UDP port by sending UDP packets to another host, and then that host can send UDP packets to you, for instance. Usually the IP addresses of the two hosts are exchanged through a third party, and that’s how STUN/TURN works in essence. Without this, you’d need to port forward every UDP connection manually, both incoming and outgoing.

NAT only protects you when you have hosts that only communicate along preset routes, but then a normal firewall will also work fine. It’s not like having a public IP means any traffic will actually go through, every modern consumer router has a standard deny all firewall. At best, it sort of hides what devices are sending the traffic.

Meanwhile, NAT has flaws breaking traffic (causing NAT slipstreaming risks, like I linked elsewhere). It also has companies like Nintendo instruct you to forward every single port to their device if you have connectivity issues. If that forward is not towards a MAC address, and your PC gets the IP your Nintendo Switch used to have, you’ve just disabled your firewall to play Animal Crossing.

If you want to, you can do NAT on IPv6. Every operating system supports it, even if it’s a stupid idea.

Unless you’ve gone out of your way to disable the H.263 NAT ALG, NAT actually allows websites and other services to open either random ports on your machine (if using business firewalls) or ports on any device on your network (many consumer routers).

If your router allows you to disable SIP ALG and H.263 ALG, you should. If it doesn’t, well, maybe they’ve been patched? If you’ve applied a kernel firmware update to your router the last 1-2 years you may be safe (though not many vendors will bother updating the kernel when updating their routers). You’ll lose access to SIP phones and some video calling services over IPv4, but at least some Javascript on a random blog won’t be able to hack your printer.

This wouldn’t work with IPv6, as these two protocols just work with IPv6 (and IPv4, as it was designed). ALGs are hacks around protocols, rewriting packets to make all of the problems NAT causes go away.

More info on this here: https://www.armis.com/research/nat-slipstreaming-v2-0/

Hurricane Electric will give you a bunch of free /64s and a /48 to play with, which you can set up for tunneling on any IPv4 connection that doesn’t block ICMP traffic to HE. You can set this up within a range of routers, but if your router doesn’t support it, you can also set it up on most PCs (Windows and Linux for sure, for macOS you’ll need to check, but I’m sure it’ll be fine).

You can also use IPv6 locally by simply advertising a subnet from the right range (an ULA), which is also useful for maintaining internal addressing if you do get normal IPv6 but your ISP is a bunch of dickwads that rotate the subnets they hand out (likely to happen if they make you pay extra for a static IP right now).

This has nothing to do with IPv6 itself. I pull in 4K YouTube videos over IPv6 just fine. My IPv6 routes actually have lower latency than my IPv4 routes, funnily enough.

Sounds like your ISP has broken their IPv6 routes, or your modem is outdated and can’t do IPv6 hardware acceleration. Disabling IPv6 to downgrade your connection will work as a workaround, at least until your ISP switches over to something using IPv6 as the connection backbone (like DS-Lite, which would allow your ISP to significantly reduce their IPv4 space and make a quick profit selling off their allocations, which is unfortunately becoming more and more common).

Your ISP or modem manufacturer needs to fix the actual problem here.

Actually, the Dutch government has mandated that all of its services need to be IPv6 compatible.

The longer you try to avoid IPv6, the harder you’ll make your life when you eventually need to use it.

It’s really not that hard, especially compared to the kludge of protocols that make up IPv4. I know change is scary and difficult, but if you can do IPv4, you can do IPv6.

Then, what prevents whosoever, to copy that file through cloning the complete disk?

Nothing. At most, you can have a hardware encrypted drive that won’t permit access to the encrypted data without a password, but the file will remain available after unlocking that. Plus, dedicated people (law enforcement, data recovery specialists) may be able to get access to the flash chip itself unless you buy one that self destruct on any tampering attempts (and even those have flaws).

You cannot prevent copying of data if that data is readable at disk level. At most, you can make the data useless by padding a layer of encryption (as well-encrypted data may as well be random data without the key material). That’s why everyone is going for encryption: encrypted files may as well be inaccessible to anyone who doesn’t know the passphrase. There’s no sense in copying a file which you cannot possibly read any bytes from.

If the key is gone (i.e. the real key is a password protected file that gets overwritten so even the password doesn’t work anymore), the file becomes irretrievable. This is sometimes called “cryptographic erase” in the context of disks. There are variations of this, for instance, storing the key in the computer’s processor (fTPM) behind a password, and clearing that key out. There’s no way to get the key out of the fTPM so it cannot be backed up. Even if someone were to guess your password, the file will forever remain locked. Or at least until someone manages to break all cryptography, but even quantum computers don’t know how to do that part yet.

If you’re willing to go deep, you could reprogram the firmware on your SSD/HDD to refuse reading the file. A few years back, someone made a proof of concept firmware that detected disk imaging attempts (because all blocks on the disk were read in order) and had the firmware return garbage while secretly wiping the disk when this detection triggered. You could, in theory, write firmware that refuses to read that block of data. However, if whoever you’re hiding this file from know about that, they can take out the platter/memory chips and dump them directly, bypassing your firmware entirely.