131·
11 days agoDNS whitelist firewall on a router. Deny everything that is not whitelisted by address and port.
𞋴𝛂𝛋𝛆
- 12 Posts
- 169 Comments
Joined 3 years ago
Cake day: June 9th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
17·13 days agoThis would make open source dominant and kill off all the rest. Big money will battle to keep digital slavery.
Probably nothing helpful as you are already way past my understanding. Maybe look at the Darktable documentation or even the “green lantern” stuff (IIRC the name). GL or (something) Lantern is/was an open source software for Canon cameras that breaks out all DSLR features on nearly any Canon camera.
Nearly a decade ago, I had a makeshift product photography studio and messed with Macbeth color charts and profiles matched to a monitor. The tutorial guides I followed were from these two projects IIRC. GL.
Mexico has universal free healthcare starting next year.
It is the beginning of cataclysm-simulation_67
Complex social hierarchy is a super important aspect to account for too. In the proprietary software realm, you infer confidence in the accumulated wealth hierarchy. In FOSS the hierarchy is not wealth, but reputation like in academia or the film industry. If some company in Oman makes some really great proprietary app, are you going to build your European startup over top of it? Likewise, if in FOSS someone with no reputation makes some killer app, the first question to ask is whether this is going to anchor or support a stellar reputation. Maybe they are just showing off skills to land a job. If that is the case, they are just like startups that are only looking to get bought up quickly by some bigger fish. We are all conditioned to think in terms of horded wealth as the only form of hierarchy, but that is primitive. If all the wealth was gone, humans are still fundamentally complex social animals, and will always establish a complex hierarchy. This is one of the spaces where it is different.
The main problem is when following instructions for command line tools. They might figure out how to use dnf instead of apt, but the extra layers required for ostree are not very friendly. There are a ton of potential frustrations in this area, especially with GPU stuff or hobbyist hardware like Arduino where kernel stuff is needed in userland. At least as of nearly 3 years ago, the documentation in this area sucks. I was on Silverblue for a few years and managed to get through the frustrations due to intermediate experience level. I found toolbox useless compared to distrobox. But using this with something like Arduino was annoying at best. The needed dependencies expected by whatever stuff I wanted to install was usually a big mystery with near useless error failure messages and names of packages and libraries totally unrelated to the package naming in DNF. When updating the base OS, stuff built in these containers is totally useless because I could not update the containers to the new OS image. Playing around with Flash Forth on a microcontroller was even worse. I ended up layering a bunch of stuff on the host because the containers were just not working. When I got an Nvidia machine, I went to Fedora Workstation and have had far fewer issues and frustrations. SB wasn’t bad, but it is a pain to use these if you need kernel level access. Just my $0.02. I was actually on SB for ~2-3 years.
Check DNS logs. Discord is proprietary undocumented garbage that connects to dozens of raw IP addresses that have no documentation, rhyme, or reasoning. You have no clue what or who is connected in that mess of garbage, or why they are there.
It is about like, I’m going to give you access to a phone, a special phone, it just works.
It is a prison phone. You are in prison when you use it… technically. But you don’t really “see” the “place”. The other inmates are all around you. They see you, but you don’t see them. Never mind that though, the phone just works. Lots of people love that phone. Nobody asks questions. Just use the phone and pay no attention to all the rest. It will be fine.
Business model? Viability? Never mind all of that. Don’t ask questions like that. The numbers do not add up in the slightest. That is the magic of prisons. Justice costs a lot, but it is worth it right. Magic phone is easy. Ask no questions. Expect no answers. Totally normal, everyone is doing it.
The whole thing is a mass of clueless zombie morons that ask no questions and have no idea who what or why they are connected to with all those raw IP addresses. They all give trust blindly without accountability or understanding.
Is fluxer as network f’ed up as Discord without the minimum democratic standard of human readable domains, or is it the slavery of dozens of undocumented raw IP addresses?
I have never used or cared about this W11. It has never seen the internet. I only keep it around for my keyboard’s RGB controller app if I ever need it. So I have no clue if this is everything or whatnot, but that is a screenshot of my access to the windows file system from within the file manager of Fedora. That is a dual boot partition. Fedora is particularly good at coexisting with a dual boot partition.
Just be aware that W11 is secure boot only.
There is a lot of ambiguous nonsense about this subject by people that lack a fundamental understanding of secure boot. Secure Boot, is not supported by Linux at all. It is part of systems distros build outside of the kernel. These are different for various distros. Fedora does it best IMO, but Ubuntu has an advanced system too. Gentoo has tutorial information about how to setup the system properly yourself.
The US government also has a handy PDF about setting up secure boot properly. This subject is somewhat complicated by the fact the UEFI bootloader graphical interface standard is only a reference implementation, with no guarantee that it is fully implemented, (especially the case in consumer grade hardware). Last I checked, Gentoo has the only tutorial guide about how to use an application called Keytool to boot directly into the UEFI system, bypassing the GUI implemented on your hardware, and where you are able to set your own keys manually.
If you choose to try this, some guides will suggest using a better encryption key than the default. The worst that can happen is that the new keys will get rejected and a default will be refreshed. It may seem like your system does not support custom keys. Be sure to try again with the default for UEFI in your bootloader GUI implementation. If it still does not work, you must use Keytool.
The TPM module is a small physical hardware chip. Inside there is a register that has a secret hardware encryption key hard coded. This secret key is never accessible in software. Instead, this key is used to encrypt new keys, and hash against those keys to verify that whatever software package is untampered with, and to decrypt information outside of the rest of the system using Direct Memory Access (DMA), as in DRAM/system memory. This effectively means some piece of software is able to create secure connections to the outside world using encrypted communications that cannot be read by anything else running on your system.
As a more tangible example, Google Pixel phones are the only ones with a TPM chip. This TPM chip is how and why Graphene OS exists. They leverage the TPM chip to encrypt the device operating system that can be verified, and they create the secure encrypted communication path to manage Over The Air software updates automatically.
There are multiple Keys in your UEFI bootloader on your computer. The main key is by the hardware manufacturer. Anyone with this key is able to change all software from UEFI down in your device. These occasionally get leaked or compromised too, and often the issue is never resolved. It is up to you to monitor and update… - as insane as it sounds.
The next level key below, is the package key for an operating system. It cannot alter UEFI software, but does control anything that boots after. This is typically where the Microsoft key is the default. It means they effectively control what operating system boots. Microsoft has issued what are called shim keys to Ubuntu and Fedora. Last I heard, these keys expired in October 2025 and had to be refreshed or may not have been reissued by M$. This shim was like a pass for these two distros to work under the M$ PKey. In other words, vanilla Ubuntu and Fedora Workstation could just work with Secure Boot enabled.
All issues in this space have nothing to do with where you put the operating systems on your drives. Stating nonsense about dual booting a partition is the stupid ambiguous misinformation that causes all of the problems. It is irrelevant where the operating systems are placed. Your specific bootloader implementation may be optimised to boot faster by jumping into the first one it finds. That is not the correct way for secure boot to work. It is supposed to check for any bootable code and deplete anything without a signed encryption key. People that do not understand this system, are playing a game of Russian Roulette. There one drive may get registered first in UEFI 99% of the time due to physical hardware PCB design and layout. That one time some random power quality issue shows up due to a power transient or whatnot, suddenly their OS boot entry is deleted.
The main key, and package keys are the encryption key owners of your hardware. People can literally use these to log into your machine if they have access to these keys. They can install or remove software from this interface. You have the right to take ownership of your machine by setting these yourself. You can set the main key, then you can use the Microsoft system online to get a new package key to run W10 w/SB or W11. You can sign any distro or other bootable code with your main key. Other than the issue of one of the default keys from the manufacturer or Microsoft getting compromised, I think the only vulnerabilities that secure boot protects against are physical access based attacks in terms of 3rd party issues. The system places a lot of trust in the manufacturer and Microsoft, and they are the owners of the hardware that are able to lock you out of, surveil, or theoretically exploit you with stalkerware. In practice, these connections are still using DNS on your network. If you have not disabled or blocked ECH like cloudflare-ech.com, I believe it is possible for a server to make an ECH connection and then create a side channel connection that would not show up on your network at all. Theoretically, I believe Microsoft could use their PKey on your hardware to connect to your hardware through ECH after your machine connects to any of their infrastructure.
Then the TMP chip becomes insidious and has the potential to create a surveillance state, as it can be used to further encrypt communications. The underlying hardware in all modern computers has another secret operating system too, so it does not need to cross your machine. For Intel, this system is call the Management Engine. In AMD it is the Platform Security Processor. In ARM it is called TrustZone.
Anyways, all of that is why it is why the Linux kernel does not directly support secure boot, the broader machinery, and the abstracted broader implications of why it matters.
I have a dual boot w11 partition on the same drive with secure boot and have had this for the last 2 years without ever having an issue. It is practically required to do this if you want to run CUDA stuff. I recommend owning your own hardware whenever possible.
Any UEFI secure boot enabled distro will remove all boot entries without a valid package key or a shim to a valid key.
Glad you got it working.
deleted by creator
deleted by creator
Opt out is idiotic. Don’t buy this shit! You to not own it. What fuckwit dumbass rents a fridge someone else controls for $2k. I bet it has a camera inside to sell grocers a list of what to mark up for your custom pricing nonsense because you bought a billboard that screams I’m a gullible moron with more money than sense.
The ability to filter information using proprietary devices and software in the kernel of all of these garbage devices is the core issue. Trusting the owners of that code is to surrender your right to unbiased and unfiltered information. I am not at all concerned about hacking or security by small insignificant players. I am massively concerned about the extremely powerful using the leverage they have normalized and embedded to become tyrannical neo feudal lords in a fascist society. Google IS the biggest danger by orders upon orders of magnitude. Trusting them is to give up democracy entirely.
All mobile devices are proprietary. Android is a scheme to make a Linux kernel that has everything ready to deploy except the actual hardware drivers for the processor and modem. Manufacturers take this kernel and add their proprietary binaries at the last possible moment. That source code is not available anywhere. The hardware documentation is not available anywhere publicly. Every device model is just different enough that reverse engineering one does nothing transferable to any other. The level of reverse engineering is extreme and requires destroying many devices using things like fuming nitric acid and fluorine solutions just to have a small chance at reading some parts of embedded memory. These are some of the most dangerous and hazardous chemicals humans make, and you still need xray equipment, special microscopes with stepping automation to stitch images, and a ton of time.
This is moving to a tyrannical surveillance state of fascist authoritarianism. Open source software is a major front on the line of real democracy. This is a nuclear bomb released on that democracy. You fear the wrong pirates and criminals. The biggest threats always come from within. Trust as a mechanism is fundamentally antithetical to democracy. Everyone demanding trust is a traitor to democracy. Trust is the key of the fascist kingdom. Once that key is held, democracy has failed regardless of whomever is aware of the situation. Democracy requires fully informed citizens with skepticism and the liberal right to decide for themselves even when they are wrong. This is impossible without full access to information. The source of that information cannot be filtered at any level. We already have the narrowest bottleneck of available information sources in the last 1000 years of history. There are only 2 relevant web crawlers. All search queries filter through one or both of these two and the results from these are not deterministic. Two people searching for the same thing at the same time will get very different and very biased results. This is individualized regardless of any protections people imagine they have in place. Outside of the internet there is no real unbiased media. A dozen people own it all. Even the garbage claiming to comb all sources is drawing the line and dictating what is center right or left is. Anyone at the grassroots level is impossible to find because there are no organic unbiased search results. The results are all filtered junk full of agenda and bias.
This is the real big picture abstract issue in play. When the maga traitors said this was a coup, they absolutely ment that. Mobile devices are all rental garbage someone else controls. Your computer likewise has a secret operating system running in the background that you do not control. In Intel it is called the Intel Management Engines or ME. This started with Intel VPro in 2008. AMD adopted it is 2013. Arm has one too.
All that is left is to steal your right to have a digital front door by eliminating DNS filtering and all of these devices will be controlled and connected directly by someone else that is watching and listening at all times. You are already in tethers as a digital slave that can be bought and sold for exploitation and manipulation without your consent or knowledge using your digital presence. You have not effectively realized the implications of that surrendering of rights to citizenship with full autonomy. The next step is to redefine the word citizen to be functionally equivalent to slave. “You will own nothing, and you will be happy about it” because if you are not, you will be dead. This is the death of democracy. My words will echo in your head years from now. The dystopia to come is beyond anything you can presently imagine and there is no way to stop it now short of taking up arms and playing Luigi if you are able.
The consolidation of wealth is what really made Caesar. That was the death of the republic. It was not Caesar. We are all a product of our time and environment. It was the consolidation of great wealth. All that wealth did not give a shit about Rome, it went to Constantinople for better opportunities at first chance because consolidation of wealth is treasonous. It is as it was, just look at outsourcing and off shoring, or the disgusting mismanagement of banking and housing that have made the American worker completely uncompetitive with Asian counterparts at the same standard of living. No, I have no fear of the boogie man or foreign state actors. I am terrified of the criminal that normalizes domestic trust, actively manipulates and exploits me, and steals my purchased property. That is a real monster.
Democracy is dead. Welcome to the neo dark ages. Take up arms.
Uhh no… Idiots are fascists. Some idiots may call themselves liberal but that doesn’t make it so. Liberals by definition cannot be fascist. The idiots are those that let fascists parade as anything but.
Why is the UK such a hell hole all the sudden? I’ve never had such a terrible opinion of the place until now with encryption and authoritarian fuckwitism against the last bastion of real democracy on the internet.
With a DNS whitelist, all incoming packets are dropped unless the address is on the list. It is like ad block, but reversed. You are not blocking known ad servers, but all servers except those you actually want to connect to. It is a pain in the ass to look at logs and white list all the time. In reality, you only visit around a hundred sites or less that you actually need or want to connect to. Nothing gets in except what you want. That kills most vulnerabilities.