This is an alt account, you may see it around. I am not ban-dodging intentionally, I promise!
This is the main
https://scribe.disroot.org/u/drkt
I wouldn’t even know where to begin, but I also don’t think that what I’m doing is anything special. These NVR IPs are hurling abuse at the whole internet. Anyone listening will have seen them, and anyone paying attention would’ve seen the pattern.
The NVRs I get the most traffic from have been a known hacked IoT device for a decade and even has a github page explaining how to bypass their authentication and pull out arbitrary files like passwd.
I love the idea of abuseipdb and I even contributed to it briefly. Unfortunately, even as a contributor, I don’t get enough API resources to actually use it for my own purposes without having to pay. I think the problem is simply that if you created a good enough database of abusive IPs then you’d be overwhelmed in traffic trying to pull that data out.
I have plenty of spare bandwidth and babysitting-resources so my approach is largely to waste their time. If they poke my honeypot they get poked back and have to escape a tarpit specifically designed to waste their bandwidth above all. It costs me nothing because of my circumstances but I know it costs them because their connections are metered. I also know it works because they largely stop crawling my domains I employ this on. I am essentially making my domains appear hostile.
It does mean that my residential IP ends up on various blocklists but I’m just at a point in my life where I don’t give an unwiped asshole about it. I can’t access your site? I’m not going to your site, then. Fuck you. I’m not even gonna email you about the false-positive.
It is also fun to keep a log of which IPs have poked the honeypot have open ports, and to automate a process of siphoning information out of those ports. Finding a lot of hacked NVR’s recently I think are part of some IoT botnet to scrape the internet.
Nothing in life takes no effort. I’m only advocating on the basis that Windows has become more of an effort to stick with than Linux has become to learn.
… everything else in your workflow will work immediately with no research needed.
I’ll put it simply for you: You can spend a few hours figuring out a new workflow, or you can spend the rest of your life fighting a losing battle against a megacorporation that has it out for you that will also randomly upend on your workflow.
Long live the Linux phone.
I may have misunderstood, but Google isn’t doing Android behind closed doors; it’s just development. The released versions will still be as open as they are now, as far as I’ve understood.
Man I’m not going to dive into it but this reads like a FUD piece and I know the article explicitly calls out people who dismiss evidence as FUD, but please read just the first point that ‘Tor is compromised’:
the agency has worked on several methods that, if successful, would allow the NSA to uncloak anonymous traffic
If succesful, implying that they haven’t been. I’d love to read the paper but I’m European and they block me from clicking it, citing GDPR issues :-)
promised to reveal how a $3,000 piece of kit could unmask the IP addresses of Tor hidden services as well as their users.
a much anticipated talk at the Black Hat hacking conference was abruptly canceled.
The university cancelled the speech and cited no reasons but I can think of several legal ones even if the device didn’t work. No proof.
the FBI is able to de-anonymize Tor users and discover their real IP address remains classified information. In a 2017 court case, the FBI refused to divulge how it was able to do this,
I can fly. No, I don’t have to prove it.
What is a ‘scene’ in this context?
Meshtastic
BOINC
Tor
I2P
Just off the top of my head. Meshtastic is probably the most similar to Helium but I don’t know what Helium is and their landing page makes me not want to. BOINC supports projects not in the official lists, just google around.
You can boil the logic down and apply it however you want. The fact is that different people have different levels of tolerance for bullshit and VPN users are a large source of it. TOR is also inherently harmless but exit nodes end up on banlists everywhere because malicious users use them to the point that exit nodes are pre-emptively banned in a lot of places because some people just don’t wanna deal with it. The big email providers have a zero-tolerance policy for the same reason; if your domain misbehaves even once then you’re on the shit-list forever because it’s not worth playing whack-a-mole with malicious actors.
Because shared VPNs are also used by malicious actors and some admins just don’t care about dealing with that.
Linux is truly extensible and it is the part I both love and struggle to explain the most.
I can sit at my desktop, developing code that physically resides on my server and interact with it from my laptop. This does not require any strange janky setup, it’s just SSH. It’s extensible.
Any file manager on Linux supports this
I just type sftp://[ip, domain or SSH alias] into my file manager and browse it as a regular folder
That doesn’t really change that it’s one company hosting it. Unless you’re willing to make 10 different accounts because your super-FOSS friends aren’t willing to join each others instances?
Have you tried? Because Proton is the miracle people make it up to be.
Yeah, I know! Don’t say that too loud, though. Proton and Tuta are the precious baby boys who can do no wrong in most “privacy” communities.
no paid ads for third party products
Haha you almost fucking got me, I actually wrote a whole thing about how those are ads but then I read your comment again and noticed that clever little write-off. Ads for their own products are still ads and I don’t want to fucking see it. Get that shit off my eyeballs, I paid for this product.
The newsletter is an ad, it’s not news. They’re just advertising their products to you and you can’t unsubscribe and you can’t ignore it because they very deliberately have a special styling for the newsletters that makes it stand out from normal emails.
I don’t know why you want to defend this company. I’m glad you’re okay with the level of shitty behavior they engage in; it’s definitely less than most email providers do- I’m just letting people know that Tuta aren’t angels. They’re a company, and they used to be better. Proton was exactly the same. It was a good service and then it became shitty.
I would love to log back in and show you the 3 separate buttons on my UI that did nothing except link to a “Please pay us for this feature” page because I was a legacy premium user because I didn’t want all those new bullshit they made. I stress that it’s not a case of them implementing a button in the UI for all users and because I’m a legacy user I get it too even if I can’t use it- the buttons had special CSS to make them stand out. They were ads. Why couldn’t Tuta just leave me alone? I could still be paying them to this day if they had just not gone down that path. I just want an email that is an email and nothing more and doesn’t get in my way. Tuta had that, and then they took it away and asked for more money to put it back.
I think the misunderstanding here is that I was a legacy premium user. I was paying less to get only the email+calendar because that’s what I signed up for, originally. When people sign up today, that’s not an option. People who are new to Tuta (relatively) haven’t seen this change happen and haven’t witnessed how obviously desperate Tuta was to get people off the legacy premium plan.
Also my name is drkt_ but I’m sure you tried your best.
At 19 I worked IT at a local shelter and the administration was so psychotic I cried in the bus to work.