I have a whole rant on this topic, but the short version:

It’s dentists.

The gnarliest mountain man, who hunts bears with his bear hands, can be brought to his knees with a toothache. The toothache never sleeps, can’t be fought, and always eventually wins. Even basic dentistry is life saving - even another human with a pair of pliers and some moonshine - but I’d much rather have novocaine.

Hail Eris!

May your surfboard be waxed and your toothbrush free of sand.

Yes - the nodes are obsidian pages (markdown files), this view is a napkin-type layout thing that is built in; I haven’t played much with it

You’re running docker inside a vm? Why?

The first thing I would do is learn the 5-layer OSI model for networking. (The 7-layer is more common, but wrong). Start thinking of things in terms of services and layers. Make a diagram for each layer (or just the important layers. Layers 3 and up.)

If you can stomach it, learn network namespaces. It lets you partition services between network stacks without container overhead.

Using a vm or docker for isolation is perfectly fine, but don’t use both. Either throw docker on your host or put them all in as systemd services on a vm.

Shinji get in the god damn robot

What!

How many of these devices do we have in our asset inventory? Do they have a cvss score yet? Let’s just do it ourselves with an ssvc score. Can this be exploited remotely? Call crowdstrike, tell them to get a network detection written and deployed. How long do we have before the quarterly audit? Can our soc do threat hunts against this? Get me the RTOs, RPOs, and business impact assessment. Let’s MOVE, people!

Pilot the Frenchmen, Remmy!

Sir, you are a hero. Thank you for your service.

Shinji get in the goddamn robot

Now tell me where the cops hide, even when they’re not there

Spread-spectrum audio watermarks will survive multiple re-encodings and are extremely difficult to detect.

Iirc google widevine will embed a device code, and if a pirated copy of some content is found, they will blacklist the gpu’s device code so it can’t receive 4k content anymore. That’s video, but it’s the same idea.

1. Yes, because:
2. It could
3. And if it does, you probably can’t remove it

Streaming sites can embed an unhearable data stream into audio signal. It’s possible

That being said, it’s extremely improbable, given the costs to do it at scale.

If you’re part of a large company’s beta program and have access to some unreleased product, maybe worry.

If you grabbed a file from some mega host updown whatever site, don’t worry.

And if you’re still worried, take a sha256 hash and put it into google search. If you get any results that even mention your file’s title, then you’re good.

I especially enjoy the lemonade subplot, which, while never directly integrating, weaves throughout, juxtaposing and accentuating the finer details of the main plotline.

Extremely. It’s just slow, but once you get used to that, it’s solid.

Papers: held

It is exceptional, thank you for asking :)

10 minute intro

Proceeds the weedian

5 minute solo

Nazareth

song continues in this manner for another 45 minutes

Any form of bread with a filling, generally assembled cold

But, dare I say, does that not make a ravioli a sandwich? A poptart? Mayhaps even … Lasagna?

Ah, you proclaim! But those are cooked further!

But so too is a grilled cheese! And a patty melt!

Where will the madness end?

This is exceptionally well stated. I saw my parents, myself, and every reddit/lemmy/twitter thread I’ve ever read, in your description.

So much online conversation isn’t conversation at all; it’s posturing; saying something completely irrelevant that attempts to paint the “opponent” into an indefensible corner. The best response, then, also doesn’t respond, and does the same - end result being two people just saying stuff at each other.

Wireguard creates a new network interface that accepts, encrypts, wraps, and ships packets out your typical network interface.

If you were to create a kernel network namespace and move the wireguard interface into that new namespace, the connection to your existing nic is not broken.

You can then use some custom systemd units to start your *rr software of choice in said namespace, rendering you immune to dns leaks, and any other such vpn failures.

If you throw bridge interfaces into the mix, you can create gateways to tor / i2p / ipfs / Yggdrasil / etc as desired. You’ll need a bridge anyway to get your requester software interface exposed to your reverse proxy.

Wireguard also allows multiple peers, so you could multi-nic a portable personal device, and access all your admin interfaces while traveling, with the same vpn-failure-free peace of mind.