Okay, I just tested Tor on windows, and it shows a bunch of microsoft fonts that my linux box doesn't have.
But what I did notice is that the fingerprint changed on my linux box after a full restart of tor browser. So I guess their approach is to randomize fingerprints between sessions, rather then to keep everyone's fingerprint the same?
how much of the internet is unusable with js disabled
Quite a lot actually. A lot of articles / blogs / news sites are actually more usable without javascript than with, because none of the annoying popups and shit can load. I suggest having two browser profiles: one with javascript enabled by default, and one with javascript disabled. So for things like online shopping, you'd open the js profile. And for things where you expect to do a lot of reading, use the nojs profile. Ublock origin also lets you temporarily enable/disable js for a particular website pretty easily.
This is what I though as well, but brave on stock windows doesn't show any noto fonts. Haven't tested tor browser on windows yet tho, so idk
I'm running Brave and Librewolf from flatpak. Nope, it doesn't help, at least with default sandbox settings.
I'm slowly starting to agree with @ssm that safeguarding against fingerprinting is an exercise in futility though...QubesOS sounds like something that might help though, since it makes it easy to browse from a virtual machine with fonts and other settings that may be leaked set to the most bog-standard defaults.
On a related note, disabling javascript can actually improve your user experience quite a lot for certain types of tasks. A lot of news/blogs/article-style websites nowadays are actually more usable without javascript, because you don't have to waste time closing all of the ads and cookie popups. I have a separate browser profile with js disabled and use it quite a lot.
Font fingerprinting -- even tor browser is vulnerable!?
I've just been playing around with https://browserleaks.com/fonts . It seems no web browser provides adequate protection for this method of fingerprinting -- in both brave and librewolf the tool detects rather unique fonts that I have installed on my system, such as "IBM Plex" and "UD Digi Kyokasho" -- almost certainly a unique fingerprint. Tor browser does slightly better as it does not divulge these "weird" fonts. However, it still reveals that the google Noto fonts are installed, which is by far not universal -- on a different machine, where no Noto fonts are installed, the tool does not report them.
For extra context: I've tested under Linux with native tor browser and flatpak'd Brave and Librewolf.
What can we do to protect ourselves from this method of fingerprinting? And why are all of these privacy-focused browsers vulnerable to it? Is work being done to mitigate this?
I agree. I also think part of the blame can be placed on the system administrators who failed to make a recovery plan for circumstances like these -- it's not good to blindly place your trust in software that can be remotely updated.
In Linux, this type of scenario could be prevented by configuring servers to make copy-on-write snapshots before every software upgrade (e.g. with BTRFS or LVM), and automatically switching back to the last good snapshot if a kernel panic or other error is detected. Do you know if something similar can be achieved under Windows?
Something like this? Yeah, "step" makes more sense in this context. Tho I'm having a hard time imagining a 50 foot (15 meter!) stepladder haha
Isn't that also more or less the case with X11? From what I understand, if you try to use bare Xorg without any extensions like Xfixes and Xdamage, it's pretty miserable
What do you mean by "handles multiple monitors poorly"? Is it something to do with scaling? The only issue I've encountered under X11 related to multihead is the inability to set different subpixel geometries for different monitors, but iirc wayland doesn't let you do that either? Just curious what your usecase is
At first I though this was just a regular shitpost but then I saw the screen tear edit lol
On a more serious note, is there a way to actually fix screen tearing under x11? I've always thought a compositing manager like xcompmgr would do it, but for me it only makes it worse?
English isn't my first language, but don't ladders have rungs, not steps? Steps is for stairs, no?
For a while I had a low-power server for my personal things that stayed on all the time, and a more powerful computer that hosted a minecraft server. As the player count dwindled, I decided to make the minecraft server automatically shut down at midnight, and wake up at 8 in the morning using rtcwake. And eventually I disabled the rtcwake thing entirely, and made the smaller server run a webui that could wake up the minecraft server using wake-on-lan. So if anyone wanted to play, they would first have to remotely turn on the server through a web page. This was all password-protected ofcourse.
Also, no, I don't use a UPS. I've never seen anyone use a UPS in the country where I live, and I don't think I've experienced a power outtage in like 4 years. Whether or not you need a UPS seems to be largely dependent on where you live.
Not OP, but this is very important and good advice, thanks for sharing it! Also, TIL about bluray discs being a possible backup strategy
Get an old computer, install Linux on it, and run Nextcloud.
Nextcloud is basically a cloud storage app like Google Drive or Dropbox, but self-hosted.
Your choice of Linux distro should depend on your level of experience. If you've never used linux before, then I suggest using Linux Mint XFCE edition. XFCE provides a friendly graphical interface while not taking up too much system resources.
I don't have any good tutorials that I can link to, but I'm sure you'll find something if you search for "nextcloud linux mint".
Once you can access Nextcloud from within your home network, you should make it accessible from the outside internet. This is probably the most difficult part. You need to dig around in your router's settings to assign a static internal IP to your homserver, then add a port forwarding rule. Again, search for something like "<your router name> port forwarding" and "nextcloud port forwarding". Once you have that working, you can just remember your public IP address and use that to connect to owncloud from the outside world. Or, if you have a bit of money, you can purchase your own domain name and use that instead.
It may also be the case that Xfinity does something fucky like assigning an IPv6 address or using CG-NAT. This makes it difficult to make your homeserver accessible from the outside. In that case, I would recommend calling Xfinity and asking for a plain old IPv4 address.
Another consideration is what kind of storage you want to have in your homeserver. The simplest option is to just have one disk (SSD or HDD) with both the operating system and the storage on it. However, keep in mind that drive failures do happen. To keep your data safe, you should make periodic backups to a second storage medium. You can create whole-disk backups using dd, or you can just copy the Nextcloud data directory. The former approach takes up more space, but has the advantage that you can restore the entire system in case of a drive failure, without having to manually re-install linux and nextcloud.
Anyway, this is just the approach I've always been taking. Hope this helps!
General questions about LVM2 and RAID
Hi all! I recently built a cold storage server with three 1TB drives configured in RAID5 with LVM2. This is my first time working with LVM, so I'm a little bit overwhelmed by all its different commands. I have some questions:
- How do I verify that none of the drives are failing? This is easy in case of a catastrophic drive failure (running
lvchange -ay <volume group>will yell at you that it can't find a drive), but what about subtler cases? - Do I ever need to manually resync logical volumes? Will LVM ever "ask" me to resync logical volumes in cases other than drive failure?
- Is there any periodic maintenance that I should do on the array, like running some sort of health check?
- Does my setup prevent me from data rot? What happens if a random bit flips on one of the hard drives? Will LVM be able to detect and correct it? Do I need to scan manually for data rot?
- LVM keeps yelling at me that it can't find
dmeventd. From what I understand,dmeventddoesn't do anything by itself, it's just a framework for different plugins. This is a cold storage server, meaning that I will only boot it up every once in a while, so I would rather perform all maintenance manually instead of delegating it to a daemon. Is it okay to not installdmeventd? - Do I need to monitor SMART status manually, or does LVM do that automatically? If I have to do it manually, is there a command/script that will just tell me "yep, all good" or "nope, a drive is failing" as opposed to the somewhat overwhelming output of
smartctl -a? - Do I need to run SMART self-tests periodically? How often? Long test or short test? Offline or online?
- The boot drive is an SSD separate from the raid array. Does LVM keep any configuration on the boot drive that I should back up?
Just to be extra clear: I'm not using mdadm. /proc/mdstat lists no active devices. I'm using the built-in raid5 feature in lvm2. I'm running the latest version of Alpine Linux, if that makes a difference.
Anyway, any help is greatly appreciated!
---
How I created the array: ``` pvcreate /dev/sda /dev/sdb /dev/sdc vgcreate myvg /dev/sda /dev/sdb /dev/sdc
pvresize /dev/sda pvresize /dev/sdb pvresize /dev/sdc
lvcreate --type raid5 -L 50G -n vol1 myvg lvcreate --type raid5 -L 300G -n vol2 myvg lvcreate --type raid5 -l +100%FREE -n vol3 myvg ```
For education purposes, I also simulated a catastrophic drive failure by zeroing out one of the drives. My procedure to repair the array was as follows, which seemed to work correctly:
pvcreate /dev/sda vgextend myvg /dev/sda vgreduce --remove --force myvg lvconvert --repair myvg/vol1 lvconvert --repair myvg/vol2 lvconvert --repair myvg/vol3
Those template errors feel almost passive-aggressive to me. Almost as if the compiler is telling you "Here are all the ways in which I tried to make your shitty code make sense, and yet it still doesn't work" lol
For vim users, there's also vimtex, which, on top of doing what entr does, has a "quick fixes" feature that basically creates a split with a concise list of errors that's much more readable than pdflatex (or similar) output
I'm just gonna stick to slotted, thanks
Fun fact: Torx screwdrivers are compatible with Torx Plus screws, but Trox Plus screwdrivers are only compatible with Torx screws that are one size larger
5 years of experience, yet still not clue what "Underfull \hbox" means
Context: LaTeX is a typesetting system. When compiling a document, a lot of really in-depth debugging information is printed, which can be borderline incomprehensible to anyone but LaTeX experts. It can also be a visual hindrance when looking for important information like errors.
Why doesn't brave patch out google's hidden spyware extension?
Update
Apparently this is patched out by Brave, but it is enabled by default. See u/Engywuck@lemm.ee 's comment below!
---
Vanilla chromium gives google's websites special treatment by offering detailed CPU info, among other things. This is implemented through a hidden browser extension. You can prove this by yourself by running chrome.runtime.sendMessage("nkeimhogjdpnpccoofpliimaahmaaome", {method: "cpu.getInfo"}, (response) => {console.log(JSON.stringify(response, null, 2)); }, ); on google.com through the browser console. For me, it gives the following info:
{ "value": { "archName": "x86_64", "features": [ "mmx", "sse", "sse2", "sse3", "ssse3", "sse4_1", "sse4_2", "avx" ], "modelName": "Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz", "numOfProcessors": 4, "processors": [ { "usage": { "idle": 28238205, "kernel": 827581, "total": 32762960, "user": 3697174 } }, { "usage": { "idle": 1455131, "kernel": 743391, "total": 6209241, "user": 4010719 } }, { "usage": { "idle": 1448653, "kernel": 769970, "total": 6068506, "user": 3849883 } }, { "usage": { "idle": 1450274, "kernel": 744886, "total": 5948597, "user": 3753437 } } ], "temperatures": [] } }
Note that this doesn't work on other websites like lemmy.world, only google.
What I am confused about is that I can replicate this behavior in Brave. Why does brave reveal this information to google, and to google only? From what I understand, it can be used for fingerprinting and tracking. Shouldn't this be patched out? Is my testing methodology flawed? Will this be fixed?
Brave version: Version 1.67.123 Chromium: 126.0.6478.126 (Official Build) unknown (64-bit) running on linux via flatpak
Props to Alpine and Kali for disabling this bullshit out of the box
Context for newbies: Linux refers to network adapters (wifi cards, ethernet cards, etc.) by so called "interfaces". For the longest time, the interface names were assigned based on the type of device and the order in which the system discovered it. So, eth0, eth1, wlan0, and wwan0 are all possible interface names. This, however, can be an issue: "the order in which the system discovered it" is not deterministic, which means hardware can switch interface names across reboots. This can be a real issue for things like servers that rely on interface names staying the same.
The solution to this issue is to assign custom names based on MAC address. The MAC address is hardcoded into the network adaptor, and will not change. (There are other ways to do this as well, such as setting udev rules).
Redhat, however, found this solution too simple and instead devised their own scheme for assigning network interface names. It fails at solving the problem it was created to solve while making it much harder to type and remember interface names.
To disable predictable interface naming and switch back to the old scheme, add net.ifnames=0 and biosdevname=0 to your boot paramets.
The template for this meme is called "stop doing math".
Basically the extent of my IPv6 knowledge
Template source: https://web.archive.org/web/20210304000634/https://www.government.nl/topics/coronavirus-covid-19/visiting-the-netherlands-from-abroad/checklist
Basically the extent of my IPv6 knowledge
Template source: https://web.archive.org/web/20210304000634/https://www.government.nl/topics/coronavirus-covid-19/visiting-the-netherlands-from-abroad/checklist
Debian used to be so good. What happened!?
Firefox on Debian stable is so old that websites yell at you to upgrade to a newer browser. And last time I tried installing Debian testing (or was it debian unstable?), the installer shat itself trying to make the bootloader. After I got it to boot, apt refused to work because of a missing symlink to busybox. Why on earth do they even need busybox if the base install already comes with full gnu coreutils? I remember Debian as the distro that Just Wroks(TM), when did it all go so wrong? Is anyone else here having similar issues, or am I doing something wrong?
With GPL, you're programming Freedom. With MIT, you're programming for free.
Context:
Permissive licenses (commonly referred to as "cuck licenses") like the MIT license allow others to modify your software and release it under an unfree license. Copyleft licenses (like the Gnu General Public License) mandate that all derivative works remain free.
Andrew Tanenbaum developed MINIX, a modular operating system kernel. Intel went ahead and used it to build Management Engine, arguably one of the most widespread and invasive pieces of malware in the world, without even as much as telling him. There's nothing Tanenbaum could do, since the MIT license allows this.
Erik Andersen is one of the developers of Busybox, a minimal implementation of that's suited for embedded systems. Many companies tried to steal his code and distribute it with their unfree products, but since it's protected under the GPL, Busybox developers were able to sue them and gain some money in the process.
Interestingly enough, Tanenbaum doesn't seem to mind what intel did. But there are some examples out there of people regretting releasing their work under a permissive license.
Python is great, but stuff like this just drives me up the wall
Explanation: Python is a programming language. Numpy is a library for python that makes it possible to run large computations much faster than in native python. In order to make that possible, it needs to keep its own set of data types that are different from python's native datatypes, which means you now have two different bool types and two different sets of True and False. Lovely.
Mypy is a type checker for python (python supports static typing, but doesn't actually enforce it). Mypy treats numpy's bool_ and python's native bool as incompatible types, leading to the asinine error message above. Mypy is "technically" correct, since they are two completely different classes. But in practice, there is little functional difference between bool and bool_. So you have to do dumb workarounds like declaring every bool values as bool | np.bool_ or casting bool_ down to bool. Ugh. Both numpy and mypy declared this issue a WONTFIX. Lovely.
When people complain about systemd "violating the unix philosophy", this is what they actually mean
Credit for the answer used in the right panel: https://serverfault.com/a/841150
Solutions? Where we're going, we don't need solutions.
Please dont take this seriously guys its just a dumb meme I haven't written a single line of code in half of these languages
With all the talk about privacy, people seem to be forgetting that censorship is also a major problem for today's internet.
Many "alternative" search engines are better for privacy, but they are still vulnerable to censorship, because they rely on g\*\*gle and m\*crosoft's indices for their search results. This isn't a deep-hidden secret either, many of them disclose what search index they use on the "about" page, for example:
- https://duckduckgo.com/duckduckgo-help-pages/results/sources/
- https://support.startpage.com/hc/en-us/articles/5138782571796-Why-isn-t-a-particular-site-appearing-in-the-results
- https://www.ecosia.org/privacy
There are still search engines that (claim to) maintain their own index. Most surprisingly, br\*ve:
- https://brave.com/search-independence/