An immutable distro… like NixOS? Or do you mean your root filesystem is immutable? NixOS can do that too. You could normally mount your nix store as readonly and remount rw during updates if you really care about filesystem immutability, or use some snapshot system if you’re paranoid about adding new files to the store corrupting other files already in the store during an update.

The nixpkgs VM creation module, which I’ve never seen documentation for, has a mode where it generates a kernel, initrd, kernel command line, and erofs image containing a prepopulated /nix directory and that’s enough to boot the VM.

Ansible is disappointing as an IAC tool. It’s good for doing things, but it’s not good for converging systems to a desired state. Too often you end up with playbooks that are not idempotent or rely on something that was done during a previous execution of the playbook or just don’t do something that was done by a previous version, and then unless you are constantly recreating your systems you won’t notice until it’s a problem and you can’t get your system back.

Most updates are a waste of time on my phone. Open a streaming media player for a closed streaming service and before it let’s you watch anything it reminds you that you can spend a minute or two updating to a new version indistinguishable from the o/d version. Who knows what they’re changing because the attack surface is basically nonexistent and bugs aren’t being fixed.

Would Wine be better with Microsoft working on it? The frequency and severity of regressions in Windows has been increasing for years now. Maybe for Wine to be a more accurate representation of Windows 11 it needs more bugs and less functionality. The Windows team is good at that.

As if older memes were all meaningful. There’s nothing wrong with 6 7 itself. What’s 9 + 10?

You can host a Proton mail bridge to use different apps running on different machines, including phones.

Self hosting e-mail, particularly SMTP, will likely require a static IP from a reputable provider. Mail servers may reject incoming mail based on the reputation of the sending server. You can avoid this by relaying through another SMTP server and configuring your DNS rules to allow that server to send mail on your behalf, but that’s not really self hosting anymore.

You can use OpenEBS to provision and manage LVM volumes. Host path requires you to manually manage the host paths.

It is impossible. CPV is only going to allow the attacker to know that the device is probably not located next to the VPN server. It can only prove a positive, not a negative.

The second method you’re describing is only possible for people who control internet infrastructure and are able to infer correlations data going into your VPN server with data going out of your VPN server, which is both easier and more difficult than you’re suggesting. The attacker does not need to most of the internet routers because they only care about the data going into and out of the VPN server (it’s onion routing where the attacker needs to control many routers), but the attacker does need to have a powerful enough device to be inferring (hopefully) encrypted network flows on the public network to the packet sizes of encrypted VPN traffic for all of the traffic that is passing through that VPN server at the same time.

The latency to your VPN server is a constant added to the latency between your VPN server and whatever servers you are connected to. As long as the user’s VPN service doesn’t use different VPN servers for different destinations, it is impossible to determine the location of the user behind the VPN based on latency, and in general it is impossible to determine how far a user is from their VPN server because of varying latency introduced by the user’s own network or by bad infrastructure at the local ISP level. You can only know how far they aren’t based on the speed of light across the surface of the earth.

But, without a VPN, this is a real attack that was proven by a high school student using some quirks of Discord CDNs. Even without using Discord’s CDNs, if somebody wanted to locate web visitors using this technique, they could just rent CDN resources like nearly every big company is doing. Of course, if you have the opportunity to pull this off, you normally have the user’s IP address and don’t care about inferring the location by latency. The reason why it was notable with Discord was because the attacker was not able to obtain the victim’s IP address.

That sounds like build automation. You can use some Git forge software.

It’s not just anti-LGBTQ+. This is going to be bad for everyone. We’re just years away from banks and insurance companies factoring in your social credit score based on your activity on sites where you had to verify you’re not a legally considered a child.

You verify your age on Discord. Discord doxxes you through negligent handling of user data. Your account is found to be a member of a server that might suggest you are less responsible. Your rates are increased. Even if you know this is the reason, you cannot sue Discord because you were coerced into waiving your rights. The shareholders are happy because the line goes up. Is it already happening? I doubt any companies are rushing to tell us that they’re doing it, but the data is available to them.

It’s the natural progression of subreddit simulator. Somebody heard about dead internet theory and had to make it a reality.

That repository is only for the Boox60, a device from 2009. They haven’t been releasing kernels for modern devices.

They’re not that open because they steal Linux: https://web.archive.org/web/20220109040915/http://bbs.onyx-international.com/t/install-linux-or-alternate-os-and-gpl2-kernel-source/698

Unfortunately, if you use either of these methods to install Windows 11, you will wind up with Windows 11. You will eventually regret it.

It’s so user friendly. It tells you exactly what to do to solve the problem. Switch to a tty (if that even works on your system) and log in, type this long command from memory, making sure not to mistake those 0s for Os or the Unicode left single quote for back tick, restart your lockscreen, which of course you know how to do, and then come back. If that doesn’t work, start terminating some processes and praying.

It says you can return using “ctrl+alt+F[N] where N is the tty number in the top left corner.” I can’t find my F0 key.

It’s not even good. It’s just scripts for some starter Arch rice, not a serious distro.

Some Unity games may be launched with a parameter that causes them to execute arbitrary code. It seems like it only makes sense on Android. Windows and Linux games can normally only be launched by a process with the same or greater privileges than the process being created, but on Android you can elevate privileges by invoking another app. In practical terms, another app can access the save data of your mobile games.

There was also something about games that register to be launchable directly from a webpage, which would allow web sites to escape the browser sandbox, but it didn’t sound likely.

Some attackers check services that have already cataloged the services you are running, even on uncommon ports. You won’t hear from them unless you are running a potentially vulnerable service.

They’re headphones. Somehow we’ve managed until this point without headphone-based spy devices. How is their translation software different?

If you’re self hosting Headscale you can configure your network such that Headscale is reachable on your network with or without internet access and available from the internet.