On the topic of Mullvad, what made me choose Kullvad over LibreWolf was the VPN being bundled in. If I’m not mistaken, the whole point of ToR browser is that you have exactly the same fingerprint as any other Tor browser user, making it a lot harder to distinguish you from others using your extensions, browser and other minor stuff your browser reports about you, that combined makes for a pretty unique fingerprint, evej of you are using a VPN.

But, if you have a browser that has the same fingerprint for all users, and it has an accompanying VPN, you can partly expect that most of other users of the same VPN will also be using the same browser, making it a lot harder to track you - because while there may be only a few thousands users of Mullvad in the wild, which renders the same fingerprint not much of an advantage (because you would be one of the few users of i.e Proton VPN with Mullvad), if you also use Mullvad VPN, it’s probable that most of other users who share your Mullvad VPN IP are also Mullvad browser users, making it easier to blend in.

Bit that’s mostly my theory, why (along with being able to pay with Monero) I feel like the combo of Mullvad browser and VPN is the best combination as far as minimizing fingerprint is considered. If someone has more knowledge about the issue, I’d love to hear some counter-arguments or tips how to improve my setup.

https://www.ccpgames.com/

EVE is one of the most unique games I’ve ever seen and I admire it, and CCP in general, from what I’ve seen in their volunteer programs or from streams, seems like a nice workplace.

Also, Island is cool.

Then the book will definitely be up your alley, it’s exaclty about that, and offers a great tips about how to approach it.

I cheated the MFAs by switching what I could to SMS, Yubikey or just copying the MFA private keynto Bitwarden. Kind of defeats the point of MFA, but makes stuff definitely easier.

Anything that’s important however is on yubikey, however.

Also, good luck! Are you going through the Digital Minimalism book? I should refresh on it, every time I try it, it doesn’t last long, but I always get rid of one more stupid online habit that I don’t pick up when I inevitably return to my pre-reading the book intetnet usage. So, after already going through like 4 attempts in the last 3 or 4 years, my internet usage is slowly but surly changing for the better. But it’s more of a long run, rather than being able to get everything on the first try, in my experience at least.

If you’re not doing it because of the book/haven’t heard of it, I definitely recommend reading Digital Minimalism by Carl Newport.

How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.

We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.

How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”

I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D

I’d go for scandiavia, if I could choose anywhere. Or Island, working for CCP is my dream job.

When I tried that, it lasted me for almost a year and a half, before I unfortunately got a second job that required MFA and I needed to be more online in general due to juggling two jobs. And it was amazing!

What I eventually did however was to get a dumb phone that can do a wifi hotspot, and still carried my smartphone but without simcard and net access, and powered off. When I really needed to get a taxi or look up a way home when I overslept drunk on public transport and ended up who knows where, I could always just fire up hotspot, power on the smartphone and do stuff I needed. Cause when that happened first time, it was when I first realized how much dependent I am on smartphone and net access.

Thanks for reminding me, I just quit one of the jobs and I can afford to be more offline, so back to the dumb phone I go! Convincing my GF again that she has to text me instead of using discord will be hard, though … Or explaining that I really cant look up the fact she wants, or call a taxi quickly…

I still have a python bot that forwarded discord messages to my own bare html website, so I can chat with her with the basic web browser of the dumb phone.

O(fuck)

VRAM would be 810Gb/403Gb/203Gb for FP16/FP8/INT4 for interferrence, according to their website.

I’m not sure what “FP16/FP8/INT4” means, and where would GTX 4090 fall in those categories, but the VRAM required is respectively 810Gb/403Gb/203Gb. I guess 4090 would fall under the INT4?

Looks like I’ll finally get a reason to cut off another website I hate using, but never found the willpower to get rid off.

Good

This is actually a great question, in the context of the Fediverse.

Usually, every social network or forum has in their ELUA that anything you post is theirs, and you can’t do anything about i.e Reddit using your data to train AIs.

Hlwever, here, we’re on private instances of regular people. We can make our own rules, can’t we? If an instance would say that anything you post is copyrighted by the author, i.e by CC, would it be enforcable if someone would decide to scrape (or repost) the content for profit?

But a paid licence will affect users that are all right abd for whom you’re doing it.

I understand that using something with a risk of loosong access because you’ve upset the developer is something that will turn away a lot of people, but then again, I’d say that “don’t be a dick” is a pretty reasonable requirement. The only issue I see that it’s a pretty vague definiton, but maybe just limiting it to profanities and insult towards the contributors is something more concrete, which would be easy to fulfill and also enforce.

I wonder, is it possible to create a license that would allow you to simply ban people who are being a dick about something from using it? Sure, it may turn away some people, since there’s always a risk of abuse, but it’s your work and as far as I know, you are the one who sets the terms.

If I’m not mistaken, most of the FOSS licenses (or maybe even laws?) guarantee you that you would be able to use the software even if the project later decides to change to proprietary license. But I assume you can simply specify in a licence “Everyone can use it, expect X.Y.Z”.

Would that be legal? Sure, it would probably be pretty hard to enforce, but in some cases it could make for a pretty satisfactory (and petty, of course) C&D letters, for people that really deserve it. You insult the devs of a software your company depends on, demanding something while being a dick about it? Well, fuck you, no library for you and your company.

I do feel kind of simillarly betrayed. Watch Dogs were my forst point of reference into what hacker subcultures look like, and it has shaped a large part of my life - next month i’s going to be 5 years I’ve worked as a Red Teamer in a cybersec company. I’m also mostly a poser, and the aesthetics simply makes it way more fun - making art that’s tied into what you do is great, assuming you dont take it too seriously, of course. Not that I do it, but the way Watch Dogs portraied it, it was fun.

Is it neccessary? Of course not. Is it a shame there aren’t many hackerspaces with cool street art, and hacktivists making over the top manifests ajd cool streetart around our town? A little bit.

Shit, it placed my own question into Cybersecurity right under this one. Now i dont know how to feel about it.

Forgive my ignorance, but I was always wondering why is it such a faux pau to show support to Palestine? From how I understand it, and that may be wrong, hence the question, the regular Palestinian people are occupied not only by Israel on the outside, but also by a terrorist group, HAMAS, at home. Which is basically a dictatorship, thats not afraid to openly use terror tactics. It’s a lose-lose situation, and the only thing you can do is hope youre not going to be one of the 1/100 that dies to a random strike.

When there are innocent people in a situation like that, the least we can do is show them some support.

Or do majority of people in Palestine actually support HAMAS and the war? I feel like in missing something, because the backslash to people who show an ounce of support for Palestine is massive, and I don’t really get why. I just want regular people who aren’t terrorists to live at peace :(

You actually don’t need a Youtube Account, unless you are a paying subscriber to some creators!

Check out FreeTube, it’s a desktop app similar to NewPipe on Android, that allows you to subscribe to creators while still not requiring an account, and without ads.

As for Android, I don’t know what phone you have, but if you’re ever buying a new one, I highly recommend just getting a (paradoxically) Google Pixel and installing GrapheneOS. An older Pixel is OK, just check which versions are still supported and for how long on the Graphene website. And the installation is super easy, and can actually be done in a browser without any issues, and takes like 15 minutes.

I’ve recently switched to Graphene and it’s amazing. I have a separate profile for apps that refuse to work without Google Services, so they are contained, and additionally Graphene sandboxes the google play services, so they can’t do anything you won’t let them, in contrast to any other Android phone where Google Services can basically do whatever they want without any way to limit it.

I also run Mullvad VPN on my phone all the time, but I don’t think that it’s neccessary.

Exactly! AdNauseam is my inspiration, unfortunately I dont use it right now because it doesnt work with my setup, due to Mullavad in combination with PiHole being too good at their job, so it cant really click on the adds even if it wanted to.

It would ideally require a solution that uses its own DNS server, so you can keep on using PiHole, and prefferably avoids living in your browser so you can keep it locked down for privacy.

One of the projects I have in mind is to explore some kind of “offensive privacy”, where the focus would not be on not being trackable, but on your computer spewing random bullshit and behavior into the algorithm to confuse it, and have it learning on behavior that’s not really true, but only generated. This will enable you to kind of fight back and if done by enough users even reduce the effectivness of ML algorithms, since they would be learning bullshit. Unfortunately, the scale required to effectively affect the learning process of ML models would be enormous, so it’s not really feasible, but I think it’s still better than just “staying hidden”.

With the advances in AI, creating a tool like that, that would simulate several random user behaviors on your IP/fingerprint, shouldn’t really be that hard.

And as an added bonus - if it clicks on adverts, it’s costing someone money. Fuck corporations.