• 0 Posts
  • 24 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle
  • I still recommend it. I’m not fully happy with the situation but for now I consider it my best option.

    1. I consider Chromium-based browsers out of the question as they give too much power to Google. This is already showing to be a problem with new APIs and “features” that Google is pushing into the web platform and the bigger the market share gets the more control they have.
    2. Web browsers are the biggest attack surface that most people have. Displaying untrusted webpages and running untrusted code is incredibly difficult and vulnerabilities are regularly discovered. I don’t yet know a Firefox fork that I trust enough to reliably respond to security vulnerabilities quickly and correctly.

    So for now I am staying with raw Firefox. Not to mention that as a disto-built Firefox I have some insulation from Mozilla’s ToS. But I am very much considering some of the forks, especially the ones that are very light with patches and are mostly configuration tweaks.






  • The most likely situation is that the torrent isn’t good. I would also force a recheck of the torrent to double-check that the files on your disk haven’t been corrupted. But if that file is still saying “0 B” remaining (don’t just look at 100% as it may be rounded) after the recheck then I would bet pretty good money on a broken torrent. If this is a public tracker it is fairly common.

    However even if it is broken you may be able to play by using a different players. Different apps can skip over different forms of corruption, so you may get lucky.



  • The main issue is accepting incoming connections. When you are behind a NAT (as most VPNs are for IPv4) you need some solution (such as port-forwarding) to make your torrent client connectable. This causes a number of issues when torrenting.

    1. When someone starts a download they will try to connect to the seeders. If the seeders are not connectable this will fail.
    2. As a fallback when the seeders notice the leachers they will try to connect to them. If the leacher also isn’t connectable this will also fail.

    If neither party is connectable the download can’t happen, so you may fail to get content that you want.

    This is extra relevant if you are on private trackers where seeding is tracked, has direct value and is competitive. If you are not connectable every new downloader will immediately connect to the connectable seeders and finish the download before your client even knows that they exist. (reannounces for seeders can be very infrequent, such as hourly, so it will take an average of 30min for you to notice a new seeder and try to connect to them). This makes it very difficult to acquire much upload unless there are very few other seeders.

    NAT is evil, all hail IPv6.


  • It would be nice if there was a shortcut to go “back to previous site”. Because on one hand using back to navigate around map moves is often very convenient, but sometimes I want to go to the site before the map. Having a two-level history with page and site would be super useful.


  • This is a case of the streetlight effect. Evaluating the skills needed to do the job is very difficult in an interview setting, so most of the focus going on evaluating skills that are easy to evaluate in an interview (such as people skills).

    It isn’t wrong, as all else being equal it is still better to hire the person with better skills that you can measure but obviously is not a strong evaluation of candidate quality.










  • Only if they gain possession when the device is running with the drive decrypted and they keep it running the whole time. That is a lot higher bar then being able to turn the machine on at any time and then recover the key. For example if this is a laptop that you are flying with. Without auto-decryption you can simply turn it off and be very secure. With auto-decryption they can turn it on then extract the key from memory (not easy, but definitely possible and with auto-decryption they have as long as they need, including sending the device to whatever forensics lab is best equipped to extract the key).


    1. Wiping the drive is a lot easier, just overwrite the root key a few times.
    2. If you store the key on a different drive you can safely dispose of the drive just by separating the two. (I do on my home server, keeping the decryption key on a USB drive. If I need to ship the server or discard old hardware I can just hold onto the thumb drive and not worry about the data being read.)

    Security is always about tradeoffs. On my home server unattended reboots are necessary so it needs to auto-decrypt. But using encryption means I don’t need to worry about discarding broken hardware or if I need to travel with the server were it may be inspected. For my laptop, desktop and phone where I don’t need unattended reboots I require the encryption key on bootup.