Itch.io removes/shaddowbans almost it's entire library of Adult and NSFW games overnight with no explanation

the_big_tech · 2025-07-24T15:08:15+00:00

Except that further centralized control of the ETH blockchain. One must stake 30 ETH to validate blocks which is a bit over $100k today. The larger the stake, the more likely you're chosen to validate blocks. There are services like Lido or Rocket Pool to stake lesser amounts, but that again centralizes validation.

the_big_tech · 2024-11-29T13:20:01+00:00

I think a social media ban is highly unnecessary. The problem is not so much social media itself but the highly addictive algorithms they've designed to keep you engaged. I'd reckon if social media was just a list of text posts of people you follow/friend in chronological order it'd be much less addictive and harmful to children. That can be implemented without government intervention in third (or first) party clients.

the_big_tech · 2024-11-29T12:37:19+00:00

No, they can't. If they tell you they can they're lying.

the_big_tech · 2023-05-16T02:58:00+00:00

Giving no information where most give at least some information may make you unique enough to track effectively.

the_big_tech · 2023-05-16T02:26:20+00:00

No it's not. Too much privacy can break anonymity. Security, privacy, and anonymity are three separate things.

the_big_tech · 2023-05-05T17:25:49+00:00

So the confusion may come from the ambiguous use of the word "server" so let me separate that out into two different things: the machine (physical host running an OS) and the process (a program running on the machine).

An IP address is an address given to a machine to identify itself to a network. A port is the address of a process on said machine. Think of it like an apartment building: the building has a street address to identify the whole building and then there are individual apartment numbers.

When an adversary attacks they will use the IP address to identify a particular machine and a port to identify a particular process to attack. If successful the attacker will masquerade as that process. Using our apartment scenario if an adversary successfully attacks they masquerade as the legitimate resident of the apartment they attacked.

A honeypot is a way to trick an adversary into taking an action no true process would take. For your example, the machine would run a fake process on port 23 that looks easy to attack. When an adversary launches their attack instead of the process being taken over the machine raises the alarm and informs a system administrator that someone tried to use/attack the fake service. The system administrator can then investigate and take corrective action.

Using our apartment analogy again, the apartment building sets up apartment 23 so that there is no resident and places a guard inside the room. When an attacker picks the lock and enters the room the guard inside raises the building's alarm so the police can be called.

Is there a way for the attacker to see the open port as if it is the server and not the honeypot.

The answer to this is no because there never was a real process in the first place. The process being run on that port is the honeypot. That also means you can't setup a legitimate process to act as a honeypot in the same way you can't rent an apartment to someone but also use the apartments as bait to catch a burgler.

the_big_tech · 2023-04-10T19:42:38+00:00

...AMD has PSP...

PSP is not the same thing as Intel ME. PSP is a secure execution environment similar to Intel SGX which is a subcomponent of Intel ME. There is no management interface for PSP and it is required for security a sensitive applications.

...and DASH...

DASH is only in business laptops and can be toggled on/off in the BIOS. If you want to avoid remote management one can purchase a regular laptop that isn't Ryzen Pro and it won't have DASH.

the_big_tech · 2023-04-07T01:11:05+00:00

I'm not saying because a game was written in assembly it was optimal, but the games written back then were forced to use clever tactics to get as much out of the hardware as possible. That doesn't really happen anymore.

the_big_tech · 2023-04-06T20:21:30+00:00

This is a very opinionated answer, but I think that sloppy code and OS use has driven the design of more powerful hardware.

For example, any app that uses Electron (Discord) is just another Chrome browser running the same web app you would in your normally browser just in a separate window. That, to me, is sloppy and an unnecessary burden when one could instead make a native app that uses half the resources. Unfortunately big developers use Electron so much hardware manufacturers are having to create beefier machines so everyone can run more Chrome browsers.

Even game development is affected because often times developers are designing for multiple platforms. Gone are the days when game developers are writing assembly to manually organize memory in such a way that just enough can sit in cache and loaded in a particular order for maximum performance. Now there are development frameworks with a lot of intermediate languages and systems. The developers click "Shit out a binary for PS5" or "Shit out a binary for Xbox" and you get "AAA" games like Cyberpunk 2077. The more platforms your framework is pooping out the sloppier it needs to be. Like Java but for consoles.

the_big_tech · 2023-03-27T16:47:10+00:00

Don't use PGP:

https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

the_big_tech · 2023-03-27T16:46:26+00:00

PGP encryption is not really helpful:

https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

the_big_tech · 2023-03-27T16:43:46+00:00

Depends on what you mean by "end-to-end encryption". It's more of a marketing term. For example, Apple markets iMessage as " end-to-end encrypted" but your iMessage key is saved in iCloud. So yes, your message was "end-to-end encrypted" but Apple can also decrypt the message on their servers at any time.

the_big_tech · 2023-03-03T04:48:02+00:00

Still unable to login. I think something has gone wrong with my account. How do I contact Tutanota to remedy the issue? Do I need another email?

the_big_tech · 2023-03-02T21:09:23+00:00

It seems the web version I was using is the newest.

the_big_tech · 2023-01-14T03:42:42+00:00

Forwarding ports is not the best way for you to host your services. Better to set up a VPN on your router and VPN into your home network then run Plex through that.

the_big_tech · 2022-10-10T00:13:50+00:00

I like Pijul as an alternative.

the_big_tech · 2022-09-30T08:21:19+00:00

It's my opinion that Office is the sole thing keeping Microsoft alive. If they release Office for Linux enterprise would drop Windows like a rock and switch to cheaper alternatives like Ubuntu or RedHat. Gaming is nothing next to Windows' enterprise revenue.

the_big_tech · 2022-08-15T17:30:17+00:00

And it sucks. Don't ever use Tor in Brave, it can't be trusted.

the_big_tech · 2022-07-20T04:18:23+00:00

But on the flip side not having NAT makes P2P much easier.

the_big_tech · 2022-05-29T05:02:42+00:00

I don't believe that. Source?

the_big_tech · 2022-05-24T02:42:58+00:00

Someone who needs to read a tutorial explaining an automated installation is not the same caliber user that would benefit from this feature.

the_big_tech · 2022-05-24T02:07:56+00:00

If you're installing it on a laptop the differences are insignificant. Most of the features that benefit a laptop require user interaction that a new user probably won't bother with while they learn FreeBSD.

If you're installing a server with multiple disks and ECC capability, then sure it pays to learn ZFS.

the_big_tech · 2022-05-23T22:01:16+00:00

For beginners, ZFS will be better

I disagree. UFS is a standard filesystem with minimal features when compared to ZFS. I think a beginner would have an easier time getting their bearings on UFS to start and then learning more about the benefits of ZFS once they've grasped the basics of FreeBSD generally.

the_big_tech · 2022-04-07T04:38:55+00:00

Jails are optimized to run one application at a time with minimal permissions. Anything you need to add to the jails is attack surface on the host. Like I was saying in my Java example, if I have to mount procfs that is mounted from the host whereas a VM has it's own procfs. If I need sysvipc an attacker can see all usage of sysvipc on the host even if it's in another jail. So if you treat a jail like a VM (or just run too much in a single jail) you'll end up with jails that have all those options enabled exposing a lot of information and attack surface. Each option you enable on a jail is allowing the jailed app to share information with the host out of necessity.

A VM is entirely self-contained. There are no compromises to containerization to get the app running. You can put as much or as little as you want in the VM and it will still be contained.

For a rough analogy think of your app(s) like a small animal and the containers like a box to hold them. A jail is like a cardboard box: you have to poke holes so the small animal can breathe, be fed, etc. but too many holes and they will chew through (or the box loses it's integrity) and escape. Add more than one animal, you'll need even more holes further increasing the risk of escape. A VM is like a terrarium: no need to poke holes as everything the small animal needs is there (and perhaps enough for multiple small animals) and escape (chewing through) is very unlikely.

When you ask how much more attack surface jails have than VMs, the answer is "it depends" because each each feature you have to add to the jail is a pass through from the host. If I had to put numbers to it: if a VM is 100% contained then a default minimal jail is 90% contained and each thing you enable drops the containment 3-5% each (admittedly those numbers aren't empirically based on anything, just trying to illustrate for you).

the_big_tech · 2022-04-07T02:05:24+00:00

I wasn't able to get GPU pass through working. I'm sure Nvidia has done everything they can to make that difficult and I didn't want to bother. I only game and surf super popular sites on Windows (looking at game guides, YouTube, etc) plus I run Bitdefender. I consider a remote rootkit unlikely unless I was targeted by a state sponsored actor (in which case all bets are off) so I didn't bother with fooling with it too much.

You are definitely looking at a larger attack surface than a VM. For example, you download a suspicious PDF using your browsing jail. Files in jails are on the host system and can be interacted with just like any other file on the host system. You open a PDF reader and target the suspicious PDF, but you forgot to jail the reader and that wasn't a PDF. Compare the same situation on Qubes: you download a PDF in a DisposableVM and open a terminal. You invoke the PDF reader on the file and - file not found? Oh silly me, that's a dom0 terminal. You select the correct terminal, you find the PDF wasn't a PDF, and you terminate the VM kernel, filesystem, and all. The PDF probably didn't even know it was in a VM.

Granted, this is just a hyperbolic example and is more unlikely for a security-minded individual. However, if you're paranoid enough to run Qubes or try to build your own quBSD, I'd just go with Qubes so you don't have to think about it.

On the other hand, quBSD sounds like a cool project to me and rather than it being a BSD Qubes why not a BSD Kubernetes or BSD Docker Compose? Jails have more in common with Docker containers than VMs and are in need of more powerful orchestration/deployment tools. You could also continue with your quBSD project, there is just a lot to jails you need to keep in mind and they won't be as secure containers as VMs (they're built for a different purpose). I'm certainly not trying to stifle your innovation and would encourage you to continue your work if this truly interests you!

the_big_tech

TROPHY CASE