copy fail allows VMs to infect the host system? I thought it was a kernel vulnerability, not a hypervisor vulnerability. Containers and LXCs share the kernel with the host, full VMs do not. So a kernel exploit allows container escape but not VM escape.

Kernel exploits happen a few times a year. Hypervisor exploits and VM escapes are VERY rare.

Using SSH for clustering is optional. You can just use normal VMs. You don’t have to install SSH into the VM, you can view it through proxmox. The only difference between a VM and a physical machine is the hypervisor, so the only security difference is the security of the hypervisor. And as I mentioned, hypervisor exploits are very rare.

Edit: for a sense of perspective, think about this. Almost every major tech company in the world relies on hypervisors for security. Qubes OS, known in the privacy/security world as one of if not the most secure OSes, relies on the hypervisor for security. An easily exploitable hypervisor escape would be a vulnerability on the scale of the XZ utils backdoor (which was unsuccessful). I have not seen a vulnerability of that scale since heartbleed.

I don’t get why people here are being obtuse.

Linux desktops are still fairly rare, you are right for calling Windows and MacOS “normal”. Nothing wrong with admitting that Linux Desktops are unusual

I recommend proxmox. One VM for sensitive private data and backups, one VM for stuff exposed to the internet

archive.is is the one with the horrible new google captcha right? (the one that requires phone scan)

Difficulty can make a big difference. If uploaders have to start making bootleg recordings using camcorders, cleaning up recording artifacts and lighting/reflections from the recording environment and fixing lens distortion etc, all to end up with a mediocre bootleg recording…then I can guarantee you piracy will become extremely rare.

Popular movies might get the attention and work needed. But good luck for random Youtube videos.

The study talks about giving money to people after prison. It doesn’t give any evidence that the prison method can be skipped. It might make prison cheaper, since lowering recidivism means less inmates which means less cost. But it doesn’t replace prison.

Yes but I’m saying the tech could get more advanced and locked down, like all DRM tech has been progressing

Afaik under the current system, rehabilitation is already one of the goals of prison (akin to parents giving their kids time out or grounding them in their room). I’m sure it’s questionable how effective it is. Sure is cheaper than other rehabilitation methods though.

I’m sure in the future they’ll have a firmware update system for rotating their keys if they’ve been leaked. And if you try to keep your TV offline to prevent the key rotation, they’ll still rotate the encryption key for the stream (maybe wait a year for most people to receive the firmware update), and your offline TV won’t be able to decode the stream anymore

I guess I should have specified “guilty” prisoners to be more in line with the quote

monkey paw curls

due to the injustice stated in the post, 10 random prisoners will be released

afaik you can’t screen record DRM content, it’s encrypted all the way to the TV or monitor. The OS never sees a decrypted stream. This is why if you try to screenshot Netflix the window just appears as a black frame.

What kind of abuse are you talking about? I doubt you’re talking about a 51% attack, which is incredibly hard. I’m guessing you are talking about social engineering, like where some scammer gets a poor soul to leak their bitcoin wallet or something like that.

In these cases, yes a centralized payment system can be useful, because the authority in charge can just reverse transactions that are deemed fraudulent or the result of a scam. But that same authority can do things like ban all payments to Steam for porn games (like the recent Visa Mastercard drama). That same authority can say “GrapheneOS and Pinephone users aren’t allowed to make NFC payments”.

In cases like these it would be nice for there to be an alternative to centralized systems, at least for those technologically literate enough to use these alternative systems.

they’re not controlling her, they’re trying to provide an alternative that she’ll stick with

What a lot of people are forgetting to mention here, is that the reason why maintaining a browser is so hard is because Google keeps updating the standards, and has the resources to do so, while Firefox struggles to keep up.

Remember, Google Chrome is Google’s OS. Like Microsoft has Windows, and Apple has MacOS. This is why web standards include support for USB, GPU, and other esoteric use cases. It’s in Google’s best interest for users to use web apps to do things instead of desktop apps, since that means they are likely using Chrome, within Google’s control. And Google has a perverse incentive to keep evolving these standards so that other browsers struggle to keep up, and their browsers feel outdated and feature lacking relative to Chrome.

And authoritarianism can be more efficient than democracy. Doesn’t mean I want authoritarism though

Depending on the number of devices you have, your threat model, it can be helpful to set up a security hierarchy. So you only need to worry about securing the devices at the top of the hierarchy, and can play loose and careless with the devices lower down. That way it’s less likely to lose everything due to one mistake

Interesting, I didn’t realize still gif was lossless, I was thinking in comparison to lossy formats like jpg.

Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.

My point is that SSH access is very powerful, and effectively means that the security of the SSH server is reduced to the security of the SSH client. If your SSH client is pwned, so is your server. If you have 10 devices each with ssh access to each other, then if any one device is pwned, all devices are pwned as well.

This is not the case for systems designed for file sharing only. For example with syncthing, if one device gets pwned, all it can do is send files to the other devices.

still gifs have good compression? I recall that motion gifs are notorious for large file sizes, but are still gifs the opposite?