Thanks! Learned something today. Last time I opened port 53 to the public it didn’t take long and I was sending out several Megabits per second in DNS traffic. Constantly. Mostly querying the same few things. But I guess I had it the wrong way round and that wasn’t the target. Or I’ve seen a different attack type… Guess I can now try again with the new knowledge.

Seems knot-dns has DNSSEC turned on per default. But what’s all the IP addresses in the config for, if not to offer recursive lookup? That enables an amplification attack. I think they’ll do lookups to put strain on other servers, not necessarily your zones.

By the way, when self-hosting open DNS resolvers, add some security measures and monitoring or your shiny new server will mostly deliver DNS amplification attacks to people after a few weeks. That seems to be missing in the config here.

Thanks. I still don’t get it. But I guess that’s alright.

Can someone explain the joke to me?

What the other people said here. And I really dislike the projects which are somewhat open-source, but then they’re open-core only or not Free Software at all. That includes things like FUTO’s software like GrayJay. And I’ll leave once the developers/maintainers start nasty drama or pick on people or they turn out to be too much invested in the wrong political agenda.

Nice Thinkpad! I recently installed Linux Mint Debian Edition on one of the more recent Thinkpads. But the other suggestions here are fine as well. Mind an older Laptop with a spinning harddisk inside might not be as snappy as a people expect these days.

Not sure about the guides, but there are entire distributions specifically made for this: https://www.thinstation.org/

Wow, is that better or worse than a president making up tariffs with Grok AI? And police force experimenting with these predictive policing technology and contracting with Palantir? Probably fits with the military, as war is often not very humane to begin with… But all of this aligns in a very dystopian way.

I’ve heard they have government-approved VPN providers. And companies there use VPNs for their job. They’ll also do business on platforms which are blocked on the regular Chinese internet. Of course business is guided by the communist party so you might have someone keeping an eye on your company VPN (mis)use. People who went there told me they’re more lenient with foreigners. Your European/American company’s corporate VPN might work well, you might also experience connections being dropped and the Great Firewall messing with it. And there are some attempts at circumventing blockage, like TOR’s Snowflake, though all of this is a cat and mouse game, some (illegal) thing works for a while and then they shut it down and you’ll move to the next one. Though as a citizen of an oppressive regime you’d better think twice before engaging in a cat and mouse game with authorities.

I think there’s more low quality than just the basic print with all the wrinkles and creases in it. For once the head is “painted” realistically, the shirt is a slightly different style and then the hands and legs are yet another style. There’s some obvious AI artifacts and it didn’t fool people, seems they were able to tell.

And then with real art there’s some layers to it. It’d have a deeper meaning, tell us something about the people depicted, or society at times or how they’d like to portray it. Or there’s an entire interesting story about the artist, what kind of struggles they had… At least it’d invoke some astonishment in somebody. And I don’t think there’s any of that with this picture. That’s just the “empty plate” in-your-face meaning. Some children don’t have food. But doesn’t seem to me, the picture in itself tells more to the audience, or makes them think about what the statement might be, wonder what it’s trying to express, or make them question anything. And that’d be what turns art into art.

At least that’s my take on the definition of quality in art. I mean people put a bathtub out there along with some butter and it’s art. Or paint a canvas black and be done with it. On the other hand I can take a visually appealing photo of me with my smartphone and it wouldn’t be art. So in this case I don’t think quality is concerned with the visual aspect of it in the first place.

Could be performance art. But people did that before. Sneak into a museum and put something up. So it’s not an original idea.

“The work isn’t about disruption. It’s about participation without permission,” he said.

And I think the “without permission” holds true on several levels. I mean on the one hand they just put it up. And doing it with AI adds another level on top. I mean the AI companies are known for not asking for permission when they train their generative AI models. But I don’t see this being discussed in the article. It’d probably be the only thing turning this into some form of art. An AI picture in itself certainly isn’t art. Also like how the paper is wrinkled and it doesn’t look good at all and “empty plate” is just a shallow in your face meaning and even I can tell how there isn’t any art or deeper meaning to it. And most people I know who are close to art, and they’re musicians or properly draw stuff as a hobby aren’t really pro AI, I don’t think I’ve ever seen them use AI or mix it into their works.

Didn’t they just release their Ryzen AI Software as a preview for Linux? I think that was a few days ago. I don’t know about the benchmarks as of today, but seems they’ve been working on drivers, power reporting, toolkit and have been mainlining stuff into the kernel so the situation improves.

I think CUDA (Nvidia) is still dominating the AI projects out there. The more widespread and in-use projects sometimes have backends for several ecosystems and they’ll run on Nvidia, AMD or Intel or a CPU. Same for the libraries which build the foundation. But not all of them. And most brand-new tech-demos I see, are written for Nvidia’s CUDA. And I’ll have to jump through some hoops to make it work on different hardware and sometimes it works well, sometimes it’s not optimized for anything but Nvidia hardware.

It’d be a really bad situation. I mean we rely on VPNs and tunnels a lot. For half the people doing home-office, logging into the company’s VPN is the first thing in the morning. Field crew relies on them. That’s an additional layer of protection in the ATM of your bank…

It’d wreck half the economy in the process. Or “they” need to outlaw specific things. Like private VPNs. And gather a list of private VPN providers and ban them via a great firewall. That’s possible. And would make life worse in a country. It’s possible to circumvent these measures. And it’s difficult to discern traffic and distinguish VPN traffic from other encrypted traffic so the country might want to implement some harsh measures as well. A police force knocking on people’s doors if they suspect them to evade law and demand they show their computer and smartphones.

So in conclusion your best option is probably to move to a different place if you can afford to, once that becomes reality. (Edit: Maybe your best option is to protest this, do campaigns, call your representative and try to stop it. So we dont get into this situation in the fist place.)

What’s the encryption and signing on a hardware level for? I mean dependent on what’s that good for and who controls it, it’s trusted computing, or treacherous computing as Stallman calls it…

(I mean it’s not working out great for GrapheneOS either. Back in the day I had a phone I owned, with privacy features added and alternative background services so I had a pretty much Google-free experience. These days it’s all locked down, I hand out my private metadata to Google, can barely ride a train without, or get a discount in the supermarket. I can’t do backups and I’m f***ed if I want to cross a border to a more restrictive country because these guys are in on it as well. They’re probably going to use it to limit what I can install. And more and more manufacturers lock down bootloaders etc and I thought we were past this. Graphene itself advised me to switch to proprietary code in the name of security and they’ll have a look at the code later, once Google eventually releases it. All of this is due to (or related to) these security measures working way too well and that’s also why they’re being used. I wish my phone didn’t have a TPM but a simple disk encryption like LUKS on Linux instead. And I don’t see many reasons why we should copy these very bad dynamics.)

I think the overall idea is nice, though. We had these project ideas to just plug in a box and be self sufficient in the self-hosting community since the SheevaPlug. Or the FreedomBox. There are some hardware projects as well like the Home Assistant Green or back in 2019 they tried to sell a Pioneer-FreedomBox. None of those match exactly with your proposal, but I think they’re pretty close. Maybe get in touch with them and see if you can participate in a new iteration, or read about their past experience with the proposed target audience. Especially FreedomBox seems like a good fit to me. They’re not very loud, but afaik still around. And they’re Free Software nerds, which seems to align with your idea, minus the locking it down and transferring control to other parties via the TPM.

Btw, the proper place to mount filesystems is either /media or /mnt. I wouldn’t create a directory called /Volumes in Linux. And pay attention, these are case-sensitive and most (not all) system directories have agreed on using lower-case letters only. And “volume” is kind of a Windows and MacOS-term anyway, I rarely see Linux-people refer to media and filesystems that way.

Thanks for writing this down. That’s pretty comprehensive and looks like solid advice. I’d add “good documentation” and help readily available to the list. It’s really nice for new users if they’re able to find information on common woes, so they’re enabled to figure things out by themselves, instead of using some more obscure distribution.

I got a nice Dell Latitude 7390 for like 250€ a year ago. I usually just have an eye on the sales page of my local laptop refurbisher and go for the best Dell or Lenovo laptop in my price range. Since that’s mostly devices returned from leasing by businesses, they’re the more serviceable models than regular consumer models. But serviceability is somewhat limited these days. You’d have to check individually how many RAM slots are available (if any) and whether the BIOS accepts random wifi cards.

Geary is very polished and shiny. I ended up not using it because I have a lot of folders, automatic rules to sort things, different signatures and addresses and some of the advanced email stuff isn’t in there. But definitely worth a look for someone with a simpler private email inbox. And so much more intuitive to use than for example Thunderbird.

That’s your motivation to buy a new TV with the most expensive OLED out there, high contrast and a smarthome with nice automatic blinds for the windows.

But seriously, I thought that was mainly over by now? I had a lot of those shows 5-10 years ago. But seems they still do it.