smiletolerantly

joined 1 year ago

While that's true from a technical perspective...

How/where do you keep the certificate? If you either need an app for it, or need to manually install it on your device, most users would probably be out. The benefit of my suggestion is that you need absolutely nothing except a way to authenticate with GOV.

  1. is a Problem with all of these, that's for sure.

I fjnt get the part about the info service tbh

As long as your browser saves an auth token or something for GOV somewhere, all of that can happen without user interaction.

[–] smiletolerantly@awful.systems 3 points 8 hours ago (3 children)

I think that at the bare minumum, the PORN<->GOV connection must not occur. How about this (simplified):

  • USER visits porn site
  • PORN site encrypts random nonce + "is this user 18?" with GOV pubkey
  • PORN forwards that to USER
  • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
  • GOV knows user is requesting, but not what for
  • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
  • GOV returns that to USER
  • USER forwards that to PORN
  • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
  • but PORN does not know anything about the user

There's probably glaring issues with this, this is just from the top of my head to solve the problem of "GOV should know nothing".

[–] smiletolerantly@awful.systems 1 points 8 hours ago (3 children)

Not sure. How about this (simplified):

  • USER visits porn site
  • PORN site encrypts random nonce + "is this user 18?" with GOV pubkey
  • PORN forwards that to USER
  • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
  • GOV knows user is requesting, but not what for
  • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
  • GOV returns that to USER
  • USER forwards that to PORN
  • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
  • but PORN does not know anything about the user

There's probably glaring issues with this, this is just from the top of my head to solve the problem of "GOV should know nothing".

[–] smiletolerantly@awful.systems 2 points 1 day ago (1 children)

Works for most videos as well for me, but not for those were you actively have to click "I understand, continue" after getting a warning on maturity of a video.

There's an open issue on the yt-dlp github repo as well

[–] smiletolerantly@awful.systems 3 points 1 day ago (3 children)

What's really irritating is that there doesn't seem to be a way to download videos from yt which have an age restriction, even with Cookies

A Short Stay In Hell

Short novella based on this exact premise. If you have never encountered it before, I urge you to give it a read. It's excellent. Also very disturbing.

[–] smiletolerantly@awful.systems 12 points 2 days ago (1 children)

Got a simple brother laser printer. Duplex, BW only, works flawlessly with Linux and as a network printer.

4-5 times a year I'll need to print 10 pages. Add an additional one every two weeks.

The printer definitely paid for itself in convenience.

I mean, yea. But it is also easy to buy them, they're everywhere and fairly cheap. The Galbani one is also just 1€ or so more expensive.

To be clear, making your own is fantastic, it's just not anything I'd want to do 2x/week

[–] smiletolerantly@awful.systems 15 points 2 days ago (4 children)

Mozzarella (talking about the balls of fresh mozzarella you get sealed in with their brine).

Can't do store brand anymore after having tried Galbani.

[–] smiletolerantly@awful.systems 2 points 2 days ago (1 children)

Ugh yeah, it feels like the show is making fun of Preservation, which kinda undermines the show. Contrary to what others seem to think here, in my opinion the added goofiness really detracts a lot from the show.

[–] smiletolerantly@awful.systems 18 points 3 days ago (2 children)

Imagine reading this headline and instantly jumping to this in your head.

 

Five years ago, I bought a Supernote A5. It was (and mostly still is) a great device for reading and writing on an eInk display, and it runs plain old linux.

The deciding reason I went for this device instead of the competition is that I was "under the impression" that they were about to enable full SSH access to the device! Awesome!

"Why were you under that impression?", I hear the skeptics ask. Well, their spokesperson has stated that they would do so. Via mail, and on reddit, publicly, multiple times. I was still torn, so sent them a DM, asking if this was ineed factual. "Yes", they said, "the next quarterly update will enable SSH access!".

Great!

Well, it's been 5 years. They did not follow through. A couple updates were published, none contained the promised functionality, the spokesperson stopped answering questions about SSH. The last software update I received is from 2.5yrs ago. Mentions of the original Supernote A5 have largely been scrubbed from their website.

Let me be clear, the device still functions perfectly. But it is in danger of becoming e-waste because it is so needlessly complicated to get stuff on the device. I'm currently in need of an ebook reader with (ideally) OPDS capability, and I am pretty confident I'd be able to get something like koreader running on this, or at least just run a script to sync files over SSH. Also, I frankly feel wounded in my pride having a Linux device in my possession which refuses to do my bidding (I'm joking of course, but also I am 100% serious).

Here's all I know:

  • plugging it in via USB, the device reads as an MTP device, with access only to the documents/books/... stored on it
  • you can place an update.zip file (obtained from the SN website) into the root of that MTP directory, and upon reboot, the device will update. To me, this appears to be the most promising route of gaining access.
  • unfortunately, the zip file is encrypted. The decryption key clearly has to be known to the device, but since I have no access to it,...

I'm a software engineer, but I have zero knowledge of the "dark arts", so to speak. If anyone could help me (or point me into the right direction!), I would really be grateful. I don't want this (generally nice) product to turn into a paperweight instead of a paper replacement :(

 

Basically, the title. After years of inactivty, I'll be taking music (cello) lessons again, with my teacher of yesteryear, from whom I've moved half a country away.

She has suggested Zoom but is open to alternatives. I don't particularly like Zoom, plus I have a feeling better quality can be had through a custom solution - but I'm at a bit of a loss as to what exactly would be a good fit for this project.

Maybe Jitsi? Does someone here have experience with it and could tell me if it's possible to set something like a "target" audio quality?

For hardware, I basically have two options. Both are already in use, for different things, and have sufficient processing capabilities - albeit no GPU:

  • host everything at home. Plus: lowest possible latency from me to the server. Not sure how much that is worth though.
  • root server in the Hetzner cloud: much faster network speed. Again though, not sure how beneficial that is, the ultimate bottleneck will always be my upload speed (40Mbit)

OK, I realize that this post is a but of a random assortment of thoughts. I'd be really happy about suggestions and / or hearing about other's experiences with similar use-cases!

28
submitted 1 year ago* (last edited 11 months ago) by smiletolerantly@awful.systems to c/selfhosted@lemmy.world
 

Hi,

not sure where else to post this. For a while now, I've unsuccessfully been trying to get WireGuard to work with Crunchyroll.

Setup is as follows:

  • dedicated server hosts a wg-quick instance in [neighboring country]
  • OPNSense acts as peer on a single IP
  • I have a rule for routing the entire traffic of some source device via that IP

This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device's local gateway. The connection is stable, and fast.

...except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.

I don't think this is an issue with CR recognizing that I'm not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I've also tried from multiple other devices, all with the same symptom.

If anyone has suggestions, I'd love to hear them 😅

EDIT: ~~It was MTU. Had to manually set it to 1500 on both devices.~~

Nope, still the same issues. I was using the fallback interface there briefly.

EDIT: It WAS MTU related, I had to enable MSS clamping on the OPNSense.

view more: next ›