I mean, so? I would rather him lose 99% of his wealth and be worth “only” $3.2 billion rather than him having a net-worth of $320 billion. Maybe that’s just me, though.

Use dotfiles; ~/.local/script_dir/

Frankly, this is what pipx is for.

What a bunch of fucking losers.

May I ask about difference between Adguard Home and Pi-Hole in terms of “setup once and forget”?

To put a fine point on it, its about usability. AdGuard is just a simple DNS stub resolver which acts as a middle-man between your network, and an upstream DNS resolver. Basically, your device makes a DNS request to your AdGuard instance, and it either gets filtered out by your blacklists (and never leaves your network), or its forwarded to an upstream DNS resolver (a real DNS server) and then back again. Pi-Hole does the same thing, and many many many more things. So while they would both do what you want, Pi-Hole (in my experience) is dozens of times more complicated and difficult to setup. Which is awesome–if you need all those other features.

I can give you an example. Searching through my logs while writing up my first reply to you, I saw these two entries: https://x0.at/nO3I.png

One is for Skype, which I do not use. I don’t even have it installed on my PC, and the other is for QQ, which is a popular Chinese WhatsApp type service from Tencent, the same parent company as TikTok. Not only is it known for being an arm of the CCP, but why are they operating from within my network? No one uses QQ… So it’s ultra suspicious. The contact was blocked, but if I wanted to investigate further, I can–because now I know its there.

Two things. 1, unless you specifically need to run the software on a Pi, I recommend using AdGuard Home over Pi-Hole. It’s more actively maintained (not to imply that Pi-Hole isn’t actively maintained), and is going to be more of a setup once and forget type of solution.

2, the value in running a software like this is to be able to monitor your network traffic for suspicious activity, block ads, and access to malware, porn, warez, gambling, crypto, etc (especially if you have children). You can use custom blocklists like Hagezi’s threat intelligence feeds (TIF) which instantly decreases your attack vector while interfacing with the clear-net. The TIF blacklists block malware, cryptojacking, scam, spam and phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.

I very highly recommend using the Hagezi TIF lists. You can setup AdGuard very easily (mine runs off my Synology NAS), and you can easily force your entire network to use it by changing your DNS server in your router configuration page to your AdGuard Home instance IP (in my case, it’s my Synology NAS IP from within my network).

Takes a few minutes to setup, and you’re done. From there you can use the web-ui to change settings, update blacklists, and even see what your network traffic looks like: https://x0.at/D-aY.png and you can even block access to services directly: https://x0.at/QlbJ.png

So they do this for all apps. Every single app that is in the Android ecosystem. But in your mind they’re specifically targeting firefox with this to make people “scared” huh?

Must be nice to live in denial.

So you’re advocating that Google shouldn’t broadcast that firefox is broadcasting your current location? Even though they do this for every other app available on Android, you’re saying they shouldn’t do this for firefox?

Why?

https://qu.ax/VSrfL.jpg

I really used to love this woman, but her views on Israel and Gaza changed her in my eyes.

I was a super early adopter for firefox. I started using it back in 2005-2006. I’m pretty sure it was still in beta when I started using it.

Over the past 20 years I’ve watched while firefox users have formed a goddamn cult around a software. It’s insane to me, especially because I’m seeing exactly the same things from Mozilla that I was seeing from Microsoft (and later Google) at the time I decided to switch from IE to firefox to begin with…

Firefox isn’t special. It’s falling for all the cloud-based privacy invasive enshittification that Chrome has so far. It’s just getting there slower.

So cool your jets. Especially considering uBlock Origin Lite is uBlock Origin. It’s just compatible with the Manifest V3 standard.

Tesla’s collapse cost Musk $23 billion in a single day.

yummy.

Agreed. I haven’t even found anything that it doesn’t block that UbOrigin did.

Yeah, granted it’s a niche situation.

I think I’ve found a medium, though. I ended up setting Portainer agent on my VPS, and I’ve disallowed connections to everyone on that port but my IP via ufw; ufw allow from x.x.x.0/24 to any port 9001. I would still prefer to do it via SSH to hide behind the protocol and identity keys, but this will have to do. It doesn’t seem like the Portainer devs even care about an issue like this, which is pretty fucked up because by default all docker systems exposed to the internet (unless you know what you’re doing) are vulnerable to Kinsing.

Because old people welcome it, regardless of how difficult it would be for everyone, and young people don’t vote.

https://chromewebstore.google.com/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh

Doesn’t cover 100% of what uBO did, but it still works just as good IMO with DNS based ad-blocking on top.

fail2ban can be configured in just about any way you want. There’s no reason to say that fail2ban “isn’t” a WAF simply because it wasn’t designed that way. It’s kinda moot when it can be configured that way.

PGP keys gain trust the longer they’re used. But the likely-hood that they’ve been compromised also increases with time. I wouldn’t say they get “less secure” with time. Also, you can very easily create a new identity under the same PGP key, and revoke a previous identity. Additionally, you can certify other’s keys by signing it with your own, increasing the WOT (web of trust) with the key–asserting that the key does in fact belong to the correct person.

The keys are a bit more dynamic than you’re giving them credit for.

There’s also F/OSS which has been designed to alleviate some of the usability issues with PGP keys, mainly Keybase.

Yes, you just have to enable the built-in plugin for cloudflared: https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf

https://github.com/fail2ban/fail2ban

You can set dbpurgeage to 30d and pretty much just run it–or you can setup jail.conf with a bantime.factor. Its appeal is that you basically can download it, enable it, and it just works for you. It depends on your environment, though. If you have incoming authorized requests from other services it might be a pain to configure, but I’ve never used anything easier to protect you from bad actors.