Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA....
True that. Hadn’t thought of that as it’s not my typical VPN use case.
I’m not sure what a VPN provider could do about that though, they don’t control the operating system’s networking stack. If the user or an outside process that the user decides to trust (i.e. a dhcp server) adds its own network routes, the OS will follow it and route traffic outside of the tunnel.
The defenses I see against it are:
Run the VPN and everything that needs to go through the VPN in a virtualized, non-bridged environment so it’s unaffected by the routing table.
Put a NAT-ing device in between your computer and the network you want to use
Modify the DHCP client so that option 121 is rejected
Edit: thinking about it some more, on Linux at least the VPN client could add some iptables rules that block traffic going through any other interface than the tunnel device (i.e. if it’s not through tun0 or wg0, drop it). Network routes can’t bypass iptables rules, so that should work. It will have the side effect that the VPN connection will appear not to work if someone is using the option 121 trick though, but at least you would know something funny was happening.
Oh and don’t forget to take backups of your /home. Thats good practice for every desktop environment.
The config files of the major desktop environments have become a mess though. Plasma absolutely shits files all over ~/.config and /.local/share where they sit mingled together with the config files of all your other applications and most of it is thoroughly undocumented. I’ve been in the situation where I wanted to restore a previous state of my Plasma desktop from my backups or just start with a clean default desktop and there is just no straightforward way to do that, short of nuking all your configurations.
Doing a quick find query in my current home directory, there are 57 directories and 79 config files that have either plasma or kde in the name, and that doesn’t even include all the /.config/* files belonging to plasma or kde components that don’t have it in their name explicitly (e.g. dolphinrc, katerc, kwinrc, powerdevilrc, bluedevilglobalrc , …)
It was much simpler in the old days when you just had something like a ~/.fvwmrc file that was easy to backup and restore, even early kde used to store everything together in a ~/.kde directory.
apt purge nano is one of the first things I do on a new Debian installation. Much easier to remember than having to use update-alternatives, select-editor and the $EDITOR variable to convince the likes of vigr,vipw, visudo,crontab -e,… that I really want to use vim as my primary editor.
Not really, because you’re now going to make it do more, i.e. incorporate the functionality of sudo and expose it to user input. So unless you can prove that the newly written code is somehow inherently more secure than sudo’s existing code, the attack surface is exactly the same.
Ubuntu has too many problems for me to want to run it. However, it has occurred to me that there aren’t a lot of distros that are like the Ubuntu LTS....
Ubuntu used to bring a bit of spit and polish at a time when most Linux distros lacked that. Nowadays it brings nothing worthwhile to the table anymore, it’s just brand recognition, but what it does bring is aggravation for experienced users.
I had this realization a few years ago when I found myself fighting against 20.04 and I asked myself: what exactly is Ubuntu doing for me that plain Debian can’t? The answer was nothing really, so I moved all my Ubuntu VMs over to Debian Bullseye and never looked back.
That’s not GPU passthrough. That just enables VirGL, which is a translation layer that passes some OpenGL calls through to the host’s Mesa installation. It has rather poor performance though, it’s extremely limited and is rather buggy too. You certainly can’t use it for cutting edge gaming.
GPU passthrough is when you pass through an entire GPU device as-is to the virtual machine. That is: if you have an Nvidia RTX 3060, the guest operating system will see an Nvidia RTX 3060 and it can use the native drivers for it. This gives you near-native performance for gaming.
Now, I didn’t even know this was possible with VirtualBox (if so: cool!), but it’s certainly doable with KVM if you have the right motherboard and GPU combination. I have done it, but it is quite the hassle indeed though that isn’t really KVM’s fault.
It does work with AMD GPUs too, I did it with an RX6800XT myself, but there are some (most…) AMD GPUs that have a reset bug which means they hang if you reboot the guest and you need to powercycle the physical host machine to make the GPU usable for the guest again.
Be warned though that this is just the start of the journey. There are all kinds of issues that you need to deal with and decisions that you need to make if you want to practically use it for gaming, and those require lots of googling, piecing bits of information together from all over the place, and trial and error. From memory these are things I had to deal with:
How to handle storage? Just a qcow2 file or pass through a partition or drive?
How to handle mouse and keyboard input? Emulated or through a passed through USB port? Both have their pros and cons.
Audio is a pain in the ass… emulated it either crackly or laggy. There is a way to pass it through to pipewire through a unix socket, but it’s convoluted to setup. Or perhaps you can pass an entire audio device through to your guest?
Bluetooth audio, for my wireless headset, was an even bigger issue because audio did not get routed correctly to the headset if I just connected to the host. In the end, I got a separate bluetooth dongle for my VM, and passed it through.
How do you handle the display between guest and host? Two separate monitors? A monitor with dual inputs, and toggle between them? Or something like looking-glass, which sounds appealing but again introduces issues like vrr not working properly, and your GPU will probably need a dummy “dongle” to work without an actual monitor connected.
Then there’s the CPU and how to divide the cores between guest and host: for best performance, the guest’s cores need to be reserved, and should take into account the CPU topology. For example, I have a 5900x and reserved the 6 cores on one CCX for my VM , leaving the other 6 for my host.
For more information, there’s the /r/VFIO subreddit. Yeah I know, f*** reddit, but it has a lot of useful information. The looking glass site has some FAQs too, even on things not directly related to looking-glass itself. There is some VFIO discussion on the level one forums as well, but they’re not so active.
Anyway if all this sounds like a cool project to spend a few weeks on, I heartily recommend you try it. I sure enjoyed setting this all up and getting it working, but I spent way more time configuring and troubleshooting things than I did gaming with that setup, and in the end I decided that just gaming on Proton and occasionally dual booting for problematic games is a much more practical solution.
“Building with concrete blocks? What is even wrong with you, where you never thought proper construction? What do you mean cheap building costs? People who want to build cheap buildings shouldn’t be allowed to build anyway”.
The internet suddenly makes a bit more sense to me
You don’t have to choose just one though. It’s perfectly ok to share a directory via Samba for Windows clients and share the same directory again with NFS for Linux clients.
I’m curious how software can be created and evolve over time. I’m afraid that at some point, we’ll realize there are issues with the software we’re using that can only be remedied by massive changes or a complete rewrite....
We need a networked file system with real authentication and network encryption that’s trivial to set up and that is performant and that preserves unix-ness of the filesystem, meaning nothing weird like smb, so you can just use it as you would a local filesystem.
I wonder if it’s possible to run their remapping program in a Windows virtual machine.
That should work if you can pass through the entire USB host device to the VM.
I do this with my QK80, which also has Windows only software. I have a KVM virtual machine with Windows, and when I want to configure the QK80, I use the “pass through USB host device” option to give it direct access to the keyboard, and run the software in the VM. It works fine.
If you do this, you temporarily need to connect a second keyboard though because as soon as you pass through the keyboard to the VM it becomes inaccessible for the host OS.
jk, we still love you Gitea ..for now (lemy.lol)
We all know who’s the real steward of free software and federation...
Mullvad VPN: Introducing Defense against AI-guided Traffic Analysis (DAITA) (mullvad.net)
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA....
KDE Plasma needs stability (www.youtube.com)
NATO sounds alarm over 'hostile' Russian activity across Europe (www.euronews.com)
The US-led alliance said it was concerned by Moscow’s “hybrid activity” in Czechia, Estonia, Germany, Latvia, Lithuania, Poland and the UK....
GNU nano 8.0 Released with New Options and Various Improvements (9to5linux.com)
Systemd wants to expand to include a sudo replacement (outpost.fosspost.org)
So now what distro are we running for LTS desktops?
Ubuntu has too many problems for me to want to run it. However, it has occurred to me that there aren’t a lot of distros that are like the Ubuntu LTS....
I AM SO DISAPPOINTED WITH UBUNTU 24.04 😡 (news.itsfoss.com)
Microsoft Just Released MS-DOS Source Code! (github.com)
Windows 10 will soon start nagging you to switch from local account to Microsoft Account (www.neowin.net)
VirtualBox 7.0.16 Released with Initial Support for Linux 6.8 and 6.9 Kernels (9to5linux.com)
Anon's brother hates concrete (sh.itjust.works)
Transformation complete (lemmy.world)
Samba vs NFS vs SSHFS ?
Hi everyone !...
Are there any things in Linux that need to be started over from scratch?
I’m curious how software can be created and evolve over time. I’m afraid that at some point, we’ll realize there are issues with the software we’re using that can only be remedied by massive changes or a complete rewrite....
Anyone else unable to log out of Plasma 6?
On one of my machines, I am completely unable to log out. The behavior is slightly different depending on whether I am in Wayland or X11....
8bitdo made a Commodore 64 variant of their keyboard (shop.8bitdo.com)
The 8bitdo keyboard has been pretty well-received as a ~$100 wireless keyboard with ABS keycaps. I love the way this C64 color scheme looks....