cultural reviewer and dabbler in stylistic premonitions
If you have ::/0 in your AllowedIPs and v6 connections are bypassing your VPN, that is strange.
What does ip route get 2a00:1450:400f:801::200e (an IPv6 address for google) say?
I haven’t used wireguard with NetworkManager, but using wg-quick it certainly adds a default v6 route when you have ::/0 in AllowedIPs.
You could edit your configuration to change the wireguard connection’s AllowedIPs from 0.0.0.0/0 to 0.0.0.0/0,::/0 so that IPv6 traffic is routed over it. Regardless of if your wireguard endpoint actually supports it, this will at least stop IPv6 traffic from leaking.
ipv4 with an extra octet
that was proposed as “IPv4.1” on April 1, 2011: https://web.archive.org/web/20110404094446/http://packetlife.net/blog/2011/apr/1/alternative-ipv6-works/
Formally.
This video is full of jarring edits which initially made me wonder if someone had cut out words or phrases to create an abbreviated version. But, then I realized there are way too many of them to have been done manually. I checked the full original video and from the few edits i manually checked it seems like it is just inconsequential pauses etc that were removed: for instance, when Linus says “the other side of that picture” in the original there is an extra “p” sound which is removed here.
Yet another irritating and unnecessary application of neural networks, I guess.
Lemmy added an alt text field for image-only posts a few versions ago; it would be nice if more people would use it.
At least this post does link to the mastodon post which it is a screenshot of.
Upload bandwidth doesn’t magically turn into download bandwidth
Actually, it does. Various Cable and DSL standards involve splitting up a big (eg, measured in MHz) band of the spectrum into many small (eg, around 4 or 8 kHz wide) channels which are each used unidirectionally. By allocating more of these channels to one direction, it is possible to (literally) devote more band width - both the kinds measured in kilohertz and megabits - to one of the directions than is possible in a symmetric configuration.
Of course, since the combined up and down maximum throughput configured to be allowed for most plans is nowhere near the limit of what is physically available, the cynical answer that it is actually just capitalism doing value-based pricing to maximize revenue is also a correct explanation.
The tone which comes across in the video (linked from the other post I linked to in this post’s description) is unfortunately much less amicable than this article conveys.
the guy speaking off camera in the linked 3min 30s of the video is Ted Ts’o, according to this report about the session.
ip -br a
(-br is short for -brief and makes ip’s addr, link, and neigh commands “Print only basic information in a tabular format for better readability.”)
adding all compiled file types including .pyc to .gitignore would fix it
But in this case they didn’t accidentally put the token in git; the place where they forgot to put *.pyc was .dockerignore.
At my workplace, we use the string @nocommit to designate code that shouldn’t be checked in
That approach seems useful but it wouldn’t have prevented the PyPI incident OP links to: the access token was temporarily entered in a .py python source file, but it was not committed to git. The leak was via .pyc compiled python files which made it into a published docker build.
this isn’t remotely how this meme is used lol
python -c 'print((61966753*385408813*916167677<<2).to_bytes(11).decode())'
$ python
>>> b"Hello World".hex()
'48656c6c6f20576f726c64'
>>> 0x48656c6c6f20576f726c64
87521618088882533792115812
$ factor 87521618088882533792115812
87521618088882533792115812: 2 2 61966753 385408813 916167677
E: old thinkpad gang input: take the time to reapply thermal grease to the cpu at some point. It makes a huge difference.
What’s a “gang input”?
😂 it’s an input to this discussion from a member of the group of people (“gang”) who have experience with old thinkpads. and yes, if your old thinkpad (or other laptop) is overheating and crashing, reapplying the thermal paste is a good next step after cleaning the fans.
xzbot from Anthony Weems enables to patch the corrupted liblzma to change the private key used to compare it to the signed ssh certificate, so adding this to your instructions might enable me to demonstrate sshing into the VM :)
Fun :)
Btw, instead of installing individual vulnerable debs as those kali instructions I linked to earlier suggest, you could also point debootstrap at the snapshot service so that you get a complete system with everything as it would’ve been in late March and then run that in a VM… or in a container. You can find various instructions for creating containers and VMs using debootstrap (eg, this one which tells you how to run a container with systemd-nspawn; but you could also do it with podman or docker or lxc). When the instructions tell you to run debootstrap, you just want to specify a snapshot URL like https://snapshot.debian.org/archive/debian/20240325T212344Z/ in place of the usual Debian repository url (typically https://deb.debian.org/debian/).
Where are you getting 60%? Google’s IPv6 Adoption page has it under 50% still:
(while other stats pages from big CDNs show even less)