WG uses UDP, so as long as your firewall is configured correctly it should be impossible to scan the open port. Any packet hitting the open port that isn’t valid or doesn’t have a valid key is just dropped, same as any ports that are closed.
Most modern firewalls default to dropping packets, so you won’t be showing up in scans even with an open WG port.
The “make a fork” thing is part of the issue, I think. In general there’s this culture in the open source community that if you want a feature, you should implement it yourself and not expect the maintainers to implement it for you. And that’s good advice to some extent, it’s great to encourage more people to volunteer and it’s great to discourage entitlement.
But on the other hand, this is toxic because not everyone can contribute. Telling non-technical users to “make it yourself” is essentially telling them to fuck off. To use the house metaphor, people don’t usually need to design and renovate their houses on their own, because that’s not their skillset, and it’s unreasonable to expect that anyone who wants a house should become an architect.
Even among technical users, there are reasons they can’t contribute. Not everyone has time to contribute to FOSS, and that’s especially notable for non-programmers who would have to get comfortable with writing code and contributing in the first place.
Just because you can work with one monitor doesn’t mean multiple monitors isn’t more comfortable though. You can have multiple windows open at once, at full size, and glance between them freely. No need for them to share the limited real estate of a single monitor.
I run Sway on my laptop because it lets me take full advantage of my single monitor, but on my multi monitor desktop setup I use a regular floating DE.
Systemd does a lot of things that could probably be separate projects, but run0 is an example of something that benefits from being a part of systemd. It ties directly into the existing service manager to spawn new processes.
It definitely encrypts the traffic, the problem is that it encrypts the traffic in a recognizable way that DPI can recognize. It’s easy for someone snooping on your traffic to tell that you’re using Wireguard, but because it’s encrypted they can’t tell the content of the message.
This works because block devices like /dev/sdX are just files. If you cp a file onto another file, it overwrites the data of the destination with the source. A block device represents the device itself, not the filesystem; if you wanted to put the ISO inside the filesystem, you’d have to mount it first.
A lot of Linux ISOs are hybrid images which can be booted if flashed directly to a USB stick.
Goes to show I don’t know much about SSO I suppose. Time to do some more research
I had issues connecting to Nextcloud from mobile clients when using Authelia, they didn’t like it, but if there’s a workaround for that that’s great
Most things should be behind Authelia. It’s hard to know how to help without knowing what exactly you’re doing with it but generally speaking Authelia means you can have SSO+2FA for every app, even apps that don’t provide it by default.
It also means that if you have users, you don’t need them to store a bunch of passwords.
One big thing to keep in mind is that anything with its own login system may be more involved to get working behind Authelia, like Nextcloud.
Except GNU is a great example of an acronym that is pronounceable. It’s even in the dictionary. The GNU mascot is a gnu, in fact.
LGBTQIA+ is essentially unpronounceable, thus we treat it as an initialism. Not that that’s a requirement, there are examples like VIP where even though we could pronounce it we pronounce each letter individually.
I would rather X didn’t get access to deadly neurotoxin, thanks
Unless they’re running LFS, I don’t see the point. By the time the antivirus database is updated, surely an update will be available in the package repo?
The Linux ecosystem is built around package repos rather than manually installed software, so antivirus makes even less sense on Linux than it does on Windows. If there’s malware it’ll get removed from the repo as soon as it’s detected.
We already have a confusing abbreviation: B vs b. One is bits, one is bytes.
It’s a pretty drastic difference. One Gb per second is only 125 MB per second. Don’t mess up your capitalization!
These are all rough averages, of course, but Tweets can be rather bigger than 140 bytes since they’re Unicode, not ASCII. What’s Twitter without emoji?
Why would a random browser extension take it upon itself to snoop on your traffic to ensure that the websites you’re using can’t be used for illegal things, and then intentionally break it if it detects something it thinks it’s illegitimate? That’s a huge breach of privacy. It’s just malware at that point. It’s not like a court of law would hold your browser extensions responsible for your piracy. That’s like blaming a cup holder because the car was used in a robbery.
No, I think this is just a bug. Especially since people have reported that the extension breaks other websites too.
You should ideally be updating manually so you can handle any issues as they arise and you don’t wake up to a silently broken system. Manual intervention is occasionally required. Usually it’s associated with a breaking change that’s announced on the mailing list, but sometimes it’ll just happen.
What’s the advantage for the bank?
What Google/Facebook did, while a little silly, at least makes some sense because they’re segregating the product from the megacorp that owns the product. They maintain the benefits of having consistent branding while also separating out their corporate interests under a new name. In Google’s case, Google still exists as a subsidiary of Alphabet, while in Facebook’s case Facebook is not a separate company anymore but it still exists as just one of the platforms that Meta operates.
With X, the product itself was renamed, and in so doing the branding was destroyed. There’s no good reason to do this as far as I can tell.
Yes, but only if your firewall is set to reject instead of drop. The documentation you linked mentions this; that’s why open ports are listed as
open|filteredbecause any port that’s “open” might actually be being filtered (dropped).On a modern firewall, an nmap scan will show every port as
open|filtered, regardless of whether it’s open or not.Edit: Here’s the relevant bit from the documentation: