Nibodhika , 4 months ago to nostupidquestions in Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy?

There are several ways, most common is to MITM the address to redirect to a different but similar one, which is unlikely to get noticed since you know you typed the address correctly or you clicked from a trusted link/favourite, then that wrong address has it’s own valid SSL certificate. Another way is to use self-signed certificates, which browsers would warn people about, but apps are not likely to. Also you can MITM the CA themselves, whole you wouldn’t be able to actually pass by them you can do an exhaustion attack and essentially block all certificate exchanges, yes your site won’t have a valid certificate, but neither will any real site, so most people will just ignore the message the browser is showing them because it’s showing it for every site.

None of these methods would fool an attentive educated person, but they might fool someone in a rush. Also even if the attack doesn’t succeed in stealing information it 100% succeeds in blocking access, while I might not be as concerned about blocking my Facebook, blocking my bank might prevent me from doing important stuff, and worse people who need to get into their bank are likely to just wave security warnings out of the way without reading them, especially if they’ve been getting them for everything else and nothing had a problem.

Edit: I also forgot to mention the other ways, there are leaks from CAs constantly, which allow you to either impersonate them or sign other certificates. Sure these get patched rather quickly once found, but after you have the signed certificate from them it’s game over. Also what I was referring in the other post is self-signed certificates, most browsers show a warning about them nowadays, but again you can win by exhaustion.

Nibodhika , 4 months ago to nostupidquestions in Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy?

You know MITM an https website is child’s play, right? If you’re inputting your password on a network you don’t trust you’re doomed. SSL certificates are worthless because they can be easily forged by anyone pretending to be the site as long as they’re between you and the actual site, which they need to be to MITM.

VPN and HTTPS solve different issues, and are better when used together. Most of the time you don’t need a VPN because you trust your home network and ISP, but if you’re using a public access point https does not replace a VPN.

Nibodhika , 4 months ago to nostupidquestions in Did you ever think that maybe all VPN services are actually secretly owned/funded by governments and that they are only giving you a false illusion of privacy?

Yes, I trust my ISP more than my VPN, but I trust my VPN more than I trust the random wi-fi in the shopping mall. Using a VPN in your house for internet access is pointless, unless you’re purposefully trying to keep your ISP out of the loop for legal reasons, e.g. Torrent, but MITM a VPN is much harder to do than an open wi-fi.

Nibodhika , 4 months ago to linux in I feel like I'm taking crazy pills

Being a person who replies to lots of new users questions I strongly disagree. 99% of the questions come from a Windows mindset, so it requires some deconstruction of the way the person is thinking, have you noticed how very few Mac users ask beginner questions on Linux forums?

There’s a big difference between something is different and someone is used to doing the things differently, driving on the left or right is just as difficult, bit if you’ve driven all of your life one way switching up can be difficult. Just like that a lot of Linux concepts are different from what people are used to if they come from a Windows background, but the same is true the other way around. As someone who’s been using Linux for decades I find windows weird and convoluted, but I know that this is just my perception, and that someone who’s using it daily is used to that.

Edit: if you’re going to reply to this, mind providing an example of something you think is easy on Windows but hard on Linux?

Nibodhika , 4 months ago to linux in I feel like I'm taking crazy pills

Getting this setup on Windows would be even harder because it would involve installing docker manually or setting up WSL and following these steps. What OP is trying to do is a complex thing that most people don’t need, that would be the same as saying Windows is hard because setting up a VM with hardware passthrough is difficult on Windows, completely missing the point that that is a complex thing to do and that it’s complex on any other OS as well.

Nibodhika , 4 months ago to linux in I feel like I'm taking crazy pills

Ok, so I don’t know the specifics, this might not be entirely accurate, but this is a general step-by-step guide for Debian based distros like Mint.

Install docker

The first thing you need to do is install docker, this can be done via whatever GUI you use for a package manager or via the terminal using sudo apt install docker (I’m not sure docker is the name of the package, I’m just guessing, you can do an apt search docker to see what’s available)

Add yourself to dockers

This is likely not needed on Mint, but just in case your user should be in the docker group, i.e. run sudo gpasswd -a docker. I’m almost sure Mint does this by default.

Enable docker systemd

This also might not be needed, again I’m almost sure Mint does this for you when you install docker, but just in case the command is sudo systemctl enable docker

Reboot

Because there have been changes to your user groups you need to relogin, easier to reboot.

use docker

Now you have a system with docker, you can test this by running the following command docker run hello-world, if you see a bunch of text that contains “Hello from docker” docker is working.

setup a docker-compose file

Create a folder, and in that folder create a text file called docker-compose.yaml in that file. This file will tell docker what you want to run, for example to have Nextcloud (which is an awesome self-hosted drive alternative. I’m not going to teach you the specific services you want, you can figure those out by looking at their page on the linuxserver page or something) you can look here hub.docker.com/r/linuxserver/nextcloud on how to write your docker-compose file, for example you could write:

<span style="color:#63a35c;">services</span><span style="color:#323232;">:
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">nextcloud</span><span style="color:#323232;">:
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">image</span><span style="color:#323232;">: </span><span style="color:#183691;">lscr.io/linuxserver/nextcloud:latest
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">container_name</span><span style="color:#323232;">: </span><span style="color:#183691;">nextcloud
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">environment</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">PUID=1000
</span><span style="color:#323232;">      - </span><span style="color:#183691;">PGID=1000
</span><span style="color:#323232;">      - </span><span style="color:#183691;">TZ=Etc/UTC
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">volumes</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">./config:/config
</span><span style="color:#323232;">      - </span><span style="color:#183691;">./data:/data
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">ports</span><span style="color:#323232;">:
</span><span style="color:#323232;">      - </span><span style="color:#183691;">8080:80
</span><span style="color:#323232;">      - </span><span style="color:#183691;">443:443
</span><span style="color:#323232;">    </span><span style="color:#63a35c;">restart</span><span style="color:#323232;">: </span><span style="color:#183691;">unless-stopped
</span>

Then open a terminal on that folder and run docker compose up -d after that is done open a browser and go to http://localhost:8080 and begin using Nextcloud.

Nibodhika , 4 months ago to linux in I feel like I'm taking crazy pills

1. Docker is not needed, I’ve had lots of self hosted things for years before using docker.
2. Docker is not that hard, you just need to learn it like anything else, once upon a time going to a webpage was an unknown thing to all of us, yet now it’s a daily thing.

Nibodhika , 4 months ago to linux in Encrypted hard drive asking for password every time

Others have given you ways of doing this, with TPM or hacking away by using the same password and auto-login. Many have told you you shouldn’t, but I think no one explained why.

When the bootloader chooses the OS that OS might be on an encrypted or an unencrypted disk. If the OS is on an unencrypted disk it can be easily hacked and then all bets are off. So the only safe option is if the OS is on an encrypted disk, however to do that you need to decrypt the disk to access it. Now there are two options, either you need to provide a key for decryption (it does not need to be a password, it can be a thumb drive or fingerprint) or it happens automatically. If it happens automatically it’s the same as not having encryption.

Enter TPM, which is trying to safely automatically decrypt the disk by using hardware validation. However here’s the problem, the only reason you need disk encryption is to prevent against your hardware being stolen. If your hardware was stolen and you don’t have disk encryption people can simply read the data. If you have disk encryption they need to decrypt the disk first. However when you use TPM or anything similar the disk gets decrypted automatically, meaning that it’s almost the same as not having encryption at all.

If a hacker got a hold of your unencrypted disk they can open it on a second OS and extract the data. If they got a hold of a fully encrypted disk they are more or less screwed. But if your computer unencrypted the disk on boot all they have to do now is access the disk from your OS. There are several ways of bypassing a login, brute force it, or create new users. Not to mention possible security issues that might give the attacker access to your entire system, which is already unencrypted. Yes, having some form of encryption, even if it unencrypts automatically is better than no encryption at all, but not by much. I would argue that if you care about the data not being accessed you shouldn’t have it decrypt automatically, and if you don’t mind it decrypting automatically then encryption might be overkill for you.

Nibodhika , 4 months ago to linux in Is gentoo Linux really worth it?

Or maybe it causes other bugs or security issues that are not widely known because most people use it with different flags.

It’s no more or less secure, it’s just more customisable.

Nibodhika , 4 months ago to linux in I finally installed Linux, but I'm having a mixed experience

Can I partition /home directory in a different drive and still fuction?

Yes, that is the recommended thing to do.

Transferring /home directory without reinstalling Linux?

Not a problem, just format your other partition and add/change an entry on /etc/fstab, next time you reboot the home will be in the new partition. For how to write this line check out how the other lines are written, it’s essentially the UUID of the partition (or sometimes it’s name, but that’s discouraged since the name depends on the order the drives are plugged), some options and the location to mount the partition. Should be straightforward to copy the one for / to write a /home one.

Best way to partition my / and /home directories?

Just format your partition and add it to fstab. The other things are for doing the same with other folders.

Fedora KDE refresh rate seems broken?

Nouveau is not great, NVIDIA is a shitshow and hamper open source development actively, but their proprietary drivers mostly “work”, so I would just install those.

Downloading NVIDIA drivers on Fedora KDE?

No idea, they should be in the package manager though.

Nibodhika , 4 months ago to linux in Is gentoo Linux really worth it?

Not really, on Gentoo you can set use_flags to disable entire parts of a binary. Is it useful? Is it worth it? I personally think not, which is why I stopped using Gentoo, but it’s definitely more customisable than Arch.

However that has nothing to do with doing illegal stuff, not sure where he got that idea from.

Nibodhika , 4 months ago to selfhosted in Please advise how to transfer P2P a 30 GB file

Syncthing? Never used it on Windows but they do have a client so it should work. That’s the simplest I can think of.

Nibodhika , 4 months ago to games in What games do you recommend for my girlfriend?

Me and my wife love playing a game called “Out of Space” it’s essentially a procedurally generated clean the house game. It has Overcooked vibes but it’s a lot more chill.

Factorio might be a bit heavy for someone who hasn’t played anything, but the peaceful mode might be interesting for just building. Also depending on what else she likes Cities Skylines, Rimworld, Stellaris or Parkitect are all very management focused.

If you give us more info on what she likes we might be able to give better suggestions.

Nibodhika , 4 months ago to linux in Warp for Linux, Rust-based Terminal

The block thing is nice, would love to have that. Not willing to sign into a cloud thing to use a terminal though.

Nibodhika , 4 months ago to linux in Warp for Linux, Rust-based Terminal

I never realised that for most people terminals don’t have intuitive shortcuts. But most terminals use Emacs shortcuts, so if you get used to that it becomes quite intuitive. I know those shortcuts are not universal, but it’s not that the shortcuts aren’t there, or that they didn’t used a standard, it’s just that the standard they use didn’t become the standard most people are used to.