Joe

Yeah, at that point I wouldn’t worry. If someone has docker access on the server, it’s pretty much game over.

Encryption will typically be CPU bound, while many servers will be I/O bound (eg. File hosting, rather than computing stuff). So it will probably be fine.

Encryption can help with the case that someone gets physical access to the machine or hard disk. If they can login to the running system (or dump RAM, which is possible with VMs & containers), it won’t bring much value.

You will of course need to login and mount the encrypted volume after a restart.

At my work, we want to make sure that secrets are adequately protected at rest, and we follow good hygiene practices like regularly rotating credentials, time limited certificates, etc. We tend to trust AWS KMS to encrypt our data, except for a few special use cases.

Do you have a particular risk that you are worried about?

Normally you wouldn’t need a secrets store on the same server as you need the secrets, as they are often stored unencrypted by the service/app that needs it. An encrypted disk might be better in that case.

That said, Vault has some useful features like issuing temporary credentials (eg. for access to AWS, DBs, servers) or certificate management. If you have these use-cases, it could be useful, even on the same server.

At my work, we tend to store deployment-time secrets either in protected Gitlab variables or in Vault. Sometimes we use AWS KMS to encrypt values in config files, which we checkin to git repositories.

It would be naive to think this isn’t already in widespread use.

Challenge accepted.

It would be interesting to see an FPS game with a “default cheat mode” that exposes all info about other players that it has by default. And then the devs work to minimize that… server-side occlusion, misdirection, reduced damage / bad aim when no direct line of sight, etc. Players can then learn to minimise their footprint despite the necessary leakage and how to take advantage of the info they get.

I’d argue that your average communist is moral and trustworthy right up until the moment they get any power, then they are just corrupt(able) politicians, ready and able to fuck over group A to benefit group B, who they happen to favor more this week (decisions must be made, after all!). No system is perfect, and definitely no individual.

Big picture view: The scales will tip every now and then, but it’s ultimately survival of the fittest system that wins, with none existing in isolation - there are always external forces at play.

With that in mind, I’d put my money on more limited socialist-style-carve-outs like single payer healthcare in the US, more rent controls and housing subsidies, slightly better employee protections. Just enough to placate the masses, while the ruling class mostly continues as before. Even this will require a massive effort. Post-republicans, of course.

wg-quick takes a different approach, using an ip rule to send all traffic (except its own) to a different routing table with only the wireguard interface. I topped it up with iptables rules to block everything except DNS and the wireguard udp port on the main interface. I also disabled ipv6 on the main interface, to avoid any non-RFC1918 addresses appearing in the (in my case) container at all.

edit: you can also do ip rule matching based on uid, such that you could force all non-root users to use your custom route table.

https://github.com/FreeTubeApp/FreeTube/issues/2786#issuecomment-1303117112 for a real world example of needing an exception.

My pranks were less destructive … /ctcp nick +++ath0+++ … it was amazing how often that worked. 🤣

Did you find a solution?

What is the typing experience that you want, and for which language(s). It’s not clear to me, sorry.

It is possible to map keyboard input in various ways. For more complex use-cases, many programs support character substitution as you type (eg. gx could become ĝ automatically).

What a Tosser with his T-mobile.

There have been a few cases, of course. There have also been investigations and prosecutions. But it is NOTHING LIKE russia’s forced conscription in LPR / DPR.

The anti-Ukraine propaganda effort is very real, and organized. You can see the propaganda-boys/bots in the comments here - just look at the frequency and content of their posts and comments.

It feels more like a dance game to me. Boring and awkward choreographed moves in response to predictable monster moves. Once you’ve learned the moves, then you can pay and play!

Anki ?