How many days off do you take per year? For context we get ~43 legally protected paid days of leave per year in Australia, sounds like the UK is about the same.
What makes this worth using over something like vless? Work blocked my gatcha game so I've had to set up a xray/vless/xhttp/tls proxy and it works flawlessly. Gets through the corp firewall unscathed at full bandwidth and no appreciable increase in latency.
It won't help you get around the endpoint compliance software, I use this for my byod phone (Streisand is a nice ios client). VLESS is the proxy protocol, kinda like SOCKS I guess. It uses xhttp over TLS as the transport.
Thanks a lot. VPNs are forbidden but this might easily slip under the radar (I can even check the signatures on the endpoint protection and our office firewall :))
It's less about breaking the rules, more about getting around the limitations in case I need it and don't fancy waiting 2 days for approval. Might end up with pure http/3, but this tool is fascinating. Thanks!
This is entirely untrue. Every shitty router shipped by ISPs this side of the doctom bubble has a stateful firewall enabled by default. NAT is distinctly not the only thing protecting most home users. Not to mention every OS I know of shipping with its own firewall enabled with default deny on inbound.
You are stuck on the theory of what is protecting this population. In practice, less than 1% of these users can or will turn NAT off.
Can you imagine how great things would work out with a public IP on all your nana's computers, NAT turned off, protected by the prowess of her Arris gateway's stateful firewall?
Telstra, one of Australia's massive telcos who are the "go to" telco for nannas who don't know anything about this internet thingy, have IPv6 enabled by default on their CPE routers. Without NAT. With a stateful firewall. Works perfectly fine for their millions of customers.
It would work out just fine, because NAT was never providing any actual security to your nana. It was only ever the firewall which made her secure, not NAT.
Invoking NAT "security" as a reason against IPv6 is a surefire indicator the person invoking it has absolutely no idea what they're talking about and should not be allowed within typing distance of any network infrastructure
As a reason not to IPv6? I guess. As a thing, not scare-quoted, but really security? No. Be careful with things like "absolutely no idea what they're talking about".
Please. _I_ invoked that argument, and I bet I know more about IPv6 than you do.
All my services and networks have IPv6. And my first operational issues with IPv6 were in 2008, when my Asterisk SIP server started failing after ~12 hours.
Culprit? Privacy addresses kept accumulating until they overflowed the SIP UDP packet size because it listed all the combinations of supported codecs/endpoints.
Consider the "booth seats" in trains and busses. So people can chat etc facing each other. If you've got a waymo with your friends why wouldn't you want the seats facing each other so you can be social, excluding this safety factor.
A wolf in sheep's clothing. Cloudflare care about the "open internet" exactly as far as they can profit from it. Why does the "open internet" not allow this polity the right to block itself from that which it deems as harmful?
The regulator fined them for not hacking DNS to the whims of the media companies in Italy that want to clamp down on piracy by altering the way DNS works. DNS. The actual "open internet"
I think you may have this backwards.
To me it seems like something they should talk to local Italian ISPs about, not Cloudflare.
But cloudflare do block things. They tend to block things as a rule the American government wants blocking.
The problem is they want to be the people who choose what gets blocked, rather than elected governments.
To me, this whole thing is crazy, certainly pull out if you like, but I'm shocked how many people seem to be siding with the profit-making company over an elected government.
I can confirm that. Got blocked due to a frivolous report. Cloudflare blocked me and categorized my site as phishing. (censoring me from anyone that uses their systems to browse)
No support. No responses to emails or requests for a review by a human
They also sent a notice to my hosting provider. My hosting provider promptly looked at my site and closed the ticket. It was pretty clear to anyone that the report was malicious.
So yes, Cloudflare censors (to quote Matthew Prince) with "No judicial oversight. No due process. No appeal. No transparency"
Granted this could be just due to lack of staff and support
They requested a worldwide block, as a bolivian citizen I have not voted for any italian government officials.
This article seems heavily biased, ignoring this specific point is really strange.
I guess Bolivian people like to watch soccer live too while that match stream was paid for by an Italian media company. I am not in favour of any of this, but it is easy to defend that request? Legal or fair or not?
If you ignore the fact that the requests that these companies have made previously show incompetence, like when they randomly blocked google drive due to it being used to host copyrighted content. Do you want them randomly disabling CDNs or other sites globally if any user happens to use them for piracy?
No, I said I don't agree with the way this is done, just that they can easily argue
, from their side, the international case even if they don't have jurisdiction somewhere.
We the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing.
"Fulfilling" work is a rarity afforded by a fairly unique time and place in history. For the rest of us, work is a means to an end and ideally a fulfilling life outside work lets you keep plugging away on some rich idiot's hare brained scheme so you can keep living that fulfilling life outside work. 12 years in and I've not had a single project I worked on reach its own benchmark for success. No fault of mine, just the wrong ideas at the wrong time and place. A day late and a dollar short, all those other euphemisms.
The vape ban in Australia is utterly stupid though. All vapes are banned, not just disposables, and guess what's easier to discretely sell to kids from a newsagency.
Doesn't seem to have stopped kids getting their vapes yet I need to import my cannabis vape via the black market.
They're not all banned, you just need a prescription to get one which realistically should've been implemented day 0.
Eventually it'll prove very impactful with the youth, it'll reduce the number of users and make it more cost prohibitive to be so prolific as it is right now.
Yeah I don't think my doctor is going to give me a cannabis vape prescription, though admittedly I haven't asked.
I don't see how making vapes prescription only changes the situation with children, which is that all tobacco products are illegal to sell or provide to a person under 18. Cracking down on the sale of tobacco to children does not require tobacco products to be made prescription only, these are orthogonal issues. All this does is drive profit towards shonky pill doctors who advertise on facebook that one cheap over the phone appointment is all you need to "feel great again" and other euphemisms, and will give you any pill you ask for regardless of the medical suitability.
Not super related to the OP but since we're discussing network topologies; I've recently had an insane idea that nfs security sucks, nfs traversing firewalls sucks, kerberos really sucks, and that just wrapping it all in a wireguard pipe is way better.
How deranged would it be to have every nfs client establish a wireguard tunnel and only have nfs traffic go through the tunnel?
> How deranged would it be to have every nfs client establish a wireguard tunnel and only have nfs traffic go through the tunnel?
Sounds good to me. I have my Wireguard tunnel set up so that only traffic intended for hosts that are in the Wireguard network itself are routed over the Wireguard tunnel.
I mostly use it to ssh into different machines. The Wireguard server runs on a VPS on the Internet, and I can connect to it from anywhere (except from networks that filter Wireguard traffic), and that way ssh into my machines at home while I am away from home. Whereas all other normal traffic to other places is unaffected by and unrelated to the tunnel. So for example if I bring my laptop to a coffee shop and I have Wireguard running and I browse the web with a web browser, all my web browsing traffic still gets sent the same normal way that it would even if I didn’t have the tunnel running.
I rarely use NFS nor SMB, but if I wanted to connect either of those I would be able to that as well over this Wireguard setup I have.
I built a NFS3-over-OpenVPN network for a startup about a decade ago; it worked “okay” for transiting an untrusted internal cloud provider network and even over the internet to other datacenters, but ran into mount issues when the outer tunnels dropped a connection during a write. They ran out of money before it had to scale past a few dozen nodes.
Nowadays I would recommend using NFS4+TLS or Gluster+TLS if you need filesystem semantics. Better still would be a proper S3-style or custom REST API that can handle the particulars of whatever strange problem lead to this architecture.
reply