cultural reviewer and dabbler in stylistic premonitions

  • 16 Posts
  • 62 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle







  • even if it’s from its own repository, it is still on F-droid

    There is nothing to stop anyone from running their own f-droid repo and distributing non-free software through it, which is what futo is doing.

    seems open source enough

    This is the definition. Compare it with Futo’s license; it fails to meet both the Open Source Definition and Free Software Definition in several ways. After insisting they could redefine the term for a while (despite the definition’s wide acceptance) and inspiring some of their very vocal fans to promulgate their dishonest argument on their behalf, Futo themselves finally came around and agreed to stop calling their software open source.







  • security updates are for cowards, amirite? 😂

    seriously though, Debian 7 stopped receiving security updates a couple of years prior to the last time you rebooted, and there have been a lot of exploitable vulnerabilities fixed between then and now. do your family a favor and replace that mailserver!

    From the 2006 modification times, i wonder: did you actually start off with a 3.1 (sarge) install and upgrade it to 7 (wheezy) and then stopped upgrading at some point? if so, personally i would be tempted to try continuing to upgrade it all the way to bookworm, just to marvel at debian stable’s stability… but only after moving its services to a fresh system :)



  • there is no provider on the planet that can freeze state of RAM in a way that would be useful for this

    You are very mistaken, this is a well-supported feature in most modern virtualization environments.

    Here are XenServer docs for it. And here is VMWare’s “high-frequency” snapshots page.

    Sometimes, law enforcement authorities only need to contact cloud provider A when they have a warrant for (or, perhaps, no warrant but a mere request for) data about some user C who is indirectly using A via some cloud-hosted online service B.

    A(mazon) will dutifully deliver to the authorities snapshots of all of B’s VMs, and then it is up to them if they limit themselves to looking for data about C… while the staff of company B can honestly say they have not received any requests from law enforcement. (sorry my best source on this at the moment is sadly trust me bro; I’ve heard from an AWS employee that the above scenario really actually does happen.)






  • (disclaimer: this information might be years out of date but i think it is still accurate?)

    SSH doesn’t have a null cipher, and if it did, using it still wouldn’t make an SSH tunnel as fast as a TCP connection because SSH has its own windowing mechanism which is actually what is slowing you down. Doing the cryptography at line speed should not be a problem on a modern CPU.

    Even though SSH tunnels on your LAN are probably faster than your internet connection (albeit slower than LAN TCP connections), SSH’s windowing overhead will also make for slower internet connections (vs rsync or something else over TCP) due to more latency exacerbating the problem. (Whenever the window is full, it is sitting there not transmitting anything…)

    So, to answer OP’s question:

    • if you want to rsync over SSH, you usually don’t need a daemon (or to specify --rsh=ssh as that is the default).
    • if you the reason you want to use the rsync daemon is performance, then you don’t want to use SSH. you’ll need to open a port for it.
    • besides performance, there are also some rsync features which are only available in “daemon mode”. if you want to use those, you have at least 3 options:
      • open a port for your rsync daemon, and don’t use SSH (bonus: you also get the performance benefit. downside, no encryption.)
      • setup an SSH tunnel and tell the rsync client it is connecting to a daemon on localhost
      • look at man rsync and read the section referred to by this:
        • The remote-shell transport is used whenever the source or destination path contains a single colon (:) separator after a host specification. Contacting an rsync daemon directly happens when the source or destination path contains a double colon (::) separator after a host specification, OR when an rsync:// URL is specified (see also the USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION section for an exception to this latter rule).

    HTH.