Skip Navigation
domi Domi @lemmy.secnd.me
Posts 5
Comments 440
Let’s make games open source, so future generations can enjoy them
  • Shoutout to Frictional Games (known for Penumbra, Amnesia, Soma) who publish many of their older (commercially successfully) games on their GitHub: https://github.com/FrictionalGames

  • It's easier to remember the IPs of good DNSes, too.
  • There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked "directly" the attacker still talks to the router responsible for your network first and foremost.

    While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it's even a "feature" in many consumer routers called "DMZ host", which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.

    Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets "NATted" 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.

    Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.

    That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.

    Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.

  • It's easier to remember the IPs of good DNSes, too.
  • Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

    For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

    However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

    It should not be the sole source of security but it definitely adds to it if done right.

  • It's easier to remember the IPs of good DNSes, too.
  • With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

    The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.

    Assuming you have multiple hosts in your IPv6 network you can simply add "port forwardings" for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.

    I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

    That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn't matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.

  • It's easier to remember the IPs of good DNSes, too.
  • Anything connected to an untrusted network should have a firewall, doesn't matter if it's IPv4 or IPv6.

    There's functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.

    If anything, IPv6 is more secure because it's impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.

    With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.

  • The Legend of Zelda: Echoes of Wisdom – Announcement Trailer
  • What for? It's not like any more updates are planned.

  • Help with IPv6
  • Off the top of my head, why did you set the prefix to 0x1? I was under the impression that it only needs to be set if there are multiple vlans

    I have multiple VLANs, 0x1 is my LAN and 0x10 is my DMZ for example. I then get IP addresses abcd:abcd:a01::abcd in my LAN and abcd:abcd:a10::bcdf in my DMZ.

    However, I get a /56 from my ISP wich gets subnetted into /64. I heard it's not ideal to subnet a /64 but you might want to double check what you really got.

    what are your rules for the WAN side of the firewall?

    Only IPv4 + IPv6 ICMP, the normal NAT rules for IPv4 and the same rules for IPv6 but as regular rule instead of NAT rule.

    My LAN interface is only getting an LLA so maybe it’s being blocked from communicating with the ISP router.

    If you enable DHCPv6 in your network your firewall should be the one to hand out IP addresses, your ISP assigns your OPNsense the prefix and your OPNsense then subnets them into smaller chunks for your internal networks.

    It is possible to do it without DHCPv6 but I didn't read into it yet since DHCPv6 does exactly what I want it to do.

  • Help with IPv6
  • I'm no expert on IPv6 but here's how I did it on my OPNsense box:

    • Activate IPv6 on your WAN interface (probably already done)
    • Activate IPv6 on the LAN interface, use Track interface on IPv6, track the WAN interface and choose a prefix ID like 0x1
    • Activate DHCPv6 under Services -> ISC DHCPv6 for your LAN interface (you can shorten the range like ::eeee to ::ffff, you don't have to type the full IP)
    • Activate Router advertisments under Services -> Router Advertisments for your LAN interface (set Advertisments to Managed and Priority to High

    After that your DHCP server should serve public IPv6 addresses inside of your prefix and clients should be able to connect to the internet.

    A few notes:

    • Don't forget to add an allow rule for IPv6 on your LAN as well if you only have one for IPv4
    • Repeat the steps above for every VLAN you have, always use a different prefix ID
    • You don't have to use NAT rules with IPv6 anymore and can just directly add a regular firewall rule to WAN with the target IP and port and you are done
    • Make sure you don't have any of the various "Disable IPv6" toggles enabled, there's a few in the firewall settings and general settings for example
  • Been here for a year, haven't regretted it ever
  • Reddit once banned me for "vote brigading" a post on a subreddit that was linked in a different subreddit, a full year after I upvoted said post.

    That was the day I stopped interacting on Reddit.

  • Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention * TorrentFreak
  • That is what I'm doing currently but now unbound doesn't talk to the root servers anymore, it sends all queries to Quad9.

    Both scenarios are not ideal because you always end up with one entity knowing all your queries.

  • What popular product do you think is modern day snakeoil?
  • Right you are, but don't start telling everyone so I can't silently download my lossless albums from Tidal, Deezer and Qobuz anymore.

  • Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention * TorrentFreak
  • Not illegal but it leaves all your DNS lookups in plain text with your ISP, which just doesn't sit right with me.

    Not that the ISP in my country would care.

  • Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention * TorrentFreak
  • Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?

    I'm currently using Quad9 because they support DNS over TLS and DNS over HTTPS.

  • Stable Diffusion 3 Medium — Stability AI
  • Pretty disappointed so far, almost none of the prompts I tried came out better in SD3. It also completely botches anything humanoid.

  • Dealing with games that just won't run on Linux
  • I used to have a second partition with Windows for such cases, but over time I just stopped bothering with those games.

    Now I just refund if it doesn't work and move on in my to-play list.

    I still have a Windows VM for some applications and for doing firmware updates but I never bothered to set it up for playing games.

  • Doom: The Dark Ages is introducing big changes to combat because id Software came to one core realization: "Every projectile mattered in the original Doom"
  • Eternal was a recipe for stress for me.

    That's the thing that made it great for me, but I liked both 2016 and Eternal for different reasons. Would be great if they can somehow satisfy both camps with the next entry.

  • Alternative Printer Uses
  • Can confirm this works, removed my tablet screen with my 3D printer.

  • DOOM: The Dark Ages | Official Trailer 1 (4K) | Coming 2025
  • Definitely will wait for the full soundtrack to release before checking out the game. That trailer music sounded pretty weak.

  • AMD Hiring To Improve Their Linux Driver/ROCm Installation Process Across Distributions
  • I use ROCm for inference, both text generation via llama.cpp/LMStudio and image generation via ComfyUI.

    Works pretty much perfectly on a 6900 XT. Very fast and easy to setup.

    I had issues with some libraries only supporting CUDA when trying to train, but that was almost 6 months ago so things probably have improved in that area as well.

  • Release 10.9.4 · jellyfin/jellyfin
  • Is it safe to use JELLYFIN_SQLITE__disableSecondLevelCache all the time or should it only be used for testing?

    I have had a lot of database lock issues since 10.9.

  • Plasma 6 - Turning off display after screen is locked

    Hey there,

    I used to have a command run 10 seconds after the screen is locked which turned all displays off. I can't find the option to run a command when the screen locks anymore.

    In Plasma 5 I used this:

    ! !

    This is what it looks like in Plasma 6:

    !

    Is there another place to do this now?

    8

    Dominik Wlazny, auch bekannt als Marco Pogo, hat heute in einer Pressekonferenz erklärt, mit seiner Bierpartei bei der kommenden Nationalratswahl antreten zu wollen. Um das zu schaffen, brauche es laut Wlazny aber vor allem finanzielle Mittel. Als Ziel gab er daher aus, bis Ende April 20.000 Mitglieder für die Bierpartei zu gewinnen.

    „Es geht darum, die Bierpartei fit fürs Parlament zu machen“, so Wlazny. In den letzten Monaten habe man am Aufbau von Strukturen gearbeitet. Großspender, um die nötigen finanziellen Mittel zu erreichen, wolle man dafür nicht. Zentrale Themen der Bierpartei seien Chancengleichheit und Bewältigung des Lebensalltags, so Wlazny.

    Wlazny, der bereits bei der Bundespräsidentschaftswahl 2022 hinter Alexander Van der Bellen und Walter Rosenkranz den dritten Platz belegt hatte, werden letzten Umfragen zufolge durchaus Chancen ausgerechnet, die Vierprozenthürde bei der Nationalratswahl zu nehmen.

    Die Bierpartei stellte sich bereits 2019 der Wahl zum Nationalrat, allerdings nur in Wien, und verfehlte damals den Einzug ins Parlament deutlich.

    6

    [SPOILERS] What are your favorite accidental skips?

    Doesn't matter if it happened to you, a friend or a streamer. Bonus points if you have a video of it.

    I know this is a fairly small community but let's see how this goes:

    I just started a multiplayer playthrough recently with somebody who was constantly asking if he could have found X before finding the info that points him to it, hence this post.

    My favorite skip:

    spoiler

    I had a friend stream the game who accidentally walked into the Ash Twin Project after walking away backwards from the oncoming sand and stepping on the teleporter platform. He never figured out how he managed to do it all the way until the end of his playthrough but it was an interesting watch since he had information players wouldn't normally have right from the start.

    4

    Spare Signals From The Outer Wilds vinyl

    I have a spare (unopened) Outer Wilds vinyl lying around which I'm willing to send to a non-scalper Outer Wilds fan for MSRP. The vinyl in question: https://www.iam8bit.com/products/outer-wilds-2xlp

    Before selling it on eBay I thought I would try here. The price I paid including shipping and import customs is 50€, shipping is on me.

    So if you live in the EU, have a record player and want it, just post a quick picture with your record player setup and your Lemmy username on a piece of paper so I can see that you can actually play it.

    3

    Episode discussions for Lemmy

    Since a bunch of new users are arriving from Reddit (including me) maybe it would make sense to port the /r/anime bot that creates episode discussions to Lemmy so there's regular content here?

    The bot is open source: https://github.com/r-anime/holo

    Looking at the source it should not be so difficult to add an option to post to Lemmy as well.

    Thoughts?

    Would something like this be allowed? @[email protected] @[email protected]

    32