drkt

I wouldn’t even know where to begin, but I also don’t think that what I’m doing is anything special. These NVR IPs are hurling abuse at the whole internet. Anyone listening will have seen them, and anyone paying attention would’ve seen the pattern.

The NVRs I get the most traffic from have been a known hacked IoT device for a decade and even has a github page explaining how to bypass their authentication and pull out arbitrary files like passwd.

I have plenty of spare bandwidth and babysitting-resources so my approach is largely to waste their time. If they poke my honeypot they get poked back and have to escape a tarpit specifically designed to waste their bandwidth above all. It costs me nothing because of my circumstances but I know it costs them because their connections are metered. I also know it works because they largely stop crawling my domains I employ this on. I am essentially making my domains appear hostile.

It does mean that my residential IP ends up on various blocklists but I’m just at a point in my life where I don’t give an unwiped asshole about it. I can’t access your site? I’m not going to your site, then. Fuck you. I’m not even gonna email you about the false-positive.

It is also fun to keep a log of which IPs have poked the honeypot have open ports, and to automate a process of siphoning information out of those ports. Finding a lot of hacked NVR’s recently I think are part of some IoT botnet to scrape the internet.

Long live the Linux phone.

I may have misunderstood, but Google isn’t doing Android behind closed doors; it’s just development. The released versions will still be as open as they are now, as far as I’ve understood.

Man I’m not going to dive into it but this reads like a FUD piece and I know the article explicitly calls out people who dismiss evidence as FUD, but please read just the first point that ‘Tor is compromised’:

the agency has worked on several methods that, if successful, would allow the NSA to uncloak anonymous traffic

If succesful, implying that they haven’t been. I’d love to read the paper but I’m European and they block me from clicking it, citing GDPR issues :-)

promised to reveal how a $3,000 piece of kit could unmask the IP addresses of Tor hidden services as well as their users.

a much anticipated talk at the Black Hat hacking conference was abruptly canceled.

The university cancelled the speech and cited no reasons but I can think of several legal ones even if the device didn’t work. No proof.

the FBI is able to de-anonymize Tor users and discover their real IP address remains classified information. In a 2017 court case, the FBI refused to divulge how it was able to do this,

I can fly. No, I don’t have to prove it.

I’ve found a few exposed /metrics for kubernetes stuff because their IP poked my honeypot. I’d assume they’ve been hacked and turned into a botnet or something.

Meshtastic
BOINC
Tor
I2P

Just off the top of my head. Meshtastic is probably the most similar to Helium but I don’t know what Helium is and their landing page makes me not want to. BOINC supports projects not in the official lists, just google around.

what about this is crypto mining?

Anubis is provided to the public for free in order to help advance the common good. In return, we ask (but not demand, these are words on the internet, not word of law) that you not remove the Anubis character from your deployment.
If you want to run an unbranded or white-label version of Anubis, please contact Xe to arrange a contract.

This is icky to me. Cool idea, but this is weird.

They’re already more complicated than I want them to be so I’m passing on that

I agree with this decision. Don’t make error pages more complicated than they are.

Linux is truly extensible and it is the part I both love and struggle to explain the most.
I can sit at my desktop, developing code that physically resides on my server and interact with it from my laptop. This does not require any strange janky setup, it’s just SSH. It’s extensible.

Any file manager on Linux supports this

I just type sftp://[ip, domain or SSH alias] into my file manager and browse it as a regular folder

That doesn’t really change that it’s one company hosting it. Unless you’re willing to make 10 different accounts because your super-FOSS friends aren’t willing to join each others instances?

Have you tried? Because Proton is the miracle people make it up to be.

In comparison to Gmail? Yes, but that’s a very low bar to clear. You need to be aware that Tuta are currently enshittifying. The product is getting worse and the price increases. It’s slow, but it’s happening. I switched to disroot.org after 2 years of Tuta because I got fed up with it.

It is in my Scrolls of Grudge, and I quote:

Ads in web UI for paying user.
Made it hard to cancel payment.
Newsletter is just upselling.
Can’t unsub from newsletter.