Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.
The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)
I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.
From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.
Okay? What does that have to do with the new advertising API the added support for in 128?
Very persuasive argument, definitely shows a strong grasp of the technical matters.
https://support.mozilla.org/en-US/kb/privacy-preserving-attribution
Hardly qualifies as “sending your data to advertisers”.
I am not sure it’s the same software, but it’s a fairly good guess I think. Same software capabilities and same lab, with the same area of research.
Geoguesser is a subset of the skills used for general image geo location for open source intelligence.
In the specific cases of only using the data present in the image and relying on geographic information, it certainly does better.
Humans still do better, and can reach decent skill with minimal training, at placing images that require spatial reasoning or referencing multiple data sources.
AI tools will likely be able to learn those extra skills, but it doesn’t change that it’s the photo that’s the data leak, and not the tool. The tool just makes it vastly more accessible, and part of the task easier for curious human.
Some blues are reversible, and some aren’t. Some of them do a statistical rearrangement of the data in the area being blurred that’s effectively reversible.
Think shredding a document. It’s a pain and it might take a minute, but it’s feasible to get the original document back, give or take some overlapping edges and tape.
Other blurs combine, distort, and alter the image contents such that there’s nothing there to recombine to get the original.
A motion blur or the typical “fuzzy” blur can be directly reversed for the former, and statistical techniques and AI tools can be used on the later to reconstruct, because the original data is still there, or there enough that you can make guesses based on what’s there and context.
Pixelating the area does a better job because it actually deletes information as opposed to just smearing it around, but tools can still pick out lines and shapes well enough to make informed guesses.
Some blurs however create a random noise over the area being blurred, which is then tweaked to fit the context of whatever was being blurred.
Something like that is impossible to reverse because the information simply is not there.
It’s like using generative AI to “recover” data cropped from an image. At that point it’s no longer recovery, but creation of possible data that would fit there.
The tools aren’t magical, they’re still ultimately bound by the rules of information storage.
I mean, yes, but that’s not what they’re doing.
https://arxiv.org/abs/2307.05845 https://github.com/LukasHaas/PIGEON
It’s a Stanford project that does what it looks like is happening in the screenshot.
https://github.com/LukasHaas/PIGEON
https://arxiv.org/abs/2307.05845
Basically a combination of what the game geoguesser does, and public geotagged images to be able to get a decent shot at approximate location for previously unseen areas.
It’s more ominous when automated, but with only a little practice it’s easy enough for a human to get significantly better.
EDIT: yup, looks like this is the guy from the Twitter: https://andrewgao.dev/ and he’s Stanford affiliated with the same department that made the above paper and system.
https://arxiv.org/html/2307.05845v4
I believe this is the paper
Geo guessing is related to open source intelligence techniques, and it’s pretty easy to get surprisingly good at it.
People who are good at it can take a picture of someone’s room and deduce enough about them (sometimes) to be able to get their name, address and phone number.
It being automatic is pretty cool, but you were already leaking the information to anyone interested.
https://www.sans.org/blog/geolocation-resources-for-osint-investigations/
What the issue with them storing the public key?
Aside from not storing anything you don’t absolutely need to store, there shouldn’t be an issue there.
Yup, that’s a really good pattern to follow. Not only does it minimize your exposure behind a secured entry, it also makes sure that all of your access is uniformly authenticated.
You have to do some shenanigans to do something similar with other, non-http based services, but it’s possible with most of them.
It’s not a simple task, so I won’t list many specifics, but more general principles.
First, some specifics:
Generally:
You mentioned using cloud flare, which is good. You might also consider configuring your firewall to disallow outbound connections to your local network. That way if your server gets owned, they can’t poke other things on your network.
Honestly, cost wise you should just buy a cheap refurbished desktop with similar specs.
So I actually have one that does.
I get notifications when laundry is done.
I get a notification when I need to do routine maintenance like change filters, or refill the detergent. (It has a built-in jug and dispenser)
I can send it settings via the app, which is easier than via the built in controls. (It has things like extra rinse, wash times for different rinses, and steaming and stuff). It’s not impossible to do via the interface, but it’s a bit easier via the phone.
So, you’re going to run into some difficulties because a lot of what you’re dealing with is, I think, specific to casaOS, which makes it harder to know what’s actually happening.
The way you’ve phrased the question makes it seem like you’re following a more conventional path.
It sounds like maybe you’ve configured your public traffic to route to the nginx proxy manager interface instead of to nginx itself.
Instead of having your router send traffic on 80/443 to 81, try having it send the traffic to 80/443, which should be being listened to by nginx.
Systems that promise to manage everything for you are great for getting started fast, but they have the unfortunate side effect of making it so you don’t actually know what it’s doing, or what you have running to manage everything. It can make asking for help a lot harder.
You’ll be fine enough as long as you enable MFA on your Nas, and ideally configure it so that anything “fun”, like administrative controls or remote access, are only available on the local network.
Synology has sensible defaults for security, for the most part. Make sure you have automated updates enabled, even for minor updates, and ensure it’s configured to block multiple failed login attempts.
You’re probably not going to get hackerman poking at your stuff, but you’ll get bots trying to ssh in, and login to the WordPress admin console, even if you’re not using WordPress.
A good rule of thumb for securing computers is to minimize access/privilege/connectivity.
Lock everything down as far as you can, turn off everything that makes it possible to access it, and enable every tool for keeping people out or dissuading attackers.
Now you can enable port 443 on your Nas to be publicly available, and only that port because you don’t need anything else.
You can enable your router to forward only port 443 to your Nas.
It feels silly to say, but sometimes people think “my firewall is getting in the way, I’ll turn it off”, or “this one user needs read access to one file, so I’ll give read/write/execute privileges to every user in the system to this folder and every subfolder”.
So as long as you’re basically sensible and use the tools available, you should be fine.
You’ll still poop a little the first time you see that 800 bots tried to break in. Just remember that they’re doing that now, there’s just nothing listening to write down that they tried.
However, the person who suggested putting cloudflare in front of GitHub pages and using something like Hugo is a great example of “opening as few holes as possible”, and “using the tools available”.
It’s what I do for my static sites, like my recipes and stuff.
You can get a GitHub action configured that’ll compile the site and deploy it whenever a commit happens, which is nice.
Yup. I used to work for a much smaller tech company, and we had a perfectly reasonable process for dealing with cour orders and search warrants that involved crazy things like “get it in hard copy”, and “verify the information contained in the order”.
For some things, we would even just ask the officer to physically come in and that was weirdly never a problem.
Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.
With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.