Not only does it need blocking on the wheels, but that thing’s also apt to be stolen with the hitch just sitting there like that. They might consider parking a car in front of it too.

Black eyed peas. I’m not gonna tellya twice.

Sometimes I add mashed potato to it and then I deep fry scoops of it to put on my ice cream. Its like a Thai version of latkes.

I also mix it with whiskey, variously bourbon or maple whiskey, maybe white dog, and use it for eye drops.

Or you can put it in a food dehydrator to dry it out and make a powder of it so you can snort it.

Ah, that makes sense. Fair enough, I guess Incan disable that plugin now.

Yeah, sorry… My head was in 1000 different places when I wrote that. Sloppy of me.

Overall I agree with the general statement that less code is better, except perhaps in this case it is not.

What I had been trying to say is in-browser privacy implementations are liable to be incomplete from the perspective of privacy minded users because the software publishers, say, Mozilla, are competing for market share of installed, default browsers. One way they maintain market share is by having the fastest and most accurate page renders for the widest base of use cases. To do this requires, in part, some cooperation from website developers whose vested interest in part is in driving ad serves.

Therefore, it’s in the browser publishers’ interest to implement enough privacy and blocking features to effectively stop malware and common nuisances, but not completely cripple ad blocking since ads are a key part of web site operators’ revenue. They’re trying not to alienate that part of the web economy such that their browser suddenly starts hitting those “please turn off you ad blocker or select another browser” paywalls.

Mozilla pretty much said this was the case a few years ago when they opted not to turn on the privacy features by default in new installs because the advertisers threatened to start hobbling websites for Mozilla browsers. I don’t know that the situation has really changed much since then.

Anyway, my point was that the in-browser privacy features are a good start and should be enabled, but also that they amount to little more than a fig leaf over the question of effectively blocking ads. Loading the adblockjng extensions accomplishes a few things for the user. First, the extensions grant a more complete, uncompromised blocking experience for the user. Second, it grants the user finer-grained control over the whole web experience, letting the user decide what ads and cross-site data sharing occurs. Finally, the code is independent of the browser and so it doesn’t alienate the site owners from the browser publisher.

For Mozilla, it shifts the responsibility of incomplete page loads and breakage onto the user, which in my opinion is where we want it.

That’s why I’m advocating for doing both in this case: because the browser publishers have a vested interest to remain relevant in an economy that wants you to see the ads, and will do everything it can to make you click them. The best defense against for the user that is a multilayered approach.

Finally, I do want to acknowledge that I’m using the terms “privacy” and “ad blocking” too loosely here since they are separate, distinctly nuanced topics. The extensions help more in the ad blocking space than the privacy space, but in what I wrote I think its fair to say that overall the extensions do improve outcomes where the two spaces intersect.

Anyway, nice chat. Thanks for keeping me honest

UBlock Origin
NoScript
HTTPSEverywhere

edit: “isn’t this implemented in-browser?” comments: maybe, but it’s to the browser’s implementation. These plugins are reviewable separate from their analogous browser implementation.

Belt & suspenders approach. Camp on it.

deleted by creator

You’ve asked a similar question here before this post. Have you been naughty? :-)

At your uni, you probably have what’s called a reasonable expectation to privacy-- the terms of use for accessing the computer and network facilities would be spelled out at your uni’s IT website.

The information observed and reported on by their tools most likely amounts to what websites and services you looked up by name, and the IP addresses & ports you accessed while using their network. It will be things like start & stop times, protocol used, number of bytes transferred, and maybe some “flags” on the connection. Flags in this case are special markings on the data flow to give the network hints about how to hand that traffic most efficiently.

MS Office Online, Notion, Gmail, they all use secured HTTPS connections, so the content is secured between you and the remote service.

As long as you’re not doing anything illegal or that severely violates the terms of use laid out by the University, nobody will even notice your traffic. Hack away.

Eduroam is just a network of RADIUS servers that cross-honor authentication among participating institutions. If your org participates in Eduroam, it means users from your org can connect to the eduroam WiFi SSID at other orgs, and vice-versa. It’s helpful for traveling academics and visitors from other .edus

It’s also frequently used to authenticate access to online resources like online libraries, journals, and research infrastructure. Useful for when schools collaborate on grant projects.

The eduroam service requires a CA certificate to validate the APs broadcasting eduroam’s SSIDs are providing the real service. The issuer of that certificate isn’t one of the well-known SSL certificate resellers, so it needs to be installed in your device’s CA store, or configured in your 802.1x WPA supplicant. The protocol used is EAP-TLS, if you’re curious.

So what can the hosting institution see? Not much, from an authentication standpoint. Transactionally, the hosting institution sees a username and org name in an outer transaction. An encrypted payload with your user credentials is then tunneled to your home org’s servers which either validate or invalidate those credentials. If the home org validates, then the hosting org lets you connect.

Beyond that, the network admins can “see” whatever they can normally see when you’re using someone else’s infrastructure: your DNS queries, the application ports you use, a lot of encrypted SSL/HTTPS traffic, plus the contents of anything that isn’t encrypted or sent over SSL.

Some orgs disallow tunneling traffic out when you’re on their eduroam, so sometimes IPSec, SSH, Tor, and maybe even WireGuard are disallowed.

Unbound will take updates via API. You could either write exit hooks on your clients, or use the “on commit” event on isc-dhcp-server to construct parameters and execute a script when a new lease is handed out.

I used to selfhost more, but honestly it started to feel like a job, and it was getting exhausting (maybe also irritating) to keep up with patches & updates across all of my services. I made decisions about risks to compromise and data loss from breaches and system failures. In the end, In decided my time was more valuable so now I pay someone to incur those risks for me.

For my outward facing stuff, I used to selfhost my own DNS domains, email + IMAP, web services, and an XMPP service for friends and family. Most of that I’ve moved off to paid private hosting. Now I maintain my DNS through Porkbun, email through MXroute, and we use Signal instead of XMPP. I still host and manage my own websites but am considering moving to a ghost.org account, or perhaps just host my blogs on a droplet at DO. My needs are modest and it’s all just personal stuff. I learned what I wanted, and I’m content to be someone else’s customer now.

At home, I still maintain my custom router/firewall services, Unifi wireless controller, Pihole + unbound recursive resolver, Wireguard, Jellyfin, homeassistant, Frigate NVR, and a couple of ADS-B feeders. Since it’s all on my home LAN and for my and my wife’s personal use, I can afford to let things be down a day or two til I get around to fixing it.

Still need to do better on my backup strategies, but it’s getting there.

I use Porkbuns API. It’s not sophisticated, but it works.

Gandi changed their TOS and price structure last year, so I ported everything over to Porkbun for a small savings, but mostly as a big middle finger to Gandi.

If you’re gonna get banged that kind of cash for functions you’re already using, you may as well look at better registrars, and get better value for your spend.

Shop around.

It’ll be remembered a dark age when the lights go out and all the disks rot. And, if I know archaeologists, they’ll call our data centers ritual centers or temples.

Otherwise there will be disbelief at the inexplicably sophisticated engineering, and how we could have achieved it all with no written records. Probably it was all just ancient aliens.

You could source a pair of gigabit media converters and a length of fiber on Amazon for about $100. Just use the media converters to extend the Ethernet port from where the Internet hands off in your house over to your office. You can affix the fiber along baseboards and up over door frames with adhesive cleats and zip ties, or those nylon staples on a nail they use to tack down coax cable.

If you’re willing to spend a little more on the fiber for a custom color, you can probably even order the fiber in a more neutral color than SMF yellow to blend into the trim better.

Da fuq? That was hilarious. Also, maybe.

Click here to learn four secrets about chopping vegetables your grocer will hate

I’m a junkie for YouTube maker videos and other forms of creative infotainment. I binge on This Old Tony and Farmcraft101 videos, but I also listen to several podcasts adjacent to my (rather technical) professional sector.

Ugh, and politics. Stresses me out too.

DEPENDS

Probably I’m neither a tankie nor not a tankie, but I like tossing grenades in these sorts of surveys.

Oh, and then I guess it inspired Bowie’s single, Major Thom