• 0 Posts
  • 37 Comments
Joined 1 year ago
cake
Cake day: August 2nd, 2023

help-circle





  • khorovodoved@lemm.eetoLinux@lemmy.mlStay on Fedora or Switch to Void?
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    7 months ago

    Well, it’s up to you to decide if advantages of a distro are more significant to you then disadvantages.

    I would argue that the best part about void is not actually runit and xbps, but minimalist dependencies.

    I wouldn’t care about unofficial status of hyprland package, since it is unofficial in most distros.

    And about the lack of some software. There is a thing, called xdeb, that allows you to automatically convert any deb package to xbps package (with correct dependencies). You can even automatically install them from any deb repository via xdeb-install tool.




  • I’m talking about encapsulating traffic in an encrypted tunnel.

    As I I have previously mentioned, if you are encapsulating all traffic in an encrypted tunnel, then most of the data would have two layers of encryption. This can be detected, and, in fact is being detected in China and, experimentally, in Russia.

    The beautiful website I’ve imagined for a situation where some DPI robot will, say, visit it to check that there really is a website there.

    That is a good protection against active probing, but active proving is not the only detection method, available for censors.

    You also seem to be mixing up such entities as VPNs, proxies and encapsulation.

    How did you come to this conclusion?

    BTW, I’m using VPNs in Russia from time to time. Something doesn’t work, something does.

    What are you trying to say here? What does work? What does not?

    I’m describing a specific kind of encapsulation.

    What I understood from you is that you are talking about encapsulating TLS-encripted traffic in https, TLS-encripting it again. If I understood you wrong, please correct me. There are countless software solutions for that, but they are not panacea, because double layer of encryption can be detected and your beautiful website does not need encryption-on-top-of-encryption. It is obvious that you are reaching something else.


  • It is going to show the censor that you are trying to reach different banned websites (and, probably, google, facebook, etc), all hosted on your server. Your beautiful website is all fine, but in clienthello there is still google.

    It is not necessary fingerprinting of clients, you can fingerprint the server as well. GnuTLS for this particular purpose is used only by Openconnect and that is just an example. This tactic is very effective in China and Russia and collateral damage is insignificant.

    And various western anti-censorship organizations wrote articles, that such methods are not possible in Russia as well, but here we are. China’s yesterday is Russia’s today, American tomorrow and European next week. Here it all started in the exact same manner, by requiring ISPs to block pirate websites. And between this and blocking whatever you want for the sake of National Security (for example, against Russian hackers) is not such a long road as you think it is.


  • At first, please, be a little bit more patient and no, I am not a LLM.

    All https traffic is https-encapsulated by definition. And you can look inside https just fine. The problem is that most of data is TLS-encripted. However, there is so-called “clienthello” that is not encripted and can be used to identity the resource you are trying to reach.

    And if you are going to https-encapsulate it again (like some VPN and proxy protocols do) data will have TLS-encription on top of TLS-encription, which can be identified as well.

    And about libraries: VPN protocol Openconnect, for example uses library gnutls (which almost no one else uses) instead of more common openssl. So in China it is blocked using dpi by this “marker”.






  • From what I understand, their own domains are not actually decentralized. Each of them has it’s own “authority” that can control what is or is not allowed to be registered. Emercoin domains look more promising, but I am not knowledgeable enough about them to say that they are actually decentralized. I would say that the closest thing to fediverse is DNS system in I2P, there different DNS providers federate with each other and share their records.