• 1 Post
  • 21 Comments
Joined 10 months ago
cake
Cake day: January 13th, 2024

help-circle
  • That is for sure a good question, although I would say it would present limitations.

    Let’s put it this way: Id photos are very standard. Front facing, until the neck, white lights, white background. Now lets say everyone’s photo got leaked (or used) and the only source of photos for a certain photo is the Id one only. I didn’t study the matching algorithms, but I will say that variation for a certain subject under different circumstances increase the matching possibilities. If by any chance you try to match someone live and the only source would be id photos, my guess is it would present a big error rate. Possibility could be fine tuned, not sure up to how much.

    Now lets consider what we have today. For a single person, I will bet there are on average more than 15 photos of themselves somewhere available (for those chronically attached to stuff such as IG of fb) and a lot of the times tagged as well (and manually as well, there was a time on fb this was a big thing). With this amount of comparison points, I would say the matching for sure works a lot better







  • Do you want to know the kicker? There are banks (yes, you heard me right) that straight up don’t allow more than 20 chars. 20!!! And they say you got to use the app for X things because it’s secure and shit (e.g.: use the app to 2FA credit card transactions). Meanwhile, does not allow you to add a yubikey for Fido authentication


  • I am not sure if by any chance they do the extra mile to check on that. However, as a rule of thumb you should try to keep private stuff away from work stuff, meaning, at work maybe is not the best idea to boast about your reddit profile where you happen to follow some nsfw stuff (or other stuff that can be considered offensive and/or can lead to controversy). I would imagine they try to check things such as accounts attached to an email or phone number (for instance). If a set of aliases were used for this (or different info) from your work email phone etc., you should be able to keep it separate.





  • I was making a quick check, and yes, the DoH situation is a bit more dicey. From how I see it, the best way to make this work is to, at the firewall level, either block as much as possible any requests that look like DoH (and hope whatever was using that falls back to regular DNS calls) or setup a local DoH server to resolve those queries (although I am not sure if it is possible to fully redirect those). In that sense, pihole can’t really do much against DoH on its own

    EDIT: decided to look a bit further on the router level, and for pfsense at least this is one way to do this recipe for DNS block and redirect


  • Hm… I am not familiar with that device myself, and since I use opnsense for a while I forget most people do not use routers outside of the provided one.

    But in a theoretical sense, this firewall rule should look something like this:

    • origin of traffic is any IP that goes into port 53
    • outgoing traffic has to go to pi hole on port 53



  • Pi hole is an amazing tool and gives a lot of insight on what is being queried and blocked against the block lists. Also, makes completely transparent on the entire network to have nasty things blocked. One thing I will mention to make the setup better: make sure on the firewall level you can have a rule that makes every request for a DNS to go through pi hole. Some devices will use a hard coded DNS instead of respecting the one on the network



  • I was reading about it and I actually like a lot this solution’s principle. It reminds me a lot of puppet which I have seen before (for other kind of tasks) to orchestrate several computers. Big shame it works on windows though, since I have a server with docker on ubuntu server at this point and was not really looking forward to change that. But thanks for the suggestion, is for sure very interesting


  • Nowadays I sort of do this with seafile. Select folders to sync, open the app every other time to resync stuff, carry on with your day. The only thing I wanted to take away if there is a better way to not have a massive hassle to reinstall everything in case something happens (and in case I forget to select a folder to sync also).

    But your suggestion I think is very valid as well. At least for mint have a way to make a more automated installer or similar to get the stuff I use usually. Yet another rabbit hole to go into…