Max-P

Legal content that violates community rules or instance rules but is otherwise harmless like spam, is kept in the modlog just fine. People don’t generally browse the modlogs as you generally can’t interact with the stuff anyway. No upvotes (more likely, tons of downvotes), no commenting. Not much better than going to the internet archive to undelete a post elsewhere.

More extreme content like CSAM usually gets deleted then purged instead, which is a feature that properly goes in and wipes the content permanently.

I use systemd-boot so it was pretty easy, and it should be similar in GRUB:

title My boot entry that starts the VM
linux /vmlinuz-linux-zen
initrd /amd-ucode.img
initrd /initramfs-linux-zen.img
options quiet splash root=ZSystem/linux/archlinux rw pcie_aspm=off iommu=on systemd.unit=qemu-vms.target

What you want is that part: systemd.unit=qemu-vms.target which tells systemd which target to boot to. I launch my VMs with scripts so I have the qemu-vms.target and it depends on the VMs I want to autostart. A target is a set of services to run for a desired system state, the default usually being graphical or multi-user, but really it can be anything, and use whatever set of services you want: start network, don’t start network, mount drives, don’t mount drives, entirely up to you.

https://man.archlinux.org/man/systemd.target.5.en

You can also see if there’s a predefined rescue target that fits your need and just goes to a local console: https://man.archlinux.org/man/systemd.special.7.en

How’s the disk encrypted? I’ve never heard of anyone setting up an encrypted drive such that you can’t manually mount it with the password. It’s possible but you’d have to go out of your way to do that and only encrypt the drive with a TPM-managed key. It’s kind of a bad idea because if you lock yourself out your data’s gone.

I just have a boot entry that doesn’t do the passthrough, doesn’t bind to vfio-pci and doesn’t start the VMs on boot so I can inspect and troubleshoot.

Yes it does, I’ve regularly updated my system that way. It is a bit buggy at times though, I ended up uninstalling the backend.

But it’s still useful for managing Flatpaks and stuff.

If you look at it from a different angle and ask: who might be interested by a user being reported, given that each instance operate independently? The answer is all of them.

• The instance you’re on could be interested because it might violate the local instance’s rules, and the admin might want to delete it even if from just that instance.
• The instance hosting the community, because regardless of the other two instances they might not want that there.
• The instance of the user being reported, because it’s their user and if they’re causing trouble they might want to ban the account.

The rest comes naturally: obviously if the account is banned at the source it’s effectively banned globally. If it’s banned on the community’s instance, then you won’t see that user there but might on other instances. And your instance can ban the user, in which case they’re freely posting on other instances but you won’t see it from your perspective.

I’m concerned about DRM violating my rights. But apart from that, media is largely for consumption, there’s very few reasons to need to edit a movie or something, and the laws at least attempt to cover fair use. DJs remix songs and stuff just fine. Or news article, you’d mostly want to quote them which is well defined in the legal framework. It’s important to remember that open-source doesn’t imply free of charge: there is paid GPL software.

Open-source is important in software because it’s much more complex, and you can end up in a situation where software you bought doesn’t work because the company refuses to fix it, or straight up stops working because the company went bankrupt 10 years ago and things have changed too much. Proprietary software is a black box that can be doing literally anything, and legally, you’re not even really allowed to reverse engineer it to even make sure it does what it says it does.

Stallman started the free software movement out of frustration with a printer driver that he knew how to fix, but the company wouldn’t give him the source code so he could fix it, and I believe at the time it would also have been illegal to reverse engineer it and patch it, or at the very least it was against the license. And that’s also my reason for using open-source software: not because I want free stuff, but because I want libre stuff that I can fix and maintain. Most people won’t, and that’s where the sharing clause comes in: someone else that can patch it will, and everyone can just use that.

Ideally things would be free and widely available but that’s too commie for most people and we’re headed in the polar opposite direction. Buuut there’s always the high seas where you can set your own moral compass.

They’d get sued whether they do it or not really. If they don’t they get sued by those that want privacy invasive scanning. If they do, they’re gonna get sued when they inevitably end up landing someone in hot water because they took pictures of their naked child for the doctors.

Protecting children is important but can’t come at the cost of violating everyone’s privacy and making you guilty unless proven innocent.

Meanwhile, children just keep getting shot at school and nobody wants to do anything about it, but oh no, we can’t do anything about that because muh gun rights.

And the same people are the loudest complainers when bike lanes are installed so this doesn’t happen.

Seems a bit harsh considering single user instances or very small ones. I can be away for a week but not dead.

You’ll first want to lock down the laptop with using the TPM so it only boots kernels signed by you, and also encrypt the drive using the TPM as the locking key so the key is only ever available to a kernel you signed. From there you’ll probably want to use dm-verity to also verify the integrity of the system or at least during the boot process.

Then, on top of that, once online and the machine is still authorized to access that data, you download a key from a server under your control to unlock the rest of the drive (as another partition). And log those accesses of course.

Then, when you want to revoke access to it, all you have to do is stop replying with the key whenever requested. That just puts a ton of hurdles to overcome to access the data once the server stops handing the key. They would have to pry out the key from the TPM to unlock the first stage and even be able to see how it works and how to potentially obtain the key. They could still manage to copy the data out while the system is fully unlocked and still trusted, which you can make a lot harder by preventing access to external drives or network shares. But they have physical access so they kind of have the last word if they really really really want to exfiltrate data.

This is the best you can do because it’s a passive: you stop supplying the unlock key so it’s stuck locked encrypted with no key, so the best they can do is format the laptop and sell it or use it for themselves. Any sort of active command system can be pretty easy to counter: just don’t get it online if you suspect the kill signal is coming, and it will never come, and therefore never get wiped. You want that system to be wiped by default unless your server decides it’s not.

The issue DNS solves is the same as the phone book. You could memorize everyone’s phone number/IP, but it’s a lot easier to memorize a name or even guess the name. Want the website for walmart? Walmart.com is a very good guess.

Behind the scenes the computer looks it up using DNS and it finds the IP and connects to it.

The way it started, people were maintaining and sharing host files. A new system would come online and people would take the IP and add it to their host file. It was quickly found that this really doesn’t scale well, you could want to talk to dozens of computers you’d have to find the IP for! So DNS was developed as a central directory service any computer can request to look things up, which a hierarchy to distribute it and all. And it worked, really well, so well we still use it extensively today. The desire to delegate directory authority is how the TLD system was born. The host file didn’t use TLDs just plain names as far as I know.

Because if they’re not owned, then how do you know who is who? How do we independently conclude that yup, microsoft.com goes to Microsoft, without some central authority managing who’s who?

It’s first come first served which is a bit biased towards early adopters, but I can’t think of a better system where you go to google.com and reliably end up at Google. If everyone had a different idea of where that should send you it would be a nightmare, we’d be back to passing IP addresses on post-it notes to your friends to make sure we end up on the same youtube.com. When you type an address you expect to end up on the site you asked, and nothing else. You don’t want to end up on Comcast YouTube because your ISP decided that’s where youtube.com goes, you expect and demand the real one, the same as everyone else.

And there’s still the massive server costs to run a dictionary for literally the entire Internet for all of that to work.

A lot of the times, when asking those kinds of questions, it’s useful to think about how would you implement it such that it would work. It usually answers the question.

Mostly because you need to be able to resolve the TLD. The root DNS servers need to know about every TLD and it would quickly be a nightmare if they had to store hundreds of thousands records vs the handful of TLDs we have now. The root servers are hardcoded, they can’t easily be scaled or moved or anything. Their job is solely to tell you where .com is, .net is, etc. You’re supposed to query those once and then you hold to your cached reply for like 2+ days. Those servers have to serve the entire world, so you want as few queries to those as possible.

Hosting a TLD is a huge commitment and so requires a lot of capital and a proper legal company to contractually commit to its maintenance and compliance with regulations. Those get a ton of traffic, and users getting their own TLDs would shift the sum of all gTLD traffic to the root servers which would be way too much.

With the gTLDs and ccTLDs we have at least there’s a decent amount of decentralization going, so .ca is managed by Canada for example, and only Canada has jurisdiction on that domain, just like only China can take away your .cn. If everyone got TLDs the namespace would be full already, all the good names would be squatted and waiting to sell it for as much as possible like already happens with the .com and .net TLDs.

There’s been attempts at a replacement but so far they’ve all been crypto scams and the dotcom bubble all over again speculating on the cool names to sell to the highest bidder.

That said if you run your own DNS server and configure your devices to use it, you can use any domain as you want. The problem is gonna get the public Internet at large to recognize it as real.