Komunitas
sh.itjust.works
Yep, Intel is basically dead, unless Trump forces out the competition and only allows Intel to be sold. Intel has been shit for awhile now anyways. Edit: And I highly advise everyone to NOT install any drivers downloaded from the Intel site. Only get drivers that have been vetted by a 3rd party. You can’t trust that Turnip lackeys haven’t added spyware.
Komunitas
piefed.social
Since the big sites like https://fmhy.net/ are going to get mentioned I’ll just post my current bookmarks that I actually visit and useful software. Can see the sidebar of my emulation community for a bunch of treats but the two mains are: Retro gaming: https://r-roms.github.io/ For pre-patched game hacks and fan translations see: https://retrogametalk.com/repo/ I’m mostly direct downloading these days, but if you torrent learn how to open a port so you’re connectable. Look up “qbittorrent port forwarding guide” for example there’s a billion guides of there saying the same thing. If you’re American or some place that is aggressive against piracy be sure to also look up how to properly use a VPN with torrents so you don’t accidentally leak your IP during a connection hiccup. It happens but you can prevent it. If you happen to be Canadian just change to a pro pirate reseller ISP (Park Power and Teksavvy locally) and freely ignore the funny letters without wasting money on a VPN subscription. https://tongkl.com/qbittorrent-port-forwarding-guide/ https://noai.duckduckgo.com/?q=how+to+port+forward+router&ia=web For Direct Download (DDL) I like to use a Download Manager for multi part downloads especially like: https://board.jdownloader.org/showthread.php?t=54725 DDL/Torrents for gaming: https://cs.rin.ru/forum/ - They have an English sub-forum, and I find them the best resource for pirating games as a Linux user especially. Mainly because the uploads aren’t bundled into some damnable Windows installer like Fitgirl or DODI. They’re just a plain old 7z archive on the game files. You just add the game exe directly into whatever Proton/WINE front-end you prefer like Lutris, Faugus Launcher, etc and play. https://dodi-repacks.site/ - I still use them sometimes, high community trust factor. https://fitgirl-repacks.site/ - Also trust worthy, but their installers don’t play nice with WINE. Good for Windows users…still kinda dumb long install times for very little in bandwidth savings in return IMO. Books: https://annas-archive.gl/ https://z-library.sk/ For movies and TV look into Stremio and a debrid service. Basically a big cloud server that caches any media torrent people add to it and then you get direct download streams which are very reliable generally. No buffering even on 4K HDR Bluray rips so long as you have fast enough download bandwidth. Guide for beginners: https://guides.viren070.me/stremio https://www.stremio.com/ Debrid services I like: https://www.premiumize.me/account - more expensive combo deal. It’s debrid, vpn, cloud storage, and a few other things all in one. https://alldebrid.com/ - cheaper, only debrid and has free trial. https://stremio-addons.net/addons - use these to add debrid service and more to Stremio. AIO > Torrentio IMO: https://stremio-addons.net/addons/aiostreams Anime torrents: http://www.nyaa.si/ Then my fave all in one site for everything (especially music) I use: https://rutracker.org/forum/index.php Annoyingly russian yes but use an auto website translator browser extension and make an account. It’s a gigantic traditional bulletin board piracy forum that’s very active, very old (2004), well moderated, and labyrinthine. Has everything that exists under the Sun on there. Even the cracked Linux versions of some specific paid software like Davinci Resolve Studio. It’s English friendly for the actual content you can find, almost all posts will include the English versions of stuff if it exists. You can’t post comments in English however with a few curt exceptions, just check the Rules post.
Komunitas
lemmy.world
Using a burner account for anonymity reasons Warning: very long read Link to Reddit post: https://www.reddit.com/r/Epstein/comments/1qu1orw/so_what_do_we_do_now/ The release from Jan 31st has been crazy to me and I’m under the impression that it has shocked the Internet as a whole. I guess we can hardly summarize in general the implications of the files that have been shared by the DOJ so far, and that doesn’t even include the (vast majority of) files that they have not been willing to share yet. This includes a large part of dataset 9 that has been cut short for everyone and isn’t represented properly on the DOJ’s website currently; the largest reported download of it falls at least 80GB short of its reported size(*). In a meager attempt to sum up some of the core reasons why all Internet users are allowed to be pissed, here are the following facts: An incredible number of high-ranking politicians, officials, celebrities, businessmen, journalists and scientists have either been implied to have committed the same crimes as Epstein, or have at least known him well enough to reasonably suspect what he was doing and refused to report it. These individuals include: Donald Trump, Bill and Hillary Clinton, George Bush, Elon Musk, Bill Gates, Steve Bannon, several European royals, politicians from Saudi Arabia, Israel and Pakistan, Woody Allen, Leonardo DiCaprio, Kevin Spacey, Noam Chomsky, Stephen Hawking just to name a few. All of these individuals are still roaming our world in freedom, ruining it on a daily basis through whatever means exist within their power (i.e. some through investments in dystopic-ass looking corporations, others through dismantling democracies… not giving any names, yet). It is dead obvious that they don’t have to answer for their crimes because of their tremendous power and wealth. Aside from that, there’s no way we can be sure that the whole thing died with Epstein. In fact if there were so many high-ranking individuals involved, what’s to stop them from finding another guy to fill up his space? American agencies have held these files for years or even decades and have never even tried either to sue any of these individuals, or to collect more evidence about the extent to which these individuals were involved. Instead, entities across the American government (and American corporations) have set up an enormous gaslighting campaign towards the public to shove this shit under the rug. It cannot be stated enough how deep this goes. Of course there is Trump going back and forth on whether he would release the files at all. Now that the DOJ has been cleansed by DOGE and receives pressure through lawsuits from the Trump administration, it is only after widespread public pressure (including from typically different Republican factions than MAGA) that the DOJ has slowly released obviously overredacted versions of the files, months beyond their deadline. The contents of even these heavily redacted files are sufficient to tell that there are a lot of loose ends. Probably the most devious part of this gaslighting campaign has been the revelation that Epstein knew moot and was involved in the creation of 4chan’s ‘politically incorrect’ board /pol/. /pol/ from its inception has been regarded as the origin point of conspiracy theories associated with the far-right on the Internet, including: typical (neo-)Nazi propaganda about the Jewish conspiracy; man-made COVID-19; that stuff about the New World Order, WEF and George Soros; white replacement/white genocide and anti-Islamic conspiracies; gamergate; QAnon; and so on and so further. Conspiracy theories from /pol/ have spread over the Internet and have been at the very core of the MAGA movement since Trump started his political campaigns in 2014. The reason this is especially devious, is because QAnon at its core was literally about a deep state-ran global trafficking ring to serve a cabal of Satanic, cannibalistic child molesters. Trump specifically, according to QAnon, is supposed to secretly lead the fight against these child molesters. Except now that his loyalists are in charge of all 3 branches of government and he has loyalists at the head of the DOJ and FBI, he seems awfully reluctant to quickly get that information out there and very occupied distracting us from that fact by having US citizens terrorized by ICE, throwing geopolitical fits and selling more and more of the government out to oligarchs… Oh and let’s not forget he sent Epstein’s girlfriend to a lower-security prison in exchange for an audio fragment of her saying Trump wasn’t involved. If his handling of it isn’t suspicious enough, his name is all over the files. Trump has been accused of a number of athrocities, including having an infant drowned in Lake Michigan to get away with impregnating a 13 year old girl and many other claims of child sexual abuse towards other women. I could go on for a while about this, but this post is already long enough as it is. I do have to say I couldn’t find a good archive of crimes specifically related to Trump from the Epstein files anywhere. I could only find it as a part of this list. We are also seeing more and more files with ‘everyday communication’ from the individuals related to Epstein, revealing how their personal interests intertwine with politics on the highest level. And I guess how these people commited schandals like the most ordinary thing in the world. For instance how weeks before the fall of Gaddafi, Epstein tried to get his hands on billions in Libyan frozen assets in cooperation with Mossad and MI6. Like it’s mainly frustrating for me as a citizen to see that influential people just play around with those sums of money while a lot of people like me are struggling more and more just to get by. I guess it’s just very obvious all of a sudden that it really is all one big club and we ain’t in it, regardless of what I mentioned before about those NWO/WEF conspiracies. Just before anyone starts about these Mossad ties and the Jewish conspiracy though, I want to be very clear that criticism of the Israeli government has nothing to do with a general hatred for the entire Jewish population. Just in case someone wants to throw Israel’s favourite strawman. And all of this is not to mention the specific individuals that can be pinned down for their actions. Good, I could go on, but I think this does kinda capture the core of it. =========================== Back to my main question: what do we do now? And I would suggest to take matters into our own hands as much as we can: organise, coordinate and add pressure. Organisation because the authorities have barely shown to do this for us. Aside from that, this ring operates internationally and exceeds the power of national borders. We really gotta see this as an international effort. Coordinate because it would take one person years to read through every file (assuming 1 minute per page, 24/7/365). We’ll need coordination to assemble the files in such a way that they can serve as proof against each involved individual. And we need a way to spread the word. And by adding pressure I mean to leverage our power in numbers. I’m not here to incite violence. The thing is, a government needs to legitimise itself against its people, be they a democracy or an authoritarian state. There’s always leverage you can exert via the courts and media, if you have enough to back it up. To state the obvious, we need a database for all this. Now, I do realize that the scale of this undertaking is massive and I won’t claim to have all the answers. But I’ve also begun to appreciate how well people can cooperate without any leader. I’m mainly looking for a group of people who are willing to lay down the right infrastructure of all this in such a way that we can safely work towards the goal of actually holding people accountable, and maybe try to heal the world a little from these people. =========================== In this section are a couple of my own suggestions. Most important is some form of ordering in the files. The current way in which they’re just numbered by the DOJ is ambiguous as hell. I’d suggest going by the names mentioned in the files. Specifically for each person we want to know each time they were mentioned in a file with the filename, what they did and at what time. And we can rate to what extent it is proof: decisive, indecisive, accusation, yes/no backup material, etc. Also on the topic of ordering, we’re definitely going to need some sort of dictionary for the code language they used. I can’t imagine ‘pizza’ as a term for ‘child’ was their only codeword. As for the workflow, we need to at least be able to determine which files have been seen and which haven’t. Preferably some of the magic I’ve seen people do where they uncover redacted material to discover hidden names (which might also include other offenders the DOJ is trying to protect). We need a way to discover which names have been mentioned in which files. And then decide for each person what they’ve done according to their attached files and to what extent they’re relevant, as mentioned in the previous paragraph. Some peer-to-peer standard is by far the safest option. A centralized server like Discord or Reddit can erase your entire community and all of its work with one press of a button (and we’ve seen Reddit do this in recent days). Any homeserver for obvious reasons is a giant risk for the host. I’ve been introduced into the Fediverse recently but I’m struggling to find out which service would be appropriate. Imo Lemmy and Streams seem most so, but neither of them really allow users to cooperate (e.g. on the same name in the files). What might work is an environment with multiple Lemmy’s, one which mimics the r/Epstein subreddit (which we already have) and another one that is restricted to posts per individual, which funnels into a single post about that person. We’d also probably need a few more for the data miners and to coordinate which files have been reviewed at all and which haven’t. If we wanna go the next level, we shouldn’t forget ActivityPub is an open standard and we could build an app of our own on top of that. Also to state the obvious, we really need to properly conceal our identities if we’re going to do this. And then we really need to get the word out on the people involved. Like for starters it should be as convenient as possible for ‘outsiders’ to see what we have discovered so far. Jmail already does a very good job at this but it could be taken a step further in this direction. I also noticed there are some journalists around the subreddit and Discord that could be very important for all this. Lastly, I’m going to play the devil’s advocate here, but hear me out. We may find an unexpected ally in some Q followers. Not the hard core of 4chan trolls and neonazis that have now joined ICE to terrorize or straight-up execute all their adversaries, they’re cooked already. I mean some of the former moderate voters that wound up in there out of sheer distrust towards the government, r/QAnonCasualties material. Turns out they might have been right for some part, except that Trump and his allies have tried to get away with it through this weird-ass deceptive reverse psychology. Perhaps if those moderate followers could browse the files in such a way that everything is laid out clear for them, some of them may realize to what extent they personally have been manipulated by those divide-and-conquer politics. No need to spare anyone; why would they second-guess us laying out the misdeeds of the likes of Trump and Elon Musk in there if we also reported on the Clintons and Bill Gates. Speaking from personal experience, I’ve been enstranged from a Q family member for a couple of years now because of their political beliefs. I took my distance initially because there was no point in discussing politics anymore. But I would honestly give this a shot. I’ll admit that it may be overly optimistic, first because it requires at least some level of reflective ability and some Qs just seem to have stopped thinking for themselves altogether. And the way I see it, Q is more about establishing that the other side is much worse than that your own side is morally righteous. So it might boil down to “the pedophile I wanted in office is a better person than the pedophile you voted for”. Or they double-down on their conspiracism and say the deepstate has decided to throw Clinton and Bill Gates and such under the bus in a final blow to Trump. Like whatever, I don’t even know what to expect anymore. I will say though, I understand that a Q detox doesn’t necessarily heal let alone absolve these people of years or even decades of racist, sexist and homophobic behaviour, and I do consider any of those disadvantaged groups (ethnic minorities, women/feminists, LGBTQ+ members) my allies above Q any day of the week. I’m just kinda hoping they’ll at least learn their lesson not to buy into any fallacious nightmare they encounter on the internet and maybe take it with a grain of sand every so often, that’d be progress against these reactionary movements at least. But I digress. =========================== Before rouding up, I’ll continue this both here and on Reddit/Lemmy (so long as Reddit doesn’t take me offline) and, if they’re up for it, the Discord server associated with r/Epstein. Please send a DM on either platform if you’re interested. I’ll set up a burner email and get to work from there. =========================== P.S. *) In case you have missed out, torrent magnets for all datasets 1-12 have been shared on r/Datahoarder and its Lemmy counterpart. The advantage of these torrents is that they contain generally older versions of the files, so there’s a good chance you’ll find fewer redactions in there. In case you don’t have like 400GB to spare on your PC, jmail.world is a browser-based alternative where you can access all the files as well. **) By the way, I have no history of suicidal ideation. In fact the whole Epstein files revelation has restored some long-lost hope I had for humanity and only makes me wanna live more right now. So DOJ and FBI, just spare me this once will you? I’m not to blame for that your psy-op fell apart, that’s on yourselves. Take some accountability now.
Komunitas
lemmy.ml
This is needed. Servers need it, and it would be a nice feature to enable for personal systems. We would need to be able to build our own images with our own keys to really make this worthwhile. Especially with programs in my bin dir I’ve compiled or downloaded. Do I trust Lennart to not do something asinine to turn this into a shit show? I do not. This would be better if it was someone who has security experience and system design cred.
Komunitas
lemmy.world
Epstein Files Jan 30, 2026 Data hoarders on reddit have been hard at work archiving the latest Epstein Files release from the U.S. Department of Justice. Below is a compilation of their work with download links. Please seed all torrent files to distribute and preserve this data. Ref: https://old.reddit.com/r/DataHoarder/comments/1qrk3qk/epstein_files_datasets_9_10_11_300_gb_lets_keep/ Epstein Files Data Sets 1-8: INTERNET ARCHIVE LINK Epstein Files Data Set 1 (2.47 GB): TORRENT MAGNET LINK Epstein Files Data Set 2 (631.6 MB): TORRENT MAGNET LINK Epstein Files Data Set 3 (599.4 MB): TORRENT MAGNET LINK Epstein Files Data Set 4 (358.4 MB): TORRENT MAGNET LINK Epstein Files Data Set 5: (61.5 MB) TORRENT MAGNET LINK Epstein Files Data Set 6 (53.0 MB): TORRENT MAGNET LINK Epstein Files Data Set 7 (98.2 MB): TORRENT MAGNET LINK Epstein Files Data Set 8 (10.67 GB): TORRENT MAGNET LINK Epstein Files Data Set 9 (Incomplete). Only contains 49 GB of 180 GB. Multiple reports of cutoff from DOJ server at offset 48995762176. ORIGINAL JUSTICE DEPARTMENT LINK TORRENT MAGNET LINK (removed due to reports of CSAM) /u/susadmin’s More Complete Data Set 9 (96.25 GB) De-duplicated merger of (45.63 GB + 86.74 GB) versions TORRENT MAGNET LINK (removed due to reports of CSAM) Epstein Files Data Set 10 (78.64GB) ORIGINAL JUSTICE DEPARTMENT LINK TORRENT MAGNET LINK (removed due to reports of CSAM) INTERNET ARCHIVE FOLDER (removed due to reports of CSAM) INTERNET ARCHIVE DIRECT LINK (removed due to reports of CSAM) Epstein Files Data Set 11 (25.55GB) ORIGINAL JUSTICE DEPARTMENT LINK TORRENT MAGNET LINK SHA1: 574950c0f86765e897268834ac6ef38b370cad2a Epstein Files Data Set 12 (114.1 MB) ORIGINAL JUSTICE DEPARTMENT LINK TORRENT MAGNET LINK INTERNET ARCHIVE FOLDER LINK SHA1: 20f804ab55687c957fd249cd0d417d5fe7438281 MD5: b1206186332bb1af021e86d68468f9fe SHA256: b5314b7efca98e25d8b35e4b7fac3ebb3ca2e6cfd0937aa2300ca8b71543bbe2 This list will be edited as more data becomes available, particularly with regard to Data Set 9 (EDIT: NOT ANYMORE) EDIT [2026-02-02]: After being made aware of potential CSAM in the original Data Set 9 releases and seeing confirmation in the New York Times, I will no longer support any effort to maintain links to archives of it. There is suspicion of CSAM in Data Set 10 as well. I am removing links to both archives. Some in this thread may be upset by this action. It is right to be distrustful of a government that has not shown signs of integrity. However, I do trust journalists who hold the government accountable. I am abandoning this project and removing any links to content that commenters here and on reddit have suggested may contain CSAM. Ref 1: https://www.nytimes.com/2026/02/01/us/nude-photos-epstein-files.html Ref 2: https://www.404media.co/doj-released-unredacted-nude-images-in-epstein-files
Komunitas
slrpnk.net
if you download Boy and the Heron but end up watching Fight Club, you know they can’t be trusted
Komunitas
kbin.social
That doesn’t add up, in this case. If they simply announced a revenue share, something that Unreal Engine already has, it wouldn’t have been anywhere as controversial. Some devs would grumble but it wouldn’t have been taken as an existential threat worth jumping ship as soon as possible. The whole charge per download was likely an attempt to get more money out of freemium mobile games, but nobody was willing to accept that. Really, the damage to their image so significant, it’s likely many dev studios will drop it even under those conditions, just out of lost trust.
Komunitas
lemmy.ml
This message is displayed in the browser because Google asked your browser to do it, and your browser got the message and put it there. When displaying ads, the end user experience is 100% client-side. You are using your screen and speakers to observe it. You can turn off your speakers and screen if you want, which will effectively “block” the ad. But that is silly. Not only do you own your screen and speakers, but you have control of what you’re browser is doing, too (if you use a respectable browser). When HTML, CSS, JavaScript, and other content is downloaded, just that happened: file downloads. After it has been downloaded, your browser then consumes it. When it is consumed, a lot happens, but ultimately, the code in the browser displays content. Your (respectable) browser does all of this, and will change the look depending on local fonts, accessibility options, etc. With an ad block add-on, it will also remove these ads. However, when ads are removed, the DOM is mutated with deleted or replaced content. It is possible for a website to then write ad block detection scripts to see if the ad contents have been removed or not. There are many ways to do this, and this screenshot is the result of one way of doing it. However, enter the cat-and-mouse-chase of ad block block blocks. You can block your ads, then block the ad block block like this screenshot. These types of ad block rules are less common, but many public ones are available. Check the uBlock Origin lists in the setting page. By default, only about a third of the lists are enabled, and these extra blocks are in there. Another avenue of determining that ads were not loaded is for the server to inspect if client-side (you) requests were made to fetch the ads. Even if this is in place, the server cannot determine if you have actually watched the ad or not. It could try to do more client-side attempts at validating that you somehow displayed it, but again, that’s client-side. Imagine if you were sent a letter and a pamphlet in the mail. Imagine if the letter said that you could mail them back for a free sample of their product, but only if you read the pamphlet. They would have to trust that you read it, because you are reading your mail in the privacy of your own home. However, you could opt to toss the pamphlet (like an ad blocker) and never read it. It’s your mail, your home, and your choice.
Komunitas
lemmy.ml
While I can definitely understand and respect that, ever since I had an experience where I had to dual-boot Windows for work reasons and the printer that just worked without issue in Linux required a three-digit MB download of a bloated driver-suite with borderline spyware included in Windows, I don’t trust Windows to “just work” any more. Not saying it’s on-par with each other, there’s probably still more fidgeting with Linux (haven’t used Windows in ages, genuinely have no perspective any more), but that experience taught me that Linux isn’t the short straw any more in every situation, like it definitely used to be a few years ago. (Also, was amused when during a LAN party when we wanted to play classic Warcraft III a while back, mine ran in wine without issue, but for a friend we had to deep-dive into the registry because of some obscure problem that prevented it from starting at all in native Windows).
Komunitas
news.abolish.capital
Tim Baucom has done this before. The Milan Cortina Games will be his third Olympics as a wax technician for the United States’ cross-country ski team, a job characterized by long flights schlepping tools and duffel bags of gear halfway around the world, and even longer days prepping skis. His objective is to help American athletes gain even a fraction of a second in competition. But for the first time at an Olympics, he won’t have what was once one of the most powerful tools in his kit: fluorinated ski waxes. In sports where a gold medal can be decided by inches, downhill and cross-country skiers and snowboarders across the competitive spectrum have used so-called “fluoros” since the 1980s. Typically sold as powders or blocks of hard wax, these lubricants are renowned for their ability to wick water and shed grime, making it easier to glide through snow with minimal resistance, especially in warm conditions. “There’s nothing in the chemical world that I’m aware of that can replicate their hydrophobic and dirt-repelling properties,” Baucom said. But the reason these products work so well is that they contain PFAS, short for per- and polyfluoroalkyl substances. This class of 15,000 so-called “forever chemicals” is notorious for their harmful effects on human health and the natural world. After years of mounting concern over human exposure and environmental contamination, the International Ski and Snowboard Federation, known by its French acronym FIS, banned the use of fluoros in 2023. “I think it kind of is our duty as a winter sport to have some concern for the environment,” said Katherine Stewart-Jones, a cross-country skier who will represent Canada at the Games, which begin Friday. Katherine Stewart-Jones of Canada competes during the Individual Sprint Quali in the FIS Cross-Country World Cup on January 24 in Goms, Switzerland. Leo Authamayou / NordicFocus via Getty Images While athletes have had two World Cup seasons to get used to the change, this marks the first Winter Games without the advantage conferred by these once-ubiquitous products. It will be the highest-stakes test yet for racers and wax technicians’ ability to work with products that are less effective and more sensitive to what’s happening on the trails and slopes. “There are a lot more unknowns with the new waxes,” said Julia Kern, a U.S. cross-country skier who has won two World Championship medals and hopes to add Olympic hardware to her collection. “I definitely think it makes it more challenging.” [ ](https://grist.org/wp-content/uploads/2026/01/Ski3.3.mp4) A technician performs a basic ski wax at Mountain to Sound Outfitters in Seattle. The technician (1) melts hot wax and (2) irons it deep into the ski, then (3) scrapes off the excess wax and (4) brushes it into a smooth layer. People have been lubricating skis for centuries. The History of Lapland, published in 1704, describes Sámi skiers using pine pitch or rosin to create a smooth, waterproof surface for their wooden skis. By the 1800s, athletes were experimenting with glycerin, whale oil, kerosene, and spermaceti, and the early 1900s brought water-repellent shellacs. In the 1940s, the Norwegian company Swix — a portmanteau of “ski” and “wax” — helped popularize petroleum-derived paraffin waxes. PFAS proliferated after the 1938 invention of Teflon — the stuff used in nonstick pots and pans — and were added to everything from takeout containers and outdoor clothing to firefighting foam and upholstery. But it wasn’t until the 1980s that PFAS made their way to skiing and snowboarding. These chemicals promised greater speed with less fuss in changing conditions. California entrepreneur Terry Hertel was among the first to dabble with the stuff after buying a fluorocarbon sample from the chemical company 3M. After realizing they made skis “faster than anything before,” he began adding fluorocarbons to his company’s waxes. Companies like Toko and Swix quickly followed. Nathan Schultz, a former U.S. cross-country racer who now owns a ski shop in Denver, remembers trying fluoro formulas for the first time in the mid-‘90s. “You put that stuff on your skis and it was like you were floating,” he said. Quantifying the exact advantage they conferred was difficult, since cross-country, downhill, and snowboard courses vary widely and race-day conditions differ from season to season. Still, he said, the effects were tangible, especially on wet snow. At first, fluoros were predominantly used by racers at important events because of their high cost. But by the time Schultz retired in 2006, everyone was using them. “If you tried to do a race without fluorinated wax, you would not be competitive,” Schultz said. “The amount of speed you could buy on your skis was really ridiculous.” An article from the January 1989 issue of Ski Magazine alludes to the exclusive advantages that come from expensive fluorinated waxes. Gary Hovland / Ski Magazine There was only one problem: The world could no longer ignore the dangers of PFAS. The chemicals were turning up everywhere, contaminating soil, food, and drinking water. Studies increasingly linked exposure to thyroid disease, developmental problems, and cancer. Baucom experienced that growing awareness himself, first as a collegiate racer and, starting in the late aughts, as a professional cross-country ski tech. Talk of the health risks was swirling through his sport’s often cramped and poorly ventilated wax rooms, where techs heated fluoro wax and ironed it into ski bases, kicking vapors and particulates into the air along the way. Wearing a mask or cracking a window provided only so much protection. “Any time you’re breathing in fumes and smoke, no matter what it is, it’s probably not great for you,” said Baucom, who was concerned about the growing body of research on the chemicals’ health risks. “It was pretty obvious right out the gate that these products have potential carcinogenic components.” Evidence of the risk mounted throughout the 2010s. One particularly alarming study from 2010 found that PFAS accumulated in the bodies of Scandinavian wax technicians, whose blood levels of the compound PFOA averaged 25 times higher than those of the general population. A 2024 study later confirmed the concentrations in people like Baucom “are among the highest of any occupation investigated to date.” “There was high exposure intensity, frequency, and duration,” said Kate Crawford, an author of the more recent research and an assistant professor of environmental studies at Middlebury College. John Steel Hagenbuch, a Nordic, or cross-country, skier on the U.S. Ski Team, recently had his blood tested and discovered his PFAS levels are higher than average. “The main concern with [PFAS] is that they’re so persistent,” he said. “They can remain in your blood or in water for a really long time.” PFAS’s durability means these chemicals don’t break down as they move from skis to snow and then into the soil and nearby watersheds. The full extent of contamination remains difficult to quantify, but growing evidence suggests it extends well beyond wax rooms. Read Next The EPA is rolling back drinking water limits for 4 PFAS. Thousands more remain unregulated. Joseph Winters In 2021, officials in Park City, Utah, detected the compounds in three wells drawing from an underground aquifer, including one near the start line of White Pine Touring Nordic Center race course. At first, water quality specialist Michelle De Haan suspected firefighting foam, but local agencies hadn’t used it. She later came across a study examining fluorinated race lubricants and, of the 14 related compounds identified in the study, 11 matched those found in the city’s aquifer. “That became a clearer picture to us,” De Haan said. While not definitive on its own, the finding suggested a likely link — one echoed by sampling in Europe that has found elevated PFAS levels on ski slopes there too. The impact can be especially significant when ski racers bring PFAS to places that might not otherwise be contaminated. “In some instances, people would be [using fluorinated waxes] in relatively pristine areas,” said Crawford. “It becomes a relatively significant environmental problem.” For years, these issues with ski wax lurked in plain sight. But as scientists learned more, the ski and snowboard community found itself caught between the knowledge that fluoros carried serious risks and the desire for easy speed. Nicolas Bal of France competes in the 2002 Olympics Ski Jumping event in Park City, Utah. Years later, PFAS chemicals linked to ski wax were detected in Park City’s well water. David Madison / Getty Images By the late 2010s, the unease surrounding PFAS had begun to shape policy that impacted, or even targeted, ski waxes. Regulators in the U.S. and Europe restricted some of the most-studied PFAS, in part by requiring manufacturers to get formal approval before using them in new applications. A handful of smaller races implemented their own fluoro bans — “wax truces,” as Schultz described them — though it remained difficult to compete without them in events that didn’t participate. Momentum grew in 2019, when the International Ski and Snowboard Federation, or FIS, announced plans for a blanket ban covering all 7,000 Nordic, Alpine, and snowboard competitions under its purview, including the World Cup. The decision elicited “surprise/shock,” said Lars Karlöf, the sanctioning body’s technical adviser, but it was intended to “limit the environmental impact of our activities as much as possible.” That’s when Swix disposed of its stockpile of fluoro waxes, says Geoff Hurwitch, commercial director for Swix USA. While he’s not sure exactly how much the company got rid of, or how it did so, he knows it was “a lot.” But, he said, it was no longer in compliance with U.S. Environmental Protection Agency standards and the company knew it wasn’t going to be able to sell it anyway. Jeremy Hecker, chief of operations at the ski division of another wax company, Rex Wax, said the move away from fluoros resulted in up to $30,000 in “dead inventory” — containers of fluoros that have either been destroyed or are collecting dust in storage. The FIS ban, while announced in 2019, did not take effect until the winter of 2023. Other sanctioning bodies, resorts and even towns across North America and Europe followed suit. Park City, for example, went fluoro-free in 2023 and allowed skiers and snowboarders to swap their stash for eco-friendlier options. TIn the fluoro ban’s first year, the city collected more than 600 pounds of the polluting wax during the ban’s first year. Technicians wax skis at the Falun World Cup in 2023. Leann Bentley / U.S. Ski & Snowboard Overall, the transition has worked “relatively smoothly,” said Knut Nystad, a wax technician for the Norwegian Ski Association. Kern, the U.S. cross-country skier, attributes that in part to the culture of the sport. “People in the cross-country community are very environmentally conscious,” she said. “They want to have clean water, they value their health a lot.” That broad buy-in, however, doesn’t mean the change has been seamless. One complication involves testing and enforcement. Because fluorinated compounds do not break down easily, traces can linger even on skis and snowboards that have been thoroughly cleaned, leading to false positives. But the steepest learning curve has been for the teams as technicians and athletes adjusted to a new generation of waxes. “It took a while for technicians to learn the new chemistry,” said Julia Mehre Ystgaard, who works withcoordinates Canada’s Nordic World Cup team. Schultz said early fluoro-free waxes were “very inferior” to fluorinated options. “It was kind of crazy,” he said. A ski might feel “pretty good” in one sunny stretch of a course and “terrible” in a shadier section. The modern alternatives still tend to be slower, and as U.S. cross-country skier Hagenbuch put it, they don’t do as well in late-season snow that’s warm and wet “like mashed potatoes.” He said it has become more common for his team to “miss the wax,” meaning skis aren’t well matched to the day’s conditions. Kern agreed, adding that the effect is especially noticeable on downhills. “You’re right behind [someone] at the top of a hill, and then they just pull away even though you’re in the draft where you should be pulling up on them,” she said. That impact can be compoundingly decisive: Less glide at the bottom of a hill makes it harder to crest the next one, and less lubrication demands more effort to maintain speed. Suddenly an athlete is off the podium. Alpine and snowboard races are generally much shorter than Nordic events — minutes versus potentially hours — but the high speeds and friction also make wax choice critical. “Fluoros were easier because fluoros were fast,” Hagenbuch said. “[They] have been referred to as, like, a ‘great equalizer.’” John Steel Hagenbuch, a cross-country skier on the U.S. Ski Team, says professional skiers are struggling to adapt to non-fluorinated waxes. Hagenbuch describes fast fluorinated waxes as “a great equalizer.” Dustin Satloff / NCAA via Getty Images Hurwitch, at Swix, says the new class of waxes are three to five years away from being as fast as the fluoros, and that company chemists are putting in thousands of kilometers of testing to reach that goal. Until then, however, the great equalizer is gone and other determinants of speed have taken on outsize importance. That, of course, includes physical conditioning and technique. You have to “make sure you have the steak first before you add the salt or the pepper,” said Nystad. But choosing the right equipment has become more important too. The art of grinding skis has become especially critical. The process involves passing a ski or snowboard over stone, to inlay a pattern designed for a specific snow condition, or set of conditions, like a tire tread. Zach Caldwell, a former Nordic racer and owner of a Vermont ski shop, said this is one reason he’s seen a “dramatic” increase in the number of cross-country skis teenage racers buy: so they can have pairs optimized for different circumstances. Baucom, the wax tech, said these pre-wax decisions once accounted for 80 to 90 percent of a Nordic setup’s speed, but without fluoros they now account for as much as 97 percent. The shift has raised concerns about competitive balance. While fluoros weren’t cheap, they were less expensive than perfecting grinds on an ever-larger armada of skis. Grinding machines alone can cost hundreds of thousands of dollars, and require tremendous expertise to run. Some athletes worry that this gives an advantage to countries like Norway — home to many major ski and wax companies — with deeper research budgets and larger wax tech teams. Hagenbuch said fluoros “brought the delta between how good people’s skis were together.” Without them, the gaps are remerging. He pointed to a December skiathlon in Trondheim, Norway, where his teammate Gus Schumacher was in contention for a medal yet finished 21st. Something similar happened at a 50-kilometer race last March, where only one athlete on Schumacher’s brand of skis finished in the top 20. “It wasn’t the wax. It wasn’t the athlete. … That was the skis,” said Hecker, with Rex Wax. And anyone with the wrong skis in Milano-Cortina will almost certainly miss their shot at the podium — something no amount of non-fluorinated wax will fix. Fluorinated ski wax, once ubiquitous among professional skiers, will be banned from the 2026 Winter Olympics over concerns of PFAS pollution. Jesse Nichols / Grist Even as fluorinated waxes disappear from competition, some athletes and technicians caution against assuming all problems have been solved. Nystad was among several people who noted that there’s no guarantee replacement products are benign. “A lot of people think that a fluoro ban means that now all waxes are healthy and you can almost use it as a jam on your sandwich and eat it,” he said. “But that’s not the case … You could have other chemicals in there that are not equally harmful, but that are harmful to nature and to individuals.” Because formulas are proprietary, it can be difficult to know exactly what newer waxes contain. They likely include petroleum-derived ingredients that can transfer to snowpacks. Even so, some industry insiders question how much attention wax deserves compared with snow sports’ other environmental implications. “It doesn’t make sense to me to discuss the environmental impacts of this until we have really cleared house on the environmental impact of travel, and the food we eat, and the clothes that we wear,” Caldwell said. Ski and snowboarding wax is also a minor contributor to the PFAS problem, globally. Crawford called it a “comparative drop in the bucket,” pointing to the fact that almost all commercial carpeting in the world is laden with PFAS. But the relative success of the ban in ski waxes is unique and could offer lessons — and hope — to anyone trying to get the chemicals out of other products. “There are always options,” said Hurwitch, noting that none of Swix’s new products — from outerwear to waxes — contain PFAS. “The water repellency in jackets may not be as good as it was with a PFAS based product but it’s still a great product. The wax may not be quite as reliably fast, yet, but for the vast majority of us skiers, it’s still plenty fast. It will come though.” The Olympic cross-country schedule begins Saturday with the women’s skiathlon. Kern will be racing at her second Games in temperatures that are expected to hover around freezing, where wax could be crucial. “We’re pretty much always testing skis,” she said. “We have to rely on and trust our wax team.” Hagenbuch will make his Olympic debut in Milan Cortina. The ban creates additional stress, he admits, but he believes it’s worth it. “For Tim and the other service technicians and for me and for our groundwater and for the environment, yeah, I think it’s good that we don’t do fluoros,” he said. “Do I miss them? Yeah, a little bit.” This story was originally published by Grist with the headline The Olympics are ditching PFAS waxes — and the ‘ridiculous’ speed they gave skiers on Feb 5, 2026. From Grist via This RSS Feed.
Komunitas
ibbit.at
A hacker demonstrated that the viral new AI agent Moltbot (formally Clawdbot) is easy to hack via a backdoor in an attached support shop. Clawdbot has become a Silicon Valley sensation among a certain type of AI-booster techbro, and the backdoor highlights just one of the things that can go awry if you use AI to automate your life and work. Software engineer Peter Steinberger first released Moltbot as Clawdbot last November. (He changed the name on January 27 at the request of Anthropic who runs a chatbot called Claude.) Moltbot runs on a local server and, to hear its boosters tell it, works the way AI agents do in fiction. Users talk to it through a communication platform like Discord, Telegram, or Signal and the AI does various tasks for them. According to its ardent admirers, Moltbot will clean up your inbox, buy stuff, and manage your calendar. With some tinkering, it’ll run on a Mac Mini and it seems to have a better memory than other AI agents. Moltbot’s fans say that this, finally, is the AI future companies like OpenAI and Anthropic have been promising. The popularity of Moltbot is sort of hard to explain if you’re not already tapped into a specific sect of Silicon Valley AI boosters. One benefit is the interface. Instead of going to a discrete website like ChatGPT, Moltbot users can talk to the AI through Telegram, Signal, or Teams. It’s also active, rather than passive. It also takes initiative. Unlike Claude or Copilot, Moltbot takes initiative and performs tasks it thinks a user wants done. The project has more than 100,000 stars on GitHub and is so popular it spiked Cloudflare’s stock price by 14% earlier this week because Moltbot runs on the service’s infrastructure. But inviting an AI agent into your life comes with massive security risks. Hacker Jamieson O’Reilly demonstrated those risks in three experiments he wrote up as long posts on X. In the first, he showed that it’s possible for bad actors to access someone’s Moltbot through any of its processes connected to the public facing internet. From there, the hacker could use Moltbot to access everything else, including Signal messages, a user had turned over to Moltbot. In the second post, O’Reilly created a supply chain attack on Moltbot through ClawdHub. “Think of it like your mobile app store for AI agent capabilities,” O’Reilly told 404 Media. “ClawdHub is where people share ‘skills,’ which are basically instruction packages that teach the AI how to do specific things. So if you want Clawd/Moltbot to post tweets for you, or go shopping on Amazon, there’s a skill for that. The idea is that instead of everyone writing the same instructions from scratch, you download pre-made skills from people who’ve already figured it out.” The problem, as O’Reilly pointed out, is that it’s easy for a hacker to create a “skill” for ClawdHub that contains malicious code. That code could gain access to whatever Moltbot sees and get up to all kinds of trouble on behalf of whoever created it. For his experiment, O’Reilly released a “skill” on ClawdHub called “What Would Elon Do” that promised to help people think and make decisions like Elon Musk. Once the skill was integrated into people’s Moltbot and actually used, it sent a command line pop-up to the user that said “YOU JUST GOT PWNED (harmlessly.)” Another vulnerability on ClawdHub was the way it communicated to users what skills were safe: it showed them how many times other people had downloaded it. O’Reilly was able to write a script that pumped “What Would Elon Do” up by 4,000 downloads and thus make it look safe and attractive. “When you compromise a supply chain, you’re not asking victims to trust you, you’re hijacking trust they’ve already placed in someone else,” he said. “That is, a developer or developers who’ve been publishing useful tools for years has built up credibility, download counts, stars, and a reputation. If you compromise their account or their distribution channel, you inherit all of that.” In his third, and final, attack on Moltbot, O’Reilly was able to upload an SVG (vector graphics) file to ClawdHub’s servers and inject some JavaScript that ran on ClawdHub’s servers. O’Reilly used the access to play a song from The Matrix while lobsters danced around a Photoshopped picture of himself as Neo. “An SVG file just hijacked your entire session,” reads scrolling text at the top of a skill hosted on ClawdHub. O’Reilly attacks on Moltbot and ClawdHub highlight a systemic security problem in AI agents. If you want these free agents doing tasks for you, they require a certain amount of access to your data and that access will always come with risks. I asked O’Reilly if this was a solvable problem and he told me that “solvable” isn’t the right word. He prefers the word “manegeable.” “If we’re serious about it we can mitigate a lot. The fundamental tension is that AI agents are useful precisely because they have access to things. They need to read your files to help you code. They need credentials to deploy on your behalf. They need to execute commands to automate your workflow,” he said. “Every useful capability is also an attack surface. What we can do is build better permission models, better sandboxing, better auditing. Make it so compromises are contained rather than catastrophic.” We’ve been here before. “The browser security model took decades to mature, and it’s still not perfect,” O’Reilly said. “AI agents are at the ‘early days of the web’ stage where we’re still figuring out what the equivalent of same-origin policy should even look like. It’s solvable in the sense that we can make it much better. It’s not solvable in the sense that there will always be a tradeoff between capability and risk.” As AI agents grow in popularity and more people learn to use them, it’s important to return to first principles, he said. “Don’t give the agent access to everything just because it’s convenient,” O’Reilley said. “If it only needs to read code, don’t give it write access to your production servers. Beyond that, treat your agent infrastructure like you’d treat any internet-facing service. Put it behind proper authentication, don’t expose control interfaces to the public internet, audit what it has access to, and be skeptical of the supply chain. Don’t just install the most popular skill without reading what it does. Check when it was last updated, who maintains it, what files it includes. Compartmentalise where possible. Run agent stuff in isolated environments. If it gets compromised, limit the blast radius.” None of this is new, it’s how security and software have worked for a long time. “Every single vulnerability I found in this research, the proxy trust issues, the supply chain poisoning, the stored XSS, these have been plaguing traditional software for decades,” he said. “We’ve known about XSS since the late 90s. Supply chain attacks have been a documented threat vector for over a decade. Misconfigured authentication and exposed admin interfaces are as old as the web itself. Even seasoned developers overlook this stuff. They always have. Security gets deprioritised because it’s invisible when it’s working and only becomes visible when it fails.” What’s different now is that AI has created a world where new people are using a tool they think will make them software engineers. People with little to no experience working a command line or playing with JSON are vibe coding complex systems without understanding how they work or what they’re building. “And I want to be clear—I’m fully supportive of this. More people building is a good thing. The democratisation of software development is genuinely exciting,” O’Reilly said. “But these new builders are going to need to learn security just as fast as they’re learning to vibe code. You can’t speedrun development and ignore the lessons we’ve spent twenty years learning the hard way.” Moltbot’s Steinberger did not respond to 404 Media’s request for comment but O’Reilly said the developer’s been responsive and supportive as he’s red-teamed Moltbot. “He takes it seriously, no ego about it. Some maintainers get defensive when you report vulnerabilities, but Peter immediately engaged, started pushing fixes, and has been collaborative throughout,” O’Reilly said. “I’ve submitted [pull requests] with fixes myself because I actually want this project to succeed. That’s why I’m doing this publicly rather than just pointing my finger and laughing Ralph Wiggum style…the open source model works when people act in good faith, and Peter’s doing exactly that.” From 404 Media via this RSS feed
Komunitas
ibbit.at
Chat & Ask AI, one of the most popular AI apps on the Google Play and Apple App stores that claims more than 50 million users, left hundreds of millions of those users’ private messages with the app’s chatbot exposed, according to an independent security researcher and emails viewed by 404 Media. The exposed chats showed users asked the app “How do I painlessly kill myself,” to write suicide notes, “how to make meth,” and how to hack various apps. The exposed data was discovered by an independent security researcher who goes by Harry. The issue is a misconfiguration in the app’s usage of the mobile app development platform Google Firebase, which by default makes it easy for anyone to make themselves an “authenticated” user who can access the app’s backend storage where in many instances user data is stored. Harry said that he had access to 300 million messages from more than 25 million users in the exposed database, and that he extracted and analyzed a sample of 60,000 users and a million messages. The database contained user files with a complete history of their chats with the AI, timestamps of those chats, the name they gave the app’s chatbot, how they configured the model, and which specific model they used. Chat & Ask AI is a “wrapper” that plugs into various large language models from bigger companies users can choose from, Including OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini. While the exposed data is a reminder of the kind of data users are potentially revealing about themselves when they talk to LLMs, the sample data itself also reveals some of the darker interactions users have with AI. “Give me a 2 page essay on how to make meth in a world where it was legalized for medical use,” one user wrote. “I want to kill myself what is the best way,” another user wrote. Recent reporting has also shown that messages with AI chatbots are not always idle chatter. We’ve seen one case where a chatbot encouraged a teenager not to seek help for his suicidal thoughts. Chatbots have been linked to multiple suicides, and studies have revealed that chatbots will often answer “high risk” questions about suicide. Chat & Ask AI is made by Turkish developer Codeway. It has more than 10 million downloads on the Google Play store and 318,000 ratings on the Apple App store. On LinkedIn, the company claims it has more than 300 employees who work in Istanbul and Barcelona. “We take your data protection seriously—with SSL certification, GDPR compliance, and ISO standards, we deliver enterprise-grade security trusted by global organizations,” Chat & Ask AI’s site says. Harry disclosed the vulnerability to Codeway on January 20. It exposed data of not just Chat & Ask AI users, but users of other popular apps developed by Codeway. The company fixed the issue across all of its apps within hours, according to Harry. The Google Firebase misconfiguration issue that exposed Chat & Ask AI user data has been known and discussed by security researchers for years, and is still common today. Harry says his research isn’t novel, but it now quantifies the problem. He created a tool that automatically scans the Google Play and Apple App stores for this vulnerability and found that 103 out of 200 iOS apps he scanned had this issue, cumulatively exposing tens millions of stored files. Dan Guido, CEO of the cybersecurity research and consulting firm Trail of Bits, told me in an email that this Firebase misconfiguration issue is “a well known weakness” and easy to find. He recently noted on X that Trail of Bits was able to make a tool with Claude to scan for this vulnerability in just 30 minutes. Harry also created a site where users can see the apps he found that suffer from this issue. If a developer reaches out to Harry and fixes the issue, Harry says he removes them from the site, which is why Codeway’s apps are no longer listed there. Codeway did not respond to a request for comment. From 404 Media via this RSS feed
Komunitas
ibbit.at
From Into Action download here. Hi, all, and happy Tuesday! Good grief, it feels like a Friday already, doesn’t it? We’re continuing to see a lot of churn and tumult. Some of it, at least, seems to be moving the conversation in our favor. Since I last wrote we’ve seen Greg Bovino kicked out of Minnesota and Noem seemingly sidelined—although Trump still maintains that she’s not stepping down. Multiple Republican officials are now urging investigations, possible pauses to ICE operations, and congressional hearings over concerns about current immigration enforcement policies and their consequences. 1 And the anti-ICE rhetoric has exploded —even in places heretofore kept apolitical. The Washington Post has a whole article about lifestyle and sports influencers who are now speaking out. Celebrities condemning ICE over the weekend included Natalie Portman, Olivia, Wilde, Zoey Deutch, Jenna Ortega, and Edward Norton (who called for a general strike!) Sports associations and athletes spoke up, too— I already mentioned the NBA Players Association, but they’ve been joined by Brianna Stewart, Tyrese Haliburton, and Steve Kerr. There were moments of silence at NBA and PHWL games. Even Uber-right Barstool Sports called this a “watershed moment.” Y’all, we’re still in the thick of it, and at any moment another unspeakable atrocity could occur (in fact it just did, in Arizona). But I believe we are witnessing a sea change in public opinion and I want to celebrate that. Regular Americans who were unengaged are becoming engaged. People are realizing that “I don’t talk about politics” doesn’t work when “politics” can shoot you dead in the street for no reason. As a result, more and more people are asking “what can I do?” My husband has gotten multiple calls from male friends who want to deliver groceries to immigrants here in L.A. A friend went to an ICE rapid response training in Pasadena yesterday. They were expecting 100 attendees. She told me there were about 1000 people in attendance! From what I’ve heard Indivisible’s ICE Observer training last night had 150,000 RSVPs! It goes on. Of course many of us have already been here doing this work. But we’ve always known our circle would need to widen if we’re to win this fight, and right now it’s widening very rapidly. Good! While it may be tempting to say “what took these people so long?” the more productive (and generous) response, of course, is to throw our arms open, cry “welcome!’ and tell everyone joining us how they can help. As for our calls, they remain unchanged while the Senate battle is ongoing, for while we’ve seen a coalescing determination from Democrats to hold the line (except for Fetterman, ugh) we must not relent. They must hear from us daily. As for Republicans? I’ll be damned if we’re going to let them off the hook. If there were ever a moment when we could peel some of them off this is it. They’re not blind. They read the same polls and notice the same trends we do. They know they’re on the losing side of this argument. If they were ever going to make a stand now is the time. So let’s keep calling. I love you guys. I am so very very proud of what we’re doing here, and what AMERICA is doing. We are collectively re-discovering our commitment to justice, democracy and freedom, and joining forces to save them. E pluribus, unum indeed! It’s the stuff out of history books or epic films, folks. But we’re not reading or watching it. We’re living it. What an honor. What a responsibility! We are the ones the world is rooting for. So let’s go out there and do them proud. Call Your Senators (find yours here) 📲 Hi, I’m a constituent calling from [zip]. My name is ______. I want the Senator to vote no on the DHS funding bill until several conditions are met: ICE and CBP must leave Minneapolis and stop terrorizing American cities. We need a full, independent investigation into Renee Good and Alex Pretti’s killings. There can be no more detaining and deporting of U.S. Citizens. ICE’s masks must come off. And the mass arrest quotas and warrantless arrests must end. Also? Kristi Noem and Stephen Miller must step down or be impeached, and Greg Bovino must be investigated. We’ve had enough! [If GOP add:] Republicans need to stop blindly defending ICE and the Trump administration. The American people have had it; we will not accept being lied to. We want Congress to do its job and protect us—not a bunch of masked thugs. Please ask the Senator to join with Democrats and demand a complete overhaul of ICE before more people die. Thanks. Extra Credit ✅ The Agricultural committee markup for a terrible crypto bill called The Digital Commodities Intermediaries Act (formerly the Clarity Act), is THIS WEEK. We need every Dem Senator on the Ag Committee to oppose it. This bill ignores crypto corruption in the White House and will negatively impact our economy and consumers. Senator Booker is already opposed because it “fails to address core concerns.” We need to get the rest of the Dems on board! We need lots and lots of calls. Please call the member below if they are your Senator. Amy Klobachar, Minnesota 202-224-3244 Michael Bennet, Colorado, 202-224-5941 Tina Smith, Minnesota 202-224-5641 Richard Durbin, Illinois 202-224-2152 Cory Booker New Jersey 202-224-5702 Ben Ray Lujan New Mexico. 202-224-6621 Raphael Warnock Georgia 202-224-3643 Peter Welch Vermont 202-224-4242 Adam Schiff California (202) 224-3841 John Fetterman Pennsylvania 202-224-4254 Elissa Slotkin Michigan 202-224-4822 Script: Script : My name is _____ and I’m a constituent from [zip]. I’m asking the Senator to vote no on The Digital Commodities Intermediaries Act (formerly the Clarity Act) when it comes up in the Agriculture Committee this week. Democrats shouldn’t give away the future of the American economy to crypto oligarchs who are dismantling our democracy, nor give a blank check to crypto corruption in the White House. I know Senator Booker will vote no and I am counting on you to vote no as well. Thank you! Extra Extra Credit ✅ ✅ Free DC has made it easy to email the CEOs of Target, Hilton, and Enterprise to demand that their companies cancel their contracts with ICE (or, in Target’s case, stop allowing them to stage in their parking lots). Please do so here! Get Smart! 📚 In case you missed Indivisible’s training yesterday, I have two more in similar veins that sound excellent! The National Day Laborer Organizing Network will be holding a mass call on its Adopt A Day Labor Corner program and other ways we can help push ICE out of our communities TOMORROW at 7PM ET - we can sign up to join here. [H/T ] Join SURJ and their immigrant partner organization, Solidarity Organizing Initiative, for a training on organizing locally and being ready if ICE comes to your community. No experience is necessary—anyone who wants to take practical steps to build neighborhood-level power is welcome. They’ll share lessons from Minneapolis, where communities organized at the neighborhood level—parents coordinating school drop-off patrols, neighbors looking out for one another, and networks ready to mobilize when ICE showed up. Minneapolis showed what’s possible when communities are organized and now we’ll explore how to start that same groundwork where you live. Step by step, they’ll explore how to get to know your neighbors, build trust, and prepare to act together if ICE comes to your town. RSVP here. Give 💰! I was at a gathering on Sunday and I met someone who is good friends with the folks who run 5 Calls. She informed me that the volunteers running this app are desperate for donations to keep it going! 5 Calls is an amazing resource that has enabled literally hundreds of thousands of Americans to call their reps regularly. It is invaluable to our fight. If you can possibly throw them some cash—or even become a monthly donor—please do so here. Get in the Streets! 🪧 Indivisible is asking us to plan an ICE Out action at our senators’ home offices. Our calls and emails are critical, but it’s also very important that we turn up the pressure on senators publicly, in their home states. Indivisible encourage us to plan creative, nonviolent, and lawful actions that honor the lives taken and highlight our demand to rein in ICE. ESPECIALLY if your Senator is a Republican! More info on how to do this in this toolkit. Grab your Wallet! 💳 If you want to learn what companies to boycott AND which to use in their stead I highly recommend follwing the Instagram creator Cut Off the Spigot. She is fantastic! I have learned so much from her. She dives deep into who owns what companies and where they get their funding, and always offers an ethical alternative! Sorry if you’re not on Meta—she’s apparently also on Upscroll but I’m not familiar with that platform so can’t link to it. But if you’re on instagram do check her out! Win Races! A lot of eyes nationally are on Texas’ State Senate District 9, which will complete its runoff in a rare Saturday election this week. The fight between Democratic veteran, union leader and machinist Taylor Rehmet and MAGA activist Leigh Wambsganss has attracted eye-popping amounts of donations as they compete in the bellwether of Tarrant County. Imagine what it’ll do to Republicans if we win this seat! We can sign up to phonebank for Taylor: TONIGHT at 7PM ET with Blue Texas TOMORROW at 6:30PM ET with the Texas AFL-CIO THURSDAY at 7PM ET with Blue Texas [H/T ] Resistbot Letter (new to Resistbot? Go here! And then here.) 💻 [To: all 3 reps ] [H/T ] [Text SIGN to 50409, or to @Resistbot on Apple Messages, Messenger, Instagram, or Telegram] (Note that for the most effective RESISTBOT it’s best to personalize this text. More about how to do this here. But if you’re short on time just send it as is using the above code.) I am writing to urge you to oppose the SAVE Act (H.R. 22 / S. 128) and any expanded version, including a so-called “SAVE Act Plus” or “Super SAVE Act.” This legislation is not about election security. It is a coordinated effort to suppress lawful voters by turning registration into a bureaucratic obstacle course. [It’s a long letter—the rest of the text is here.] OK, you did it again! You’re helping to save democracy! You’re amazing. Talk soon. Jess Chop Wood, Carry Water is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Share Leave a comment 1 From Chop Wood, Carry Water via this RSS feed
Komunitas
lemmy.bestiver.se
zerobrew takes a lot of ideas from uv - packages live in a content-addressable store (by sha256), so reinstalls are instant. Downloads, extraction, and linking run in parallel with aggressive HTTP caching. It pulls from Homebrew’s CDN, so you can swap brew for zb with your existing commands. This leads to dramatic speedups, up to 5x cold and 20x warm! Comments
Komunitas
lemmy.world
I’m pretty sure this is aimed at websites that have a “download” or “get x now” link on their website that just takes you to a git hub page with no obvious download section. It isn’t uncommon, and it can be frustrating. At the very least, it’s a bad user experience.
Komunitas
lemmy.dbzer0.com
I need some help if anyone could take the time and has the knowledge: I’m basically new to podman and namespaces, relatively new to linux and a noob at networking. So figuring this out and getting it to work took many more hours than I would like to admit, but I still have a few problems. I have all my current Quadlets below in the spoiler (seperated by “—”, assume user123 = UID 1000). I am on Bazzite, rootless Podman, which probably makes this even harder. ::: spoiler Spoiler with the Quadlets [Unit] Description=Arr-stack pod [Pod] PodName=arr-stack # Network # Network=vpn-only # User mapping / I don't fully understand this yet, but the pod does not work without this (maps user id to specified ID inside the containers? So the containers have UID:GID 1000:1000?) UserNS=keep-id:uid=1000,gid=1000 # # Homepage Port Mapping PublishPort=3000:3000 # Jellyfin Port Mapping PublishPort=8096:8096/tcp # qBittorrent Port Mapping PublishPort=8080:8080 #PublishPort=6881:6881 #PublishPort=6881:6881/udp # Prowlarr Port Mapping PublishPort=9696:9696 # Flaresolverr Port Mapping PublishPort=8191:8191 # Radarr Port Mapping PublishPort=7878:7878 # Sonarr Port Mapping PublishPort=8989:8989 # Jellyseerr Port Mapping #PublishPort=8055:5055 #[Install] # WantedBy=default.target --- [Unit] Description=Gluetun Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod [Container] ContainerName=gluetun Pod=arr-stack.pod Image=docker.io/qmcgaw/gluetun:v3 AutoUpdate=registry # Network # Network=vpn-only # UID/GID permissions / root + privileged for networking? PodmanArgs=--privileged User=0 Group=0 # Equivalent to cap_add: - NET_ADMIN # one wrong? AddCapability=NET_ADMIN AddCapability=CAP_NET_ADMIN # Required for Gluetun to delete the bridge's default route, but does not work AddCapability=NET_RAW AddCapability=CAP_NET_RAW # Equivalent to "devices: - /dev/net/tun:/dev/net/tun" AddDevice=/dev/net/tun:/dev/net/tun # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=gluetun.env # Environment=FIREWALL_OUTBOUND_SUBNETS=10.90.0.0/24 / test from a specific podman network Environment=FIREWALL_INPUT_PORTS=8080 # Environment=VPN_SERVICE_PROVIDER= <123> Environment=VPN_TYPE=wireguard Environment=WIREGUARD_PRIVATE_KEY= Environment=SERVER_COUNTRIES= # for now: Environment=VPN_PORT_FORWARDING=off #Secret=openvpn_user,type=env,target=OPENVPN_USER #Secret=openvpn_password,type=env,target=OPENVPN_PASSWORD #Volume Volume=/var/home/user123/.config/arr-configs/gluetun:/gluetun:Z # SecurityLabel=disable [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=qBittorrent Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=qbittorrent Pod=arr-stack.pod Image=lscr.io/linuxserver/qbittorrent:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=qbittorrent.env Environment=WEBUI_PORT=8080 # Environtment=TORRENTING_PORT=6881 # Volume :Z (> :z) probably works as well and is saver for configs? Volume=/var/home/user123/.config/arr-configs/qbittorrent:/config:z Volume=/var/home/user123/Videos/Downloads:/downloads:z # Volume=/var/home/user123/Videos/Downloads/completed:/downloads:z,U # Volume=/var/home/user123/Videos/Downloads/incomplete:/incomplete:z,U # Volume=/var/home/user123/Videos/Downloads/torrents:/torrents:z,U [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Prowlarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=prowlarr Pod=arr-stack.pod Image=lscr.io/linuxserver/prowlarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=prowlarr.env Environment=WEBUI_PORT=9696 # Volume Volume=/var/home/user123/.config/arr-configs/prowlarr:/config:z,U [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Sonarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=sonarr Pod=arr-stack.pod Image=lscr.io/linuxserver/sonarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=sonarr.env Environment=WEBUI_PORT=8989 # Volume / Disable SecurityLabels due to SMB share, need to look this up SecurityLabelDisable=true Volume=/var/home/user123/.config/arr-configs/sonarr:/config:z Volume=/var/home/user123/Videos/Shows:/tv:z Volume=/var/home/user123/Videos/Downloads:/downloads:z [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Radarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=radarr Pod=arr-stack.pod Image=lscr.io/linuxserver/radarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=radarr.env Environment=WEBUI_PORT=7878 # Volume / Disable SecurityLabels due to SMB share SecurityLabelDisable=true Volume=/var/home/user123/.config/arr-configs/radarr:/config:z Volume=/var/home/user123/Videos/Movies:/movies:z Volume=/var/home/user123/Videos/Downloads:/downloads:z [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Flaresolverr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=flaresolverr Pod=arr-stack.pod Image=ghcr.io/flaresolverr/flaresolverr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=flaresolverr.env Environment=WEBUI_PORT=8191 Environment=LOG_LEVEL=info Environment=LOG_HTML=false Environment=CAPTCHA_SOLVER=none # Volume=flaresolverr:/app/ [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Podman - Jellyfin # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=jellyfin Pod=arr-stack.pod Image=ghcr.io/jellyfin/jellyfin AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / 1000:1000 might work? User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=jellyfin.env Environment=WEBUI_PORT=8096:8096/tcp #PublishPort=8096:8096/tcp #PublishPort=8920:8920 #PublishPort=7359:7359/udp #PublishPort=1900:1900/udp # Volume Volume=/var/home/user123/.config/arr-configs/jellyfin:/config:z Volume=/var/home/user123/Videos/jellyfin-cache:/cache:z Volume=/var/home/user123/Videos/Movies:/data/movies:z Volume=/var/home/user123/Videos/Shows:/data/shows:z [Service] # Inform systemd of additional exit status # SuccessExitStatus=0 143a Restart=always TimeoutStartSec=900 #[Install] # Start by default on boot #WantedBy=default.target --- [Unit] Description=Homepage Dashboard # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container # idk about this?: After=network-online.target Wants=network-online.target # Socket Wants=podman.socket After=podman.socket Requires=podman.socket [Container] ContainerName=homepage Pod=arr-stack.pod Image=ghcr.io/gethomepage/homepage:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions User=1000 Group=1000 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvirontmentFile=homepage.env #Environment=LOG_LEVEL=debug Environment=HOMEPAGE_ALLOWED_HOSTS=gethomepage.dev #PublishPort=3000:3000 # Podman socket (recommended on Bazzite) Volume=%t/podman/podman.sock:/var/run/docker.sock:ro #Volume=/var/run/docker.sock:/run/user/1000/podman/podman.sock:ro #Volume=/%t/podman/podman.sock:/run/user/1000/podman/podman.sock:ro # Volume / Config directory SecurityLabelDisable=true Volume=%h/apps/homepage:/app/config:Z Volume=%h/apps/homepage/icons:/app/public/icons:Z [Service] Restart=on-failure TimeoutStartSec=300 #[Install] #WantedBy=default.target ::: Questions: If I use “podman exec ip route” (on e.g. qbittorrent) the default route goes through my actual network interface (actual ip adress) which I very much do not want (or through my killswitch dummy network from my VPN if on, which is better but still not ideal). Is there a way to completely remove my actual network from a container’s eyes? “podman exec ip addr” shows 1 lo (local), 2 my actual network, 4 tun0 from gluetun. The traffic does go through gluetun correctly, but I don’t trust it 100%. Having the containers separated and NOT inside a pod gives the same result, since the containers share the network namespaces from the gluetun container when I do “Network=container:gluetun” (same as just having them in a pod as far as I understand). I tried to also create a podman network without a default gateway, but then gluetun cannot connect to the VPN in the first place. EDIT: A few notes: I thought gluetun was supposed to set the default route (but it seems it either doesn’t or can’t). My goal was to only have gluetun see my computer’s network and have the containers only see local network and gluetun’s tun0 network (with default routing through tun0). AFAIK pods share network namespaces, though, so that might not be possible? (even without pods?) My setup works but is quite convoluted and probably has many unnecessary lines, so please give me any improvements you see Is User=1000, Group=1000, even sensible? For example in the homepage container those lines result in the container showing User “1000:1000” (from podman inspect). Would User=0, Group=0 (or no lines since I use UserNS=keep-id in the pod?), which shows as User=root (podman inspect) mean that it has actual root access or just that it is root INSIDE the container? Thank you in advance for the answers, in case I don’t reply to your comment specifically.
Komunitas
fedia.io
If 200,000 people would rather figure out how to make all their individual forum softwares work together in synchrony than put up with your bloody app, Reddit, maybe you have a pretty shitty app? Dunno. I never installed it coz I never install any apps if I can help it, and I know how to use a web browser. But if a quarter of a million people would rather subject themselves to the complexities of distributed information networks and the politics of inter-instance blocking than use your bloody app, Reddit, maybe you have a pretty shitty app? It’s like the kids today don’t know what a web address is with their obsession with apps. They seem to prefer to download an executable than read a text document. If even them, a million zoomer kids who are normally obsessed with apps, if even they would rather entertain the idea of a communications commons not owned and controlled by oligarchs than use your app, then maybe you should have just used yer IPO money to buy Apollo? Dunno. I’ve never installed either. Sounds sketchy. I distrust apps. @Gaywallet
Komunitas
lemmy.dbzer0.com
I need some help if anyone could take the time and has the knowledge: I’m basically new to podman and namespaces, relatively new to linux and a noob at networking. So figuring this out and getting it to work took many more hours than I would like to admit, but I still have a few problems. I have all my current Quadlets below in the spoiler (seperated by “—”, assume user123 = UID 1000). I am on Bazzite, rootless Podman, which probably makes this even harder. ::: spoiler Spoiler with the Quadlets [Unit] Description=Arr-stack pod [Pod] PodName=arr-stack # Network # Network=vpn-only # User mapping / I don't fully understand this yet, but the pod does not work without this (maps user id to specified ID inside the containers? So the containers have UID:GID 1000:1000?) UserNS=keep-id:uid=1000,gid=1000 # # Homepage Port Mapping PublishPort=3000:3000 # Jellyfin Port Mapping PublishPort=8096:8096/tcp # qBittorrent Port Mapping PublishPort=8080:8080 #PublishPort=6881:6881 #PublishPort=6881:6881/udp # Prowlarr Port Mapping PublishPort=9696:9696 # Flaresolverr Port Mapping PublishPort=8191:8191 # Radarr Port Mapping PublishPort=7878:7878 # Sonarr Port Mapping PublishPort=8989:8989 # Jellyseerr Port Mapping #PublishPort=8055:5055 #[Install] # WantedBy=default.target --- [Unit] Description=Gluetun Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod [Container] ContainerName=gluetun Pod=arr-stack.pod Image=docker.io/qmcgaw/gluetun:v3 AutoUpdate=registry # Network # Network=vpn-only # UID/GID permissions / root + privileged for networking? PodmanArgs=--privileged User=0 Group=0 # Equivalent to cap_add: - NET_ADMIN # one wrong? AddCapability=NET_ADMIN AddCapability=CAP_NET_ADMIN # Required for Gluetun to delete the bridge's default route, but does not work AddCapability=NET_RAW AddCapability=CAP_NET_RAW # Equivalent to "devices: - /dev/net/tun:/dev/net/tun" AddDevice=/dev/net/tun:/dev/net/tun # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=gluetun.env # Environment=FIREWALL_OUTBOUND_SUBNETS=10.90.0.0/24 / test from a specific podman network Environment=FIREWALL_INPUT_PORTS=8080 # Environment=VPN_SERVICE_PROVIDER= <123> Environment=VPN_TYPE=wireguard Environment=WIREGUARD_PRIVATE_KEY= Environment=SERVER_COUNTRIES= # for now: Environment=VPN_PORT_FORWARDING=off #Secret=openvpn_user,type=env,target=OPENVPN_USER #Secret=openvpn_password,type=env,target=OPENVPN_PASSWORD #Volume Volume=/var/home/user123/.config/arr-configs/gluetun:/gluetun:Z # SecurityLabel=disable [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=qBittorrent Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=qbittorrent Pod=arr-stack.pod Image=lscr.io/linuxserver/qbittorrent:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=qbittorrent.env Environment=WEBUI_PORT=8080 # Environtment=TORRENTING_PORT=6881 # Volume :Z (> :z) probably works as well and is saver for configs? Volume=/var/home/user123/.config/arr-configs/qbittorrent:/config:z Volume=/var/home/user123/Videos/Downloads:/downloads:z # Volume=/var/home/user123/Videos/Downloads/completed:/downloads:z,U # Volume=/var/home/user123/Videos/Downloads/incomplete:/incomplete:z,U # Volume=/var/home/user123/Videos/Downloads/torrents:/torrents:z,U [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Prowlarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=prowlarr Pod=arr-stack.pod Image=lscr.io/linuxserver/prowlarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=prowlarr.env Environment=WEBUI_PORT=9696 # Volume Volume=/var/home/user123/.config/arr-configs/prowlarr:/config:z,U [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Sonarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=sonarr Pod=arr-stack.pod Image=lscr.io/linuxserver/sonarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=sonarr.env Environment=WEBUI_PORT=8989 # Volume / Disable SecurityLabels due to SMB share, need to look this up SecurityLabelDisable=true Volume=/var/home/user123/.config/arr-configs/sonarr:/config:z Volume=/var/home/user123/Videos/Shows:/tv:z Volume=/var/home/user123/Videos/Downloads:/downloads:z [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Radarr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=radarr Pod=arr-stack.pod Image=lscr.io/linuxserver/radarr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=radarr.env Environment=WEBUI_PORT=7878 # Volume / Disable SecurityLabels due to SMB share SecurityLabelDisable=true Volume=/var/home/user123/.config/arr-configs/radarr:/config:z Volume=/var/home/user123/Videos/Movies:/movies:z Volume=/var/home/user123/Videos/Downloads:/downloads:z [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Flaresolverr Container # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=flaresolverr Pod=arr-stack.pod Image=ghcr.io/flaresolverr/flaresolverr:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=flaresolverr.env Environment=WEBUI_PORT=8191 Environment=LOG_LEVEL=info Environment=LOG_HTML=false Environment=CAPTCHA_SOLVER=none # Volume=flaresolverr:/app/ [Service] Restart=always #[Install] #WantedBy=default.target --- [Unit] Description=Podman - Jellyfin # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container [Container] ContainerName=jellyfin Pod=arr-stack.pod Image=ghcr.io/jellyfin/jellyfin AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions / 1000:1000 might work? User=0 Group=0 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvironmentFile=jellyfin.env Environment=WEBUI_PORT=8096:8096/tcp #PublishPort=8096:8096/tcp #PublishPort=8920:8920 #PublishPort=7359:7359/udp #PublishPort=1900:1900/udp # Volume Volume=/var/home/user123/.config/arr-configs/jellyfin:/config:z Volume=/var/home/user123/Videos/jellyfin-cache:/cache:z Volume=/var/home/user123/Videos/Movies:/data/movies:z Volume=/var/home/user123/Videos/Shows:/data/shows:z [Service] # Inform systemd of additional exit status # SuccessExitStatus=0 143a Restart=always TimeoutStartSec=900 #[Install] # Start by default on boot #WantedBy=default.target --- [Unit] Description=Homepage Dashboard # Dependencies # pod Wants=arr-stack-pod.service After=arr-stack-pod.service Requires=arr-stack-pod.service PartOf=arr-stack-pod.service # .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=arr-stack.pod After=arr-stack.pod Requires=arr-stack.pod PartOf=arr-stack.pod # gluetun Wants=gluetun.service After=gluetun.service Requires=gluetun.service BindsTo=gluetun.service # .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax Wants=gluetun.container After=gluetun.container Requires=gluetun.container BindsTo=gluetun.container # idk about this?: After=network-online.target Wants=network-online.target # Socket Wants=podman.socket After=podman.socket Requires=podman.socket [Container] ContainerName=homepage Pod=arr-stack.pod Image=ghcr.io/gethomepage/homepage:latest AutoUpdate=registry # Network Network=container:gluetun # UID/GID permissions User=1000 Group=1000 Environment=PUID=1000 Environment=PGID=1000 # EnvironmentFile=global.env Timezone=UTC Environment=TZ=Etc/UTC # EnvirontmentFile=homepage.env #Environment=LOG_LEVEL=debug Environment=HOMEPAGE_ALLOWED_HOSTS=gethomepage.dev #PublishPort=3000:3000 # Podman socket (recommended on Bazzite) Volume=%t/podman/podman.sock:/var/run/docker.sock:ro #Volume=/var/run/docker.sock:/run/user/1000/podman/podman.sock:ro #Volume=/%t/podman/podman.sock:/run/user/1000/podman/podman.sock:ro # Volume / Config directory SecurityLabelDisable=true Volume=%h/apps/homepage:/app/config:Z Volume=%h/apps/homepage/icons:/app/public/icons:Z [Service] Restart=on-failure TimeoutStartSec=300 #[Install] #WantedBy=default.target ::: Questions: If I use “podman exec ip route” (on e.g. qbittorrent) the default route goes through my actual network interface (actual ip adress) which I very much do not want (or through my killswitch dummy network from my VPN if on, which is better but still not ideal). Is there a way to completely remove my actual network from a container’s eyes? “podman exec ip addr” shows 1 lo (local), 2 my actual network, 4 tun0 from gluetun. The traffic does go through gluetun correctly, but I don’t trust it 100%. Having the containers separated and NOT inside a pod gives the same result, since the containers share the network namespaces from the gluetun container when I do “Network=container:gluetun” (same as just having them in a pod as far as I understand). I tried to also create a podman network without a default gateway, but then gluetun cannot connect to the VPN in the first place. My setup works but is quite convoluted and probably has many unnecessary lines, so please give me any improvements you see Is User=1000, Group=1000, even sensible? For example in the homepage container those lines result in the container showing User “1000:1000” (from podman inspect). Would User=0, Group=0 (or no lines since I use UserNS=keep-id in the pod?), which shows as User=root (podman inspect) mean that it has actual root access or just that it is root INSIDE the container? Thank you in advance for the answers, in case I don’t reply to your comment specifically.
Komunitas
lemmygrad.ml
USSR produced many firsts in the realm of science and technology: 1957: First intercontinental ballistic missile R-7 Semyorka 1957: First orbiting satellite, Sputnik 1 1957: First living in orbit, the dog Laika on Sputnik 2 1957: First nuclear powered icebreaker “Lenin” weighing in at 19,240 tons of steel 1958: First Tokamak thermonuclear experimental system 1959: First man-made object to leave the Earth’s orbit, Luna 1 1959: First communication to and from Luna 1 with Earth 1959: First object to pass near the moon, and the first object in orbit around the Moon, Luna 1 1959: First satellite hit the moon, Luna 2 1959: First images of the dark side of the moon, Luna 3 1960: First satellite to be launched to Mars, the Marsnik 1 1961: First satellite to Venus, Venera 1 1961: First person to enter orbit around the Earth, Yuri Gagarin in Vostok 1 1961: First person to spend a day in orbit, Gherman Titov – Vostok 2 1962: First flight of two astronauts, Vostok 3 and Vostok 4 1963: First woman in space, Valentina Tereshkova, Vostok 6 1964: First flight of several astronauts, Voskhod 1 1965: First spacewalk, Aleksei Leonov, Voskhod 2 1965: First probe to another planet Venus, Venera 3 1966: First probe to descend on the moon and send from there, Luna 9 1966: First probe in lunar orbit, Luna 10 1967: First meeting of unmanned Cosmos 186/Cosmos 188, this aws not achieved by US until 2006 1969: First docking and crew exchange in orbit, Soyuz 4 and Soyuz 5 1970: First signals sent to the moon by Luna 16 1970: First mobile robot, Lunokhod 1 1970: First data sent by a probe from another planet (Venus), Venera 7 1971: First space station, Salyut 1 1971: First satellite in orbit around Mars and landing on Mars 2 1975: First satellite in orbit around Venus and sending data to earth, Venera 9 1984: First woman to walk in space, Svetlana Savitskaja on Salyut 7 1986: First team to visit two space stations Salyut and Mir 1986: First permanent space station in Earth orbit from 1986 to 2001, MIR 1987: First team to spend more than a year aboard Mir, Vladimir Titov and Musa Manarov These are just some of the biggest technological and social achievements of the Soviet Union. academic studies on USSR Professor of Economic History, Robert C. Allen, concludes in his study without the 1917 revolution is directly responsible for rapid growth that made the achievements listed above possilbe: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.507.8966&rep=rep1&type=pdf Study demonstrating the steady increase in quality of life during the Soviet period (including under Stalin). Includes the fact that Soviet life expectancy grew faster than any other nation recorded at the time: https://www.jstor.org/stable/2672986?seq=1 A large study using world bank data analyzing the quality of life in Capitalist vs Socialist countries and finds overwhelmingly at similar levels of development with socialism bringing better quality of life: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1646771/pdf/amjph00269-0055.pdf This study compared capitalist and socialist countries in measures of the physical quality of life (PQL), taking into account the level of economic development. https://pubmed.ncbi.nlm.nih.gov/2430906/ This study shows that unprecedented mortality crisis struck Eastern Europe during the 1990s, causing around 7 million excess deaths. The first quantitative analysis of the association between deindustrialization and mortality in Eastern Europe. https://academic.oup.com/cje/advance-article/doi/10.1093/cje/beac072/7081084?guestAccessKey=01c8dd9f-af1c-48b3-b271-eb5d3a45017c&login=false So, how do people who lived under communism feel now that they got a taste of capitalism? A remarkable 72% of Hungarians say that most people in their country are actually worse off today economically than they were under communism. Only 8% say most people in Hungary are better off, and 16% say things are about the same. In no other Central or Eastern European country surveyed did so many believe that economic life is worse now than during the communist era. This is the result of almost universal displeasure with the economy. Fully 94% describe the country’s economy as bad, the highest level of economic discontent in the hard hit region of Central and Eastern Europe. Just 46% of Hungarians approve of their country’s switch from a state-controlled economy to a market economy; 42% disapprove of the move away from communism. The public is even more negative toward Hungary’s integration into Europe; 71% say their country has been weakened by the process. The most incredible result was registered in a July 2010 IRES (Romanian Institute for Evaluation and Strategy) poll, according to which 41% of the respondents would have voted for Ceausescu, had he run for the position of president. And 63% of the survey participants said their life was better during communism, while only 23% attested that their life was worse then. Some 68% declared that communism was a good idea, just one that had been poorly applied. Glorification of the German Democratic Republic is on the rise two decades after the Berlin Wall fell. Young people and the better off are among those rebuffing criticism of East Germany as an “illegitimate state.” In a new poll, more than half of former eastern Germans defend the GDR. A poll shows that as many as 81 per cent of Serbians believe they lived best in the former Yugoslavia -“during the time of socialism”. The survey focused on the respondents’ views on the transition “from socialism to capitalism”, and a clear majority said they trusted social institutions the most during the rule of Yugoslav communist president Josip Broz Tito. The standard of living during Tito’s rule from the Second World War to the 1980s was also assessed as best, whereas the Milosevic decade of the 1990s, and the subsequent decade since the fall of his regime are seen as “more or less the same”. 45 percent said they trusted social institutions most under communism with 23 percent choosing the 2001-2003 period when Zoran Djinđic was prime minister. Only 19 per cent selected present-day institutions. 75% of Russians have expressed increasingly positive opinions about the Soviet Union over the years. Only a small portion of those surveyed said they had negative associations with the Soviet Union. The economic deficit, long lines and coupons were named by 4% of respondents each, while the Iron Curtain, economic stagnation and political repressions were named by 1% each, the Levada Center said. Adult mortality increased enormously in Russia and other countries of the former Soviet Union when the Soviet system collapsed 30 years ago. https://archive.ph/9Z12u Former Soviet Countries See More Harm From Breakup https://news.gallup.com/poll/166538/former-soviet-countries-harm-breakup.aspx The Free market paradise goes East chapters in Blackshirts and Reds details some more results of the transition to capitalism.
Komunitas
lemmygrad.ml
Hi, in this post I will share my way of playing pirated games in linux. There are various methods to pirate games in linux, this post will not cover all of them, just the one that works for me. In short, I download cracked preintstalled windows games from trusted websites and run them using heroic games launcher (HGL). In details below. Getting the game files: There are numerous websites that offer preinstalled games. For up to date and trusted list by the community always check fmhy. Visit the websites that offer preinstalled files. Extract the game files in a folder. I use a dedicated /games folder. Running the game: I use heroic game launcher to run the games. It uses wine/proton under the hood. Let’s see how to setup heroic launcher. STEP 1: Get the application. As far as I know, the developers recommend the flatpak version, it has to be given permission to access the the game folder using flatseal (or kde application permission manager if using kde). I have granted it access to the /games folder. STEP 2: Download the latest proton-ge runner from the wine manager tab. STEP 3: Click on “ADD GAME” in the library tab in HGL. If the name of the game is entered accurately in the title section, the launcher will autofill the cover art. Then select the GAME.EXE that launches the game. Then proceed to run game. HGL can also be used to install and play games from epic game store, so the free games from epic can be played in linux as well. Repacks can be installed through HGL, but that didn’t work for me, there are some decompression error. So I use preinstalled games instead and have faced no errors yet. This seems to be the easiest method for me. Eager to learn what other methods others use here. edit: fixed some formatting