Signature verification protects you against malicious actors. Generally its not critical, but if you’re worried about the source you’re getting software from, then I highly recommend that you verify the signature. Ideally, you’re given an asc file with the distribution and assuming you have PGP installed (and have a key), it’s pretty easy.

First you want to import the public key they are saying that they use to sign all of their distributions;

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

Once it’s in your keyring, you sign it with your own key;

gpg --sign-key torbrowser@torproject.org

This is you telling the keyring that you trust this exact signing key, so now when you verify anything using that signing key (no matter where you get it from) you’ll get a little message saying “hey, we know who this is, this is probably safe!”;

$ gpg --verify mullvad-browser-linux-x86_64-13.0.4.tar.xz.asc
gpg: assuming signed data in 'mullvad-browser-linux-x86_64-13.0.4.tar.xz'
gpg: Signature made Thu Nov 23 11:24:40 2023 CET
gpg:                using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [full]

In all reality, signing archives like this isn’t really necessary anymore. In the early days of the internet when resources were scarce and web-servers didn’t have 100% uptime, people mainly got software from FTP servers that weren’t up all the time. So you have to search and hunt for software and sometimes get it from random places. This was a way for you to ensure that even though you didn’t get it from an official source, that the software you were about to put on your machine wasn’t messed with.

These days you’re gonna get it directly from Mullvad–but even so, using signing keys protects you from MITM attacks, so that’s always cool. lol.

Despite my issues with it, I use Chrome. It’s simply too integrated into my life. But I just saw (like 2 minutes ago) from another thread here about Zen Browser and maaaan is it nice.

thought it was obvious, but clearly /s

Like, sure. That’s a valid argument. But it’s not the end of the goddamn world because they make you click a button to use a completely free service.

If you’re that pissed about it, then setup SearX yourself. Not sure why every “technologist” feels like their opinion is the only that matters and gets butthurt about shit like this.

Microsoft: Copilot is the future! /s

https://rentry.co/megathread

Thank me later.

I mean, this seems like a really stupid gripe. You can completely disable it for your searches: https://i.xno.dev/FUHSj.png

In addition, it gives you a way to interface with ChatGPT without an account, or using the API, and maintaining privacy… I see this as an absolute win. They stay competitive by including AI for people who can’t live without, while making it completely optional. Offering duck.ai is a smart move, too. I just don’t see the issue here.

forcing other countries to stop trading with china

This is not a war the US could or would win.

https://i.xno.dev/s3AQn.png

Firstly I know the ideal way to use it is without Google play services, however it looks like that’s needed for my banking app (which also apparently only works under the owner profile so I don’t have the option of having a separate profile for Google play apps).

https://github.com/microg/GmsCore/

Git. Why you would even think to use anything else is…weird.

Data recovery is a complete shot in the dark in a situation like this.

If you commit often, you don’t have to worry about data loss, and git already has a workflow for this exact situation–git branches;

git checkout work_being_done
// dozens and dozens of commits while working
git rebase -i main
git checkout main
git merge work_being_done

Let’s you do any amount of work and save states for each step. You can even commit you working branch to the repository, so even if you have data loss like this, you can always just re-pull the repository.

I’m a C/C++ developer though.

Ya feel good about yourself, slugger? /s

Very true! You can also take it a step farther and setup SSHFP records for your domain.

I’ve read a lot about using a VPS with reverse proxy but I’m kind of a noob in that area. How exactly does that protect my machine?

So you’re not letting people directly connect to your server via ports. Instead, you’re sending the data through your reverse proxy. So let’s say you have a server and you want to server something off port :9000. Normally you would connect from domain.com:9000. With a reverse proxy you would setup to use a subdomain, like service.domain.com. If you choose caddy as your reverse proxy (which I highly recommend that you do) everything is served from port :443 on your proxy, which as you might know is the default SSL port.

And do I understand correctly that since we’re using the reverse proxy the possible attack surface just from finding the domain would be limited to the web interface of e.g. Jellyfin?

I wouldn’t say that it decreases your attack surface, but it does put an additional server between end-users and your server, which is nice. It acts like a firewall. If you wanted to take security to the n^th degree, you could run a connection whitelist from your home server to only allow local and connections from your rproxy (assuming it’s a dedicated IP). Doing that significantly increases your security and drastically lowers your attack vector–because even if an attack is able to determine the port, and even your home IP, they can’t connect because the connection isn’t originating from your rproxy.

Sorry for the chaotic & potentially stupid questions, I’m just really a confused beginner in this area.

You’re good. Most of this shit is honestly hard.

It depends.

I judge people harshly for still using yahoo email. You disgusting fucks know who you are. Just look at yourselves. Ugh. /s

the app won’t load if I have no internet connection.

lol I mean yeah, that’s how the internet works…

so you can’t just name your website with any TLD you want.

You “technically” can, but they’re extremely expensive. ICANN let’s you register your own tld for the low price of $185,000, a fixed fee of $6,250 per calendar quarter, and a transaction fee of $0.25 per domain registration after 50,000/quarter.

but my IP appears to be blocking port 80

Run a caddy reverse proxy. Then you can serve :80 over a domain/subdomain.

Naturally. It’s their own infrastructure. But there are things you can do. If you choose a provider that lets you install your own OS, then using *nix distros like Debian you can enable encrypted volumes.

Really nice setup, but highly confusing. The usage of non-standard verbiage really increases the learning curve. Took me a minute or two to figure out how to connect to a chat (“pods”).