I see that nothing much has changed in the amateurish way that this software is developed.
zfs list explicitely has -p and -H to output parsable data, but no, let's go and parse _localized_(!) output for humans instead.
Connecting via OpenVPN, in decreasing levels of visibility:
1. on udp/1194
2. on tcp/443
3. in a TLS tunnel on tcp/443
If the last one doesn't work, then
4. in an ICMP tunnel
5. in a DNS tunnel
If those don't work, you aren't actually connecting to a network that wants you to use any of the...
From a security standpoint a closed port vs. a "dead" port makes no difference. You also don't hide a system this way. If there is a system on an IP address that just doesn't answer to any requests, you still know it's there because the router _before_ it doesn't give you an address unreachable...
Wait a minute, what's the issue here again? Are you those guys that think "stealthed" is something you want to be to benefit security?
Maybe someone could spell out the perceived problem with a closed port so I can tell them how they are wrong. There seems to be a giant misunderstanding in this...
You confuse two types of logging here - logging which address was assigned to which customer at a given time and actually logging what that address did. The former is half-ish OK if you need it for accounting reasons, the latter is never OK and no commercial ISP will do full traffic logging of...
I doubt you forward recursive requests to the root servers (Edit: because they wouldn't answer them). What you probably mean is simply "doing DNS recursion yourself", which involves hitting the root servers from time to time. And yes, this is the best and preferred method when done with DNSSEC...
Somehow I don't believe that msnbot-*.search.msn.com is a host you connect _to_. Since he doesn't mention it explicitly, one must assume he simply logged all connection attempts, even those from the Internet to his public address.
Which is absolutely useless if you can't see the source. There could be anything in it.
And also, friends don't recommend Oracle to friends. Oracle is an evil moloch that needs to die a painful death. Did they replace all those ZFS engineers that ran away? Watch 10 minutes of...
I can only assume you're talking about a TPM holding the key. That would bind the disk to the hardware.
But VC doesn't do that and disk encryption doesn't dongle the disk to the hardware just because, or whatever "encryption hashes hardware details" is supposed to mean.
Where do you get that information? Seems completely wrong.
If you connect a device that never sends a single frame, the switch will never know its MAC address. Knowledge of MAC addresses is achieved via ARP, sent by the connected machines, not by some periodic process of the switch itself.
You want to avoid commercial CAs unless absolutely necessary. If you need to prove authenticity only to yourself, why would you trust an additional third party (the CA) when you don't have to?
Using commercial certs because running your own CA is too hard or cumbersome is like saying "I don't...
You said
and I don't see any validation for that. If that's your justification for anything, then there is no need to oppose anything, because via majority rule, it's automatically OK.
Well, gee, I'm glad we have the issue nailed down!
That old fallacy again...
Who says that privacy-conscious people use an out-of-the-box smartphone? Or that they use a smartphone at all for more than making calls? Who says they don't use Cyanogenmod?
Ass-u-me much?
Saying Samba is not SMB isn't correct, either. Samba is a software implementing SMB. In a way, it is SMB, but you should use the protocol name and not the name of one implementation when you refer to the protocol.
Your computer isn't doing BIND requests, it does DNS requests. Same thing.
That's only useful if you do it anonymously, but then it becomes pointless. If this can be traced back to you, you just shot yourself in the foot if you ever want to be an influential figure in the future.
The point of overreaching spying is not to prosecute everyone here and now, it's to...
Stop perpetuating myths. There is nothing like a 1000:1 "rule" (for normal, non-dedup usage).
You can run that array with 8GB RAM just fine, 16GB is plenty. More RAM will mean more data stays cached, but there is no requirement like that for it.