redjard

100k left

Can’t you just replace the entire game folder?
Running a verify and repeating the action would even show how many files were changed.

It isn’t usually. If it was, the server-side function wouldn’t need a constant runtime at different-length inputs since the inputs would not have differing lengths.

The problem with client-side hashing is that it is very slow (client-side code is javascript (for the forseeable future unless compatibility is sacrificed)), unpredictable (many different browsers with differing feature-sets and bugs), and timing-based attacks could also be performed in the client by say a compromised browser-addon.

For transit a lot of packaging steps will round off transfer-sizes anyhow, you typically generate constant physical activity up to around 1kB. Ethernet MTU sits at ~1500 bytes for example, so a packet of 200 bytes with a 64 char password or a packet of 1400 bytes with a 1024 char password containing some emoji will time exactly identically in your local network.

Most attacks on servers are on the connections. All IPs are owned by entities part of countries, so your IP is always under someones jurisdiction. The same is true for regulsr DNS entries, so the domain of that server.

For getting the data however, there also isn’t any protection in international waters. Someone would just raid you and you could do nothing about it. What good is lawlessness if you don’t have the ability to enforce your own “laws” about not having your data taken away?

You could lay low so noone bothers with that, but then you could also just lay low with regular secretive hosting.

The admin team is distributed and the infra is in europe iirc.
So no

Cryptographic hash functions actually have fixed runtime too, to avoid timing-based attacks.
So correct password implementations use the same storage and cpu-time regardless of the password.

That is a huge red flag if ever given as a reason, you never store the password.
You store a hash which is the same length regardless of the password.

sure

I have that exact setup working. qbittorrent (and -nox) are a lot more involved to set up with I2P, but there is some material on how and once you get it running it works quite well at this point.

I don’t use docker for it, but that should work too. For browsing I use a maintained fork of proxy switchy omega, which allows to choose a proxy profile based on the url, making it easy to pipe i2p pages into the i2pd socks port (I use I2Pd not I2P, don’t think it matters much). qbittorrent can be configured in the same way to statically use the the local (4447 on i2pd) port as a proxy to prevent any clearnet communication. In addition it needs the dedicated I2P host 127.0.0.1 and port 7656 (the sam bridge, giving deeper access to I2P).

Don’t expect to do anything on the clearnet over I2P, the exits are not good and it’s not what I2P is meant for. For that reason don’t set I2P up as something like a system proxy/vpn, instead pipe the specific programs you want using I2P into the proxy ports using their proxy settings.

To get rid of the firewalled status in the I2P daemon, you will need to forward ports. Maybe you have seen advice for servers that are not behind a firewall and nat, so that effectively have all ports “forwarded” already. The mythical dedicated IPv4 address.
In your case you need to pick the port your I2P daemon uses for host to host communication randomly, then forward both TCP and UDP for it on IPv4. Also make sure you even can forward ports, depending on region ISPs no longer hand out dedicated IPv4 even per router, so you might have to specifically ask your ISP for one (I had to). But that is all generic hosting, if you can set up a minecraft server you can make I2P have full connectivity.

Look into I2P.
It’s a network similar to TOR, but more suited for usecases like torrenting.
For anything you do on I2P, you can rest assured noone else can even in theory trace it back to you.
Go visit http://tracker2.postman.i2p for a large collection of public domain content.

The only issue is that there is also a lot of content available in german and english language which is not in the public domain, and due to the anonymous nature of I2P noone would be able to warn you of that. So take care you don’t accidentally seed the content to others, keeping it online for even more people to commit the same mistake with noone the wiser.

away

Like, from you personally?

Aside from Australia or Japan, a move should improve the average ping users experience.
Most people are not from the us, and given its geographic location nowhere close to it either.

Sizes are off, especially the circle wouldn’t fit.

ISPs on a voluntary basis, not the nation

Every user of that spotify beta was a leech and spotify was the only seeder for all of them.
The meta defense only works if you make an llm output a more or less corrupted version of your warez.

Where do I find a version of half decent, and how do they compare?

Link is detected without the emoji in my app. You might wanna hardcode the link as https://en.wikipedia.org/wiki/😂
[https://en.wikipedia.org/wiki/😂](https://en.wikipedia.org/wiki/😂)

This would solve some of the problems. If only 2 instances know about the votes, post instance and sublemmy instance, you can reasonably expect to get most instances to never release that info. It would allow either the sublemmy or post instance to manipulate around in the votes, but most manipulation would be detectable by the respective other instance.

It would open the door however to manipulating around with internal posts made from the instance in a sublemmy on the instance. And it would allow the post instance to drop votes selectively, though I think that is possible currently all the same.

Votes being sent to both the sublemmy and the post instance simultaneously would make manipulation a lot harder. And for cases like internal posts, you could add another involved “judge instance” that receives the vote details directly from source, and is merely there to confirm the total. Instances that hand out non-independent “judge instances” could be labeled as untrustworthy in the lemmy community.

So you end up with a list of instances per post that votes are reported to, to which you add the post instance, sublemmy instance, judge instance, and maybe some more.

In terms of implementation, I think the activitypub protocol needs an origin for votes, right? I would say an instance can just report the votes coming from a stock of obviously fake accounts, like “masked_upvote_1” to _999999 … and “masked_downvote_1” to _XYZ.
About the votes, I am not sure. It could be done as a lemmy-internal feature where lemmy instances and other instances knowing of the lemmy protocol send the info to all the relevant instances, while any votes from external instances only arrive at I guess the post instance and that then forwards it on to all other instances. This way the checking doesn’t work for software unaware of that lemmy specific vote implementation, but everything is still compatible.

You could then even for those lemmy-external votes add an interface on the judge instance, that would confirm via pm if your vote has arrived.

Do you think this could work?

In my case I would like them to be private, but currently they are not. I don’t think it is good to try to hinder the visibility into a fundamentally transparent system.

I don’t see a technical way to make votes private either, that doesn’t prevent bad actor instances abusing the vote system. As an admin of an instance I could just add 5-10 votes to all of my interactions whenever I feel like it, and noone would be able to tell it didn’t come from legitimate users on my instance. The accounts of vote origin are needed as proof, hence moderators on lemmy having access to them.

Do you perhaps have any idea how this could be accomplished?

That’s a pretty reasonable compromise, and probably explains my confusion.
Why didn’t you do the same for remote upvotes?

Then maybe it is still around on some instances?
Either way, it is only a matter of time for another fediverse software to show downvotes, or someone to spin up a vote info page which gets its information via undisclosed legitimate fediverse instances so you cannot defederate them.