|
Thermopyle posted:I transfer like a terabyte per month through my DigitalOcean-hosted VPN which costs me $5/month.
|
# ? Oct 18, 2017 22:18 |
|
|
# ? Apr 25, 2024 18:18 |
|
I am one with the Khala.
|
# ? Oct 18, 2017 22:21 |
|
Thermopyle posted:I transfer like a terabyte per month through my DigitalOcean-hosted VPN which costs me $5/month. Can you post details? What's your peak bandwidth? What sort of encryption are you running? I'm not buying y'all are doing anything other than browsing the web and throttled torrenting on those machines, certainly not streaming video, but maybe I'm retarded (likely).
|
# ? Oct 18, 2017 23:02 |
|
Mr. Crow posted:Can you post details? What's your peak bandwidth? What sort of encryption are you running? You really think you'll push more than 1TB a month? https://www.digitalocean.com/community/questions/extra-bandwidth-what-will-happen quote:The rule of thumb is to avoid anything which uses over 300mbps on a constant basis.
|
# ? Oct 18, 2017 23:15 |
|
Trabisnikof posted:You really think you'll push more than 1TB a month?
|
# ? Oct 18, 2017 23:24 |
|
e: wrong as gently caress thread Content >> I have no idea how much bandwidth I push over my VPN monthly, but my home connection (Twitch, Youtube, imgur, stuff) can push 1TB with those services alone. ChubbyThePhat fucked around with this message at 00:16 on Oct 19, 2017 |
# ? Oct 19, 2017 00:13 |
|
I realize my previous post was probably a little hostile, I am curious on the details but for $5 or even $20 and the potential to be in control of my own VPN I gotta try it. Why none of this poo poo came up when I was searching a couple weeks ago I have no idea.
|
# ? Oct 19, 2017 00:14 |
|
Mr. Crow posted:I realize my previous post was probably a little hostile, I am curious on the details but for $5 or even $20 and the potential to be in control of my own VPN I gotta try it. Likely it just involves getting the small digital ocean droplet for $5 a month and installing Algo on it. Done.
|
# ? Oct 19, 2017 02:11 |
|
I just did the algo deploy to DigitalOcean (actually I'd done it before, destroyed that droplet for Streisand today, then went back to algo). Am i really supposed to just create a new server instead of updating it? The FAQ seems to suggest that. It's fairly easy to do, but it's a pain setting up the VPN connections everywhere. Can I just apt-get update && apt-get upgrade every once in a while?
|
# ? Oct 19, 2017 04:30 |
|
Mr. Crow posted:Can you post details? What's your peak bandwidth? What sort of encryption are you running? I just posted a link to the thread where I describe it up thread a few posts. It's the one to the thread about algo.
|
# ? Oct 19, 2017 05:12 |
|
Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model. I swear I said the same thing in an earlier version of one of these threads, but we all get too aroused over red teams to see the easy solution. (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Oct 19, 2017 05:13 |
|
Turnquiet posted:Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.
|
# ? Oct 19, 2017 05:51 |
|
Turnquiet posted:Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.
|
# ? Oct 19, 2017 06:26 |
|
anthonypants posted:Who are you trying to argue with here Who knows. It's reductionist bullshit anyway. No one claimed identity wasn't important, but it's not the end all be all either.
|
# ? Oct 19, 2017 06:38 |
|
Why do you guys say "push 1TB" when you mean "pull"?
|
# ? Oct 19, 2017 09:54 |
|
Furism posted:Why do you guys say "push 1TB" when you mean "pull"? Sometimes when we want to move the big crate of data it doesn't have straps or handles, so we sort of have to shove it and push it to get it over there instead of being able to pull it. That's just how bandwidth works
|
# ? Oct 19, 2017 13:45 |
|
Look man, it's not just a big truck you can dump stuff on.
|
# ? Oct 19, 2017 14:23 |
|
Turnquiet posted:Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model. My firewalls verify identity with kerberos tickets gently caress off.
|
# ? Oct 19, 2017 15:35 |
|
Volmarias posted:Sometimes when we want to move the big crate of data it doesn't have straps or handles, so we sort of have to shove it and push it to get it over there instead of being able to pull it. Kicking and screaming where necessary.
|
# ? Oct 19, 2017 16:33 |
|
Thanks Ants posted:Look man, it's not just a big truck you can dump stuff on. Yes it is.
|
# ? Oct 19, 2017 18:27 |
|
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." --Andrew S. Tanenbaum
|
# ? Oct 19, 2017 19:00 |
|
Proteus Jones posted:"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." --Andrew S. Tanenbaum Yeah but the latency is poo poo.
|
# ? Oct 19, 2017 20:08 |
|
Furism posted:Yeah but the latency is poo poo. Compared to data transfer via pigeon where poo poo is packet signal amplification .
|
# ? Oct 19, 2017 20:49 |
|
Since nobody would answer and if anyone reading cares, a cheap droplet chokes openvpn at about 150 Mbps with aes-128.
|
# ? Oct 20, 2017 18:28 |
|
Mr. Crow posted:Since nobody would answer and if anyone reading cares, a cheap droplet chokes openvpn at about 150 Mbps with aes-128. IPSec ought to perform better, if you haven't tried that yet - I believe that's what Thermopyle is using.
|
# ? Oct 20, 2017 18:51 |
|
IPSEC will always be better than OpenVPN because it's implemented at lower layers of the OSI model ; there's less overhead. It can lead to packet fragmentation though (because it makes the IP headers larger) but that's not really a problem nowadays. Also it's kinda more secure because you've got two rounds of key exchanges, the second one being fully encrypted since the beginning by the first one. Another downside of IPSEC is that sometimes it's blocked in hotels or public Wifi (this is less and less true ; I do travel my fair share in EMEA and only once or twice out of dozens of hotel was IPSEC blocked). And last but not least, IPSEC clients are implemented natively in all major OSes so you don't need to download a client. I honestly don't know why VPN services use OpenVPN and not IPSEC. I mean, there's a reason companies use IPSEC (or some proprietary SSL-VPN solution ; and yes they loving say SSL when it's TLS, assholes) and not OpenVPN Now that being said, none of this is really anonymous. This is why earlier in the thread I asked to know more about the guy's use case. Like anything encrypted, the meta-data has to be unencrypted because that's just the way these protocols work. You still need a source and destination IP and port. If somebody is monitoring your connection they know the destination IP, which'll be your VPN exit point probably (unless the VPN provider does internal routing and makes your packet come out from a random IP ; it's better but still not bulletproof). So then you monitor the exit point and by comparing the packets you can confirm if it's the same person or not. It's been proven to work, and for a while, as we know, all ISPs were tapped so anyone could run this kind of analysis nation-wide. Of course this matters only if a state if after you, for good or bad reasons. Also I could be wrong and not know OpenVPN enough and talk out of my rear end. I really like IPSEC
|
# ? Oct 20, 2017 19:52 |
|
The problem with IPSEC is that while it is good on paper, every vendor does something slightly differently to make it a pain to inter-operate. Try and get a Juniper and a Sonicwall to talk to each other via IPSEC and then suggest to me that it will be good for a VPN service. I agree with what you're saying, but I think that OpenVPN is preferred due to support reasons.
|
# ? Oct 20, 2017 20:42 |
IPsec can actually be astonishingly fast even on relatively old hardware. Some benchmarks done on FreeBSD 11.0 show that on a Xeon L5630 from 2010, IPsec doing ~850Mbps whereas OpenVPN manages a respectable ~547Mbps These benchmarks were done before IPsec was moved into a kernel module (instead of being statically compiled into the config, in addition to which NAT-T was added), plus the network stack, opencrypto and other parts has seen quite a bit of speed improvments since, so IPsec may be approaching or topping gigabit linespeed on more modern hardware. EDIT: Don't let a small CPU discourage you from using a VPN if you're on a hotspot, even an APU2 with a 1GHz quad-core AMD can manage ~350Mbps BlankSystemDaemon fucked around with this message at 21:54 on Oct 20, 2017 |
|
# ? Oct 20, 2017 21:44 |
|
Lain Iwakura posted:The problem with IPSEC is that while it is good on paper, every vendor does something slightly differently to make it a pain to inter-operate. Try and get a Juniper and a Sonicwall to talk to each other via IPSEC and then suggest to me that it will be good for a VPN service. I agree with what you're saying, but I think that OpenVPN is preferred due to support reasons. This is fair. I must have spent 2 weeks trying to get a goddam site-to-site ipsec tunnel setup with Rackspace, talking to techs who ostensibly know what they're doing. "Please configure a tunnel using these settings and these networks" "ok we did it" "it won't come up, some poo poo is wrong on Rackspace's end" "nah" *repeat this exchange like 20 times* "oh actually we typoed a subnet mask, try it now" *tunnel immediately comes up. I pour 5 fingers of bourbon* ipsec has a lot of knobs and is fiddly as hell. Which is good for security but bad for random people who just want something to work. Enter OpenVPN.
|
# ? Oct 21, 2017 04:58 |
|
Docjowles posted:
This is why algo is good. (at least seemingly...im not qualified to really judge it) Unfortunately, on Android you need a client app to use algos ipsec VPN.
|
# ? Oct 21, 2017 15:00 |
|
I just have a $2/month Linux VPS, connect to it with ssh -D <someportnumber>, point Firefox to the SOCKS proxy at localhost:<thatportnumber> and set network.proxy.socks_remote_dns to true. Boom, done. (True, it only protects traffic from that browser, but that's 99% of everything these days.) It even works with my phone; if I have the settings saved in ConnectBot, it takes about three taps to connect and I'm good to go. (Which reminds me, is there a way to do an ssh tunnel from an iPhone yet? It seems to be one of the lines that Apple doesn't want you coloring outside of.)
|
# ? Oct 21, 2017 19:34 |
|
Powered Descent posted:I just have a $2/month Linux VPS, connect to it with ssh -D <someportnumber>, point Firefox to the SOCKS proxy at localhost:<thatportnumber> and set network.proxy.socks_remote_dns to true. Boom, done. (True, it only protects traffic from that browser, but that's 99% of everything these days.) It even works with my phone; if I have the settings saved in ConnectBot, it takes about three taps to connect and I'm good to go.
|
# ? Oct 21, 2017 19:37 |
|
anthonypants posted:I really doubt iOS allows you to open local ports. At least for doing it on localhost a quick google says that proxying over ssh works just fine. But you have to deal with background network connections getting killed after 10 minutes.
|
# ? Oct 21, 2017 20:52 |
|
Dylan16807 posted:At least for doing it on localhost a quick google says that proxying over ssh works just fine. But you have to deal with background network connections getting killed after 10 minutes.
|
# ? Oct 21, 2017 20:53 |
|
anthonypants posted:And that result you found was from 2017? 2016.
|
# ? Oct 21, 2017 20:57 |
|
https://twitter.com/m0n0sapiens/status/921494693904633856
|
# ? Oct 22, 2017 01:29 |
|
The fact that they're using IDA at all puts them light years ahead of the rest of the industry as far as representing computer things goes, where this is common: https://www.youtube.com/watch?v=u8qgehH3kEQ
|
# ? Oct 22, 2017 04:44 |
|
Volmarias posted:The fact that they're using IDA at all puts them light years ahead of the rest of the industry as far as representing computer things goes, where this is common: Mostly I'm amused at him documenting the fact that he downloaded it illegally.
|
# ? Oct 22, 2017 04:46 |
|
Absurd Alhazred posted:Mostly I'm amused at him documenting the fact that he downloaded it illegally.
|
# ? Oct 22, 2017 06:32 |
|
|
# ? Apr 25, 2024 18:18 |
|
anthonypants posted:If it's free, can it truly be downloaded illegally? No, the guy commenting on the episode. There's no way he can play a legit version of a recent episode in VLC.
|
# ? Oct 22, 2017 06:33 |