this post was submitted on 11 Nov 2023
405 points (97.9% liked)

Technology

59614 readers
4079 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 37 comments
sorted by: hot top controversial new old
[–] [email protected] 152 points 1 year ago (1 children)

Encrypted DNS, widely known as DNS over HTTPS, protects DNS traffic by encrypting it.

Ya don't say.

[–] kautau 82 points 1 year ago (6 children)

The missile knows where it is at all times. It knows this because it knows where it isn't. By subtracting where it is from where it isn't, or where it isn't from where it is (whichever is greater), it obtains a difference, or deviation. The guidance subsystem uses deviations to generate corrective commands to drive the missile from a position where it is to a position where it isn't, and arriving at a position where it wasn't, it now is. Consequently, the position where it is, is now the position that it wasn't, and it follows that the position that it was, is now the position that it isn't.

In the event that the position that it is in is not the position that it wasn't, the system has acquired a variation, the variation being the difference between where the missile is, and where it wasn't. If variation is considered to be a significant factor, it too may be corrected by the GEA. However, the missile must also know where it was.

The missile guidance computer scenario works as follows. Because a variation has modified some of the information the missile has obtained, it is not sure just where it is. However, it is sure where it isn't, within reason, and it knows where it was. It now subtracts where it should be from where it wasn't, or vice-versa, and by differentiating this from the algebraic sum of where it shouldn't be, and where it was, it is able to obtain the deviation and its variation, which is called error.

[–] [email protected] 19 points 1 year ago (1 children)
[–] cheese_greater 1 points 1 year ago

Why won't you join the "Handsome Club" with me, just now?

[–] [email protected] 16 points 1 year ago

Sounds like Douglas Adams

[–] [email protected] 15 points 1 year ago

The missile maintains constant awareness of its location. This is achieved through its intrinsic understanding of where it is not. By calculating the difference between its current position and where it isn't, either by subtracting its current location from where it isn't or vice versa, the missile computes a deviation. This deviation is then utilized by the guidance subsystem, which is programmed to issue corrective commands. These commands are designed to reposition the missile from its current location to a desired one. As the missile reaches a location where it previously wasn't, it updates its current position. This means that the missile's present location is now where it used to be absent. Consequently, the position that the missile occupied before is now a location where it is not.

In situations where the missile finds itself in a position other than where it intended to be, the system identifies a discrepancy. This discrepancy is quantified as the difference between the missile's current and intended positions. When this variation is significant, it can be adjusted by the Guidance Electronic Assembly (GEA). However, for the GEA to make effective corrections, the missile must have knowledge of its previous position. This historical data assists in accurate recalibration, ensuring the missile's course remains true to its intended trajectory.

The missile guidance computer operates on a complex principle. When a variation alters the information regarding the missile's position, uncertainty arises about its exact location. However, the system is fairly certain about where it is not and remembers where it was. It computes its current position by subtracting where it should be from where it was not, or the other way around. This calculation is refined by contrasting it with a composite of where it should not be and where it was. Through this process, the missile identifies both the deviation from its intended path and the extent of this deviation, known as the error. This error calculation is critical for realigning the missile's trajectory toward its intended target, ensuring high precision in navigation and impact.

[–] haulyard 7 points 1 year ago (1 children)

What the heck just happened?

[–] supercritical 6 points 1 year ago

What happened is what is subtracted from was divided by what could have been. If you know the integral of what could have bin then you can obtain the euclidean distance to what is and then you know what happened.

[–] [email protected] 4 points 1 year ago

Those certainly are words.

[–] [email protected] 1 points 1 year ago (1 children)

Catch-22 or Gravity's Rainbow, if my memory of books I've read once is still accurate.

[–] [email protected] 5 points 1 year ago

Neither, its a copypasta born from a usaf pdf. I think it might actually be the og version, vintage af.

[–] surewhynotlem 101 points 1 year ago (4 children)

"Mullvad's encrypted DNS solution is available free of charge for everyone. The company advises customers of its DNS service, which is available for a flat-fee of 5 EUR per month, not to use the encrypted DNS service as the DNS resolver of the VPN server is handling this automatically. The performance of connections could be slower, if users make the switch."

This nonsense was written either by an AI or a drunk.

[–] bandwidthcrisis 79 points 1 year ago* (last edited 1 year ago)

Maybe the second "DNS" should be "VPN":

The DNS is free. They advise users of their paid VPN not to use this DNS service as it already uses it behind the scenes.

[–] [email protected] 27 points 1 year ago

the source blog post @mullvad
https://mullvad.net/en/blog/moving-our-encrypted-dns-servers-to-run-in-ram

i like that they have a public repo with the details on how their blocklists are compiled and what's in them.

[–] killeronthecorner 11 points 1 year ago

Or someone with a hangover and a word count

[–] [email protected] -3 points 1 year ago* (last edited 1 year ago) (1 children)

What does that even mean lol

Just FYI there's a standard monthly fee for use of mullvad. This will probably be a feature expansion and will run under that same fee.

Which means this whole paragraph is utter garbage.

Edit: my bad, I stand corrected.

[–] [email protected] 32 points 1 year ago (1 children)

"anyone can use mullvad public dns for free. their paid vpn service already uses it so don't set it up separately if you're a subscriber"

[–] [email protected] 4 points 1 year ago

Thank you for translating. I use their service and am happy I don't need to make any changes.

[–] BackpackCat 21 points 1 year ago (2 children)

I use mullvad and I'm too dumb to understand what this means. Can one of lemmy's many IT experts ELI5?

[–] pelya 66 points 1 year ago (2 children)

This makes it harder for russian military to steal one of Mullvad servers to track your porn usage over VPN - once they unplug it, all links to porn will be gone.

[–] nevemsenki 16 points 1 year ago (1 children)

If they get hacked, your data is still there until a reboot, though. This is more useful against state authorities taking servers than hackers.

[–] [email protected] 21 points 1 year ago (2 children)

That’s not how ram works, at least not generally. Unless frozen to an extremely cold temperature, ram loses its value very quickly and needs constant power to retain data. If a server were to lose power at normal operating temperatures, there would be nothing significant left to recover within a few seconds.

[–] [email protected] 28 points 1 year ago* (last edited 1 year ago) (1 children)

I think they mean somebody gains access to the server/s thereby they could look at the ram while it's still actively running.

[–] nevemsenki 1 points 1 year ago

Yeah, as long as the OS is running, it doesn't matter if its from a ramdisk or SSD/HDD.

[–] [email protected] 5 points 1 year ago (2 children)

It's nothing that can't be overcome with forensic equipment, though. With the right set of tools you can even take the sticks out of the server while it's still running and retain the data, that's why RAM encryption is a thing. For the really paranoid, homomorphic encryption.

load more comments (2 replies)
[–] ElectroNeutrino 8 points 1 year ago (1 children)

Harder, yes, but still good to note not impossible. There's some cryogenic techniques that allow them to preserve what's on the RAM long enough to read it.

[–] symbioticremnant 4 points 1 year ago (1 children)

It's a bit of a long shot, and I'm not sure if it's just theory or proven in reality. The idea is that you literally freeze the memory at a cold enough temperature to freeze the state of the memory, and then swap the memory into a machine with power in order to read or dump the data

[–] ElectroNeutrino 3 points 1 year ago* (last edited 1 year ago)

It's a variation of a cold boot attack. Instead of forcing an OS crash and rebooting into an OS connected to a portable drive, you cool the memory to extend the time you have before the data degrades and can then do whatever you want with it. I believe you can extend it up to a week.

https://citp.princeton.edu/our-work/memory/

[–] chwilson 20 points 1 year ago

From what I understand it means there’s no persistence on disk of any traffic/data, it’s entirely in memory, so less risk of data being stolen or leaked

[–] killeronthecorner 5 points 1 year ago
[–] [email protected] 4 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 5 points 1 year ago (1 children)

This older comment explains how ECH works.

ECH is technically unrelated to DoH, ECH is a HTTP extension not a DNS extension. But it uses the DoH encryption because it can't use the HTTP encryption because of the chicken-and-egg problem explained in that comment, so... it basically latched onto DoH as a solution and in doing that tied the two together.

And to answer your question, DoH is usable on its own without ECH because ECH is not needed for DNS. But ECH is strongly desirable for HTTP, and it also requires DoH, so that's why Mozilla for example activated then as a package deal in Firefox (both or neither).

[–] [email protected] 3 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 3 points 1 year ago (1 children)

In a sense yeah, you want ECH too. It's just that ECH makes up for a HTTP-specific fault. DNS is used for more than HTTP; if you're not using HTTP then DoH is enough.

[–] [email protected] 3 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 3 points 1 year ago

It's HTTPS-specific, since HTTP is not encrypted.