How did you set it up specifically, what ubuntu packages are needed on the pc? Can you point to a resource where I can go from, I have a pc with two network cards an incoming line and a switch. To working DHCP, port forwarding and a firewall for the things connected to the switch?
For setting it up as a router first, I recommend this[1] guide
I usually build the software from source so I don't know if every thing will work fine for you. Nevertheless here are the package names I remember from when I first set it up.
pdnsd - for DNS caching read the manual so you can write a good config, and don't forget to change the bind IP to an interface so that it is accessible to the local network
openvpn, easy-rsa - Initial setup[2] there is a bug which for which there is a temporary fix[3]. Might be fixed by now.
Port forwarding: I currently use iptables, but I've been trying to move to nftables, which I recommend. Here's how I do it for now (this must be done on the OpenVPN server):
tun0 is the openvpn interface
eno1 is the public ethernet interface of your VPN
Say the IP addr of openvpn CLIENT (router in this case) is 10.8.0.2 - eno1 port you want to forward to is 1234
say the client port (the router port to be forwarded) is 6789
#iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 6789 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
The above commands are not persistent so save them to /etc/iptables.conf
I always choose very conservative settings for firewall. Only a single port is forwarded to the VPN. Rest are closed, spoof open ports, and have a honeypot if you want.
There are many guides on iptables, but I would again recommend nftables. You're going to have to dig deep sometimes since it is still new.
If you have questions about anything, just google. Chances are, it has already been covered several times.
GPU passthrough requires a hardware video output for the discrete GPU. You can go looking through the moaning of Oculus Rift users[1] as they prowl laptops that do this, but it's pretty much unheard of in current standard laptops.
[1] Rift needs better video latency than you get with routing the DGPU output through the IGPU. Apparently there are now some specialized 17" gaming laptops that support a "direct mode" that might allow GPU passthrough to HDMI given software support.
I had the predecessor, the xps 12 inch, I was very happy with it. The touchscreen was unessasary, but it actually works in Debian. The xps line in general is a good mix of Linux compatible hardware, processor/memory options, price and surprisingly solid build quality.
My main complaint and why I have a macbook air now (even though it is inferior in most respects, I pay for a osx but never booted it) is that I ride alot of trains and the power connector on the Dell landed the machine on the ground a few times when people tripped on my wire. It uses the normal metal tube into hole design. The laptop still works, but it makes me wonder why dell never made a magnetic power connector. My mobile phone has one and it's a Sony/Ericsson.
Interesting, but seems to be very basic. I still prefer using a wm. I can use different layouts, group windows into hierarchies, display them side by side, take advantage of tiling, use workspaces and have configurable keys for each of these actions. You know, functions that a wm is built for.
And I can always switch to a different wm altogether if I'm not comfortable.
Once you get used to the tab groups they can be very powerful. I use them for contexts myself; one for casual browsing, one for development for client x, one for client y etc, one for research, and the list goes on.
Obviously you can easily achieve the same thing in separate windows as well, so ultimately I suppose it doesn't make a huge difference, but it's the way I find makes for the biggest difference in separating workspaces.
I deployed it on apache with a .htaccess limited to my domain to limit security issues. Pretty trivial. Perhaps you could expand your documentation on this note. Just include a few lines on how to stick a file in the root folder with something like this
RewriteEngine on
Order Deny,Allow
Deny from all
Allow from IP or partial IP
Allow from domain
Also make sure the overall apache config has a directory tag with allowoverride all. Debain defaults to allowing none.
The most important widgets for me are general info, load average, ram, disk usage (actually, I would mostly like a widget that highlights when a disk is below 90% free space, so maybe that is a new widget) and processes. I changed it so these are sorted at the top by default, also I changed the sorting when clicking on cpu/memory etc to display the highest values instead of the reverse which is the default. I dont know how much of this is something you would like to implement, and all of it is trivial, but if you want my changes reach out.
From memory it's the first year. I think I missed the cut off by a couple of weeks. I'm New Coke, but that still has more HN street cred than Coke Zero.
One reason nefarious people would use this is to gain verified account name information. Get enough of those and there are bound to be some passwords that are easily brute forced.
Furthermore as the article states blizzard could use this to track private servers.
A hash isn't really the right construct for that purpose. If Blizzard just produced a salted hash of user_id & realm, it would be pretty expensive for them to reverse it, even given possession of a complete list of user ids and realms. If they didn't salt it, they could keep one big "rainbow table", but then again so could anyone else.
What you'd really want is encryption. If you chose symmetric encryption, the key would be in every client (easy to steal). If you chose asymmetric encryption, the message would suddenly get much, much bigger to the point where it's harder to reliably encode in a screenshot.
You're over engineering this I think. The "hash" only needs to be an internal account id that can be plugged into Blizzard's database to get your account info. No encryption is necessary. There is no way to get a mapping of internal code to account info without their database.
The data wouldn't get much bigger - a 2048-bit RSA key requires the output to be at least a 256-byte block, roughly 3 times as much data as the current watermark has, not some insane amount of data. The watermark is repeated many many times in the image anyway, so it seems like the trade-off could be made between less copies of the watermark and more data in it.
Current speculation is that most of the 88 bytes of data in the existing watermark is an error-correcting code that hasn't been reverse-engineered yet, so in practice it has less actual non-redundant data than that.
