I would say there are not any worth recommending and that best practices are avoiding running random scripts you don’t understand, keeping software up to date with package managers, and using virtualization tools. Also look into Portmaster perhaps which is an interactive firewall.

It’s also incredibly annoying for file hashing and trying to verify the integrity and that the file wasn’t tampered with or replaced in transit because often every single one of these stub online installers has a different hash because they’re embedding time or some other variable about you in installer.

I think the home media collector usecase is actually a complete outlier in terms of what these formats are actually being developed for.

Well yeah given who makes it but it’s what I care about. I couldn’t care less about obscure and academic efforts (or the profits of some evil tech companies) except as vague curiosities. HEVC wasn’t designed with people like me in mind either yet it means I can have oh 30% more stuff for the same space usage and the enccoders are mature enough that the difference in encode time between it and AVC is negligible on a decently powered server.

Transparency (or great visual fidelity period) also isn’t likely the top concern here because development is driven by companies that want to save money on bandwidth and perhaps on CDN storage.

Which I think is a shame. Lower bitrates for transparency -should- be the goal. The goal should be to get streaming content to consumers at a very high quality, ideally close to or equivalent to UHD BluRay for 4k. Instead we get companies that bit-starve and hop onto these new encoders because they can use fewer bits as long as they use plenty of tricks to maintain a certain baseline of perceptual visual image quality that passes the sniff test for your average viewer so instead of getting quality bumps we just get them using less bits and passing the savings onto themselves with little meaningful upgrade in visual fidelity for the viewer. Which is why it’s hard to care at all really about a lot of this stuff if it doesn’t benefit the user in any way really.

And which will be so resource intensive to encode with compared to existing standards that it’ll probably take 14 years before home media collectors (or yar har types) are able and willing to use it over HEVC and AV1. :\

As an example AV1 encodes to this day are extremely rare in the p2p scene. Most groups still work with h264 or h265 even those focusing specifically on reducing sizes while maintaining quality. By contrast HEVC had significant uptake within 3-4 years of its release in the p2p scene (we’re on year 7 for AV1).

These greedy, race to the bottom device-makers are still fighting AV1. With people keeping devices longer and not upgrading as much as well as tons of people relying on under-powered smart-TVs for watching (forcing streaming services to maintain older codecs like h264/h265 to keep those customers) means it’s going to take a depressingly long time to be anything but a web streaming phenomenon I fear.

laughs in group policy disabling of onedrive

Make a version of Office that works on Linux natively.

Three basic options exist:

1. Burner: Take a device that isn’t a normally used device for each category. Make sure it has nothing you care about on it, no incriminating web history, no accounts logged in or saved as cookies that are incriminating, etc, etc. This is simplest, most expensive, but also most fool-proof against all possible threats.

2. Wiped: Wipe the device before travel, possibly backing things up in the cloud to download after arriving. You’ll have to back up again with any changes you make and wipe again before traveling back then at your final destination again restore the device from backups. If you have serious fears of close inspection or forensic analysis then it would behoove you to use a secure erase feature on the drive and reinstall the OS rather than just trying to delete problematic files. For smartphones especially doing this and restoring from a cloud back-up can be pretty easy, for laptops it’s more of a pain.

3. Mail ahead: Take the devices to a package service, UPS, FedEx, DHL, etc ahead of time, mail them ahead of or just behind you so they arrive just before or slightly after you. For this to work you need a fixed accommodation that can accept packages and which you trust to store them and give them to you. This technically doesn’t prevent mail interception but unless you’re a high value target that’s unlikely at present as its kind of a multi-agency intentional effort thing. Still I’d mail the device in a fully encrypted state.

No other feasible options exist. You can encrypt yes and if you are a US citizen you cannot be denied re-entry (non-citizens can be not only denied entry but barred for years after for refusing to decrypt a device/cooperate) but they can seize your device and hold it for up to a year while trying to crack it and you’ll have to expend effort to get it back at the end of that period. They can also put you in a holding cell for hours or hypothetically up to a couple days if they really want to press it accuse you of something and be unpleasant during that time.

Okay you say this but these tools are privately owned. What happens when one day the provider slams them with a 1000% price increase? They can either pay or go back to doctors who detect cancer even worse. It gives these AI companies undue influence and turns a tool into a crutch and an addiction which can be leveraged to drive up healthcare costs and punish providers who don’t play ball perhaps resulting in deaths from doctors in systems that don’t have access to the tool because they’re in a payment dispute with it or they had it but stopped paying for it and patients may not know any of this.

This is a nightmare for human beings who have fought hard to grow smart, to be intelligent as a species and to have educated professionals who have learned to use their brains be instead trained by these machines to stop using their brains, to atrophy them, to become dependent on these systems and worse than before the moment they are removed.

It will be used to attack the wages of doctors and I guarantee that they won’t be compensated with cheaper schooling (doctors need at least 6 years of university plus additional years in training before being able to practice on their own, it’s an immense expense and burden in a time of rising costs and huge debt). Which will lead to shortages of doctors and they’ll be replaced with AI and nurses not up to the task and we’ll be told this is fine. Having access to a thinking human being may become a gated luxury that few insurance companies want to shell out for until after you’ve been evaluated by AI systems several times and only IF those systems deem it necessary. Some AI systems will make mistakes that kill patients and insurance companies will be fine with this as a quickly dead patient is usually cheaper than paying for months or years of treatments and/or surgeries so they’ll have a perverse incentive to push patients towards those systems. Doctors take an oath not to do harm, not all take that as seriously as they should but usually there’s some compassion there whereas a computer system would not care one bit if you’re denied and unlike a doctor won’t fight for you against the insurance companies.

If the UK is serious about blocking VPNs that don’t comply they’ll mostly succeed for the big ones. They’ll get them removed from app stores which will prevent most normies from finding and using them. They’ll apply network blocks to their entrance IP addresses (laughably easy, there are commercial vendors who sell data like this so they don’t even need to invent the wheel here) and make it difficult. They wouldn’t be able to prevent truly determined VPN providers from providing service but the days of $4/month for privacy/torrenting would be gone as the prices would likely be higher and you’d have to do things like mail cash.

Beyond the known IPs, VPN traffic is fairly easy to flag with DPI solutions and could be detected and blocked or dropped by ISPs acting under the law. This could also be used to stop people running tunnels to hosted VPS solutions outside of the country or run by friends from their homes. There are obviously ways around these, disguising traffic, various techniques but for most people they’d give up and either stop browsing porn or cough up their ID. Of course this would create a dangerous state of affairs where anyone using a VPN without being KYC’ed is clearly a criminal, at the very least a suspected video pirate, at the most a dangerous child predator or terrorist.

Additionally the UK isn’t like Russia or China, lots of western CEOs and employees pass through and within its jurisdictions and if a particular VPN is providing service without this they could try and arrest c-suite people or engineering staff associated with it and slam them with jail time. So that’s a problem.

then some wealthy business donor has a quiet word to them because businesses need VPNs to function

A little credit here. They’d rephrase the law to only target VPNs whose purpose is offering as a service to the general public (as opposed to exclusively employees and contractors) the ability to connect to a private network with exit points / the ability to appear as if their traffic originates from outside of the UK.

On a related matter they could also require know your customer for all VPNs, require all VPNs keep logs available on request for police inspection and those who don’t are banned. All companies keep extensive logs for corporate VPNs so this wouldn’t present any additional burden to private enterprise but would be the end of anonymous VPN services.

I really don’t think this is more of the spectacle and move on. Not this time. I think Palestine has them spooked because they lost control of the narrative and the best way to seize control of the internet and clamp down on people conveying information they don’t like is starting with things like this.

Probably the best choice if OP is dreading 11. Put it off, hope that in 3 years Linux support has matured even more for their use cases.

MS support has used this software themselves in an edge case where they couldn’t get Windows to active properly.

You have two options here:

1. Enable the extended support (no pay needed with this software but if OP absolutely refuses to run it they can pay Microsoft money directly though it takes work to find where to do that at) and run on that for 3 years until 2028.

2. Upgrade to LTSC IOT using the method they outline at the link there. Again they have two options, one is free, the other is following that guide but paying for a gray-market key (G2a for instance) for LTSC IOT which would avoid running this software on their PC but would mean paying someone some money for a corporate volume key they’re not technically allowed to sell. Which means support until 2032.

No. It’s fine.

Tor uses its own DNS system to my recollection. It’s true there is DNS as part of fingerprinting and DNS leaks are a concern for VPNs (see for example https://www.dnsleaktest.com/) but Tor is not vulnerable to this and it’s more a problem of you’re using a VPN to appear to be in NYC but your DNS shows Phoenix so that’s a big discrepancy that raises the uniqueness of your fingerprint on a VPN and even lets threat actors guesstimate where you actually are. As I said though this is not an issue on Tor.

So understand that the DNS from Mullvad will only affect other programs not Tor. It will prevent say your ISP’s DNS from seeing your video games calling their domains that way. Your ISP can still see you’re connecting to infrastructure for as an example Genshin Impact when you launch the game because they can see where your traffic is flowing and the IP addresses as well as traffic patterns, ports, etc. It somewhat limits the data and visibility they get but there is something called SNI snooping as well as of course the fact they know the IP addresses where your connections go. So it’s perhaps better than nothing but understand the limits of it as they still have a lot of visibility though they shouldn’t be able to see your web searches regardless just that you’re accessing google or bing or duckduckgo as those sites use HTTPS.

Pretty easy honestly.

You do something like remove section 230 (or whatever the EU equivalent is) that provides safe harbor from liability for transit providers like ISPs and content providers like websites that host user submitted content. You condition any safe harbor on the services in question being able to turn over and ID exactly who the offending person was without fail and tie any and every packet to a real world person. You make explicit that not being able to scrutinize content (because of encryption) is not an excuse. Thus someone pirating or sending CSAM over your network via a VPN makes you liable for not stopping them.

As a result this forces ISPs to block all encrypted traffic detected via deep packet inspection. Only traffic encrypted with public key infrastructure that has government issued keys that allow snooping on it is allowed.

Tada. There’s no way around this that doesn’t involve painstaking steganography which can possibly be nailed by AI anyways. Things like embedding a secret message in pictures you send with some pixels shifted to hide the data and your friend having a program and key that can decode it. Or things like taking all the capitalized letters and applying rot13 or something to them with some sort of algorithm but then you need to find a way to make the message intelligible on the surface as if you’re sending constant unintelligible messages you might get flagged and blocked or visited by the police (or the police get a warrant and have your mobile company deploy malware onto your devices and spy on you as a threat because of that).

The only other alternative is using alternative infrastructure. HAM radio type network transmission via a series of hops with similar activists but this wouldn’t be practical for most given the expense and the bandwidth would be awful. Also probably illegal and if they wanted to it would be trivially easy to identify and arrest those running these nodes and relays due to triangulation.

Turns out the whole liberal west with freedom of thought and speech was in fact a lie. Kept around to use as a stick to whack at the USSR with but now dropped at the first signs of serious popular discontent and trouble in favor of total control. Supposed values quickly dropped with no more excuse than “Russians” or “think of the children” or the usual criminals and terrorists.

They can’t stop a really determined actor from engaging in encrypted messaging but they can stop 98% of the population and that’s more than enough to control thought and action of the population.

Third party anti-fraud database providers that have access to private databases with info on people. Things like public records, private records, data brokers, etc.

Kids whose schools set up their chrome books inadequately and who found a way around the strict controls to watch porn.

Presumably given they’ve all been released in the past few years and are still getting updates the manufacturers would release an update disabling the functionality to comply with law. Same with end user devices removing the functionality via software update.

You’d have a small percentage of holdouts who have auto updates off and also refuse to apply it manually and who also have non-updated computers or smartphone. They’d leave it up to whoever buys the spectrum to locate illegal use like this based on detected interference in their usage, report it to the FCC and they send you a nasty letter followed by debilitating fines and a legal order to seize your equipment if that fails.

In practice people who go out of their way to avoid the updates that disable it will probably see no consequences but decreasing benefits as well and will eventually update or replace devices.

The only thing I would note is -IF- your volumes are not partition or disk based BUT -files- based there is the possibility that corruption of the host file system of the disk the files containing the volumes are on could result in pieces of those files being marked unreadable by the disk and it’s POSSIBLE one way to solve this would be a file system check utility.

HOWEVER such activities carry a -large- risk of data loss so I would advise a bit for bit copy of the disk and doing the repair on that so if it goes wrong you’re not worse off. -IF- you cannot make a copy then I would advise at least trying to mount using backup headers before doing that and copying off anything you can salvage as file system checks can really mess up data recovery and should only be used in certain circumstances.

You’re much better off trying the recovery software I linked in fact than doing a file system check as it will tend to have better results.

You can also use the option to mount as read only in VC to prevent writes to a suspected failing disk.

Let me know if you need further advice.

Veracrypt has back-up headers located elsewhere in the volume that are unlikely to have been overwritten.

First thing’s first I would strongly recommend copying the drive as it currently exists bit for bit to another drive of equal or larger size. Don’t work on the original if you can help it.

Now with this copy, you should try to check the option to use the backup header when mounting and try again. If the partition is gone and veracrypt doesn’t see it you’ll need to try using something that recovers partitions and doesn’t mind encrypted partitions or partitions or file system types it doesn’t understand and use that to ON THE COPY recover and recreate the partition (this will write data and can cause the possibility of further loss or worsen your ability to recover which is why it is important to perform it on a copy). Testdesk may work for this but there are other options that probably are better.

See this list: https://old.reddit.com/r/datarecovery/wiki/software and choose something from there if this data is truly important. Again only work on a copy on another drive. Some of these software examples actually work against the original drive and make a copy elsewhere and should be safe to use on the original drive so long as they have you select a target drive to push the recovered data to but read the documentation. Testdisk absolutely must be used on a copy.

You will incur data loss and likely should run one of the file recovery software mentioned on the drive once successfully mounted in veracrypt to attempt to recover as much as possible.

And Syria took a decade to crumble after Obama started in on it.

The US didn’t give up in Vietnam until it had been involved for over a decade.

Apple TV: No ads. Been around for over a decade.

Google TV: homescreen ads for a decade+ and even pushed onto Nvidia shield owners who originally may have bought the devices because Nvidia made a premium customized version without ads until they got tired of that and put ads in.

Apple has problems but ads aren’t a big one.

Neither big company is your friend. They both exploit workers and are both bad.

It’s just Google tends to be better at cutting edge bad like enabling genocide with their products and stuffing ads down the throats of people while Apple tries to maintain a crunchier appearance and vibe and is fine reaping 30% App Store fees on all transactions and making side loading very hard.

Apple rips you off on low storage and high costs to upgrade compared to Google/Samsung it’s definitely true.