Both, the browsers (and any other application) can choose to ignore your DNS settings and use whatever other mechanisms they like.
exu
joined 1 year ago
Firefox has DoT enabled by default, maybe Chrome does the same. That would cover the use-case of most people on public wifi.
They can't decrypt HTTPS unless you installed a certificate controlled by them. The only thing they can know is which domains you visited, but not what you did on it.
*nix is more likely to be a glob, therefore an accurate version would be *n?x
Edit: global -> glob dang autocorrect
Just recently XDG Portals to get video sharing working. It just kept using the GTK fallbacks instead of KDE as I configured it, but it used the correct ones when starting from the terminal.
Eventually I figured out I had set an env override for XDG_CURRENT_DESKTOP="sway" in my user systemd environment, because that's what I used previously.
I'm aware of these options to do RAG, though I'm not using any yet. Only SillyTavern for chat stuff
Apologies for the late response
I can access every node by IP (IPv6 to be precise).
Discovery within a local network happens through regular broadcasts. For connecting different networks, you need to set peering addresses that are reachable and configure the other side to listen.
You only need one node per network though, the others will automatically discover the path and connect on the best route to their target. If your node in the middle falls over, any other node that's reachable can be used instead.
The Yggdrasil Blog posts have some explainations of the algorithms used.
There's no explicit gateway, but you can use standard routing and firewall tools to do whatever you want. I only use it for accessing internal stuff, not as a full VPN for my client devices, but you could probably make that work by setting one node as router and configure its Yggdrasil ip as you gateway (excluding the traffic you need to connect to the VPN).
One downside is that everything's still in progress and most versions change significant parts of the routing scheme, meaning it doesn't work with the previous version. It is primarily a research tool for internet scale mesh networks, but releases are also infrequent enough where you shouldn't worry too much.
I use Yggdrasil now with a whitelist of public keys. Though I'm thinking about redoing my architecture in general to make key distribution easier, have more automated DNS entries and also use the tunnel for any node to node communication.
Before that I tried Tailscale with Headscale, but I didn't want to have a single node responsible for the network and discovery.
Most VMs only run containers, but I have supporting services on every host as well. Stuff like the mesh VPN, monitoring agent or firewall.
If I want a quick overview, a quick systemctl status will tell me everything I need to know.
I've been managing my containers using the older mechanism (systemd-generate) since I started and it's great. You get the reliable service start of systemd and its management interface. Monitoring is consistent with all your other services and you have your logs in exactly one location.
I really wouldn't want a separate interface or service manager just because I'm running containers.
You can still use the real uBlock Origin instead of the mediocre version Google allows
I use migadu.com now, previously also used mailbox.org and protonmail.
The great part with migadu is how much control you have. Want to add multiple domains or have multiple users? No problem. (Though they reserve the right to ask what you're doing if it's excessive).
Limits are based on mails sent, mails received and storage space.
I was on their cheapest plan (19$/year) until I filled my receiving contingent because my servers had issues and monitoring kept dutifully sending email alerts about that.