(Actually, nothing changed.
One post got through without problems, for some reason.)
Edit: In the time it took to write this, something seems to have changed. I’m not yet sure; but this is my first post in some hours which was not quasi-eaten, etc.
If theymos twiddled some knobs—thank you. If not—then for future reference, I want it somehow known that occasionally, if Cloudflare is busy valiantly stopping a DDoS attack, I might become unavailable on the forum due to denial of service.
Cloudflare is an anti-user D.o.S., Denial of Service! It is currently making the forum unusable through Tor. “Unusuable” meaning, to a reasonable person; I am sometimes unreasonably stubborn.
It repeatedly hits my browser with Javascript checks, re-checks,
Rapiscans porno-scans, X-rays, and cavity searches which spin my CPU, eat up my RAM, and do who-knows-what else. It does this so frequently that because I spend significant time on posts, I am regularly directed to a blank form which even forgets which thread I’m trying to reply in.
My posts would be eaten, and lost forever if I didn’t have a copy set aside outside the browser.If I weren’t so fond of this forum and already quite invested in it, I would have given up three hours ago.
Please do something about this! I suggest starting by immersing DDoS attackers in boiling oil. I am fantasizing about that right now. But really, if you’re going to get DDoSed, DoSing your users is not the solution.
No, vmware is not open source, but over my 10 years of using it (like in enterprise envs), I have never had any issue or security problem.
How do you know that? The type of attacks which break out of VMs are not typically used by the authors of popular widespread malware.
OFC,Nothing is completely secure in this day and age as you know I'm sure.
You may be assured, I would not allege “open source” to be a security panacea! The magical security of open source is a pernicious and contemptible myth. Availability of source code is only a prerequisite which facilitates auditing. When actual people (as opposed to hypothetical eyeballs) are auditing the source, the next step is reproducible builds, as Core does.
But the availability of source code provides the potential. Intentionally opaque blobs do not.
vmware is not open-source but there are open-source hypervisors... like linux kvm or whatever-the-fuck it's called nowadays.
Xen: Bare-metal hypervisor, but more or less married to Linux for dom0 (last I checked)
KVM: Linux thing
Bhyve: FreeBSD thing
VirtualBox: Mostly open-source thing.
qemu: Not a VMM per se; but I feel it deserves mention here.
Am I forgetting any popular ones?
I don't quite get the issue with fingerprinting. You can fake nearly everything about your environment in a VM. Screen resolution, browser type/version, OS type, VPN endpoints, not sure what else is there that JavaScript could potentially disclose?
Zeroth of all, do you fake all these things
separately each time you hit the “New Identity” button? And how many combinations thereof could you reasonably make? The
most urgent concern is not preventing identification of your computer: It is preventing
linkability of your browsing sessions.
And first of all, some things can reveal quite hardware-specific information. Reading from