Are you talking a VPN running on the same box as the service? UDP VPN would help as another mentioned, but doesn’t really add isolation.

If your vpn box is standalone, then getting root is bad but just step one. They have to own the VPN to be able to even do more recon then try SSH.

Defense in depth. They didn’t immediately get server root and application access in one step. Now they have to connect to a patched, cert only, etc SSH server. Just looking for it could trip into some honeypot. They had to find the VPN host as well which wasn’t the same as the box they were targeting. That would shut down 99% of the automated/script kiddie shit finding the main service then scanning that IP.

You can’t argue that one step to own the system is more secure than two separate pieces of updated software on separate boxes.

https://nvd.nist.gov/vuln/detail/cve-2024-6409 RCE as root without authentication via Open SSH. If they’ve got a connection, that’s more than nothing and sometimes it’s enough.

I went down a rabbit hole on this one. I think the age may be irrelevant, or only correlated with children. At least Kidman and Holmes left him over Scientology. They were trying to avoid having their kids indoctrinated. That worked for Holmes, backfired on Kidman. It might have worked for Holmes because it backfired on Kidman. https://www.mercurynews.com/2024/06/28/after-tom-cruise-once-denied-abandoning-suri-she-seems-to-get-the-last-word/

John Wayne toilet paper. Rough, tough, and doesn’t take shit off of anyone.

You saying they might have an unexpected dangling pointer?

The fingerprinting I’m talking about gets encoded in the screen recording too. Subtle pixel changes here or there over the entire length of the video. It’ll be lossy when it’s transcoded, but over the whole video it’s there enough times it won’t matter. Even scaling to lower quality won’t fix it and then it’ll also be lower quality.

It’ll be like DRM, there will be people trying to remove it like anything else. They’ll break one thing and another will come along. There would still be a black market, but most people can get an unrestricted copy in exchange for money so there’s one less reason to pirate.

Unless you’re actually pointing a camera at the screen, then OK, you do you.

They could offer a way to download a copy and steganographically tag it to hell with your id so that they know if you distribute it. You can “loan it out” by letting friends stream off your Plex or whatever. If you start selling that streaming service or it shows up in torrents, it has your ID on it.

Boom, you own it forever and you’re incentivized not to over share.

Or you know sell DRM free versions and let people do whatever, but that probably has a snowballs chance in hell.

On The Honeymooners his catchphrase was “one of these days Alice, bang zoom straight to the moon.” He was going to hit her so hard she flew to the moon. The height of comedy at the time.

X gon’ give it to ya Fuck waiting for you to get it on your own X gon’ deliver to ya Knock knock, open up the door, it’s real Wit the non-stop, pop pop of stainless steel

Drinking and driving 90MPH.

If you’re an ssshole don’t you come back as an insect or animal? That would mean rich folks would have to do actual good to avoid that. Whatever their policies, after the first few trust fund dung beetles and assorted other multi-lifetime embarrassments, they’d probably snap out of it.

Hey check out the cockroach yacht club guys! Lol, how did that forced birth + soul tracking debt thing work out for you!?

Then like half their debtors would achieve nervana and fuck off to heaven or whatever.

I think the kharma religions, this would take care of itself.

Your ISP is doing it wrong, which I guess you already know. I get a /64 net via DHCPv6 for my LAN which is pretty standard.

+1 to dual stack. Too much of the internet is v4 only, missing AAAA, or various other issues. I’ve also had weird issues where a Google/Nest speaker device would fail 50% of the time and other streaming devices act slow/funky. Now I know that means the V6 net is busted and usually I have to manually release/renew. Happens once every few months, but not in a predictable interval.

Security is different, but not worse IMO. It’s just a firewall and router instead of a NAT being added in. A misconfigured firewall or enabling UPnP is still a bad idea with potentially worse consequences.

Privacy OTOH is worse. It used to be that each device included a hardware MAC as part of a statelessly generated address. They fixed that on most devices. Still, each device in your house may end up with a long lived (at least as long as your WAN lease time) unique IP that is exposed to whatever sites you visit. So instead of a unique IP per household with IPv4 and NAT, it’s per network device. Tracking sites can differentiate multiple devices in the house across sites.

This has me thinking I need to investigate more on how often my device IPv6 (or WAN lease subnet) addresses change.