If I were a democrat pol, I'd want to keep Gaetz, and Trump, and all the nut jobs.

They are loved by their base and horrible to work with in the houses, but they are electorally toxic.

Prediction for your next presidential election: Trump will still be on trial on federal charges, he will be the nominee anyway, and he will lose badly. DeSantis will bite chunks out of him. Bullish on popcorn.

Or Trump bites chunks out of whoever they do nominate. The party either gets moderate votes, or Trump votes, or DeSantis votes, but not all three.

I'm getting started with i3, so I get your point now.

Ahhh, thanks! Please excuse my error - I am attempting to perform computation using a kilo of wet squidgy protein and fat.

Implementation of VPN'd torrent client

This is how I torrent over Mullvad. I have no hesitation to recommend Mullvad - but I am not a crypto or security expert.

The main image fails closed - if the VPN goes down, transmission disconnects.

This setup also includes a SOCKS server that proxies your traffic over the same VPN. I use a separate browser (librewolf) and set the SOCKS proxy to :2020 including sending DNS over SOCKS. That's because my country blocks piracy-related sites at the DNS level. If you don't need this, you can delete the socks section of the docker-compose file.

On my ubuntu laptop, I install transmission-remote-gtk in order to click on a magnet link and have it added. Otherwise you have to browse to the container's web interface, which gets tiresome.

I have this installed as a systemd service so it runs on boot. I use the systemd state and credential features as a safeguard against my own mistakes with permissions, but my long-term goal is to encrypt these files on disk. Linux can be pwned - I have read that around 35% of botnet nodes are linux (although these are presumably mostly weak IoT devices). The secondary benefit of the LoadCredential/CREDENTIALS_DIRECTORY mechanism is that it doesn't expose secrets as environment variables.

The p2p.service file needs to be in that path, but you can put the other files wherever you want.

Known issues / todo list

• The socks proxy sometimes falls over, I haven't looked into why
• The downloaded files will be owned by root, since that's what the container runs as

File contents

/root/.secrets/mullvad:

123456789
""

For mullvad, there is no password, only an account number. I believe that the empty quotes are necessary. This file should be owned by root and chmod 600; containing dir should be 700. Replace the account number with your own account, obvs!

/etc/systemd/system/p2p.service:

[Unit]
Description=p2p
Requires=docker.service multi-user.target
After=docker.service network-online.target dhcpd.service

[Service]
Restart=always
RemainAfterExit=yes
WorkingDirectory=/usr/local/bin/p2p
ExecStart=docker compose up --remove-orphans
ExecStop=docker compose down
LoadCredential=mullvad:/root/.secrets/mullvad
DynamicUser=yes
SupplementaryGroups=docker
StateDirectory=p2p
StateDirectoryMode=700

[Install]
WantedBy=multi-user.target

/usr/local/bin/p2p/docker-compose.yml:

***
version: "3.7"

services:
  p2p:
    restart: always
    container_name: p2p
    image: haugene/transmission-openvpn   # see also: https://www.nickkjolsing.com/posts/dockermullvadvpn/
    cap_add:
      - NET_ADMIN
    sysctls:
      - "net.ipv6.conf.all.disable_ipv6=0"  # ipv6 must be enabled for Mullvad to work
    volumes:
      - ${STATE_DIRECTORY:-./config/}:/config   # dir managed by systemd - but defaults to ./config if running interactively
      - ${CREDENTIALS_DIRECTORY:-.}/mullvad:/config/openvpn-credentials.txt:ro  # var populated by LoadCredential - but defaults to ./mullvad if running interactively
      - transmission:/data
      - transmission_incomplete:/data/incomplete
      - /my/directory/Downloads:/data/completed
    environment:
      - OPENVPN_PROVIDER=MULLVAD
      - OPENVPN_CONFIG=se_all  # sweden
      - LOCAL_NETWORK=192.168.1.0/24    # put your own LAN network here - in most cases it should end in .0/24
      - TRANSMISSION_WEB_UI=flood-for-transmission  # optional
    ports:
      - 9091:9091
      - 80:9091
      - 2020:2020

  socks:
    restart: always
    container_name: socks
    image: lthn/dante
    network_mode: "service:p2p"
    volumes:
      - ./sockd.conf:/etc/sockd.conf
    depends_on:
      - p2p

volumes:
  transmission:
    external: false
  transmission_completed:
    external: false
  transmission_incomplete:
    external: false

/usr/local/bin/p2p/sockd.conf:

logoutput: stderr
# debug: 2
internal: 0.0.0.0 port = 2020
external: tun0
external.rotation: route

clientmethod: none
socksmethod: username none

user.privileged: root
user.notprivileged: nobody
user.unprivileged: sockd

# Allow everyone to connect to this server.
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error  # disconnect
}

# Allow all operations for connected clients on this server.
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: error  # connect disconnect iooperation
    #socksmethod: username
}
# Allow all inbound packets.
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bindreply udpreply
    log: error  # connect disconnect iooperation
}

Steps

1. Install docker and docker-compose, e.g. with sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
2. Create the files with contents as above
3. sudo systemctl enable p2p
4. sudo systemctl start p2p
5. Check what it's doing: systemctl status p2p
6. On first start, it will take a few minutes to pull the images
7. To debug interactively while also passing the creds, use sudo systemd-run -P --wait -p LoadCredential=mullvad:/root/.secrets/mullvad docker compose up --remove-orphans
8. Every so often, cd into /usr/local/bin/p2p and run docker compose pull to update the images.

Actually no, I've met some people who present themselves like slobs but are excellent human beings.

They are. If Trump stands, it'll be a big victory for Biden, because Trump has made himself unelectable for swing voters.

Over here, the tories are heading for a wipeout. They've been telling us their shit smelled like roses, and it worked, up until it didn't.

Edgy shit like this is why anti-woke is a vote winner. It's repulsive to normal people.

It's not a uniform, it's a dress code, and it long predates boomers.

Peace On Earth is a book by Stanislaw Lem, the author of Solaris.

It is my all-time favourite sci-fi novel.

The premise is that mankind builds autonomous war robots and sends them to the moon to fight proxy wars instead of real wars on earth. But the robots evolve. For reasons unknown, contact with the moon is lost, so humanity sends a astronaut up to see what's going on.

My friend, you haven't heard about Oracle.

Microsoft at least gave the world Powershell, to balance out their sins. I can also name other good things they have done. Oracle is pure and deliberate evil.

I believe that the human race will end in one of three ways:

• asteroid strike
• disease
• Oracle

I think you were merely being pedantic, but there are some interesting points in there.

Is it a crime to generate fake "csam"?

Should it be a crime?

How can prosecutors get convictions against a defense of "no, your honour, that video is AI-generated"?

What we have now is still miles off general AI, but it's going to take years for society to catch up. Interesting times.

Another Kagi fan here. I pay $10 a month.

I'm a reasonably heavy search user, but have never hit the quota.

It's wonderful to have relevant results again.

The one thing it doesn't work for is shopping. From time to time I use Google. I should probably switch that to Bing, as the lesser of two evils.