Bulletins and News Discussion from April 29th to May 5th, 2024 - Césaire's Boomerang - COTW: United States
Also known as "Foucault's boomerang" or the "imperial boomerang".
Image is of a sniper on the roof of the Indiana Memorial Union at Indiana State University, overlooking a student protest.
The Imperial Boomerang is the observation that the tactics of mass oppression and totalitarianism used by Western countries in their colonies and neocolonies will, sooner or later, return home to be used against the citizens of those Western countries. While the people living at the time of WW2 were, rightfully, in deep shock of the concentration camps used by Nazi Germany, those paying attention to what was occurring in Africa would not have been terribly surprised. Concentration camps were used in several countries in order to separate out ethnic groups and place them in more easily controlled environments which aimed to prevent them from rising up and fighting back against the Western governments which exploited them. There is the additional factor of governments taking notes from each other - Hitler was inspired by America's racial segregation and genocide of indigenous groups, which author Carroll Kakel among others have written books on.
Today, the totalitarian strategies used by the Zionist entity in occupied Palestine are being brought home to Western countries as the American Reich and its global influence accelerate in their decline. Gaza was and is a cyber-concentration camp, with digital surveillance taking place alongside old-fashioned techniques of paying informants. Aside from being an unsinkable aircraft carrier and disrupting the entire Middle East, Israel's primary role appears to be to generate new ways to monitor entire populations. Propaganda about China being an authoritarian police state with social credit scores and AI which knows where everybody is at all times was probably created, at least in part, to deflect attention from Israel doing those exact things. The paranoid and flimsy American regime with its gerontocratic upper circles now use these tactics at home: cracking down on any and all protestors with political views left of Mussolini; placing snipers on roofs ready to fire at the slightest provocation; and arresting organization leaders. Pegasus has wormed its way around the world, with a notable recent example in Poland, in which the previous conservative government used the spyware to monitor the current liberal ruling party. The Israeli military, experts only in killing children and not actual warfare, have trained the police of other nations.
It would be easy to end the preamble there, on a gloomy note about the brick wall - or, indeed, iron curtain - that upstart left-wing groups are up against. What history has shown is that these regimes are, in fact, beatable. Liberation movements around the world have found ways to counter imperialism, even if they required wars in which millions of their countrymen were murdered. The legacy of Israeli propaganda psyops and digital tracking is not victory, as Hamas demonstrated on October 7th and continues to show with every ambush executed and every Merkava destroyed. The legacy of Western military defence equipment is not success, demonstrated by every missile fired by Hezbollah and Iran which hits Israel. The legacy of the American Navy is not competence, with a naval blockade of the Red Sea still maintained after months by one of the poorest countries on the planet.
The protests of at least the last couple decades have been marked by failure to produce material results: from those against the Iraq War, to Occupy Wall Street, to the BLM protests of 2020. Of course, it would be silly to tell American protestors to start digging tunnels. But sooner or later, the failure of Western protest movements will be overcome, and a more effective strategy will be devised, in order to deflect the boomerang.
The COTW (Country of the Week) label is designed to spur discussion and debate about a specific country every week in order to help the community gain greater understanding of the domestic situation of often-understudied nations. If you've wanted to talk about the country or share your experiences, but have never found a relevant place to do so, now is your chance! However, don't worry - this is still a general news megathread where you can post about ongoing events from any country.
The Country of the Week is the United States! Feel free to chime in with books, essays, longform articles, even stories and anecdotes or rants. More detail here.
Defense Politics Asia's youtube channel and their map. Their youtube channel has substantially diminished in quality but the map is still useful.
Moon of Alabama, which tends to have interesting analysis. Avoid the comment section. Understanding War and the Saker: reactionary sources that have occasional insights on the war. Alexander Mercouris, who does daily videos on the conflict. While he is a reactionary and surrounds himself with likeminded people, his daily update videos are relatively brainworm-free and good if you don't want to follow Russian telegram channels to get news. He also co-hosts The Duran, which is more explicitly conservative, racist, sexist, transphobic, anti-communist, etc when guests are invited on, but is just about tolerable when it's just the two of them if you want a little more analysis.
On the ground: Patrick Lancaster, an independent and very good journalist reporting in the warzone on the separatists' side.
Unedited videos of Russian/Ukrainian press conferences and speeches.
Pro-Russian Telegram Channels:
Again, CW for anti-LGBT and racist, sexist, etc speech, as well as combat footage.
https://t.me/aleksandr_skif ~ DPR's former Defense Minister and Colonel in the DPR's forces. Russian language. https://t.me/Slavyangrad ~ A few different pro-Russian people gather frequent content for this channel (~100 posts per day), some socialist, but all socially reactionary. If you can only tolerate using one Russian telegram channel, I would recommend this one. https://t.me/s/levigodman ~ Does daily update posts. https://t.me/patricklancasternewstoday ~ Patrick Lancaster's telegram channel. https://t.me/gonzowarr ~ A big Russian commentator. https://t.me/rybar ~ One of, if not the, biggest Russian telegram channels focussing on the war out there. Actually quite balanced, maybe even pessimistic about Russia. Produces interesting and useful maps. https://t.me/epoddubny ~ Russian language. https://t.me/boris_rozhin ~ Russian language. https://t.me/mod_russia_en ~ Russian Ministry of Defense. Does daily, if rather bland updates on the number of Ukrainians killed, etc. The figures appear to be approximately accurate; if you want, reduce all numbers by 25% as a 'propaganda tax', if you don't believe them. Does not cover everything, for obvious reasons, and virtually never details Russian losses. https://t.me/UkraineHumanRightsAbuses ~ Pro-Russian, documents abuses that Ukraine commits.
Microsoft on Friday provided a peek at a comprehensive framework that aims to sort out the Domain Name System (DNS) mess so that it’s better locked down inside Windows networks. It’s called ZTDNS (zero trust DNS). Its two main features are (1) encrypted and cryptographically authenticated connections between end-user clients and DNS servers and (2) the ability for administrators to tightly restrict the domains these servers will resolve.
anyone networking-savvy want to explain how Micro$oft is trying to fuck people with whatever this is
I don't think they are, just seems like a much needed improvement to record lookups tbh
Not everything is some secret op. Most software improvements are exactly what they are. Google didn't release Kubernetes to the world so they can at-will hijack everybody's containers
When did I say it was goodwill? Google open-sourced it so it can become the industry-standard like it has and they can reap lots of free labor from the community AND other companies to contribute/maintain their product instead of hiring and paying people to do it
Still doesn't change that Kubernetes is materially a great addition to the software world and isn't a malicious actor
let me give you an even weirder example of security technology being circumvented by the feds, even though it actually works Tor relies on the exit notes not being compromised en masse by an incredibly resourceful entity with I mean, untold financial resources you know I'm talking about the US
let's say one sat there for hours. Debating with somebody whether tor was secure I would come to the conclusion it's great security software, and I have to use it without thinking about whether literally every single exit node or at least a large majority of them have literally been bought by feds so I'm asking for stuff. I'm not gonna think about that you know. I want access to the paranoias of more competent nerds than I am
I mean, I just really think my reach exceeds my grasp on the subject and that's not a reason to be less paranoid and assume security software is working. I am not really big on how security seems to be synonymous with US national security half the time with computer dudes. I mean hell on this DNS issue I'm speculating this could be some move by Microsoft to get around VPN but I don't know if they're already doing that. I'm sure they are. Maybe they're making it easier. VPN companies are compromised anyways I mean look at server map for Mullvad it belongs in always the same map that community on Lemmygrad.
However could just be a case of like you say, MicroSSoft being forced to actually compete, eventually, on security issues
I know I'm going a bit nutty here, but Thailand and Indonesia being added recently kind of raises an eyebrow from me. Not involved with the datacenter business lol, I prefer being a geopolitical nutcase to stay far afield of anything that these people do as shit gets worse...
Thailand recently also started doing shit like mirroring US legislation about sending "nonlethal aid" to US-favored forces in Myanmar. That's a correlation that tells me I missed a lot of stuff happening.
yannow how ThatOnePrivacySite used to have a thingy which would show you which intelligence-sharing agreements with NATO your VPN's country is in? I don't think that's really foolproof but consider that Mullvad's secure DNS servers are in Sweden and that would be a great place to attach the wiretap
Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Latvia, Netherland, New Zealand, Norway, Poland, Romania, Serbia, Singapore, Spain, Switzerland, UK, and of course USA
for Wireguard they also have Ukraine, Indonesia, and Thailand and I may be forgetting others
it's like a list of countries where a removedestablished member of the intelligence community wouldn't be shitting their pants about THE SEE SEE PEE
Very good point, and something I've considered myself. There's a tradeoff when it comes to security, and I've been grappling with it for a long time. If I want to do Serious Things™ then I will need to become Truly Secure™ and to do that... it's a lengthy process. At this point, "Security" has become an excuse to put off action, and I really don't know how to solve that.
I feel the same, from knowledge and not having infinite disposable income, it's like my opsec is capped, and tech-libertarians aren't going to help us. They're just as concerned with the Chinese as their own govt which is still raking in Silk Road plunder years and years down the line, and that's all they use it for, illegal finances and drugs. Oh wait I forgot something important. Let's move on. At the very least I want to skootch people on to solutions which aren't a complete no-brainer like handing over all your internet traffic to the NSA directly, sending unencrypted text messages about unionizing that Starbucks can try to get a judge to pull. I don't just drop security procedures but I recognize their insecurity on a higher level.
They literally try to use any ancient laptop you give them to burn itself out seeding Windows Update torrents to other people and I have every right to be deeply suspicious of networking changes they make in light of that. It's indistinguishable from a virus. It's already apparently broken VPNs by mistake. I'm sure they would add something to their Secure DNS system to undermine these improvements considering how it's a very underlooked and important facet of security for basic privacy peeps, loads of people leak their DNS traffic via Cloudflare because they fuck up their Firefox settings stupidly and then download a VPN.
It's not like I don't know how trash the DNS situation is I mean we were training Nazi tattoo dudes in Ukraine to do this it's gotta be easy as pie.
MicroSSoft and Apple SSoftproducts (yes I mnow that's not their name) just love leaking traffic and exempting their own traffic from privacy technology
Microsoft has been caught up by hobbysts trying to nuke old windows vista by windows update when windows 10 was released. They, IBM and Google (FLOC) are the top conspiracy theorists, and not the people who point the fingers at them.
OP asked for people with networking knowledge to explain how this is an op, people with networking knowledge come in and tell them we can't think of how this could be an op. OP refuses to acknowledge our hypotheses claiming there must be some secret op
There's also so many other places in the pipeline where it'd be much easier to conduct attacks on data here
Like I said, not literally everything software companies release are an op, only some of them
This panned_cakes guy is a paranoid weirdo that stalks me and other members of this site, obsessed with opsec but falls for the most basic misdirection to the point he thinks I am some other guy on a server I am not even in and just got banned (again) for spamming me with weird dm's.
I don't mean this in an ableist way buy they really really need help and/or to just log off forever.
More like a weak reason to just assume, like the other guy, this is exactly what it says on the tin (literally said "I checked the Microsoft article and this looks good!!"), when Win11 has been causing issues with VPNs, Win10 no longer allows you to actually fully cut off traffic with Mullvad, and Google has recently tried to introduce heavy pruning to connections based on how identifiable you are at a basic level of the internet lol?? I'm just assuming they're going to mark some shit as a harmful DNS server that isn't or make it harder to use a pihole idk. I'm not insisting what they're doing is malicious no matter what, you just gave me a shitty reason lmao
If you're running Windows then you're already trusting and running whatever code Microsoft gives you, with automatic updates and everything. This includes root CA certs pre-installed and so on. If Microsoft wanted to block arbitrary DNS servers from being used in their OS, they could just do it. Why build a whole ZTDNS system for it?
Great reason to use Linux or any other kind of *nix btw.
Oh man I am missing all of the funny replied! We've got a reddit comedy expert here!
My man is satisfied with 9/11 commission report and the handling of the COVID pandemic! Let me guess, you think it's right wing to question these things? May I interest you in the disinformation-free https://threads.net/??
(edit: Damn it, I only read the Microsoft article, but the Ars Technica article already explains all of this better. I'll keep this here in case this helps anyone.)
Sounds basically like an extension of existing encrypted DNS protocols (DNS over HTTPS, DNS over TLS) which integrates with the firewall. Can't think of a reason to be concerned about this. It strikes a balance between encrypting DNS lookups and allowing network admins to see which websites you're using. Think like corporate networks and work-from-home employees. If you don't configure it then you don't have to use it. "Zero Trust" is a marketing buzzword for the idea of authenticating endpoints before sending data, a lot of different things claim this label.
Quick primer on DNS (not a networking expert)
DNS is a protocol for converting names into IP addresses, so that you can type hexbear.net instead of remembering the IP address for hexbear. Classic DNS works by having a DNS server which provides IP addresses to devices which send lookup requests. DNS servers are usually hardcoded on your device somewhere in the system settings. Many free public DNS servers exist (Google has 8.8.8.8, cloudflare 1.1.1.1, etc) and also your ISP usually offers their own.
Company networks often have their own DNS to resolve internal names on the intranet (pointing to private zone IP addresses) before asking up the chain for names on the public internet. In a home setting, people also set up their own private DNS servers to block malicious names, for example to block advertisements by returning "not found" replies for lookups of domains that serve ads. (Pi-hole, Adguard)
Some problems in the classic model:
Privacy: Record lookups are sent in plaintext, so other devices on the same network can see which names you're looking up.
Security: No authentication of the DNS server itself or the replies it's serving. You are fully trusting that the server sending the reply is the one which you trusted. (Open to adversary-in-the-middle attacks)
To solve both of these problems, encrypted DNS uses certificates to both authenticate and encrypt DNS lookups. The response can only be decrypted if the server can encrypt the traffic using a key you trust. (Same idea behind HTTPS.) To be clear, encrypted DNS is already a thing, this is not the new thing offered by ZTDNS.
This ZTDNS (Zero Trust DNS) integrates with the firewall. A typical firewall blocks all incoming traffic by default, and allows all outbound traffic. This means you can't receive spontaneous traffic from hexbear.net if you never opened the site. However, if you first send a request to hexbear.net, then the firewall learns to open a hole for hexbear.net to reply back.
ZTDNS modifies this setup by blocking all outgoing traffic by default. Only when an IP address is known to be associated to an allowed domain, then the firewall allows outbound traffic to that IP.
I think the main point is that it forces all DNS lookups to use the system DNS:
A malicious program can't decide to bypass the system configured DNS server to resolve names some other way. This sort of method is used e.g. by Google products which try to bypass ad blocking DNS.
Strikes a balance between no encryption (network admins can tag your traffic) and encryption (network admins lose ability to see which sites you're accessing).
I'm not afraid of the term Zero Trust lmao that would be funny "oh my god.. zero trust.. ... they're lying to us bros"
sure DNS over HTTPS is more secure but in practice isn't it just everyone handing over all their browsing history directly to google and cloudflaremost of the time anyways? watch them just leak all of the traffic to a third party server or something like apple
Lol yeah I'm not worried about Zero Trust either, just saying it's marketing fluff. And yes in practice this isn't going to fix all the other privacy issues with the internet. Microsoft doesn't care about that, this is about selling enterprise software with the word Zero Trust attached. But otherwise can't think of why this would change the game for normal people, even work from home employees who are already monitored.
I don't think this invents that ability, administrators already have control over firewall rules and DNS servers. If they wanted to block hexbear.net, they could already configure DNS to return "not found" for that domain. Or set up some firewall rule to block outbound traffic to 37.187.73.130.
I suppose this way is more secure in the event you get malware on your computer. If the malware tries to phone home and send sensitive information, it will get blocked by the firewall if the destination isn't allowed by the DNS. But that comes down to how effective the DNS rules are.
This is not true of existing secure DNS protocols like DNS over HTTPS and DNS over TLS, where the client makes a direct, encrypted connection to the DNS server. Not unless the client is configured to use the DNS server that the network tells it to, e.g. via DHCP.
I haven't looked at the details of M$'s design here, but it could be concerning if you're allegedly using a "secure/encrypted" protocol but the local network admins can still snoop/interfere despite the user configuring their system to securely connect to some well-known, outside DNS server.
Yeah agreed there. I have to admit I'm kind of split on encrypted DNS because it's so convenient to block ads on all devices on my home network, but obviously not giving that kind of control and information to network administrators is better, like on coffee shop wifi.