Mullvad's public encrypted DNS Servers run in RAM now - eviltoast
  • bobs_monkey@lemm.ee
    link
    fedilink
    English
    arrow-up
    156
    arrow-down
    4
    ·
    1 year ago

    Encrypted DNS, widely known as DNS over HTTPS, protects DNS traffic by encrypting it.

    Ya don’t say.

    • kautau@lemmy.world
      link
      fedilink
      English
      arrow-up
      84
      arrow-down
      3
      ·
      1 year ago

      The missile knows where it is at all times. It knows this because it knows where it isn’t. By subtracting where it is from where it isn’t, or where it isn’t from where it is (whichever is greater), it obtains a difference, or deviation. The guidance subsystem uses deviations to generate corrective commands to drive the missile from a position where it is to a position where it isn’t, and arriving at a position where it wasn’t, it now is. Consequently, the position where it is, is now the position that it wasn’t, and it follows that the position that it was, is now the position that it isn’t.

      In the event that the position that it is in is not the position that it wasn’t, the system has acquired a variation, the variation being the difference between where the missile is, and where it wasn’t. If variation is considered to be a significant factor, it too may be corrected by the GEA. However, the missile must also know where it was.

      The missile guidance computer scenario works as follows. Because a variation has modified some of the information the missile has obtained, it is not sure just where it is. However, it is sure where it isn’t, within reason, and it knows where it was. It now subtracts where it should be from where it wasn’t, or vice-versa, and by differentiating this from the algebraic sum of where it shouldn’t be, and where it was, it is able to obtain the deviation and its variation, which is called error.

      • d3Xt3r@lemmy.nz
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        3
        ·
        1 year ago

        The missile maintains constant awareness of its location. This is achieved through its intrinsic understanding of where it is not. By calculating the difference between its current position and where it isn’t, either by subtracting its current location from where it isn’t or vice versa, the missile computes a deviation. This deviation is then utilized by the guidance subsystem, which is programmed to issue corrective commands. These commands are designed to reposition the missile from its current location to a desired one. As the missile reaches a location where it previously wasn’t, it updates its current position. This means that the missile’s present location is now where it used to be absent. Consequently, the position that the missile occupied before is now a location where it is not.

        In situations where the missile finds itself in a position other than where it intended to be, the system identifies a discrepancy. This discrepancy is quantified as the difference between the missile’s current and intended positions. When this variation is significant, it can be adjusted by the Guidance Electronic Assembly (GEA). However, for the GEA to make effective corrections, the missile must have knowledge of its previous position. This historical data assists in accurate recalibration, ensuring the missile’s course remains true to its intended trajectory.

        The missile guidance computer operates on a complex principle. When a variation alters the information regarding the missile’s position, uncertainty arises about its exact location. However, the system is fairly certain about where it is not and remembers where it was. It computes its current position by subtracting where it should be from where it was not, or the other way around. This calculation is refined by contrasting it with a composite of where it should not be and where it was. Through this process, the missile identifies both the deviation from its intended path and the extent of this deviation, known as the error. This error calculation is critical for realigning the missile’s trajectory toward its intended target, ensuring high precision in navigation and impact.

        • Supercritical@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          What happened is what is subtracted from was divided by what could have been. If you know the integral of what could have bin then you can obtain the euclidean distance to what is and then you know what happened.

      • brambledog@lemmy.today
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Catch-22 or Gravity’s Rainbow, if my memory of books I’ve read once is still accurate.

        • Apollo@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Neither, its a copypasta born from a usaf pdf. I think it might actually be the og version, vintage af.

  • surewhynotlem@lemmy.world
    link
    fedilink
    English
    arrow-up
    101
    arrow-down
    2
    ·
    1 year ago

    “Mullvad’s encrypted DNS solution is available free of charge for everyone. The company advises customers of its DNS service, which is available for a flat-fee of 5 EUR per month, not to use the encrypted DNS service as the DNS resolver of the VPN server is handling this automatically. The performance of connections could be slower, if users make the switch.”

    This nonsense was written either by an AI or a drunk.

  • BackpackCat@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    ·
    1 year ago

    I use mullvad and I’m too dumb to understand what this means. Can one of lemmy’s many IT experts ELI5?

    • pelya@lemmy.world
      link
      fedilink
      English
      arrow-up
      65
      ·
      1 year ago

      This makes it harder for russian military to steal one of Mullvad servers to track your porn usage over VPN - once they unplug it, all links to porn will be gone.

      • nevemsenki@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        1 year ago

        If they get hacked, your data is still there until a reboot, though. This is more useful against state authorities taking servers than hackers.

        • bamboo@lemm.ee
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          1
          ·
          1 year ago

          That’s not how ram works, at least not generally. Unless frozen to an extremely cold temperature, ram loses its value very quickly and needs constant power to retain data. If a server were to lose power at normal operating temperatures, there would be nothing significant left to recover within a few seconds.

          • Traister101@lemmy.today
            link
            fedilink
            English
            arrow-up
            28
            ·
            edit-2
            1 year ago

            I think they mean somebody gains access to the server/s thereby they could look at the ram while it’s still actively running.

            • nevemsenki@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              Yeah, as long as the OS is running, it doesn’t matter if its from a ramdisk or SSD/HDD.

          • barsoap@lemm.ee
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            It’s nothing that can’t be overcome with forensic equipment, though. With the right set of tools you can even take the sticks out of the server while it’s still running and retain the data, that’s why RAM encryption is a thing. For the really paranoid, homomorphic encryption.

      • ElectroNeutrino@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        2
        ·
        1 year ago

        Harder, yes, but still good to note not impossible. There’s some cryogenic techniques that allow them to preserve what’s on the RAM long enough to read it.

        • symbioticremnant@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          It’s a bit of a long shot, and I’m not sure if it’s just theory or proven in reality. The idea is that you literally freeze the memory at a cold enough temperature to freeze the state of the memory, and then swap the memory into a machine with power in order to read or dump the data

          • ElectroNeutrino@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            It’s a variation of a cold boot attack. Instead of forcing an OS crash and rebooting into an OS connected to a portable drive, you cool the memory to extend the time you have before the data degrades and can then do whatever you want with it. I believe you can extend it up to a week.

            https://citp.princeton.edu/our-work/memory/

    • chwilson@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 year ago

      From what I understand it means there’s no persistence on disk of any traffic/data, it’s entirely in memory, so less risk of data being stolen or leaked

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      This older comment explains how ECH works.

      ECH is technically unrelated to DoH, ECH is a HTTP extension not a DNS extension. But it uses the DoH encryption because it can’t use the HTTP encryption because of the chicken-and-egg problem explained in that comment, so… it basically latched onto DoH as a solution and in doing that tied the two together.

      And to answer your question, DoH is usable on its own without ECH because ECH is not needed for DNS. But ECH is strongly desirable for HTTP, and it also requires DoH, so that’s why Mozilla for example activated then as a package deal in Firefox (both or neither).