Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Deckweiss

@Deckweiss@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Deckweiss ,

Nothing wrong with caddy, in fact they released a pretty nice update 2.8 just recently.

Deckweiss ,

You think some rando on the internet making linux memes for upvotes is a good source of factual truth?

Deckweiss ,

inbefore Musk-OS

Using Dark Reader on Tor Browser? (Please read before telling me to not use any extensions)

I use Tor every once in a while for basic web browsing just to add some regular traffic to the network and not just dark web traffic. I mainly use it for Reddit as they lock to block me because of my VPN IP but don't block Tor IP and occasionally other stuff. I know Tor is made so that everyone looks the same but, I am not...

Deckweiss ,

sounds like XY problem

you can use libreddit instances with your vpn ( for convenience you can install the libredirect plugin in firefox or whatever, just make sure to go to the specific reddit settings in the plugin, ping the instances and add only the ones that are up. The default one has been down for a while. )

What cloud vps server host do I use?

What cloud VPS host is the best for privacy and security? I want to self host stuff for myself some tools. Mental Outlaw make a video last year about self hosting your own VPN with a service called Vultr but back in December vultr added to their TOS that they own what you host and a bunch of other scary stuff. So I don't trust...

Deckweiss ,

You can also get an old PC without a gpu and hook it up to a domain via dyndns or similar. Or just wireguard to it. You'd have higher upfront costs, but very small running costs, so it will be worth it at some point and you fully controll the data on it.

Deckweiss , (edited )

Looking at my bills, my cluster server costs me ~15€ per month in electricity.

It has:

  • 4x6 arm cores
  • 4x6 GB RAM
  • 8TB HDD storage
  • 3TB nvme storage

As soon as you link me a VPS offer with comparable specs, but lower monthly cost, I am switching.

Deckweiss , (edited )

Mkay, then lets check out a VPS equivalent then:

A raspberry pi 4, with an average CPU load of 100% 24/7 would draw ~4kWh per month, which would cost me 1,50€ per month in electricity.

Again, a cheap VPS with specs in the rpi4 range costst about 5€ per month. After about 1,5 years running a rpi4 would become cheaper than renting a VPS.

Edit: after calculating it myself, I found this tool online https://tools.picockpit.com/powercost/ which veryfies my napkin math.

Deckweiss ,

I expect it to last for over 10years.

It has been running for 2 so far.

The total material cost was somewhere between 800 and 1000€.

For comparison, here is an ARM vps https://www.netcup.eu/vserver/arm-server/ if you scroll down a bit and add 8TB block storage to it you can see that the storage alone would cost just shy of 100€ per month. That would rake up the same bill in less than a year.

Deckweiss ,

all good points to consider for sure.

I won't go into all of them, but to summarize, it works perfectly for me.

The cool thing about a cluster is the upgrade path. It started with just two blades, but as I ran more docker containers and went out of resources, I just bought more. Am now up to 6 and there are still 2 free slots if I need it.

Storage I definitely overprovisioned but it will get used up eventually, that one is a bit more tricky to smoothly upgrade. Each blade has one nvme slot, but for bulk storage I have external raid enclosures, which is somewhat awkward.

Like you implied, it all depends on your need. If all you need is to run some private services, as OP is asking about, a bunch of SBCs or an old second hand office computer will do just fine and be very nicely priced compared to renting a similarly specced VPS.

Deckweiss ,

Just run photoshop on linux.

I don't understand why nobody ever mentions that it just works.

https://github.com/LinSoftWin/Photoshop-CC2022-Linux

Deckweiss ,

There isn't even a real photoshop competitor in the broader market, but you want to further split the hobbyist devs effort on linux as well?

I think instead it would be better to focus all the effort on a single solution that strives to cover all of photoshops features, with at least equal or better usability. Like has been done with Blender and godot for example. (And GIMP is sadly faaar from it still)

Deckweiss ,

Krita is really good for digital drawing and painting, but photoshop does cover a lot of other things, which krita can not do. In that sense Krita is more of a Corel PaintShop Pro alternative. While GIMP is the best, but still very bad, alternative to photoshop.

Deckweiss ,

I am pretty sure it would run in the same wine setup, but nobody bothered to set it up as an install script yet, so you'd need to do some manual dirtywork.

Deckweiss , (edited )

On linux you could easily do it, by running a script every n minutes that takes a screenshot and pipes it to an ai and then stores it wherever you want (including a local NAS)

With some extra effort you could tie it into the DE/WM and take a screenshot when a new app is opened or on focus switch or virtual desktop change or whatever and then slow down the periodic ones - so you don't end up making 3000 screenshots of the same long gaming session.
Or just constantly log the currently running processes as well to give the ai additional context.

There are so many cool opportunities with this. I hope somebody makes something cool and useful with it for Linux, that runs completely locally. You could then ask your computer "Hey, what video did I watch about godot a week ago, it had something with tilesets in it and I was coding alongside it". Or "how many hours have I been working on that project for in the last 2 weeks?'

Deckweiss , (edited )

It would not work for certain cases, you're right, like stuff with many differnelty names documents or doing research in the browser.

But for what I had in mind - I've checked and on my setup the projects name is in the apps window decoration, in the cli when I do the commits, in the directory view sidebar, in the OS taskbar etc.

It should be pretty straight forward to figure out from a screenshot, even when the app is not in the foreground.

https://lemmy.world/pictrs/image/e73e94b9-f06e-4e9d-ac4a-8291cc5d2b63.png

Deckweiss ,

Chameleon ff extension

Deckweiss , (edited )

The actual crazy thing is:

Imagine if somebody ran a Lemmy instance and just subscribed to every sublemmy and scraped all the data without asking. And nobody would even notice.

Reddit owns the content posted on their platform. But when you post on lemmy, everybody owns it, including every data company large and small.

But hey, at least we are feeling good about our social media platform choise, cause it's federated and open source or whatever, right?

Deckweiss ,

I switched from artix to arch because of this

Deckweiss ,

Maybe linux-hardware.org but I don't know tbh.

Deckweiss ,

GEGL !

Deckweiss ,

lol good!

Fuck stalky social media. Instagram is just there for farming engagement for ads and make you scroll for hours.

If you want to look at truly great photography or art go to a museum or exhibition.

Deckweiss , (edited )

To make it absolutely clear:

Your VPS has an ip. All your traffil will go through it if you set it up as a VPN. So your behaviour patterns will be tied to that one IP. You will be the only one on that VPN.

A commercial VPN has many users at the same time on a given Server. So the traffic and behaviour that comes from that servers IP will produce garbage data for analysis.

You could selfhost a VPN on your VPS and let others use it for free somehow to obfuscate your behaviour and patterns, but you as the VPS owner will have to deal with legal stuff then.

Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch (techcrunch.com)

By the way, the earlier posted article https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain had an update starting at the paragraph with title Update: Statement from Proton and additional commentary

Deckweiss , (edited )

Read the blog by the guy behind cock.li , he refused multiple illegitimate warrants so far.

What matters is the jurisdiction of the service, not the one of the warrant author, otherwise china would have already warranted all data of all other world citizens lol

Deckweiss , (edited )

That is true. But I wasn't debating about this specific case, but rather the generalized statement.

The comment I replied to implies "If there is a warrant, it is always legitimate and you have to follow it, because a lawyer said so". That is not true and if it were the world would quickly go to shit, which I pointed out.

Deckweiss , (edited )

Again, it doesn't matter where the warrant fomes from. What matters is where it goes to.

And that detail is pretty important, while being completely left out. They say:

it is not an option.

But yes it is, depending on the jurisdiction.

Deckweiss ,

Stop reminding me that I haven't used it for half a year since it broke for the 4th time and I am too lazy to fix it...

Deckweiss , (edited )

In my experience, most "apps" are just the website with some features and zoom disabled, wrapped in electron.

So I prefer the browser version, where I have all my privacy enhancing plugins.

Why Your VPN May Not Be As Secure As It Claims (krebsonsecurity.com)

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection...

Deckweiss ,

Use a killswitch then... no vpn, no internet

Deckweiss , (edited )

Huh? I thought the whole point of a VPN is to encrypt all traffic between my PC and the VPN server. Please be so kind and educate me on anything I have a misconception of:

For example, I use Safing Portmaster and I have set it up in a way where all the packets have to go through their VPN and if they don't, they get dropped before they leave my PC.

Before that I was running openvpn with a killswitch, which I thought besically did the same, it had a tunnel to the VPN server and if it is down, no packet leaves the PC.

Is that not how VPNs normally work?

Deckweiss ,

Thanks for the detailed explanation. I think I get it now!

I did look into it with ip route show when using nothing vs portmaster vs openvpn and it is just like you said, when using openVPN it just creates additional routes with a higher priority, but the normal route is still open.

Deckweiss ,

Use safing SPN with their portmaster app, then you can set it on/off per app, or even per url.

Deckweiss ,

Packaging a service for StartOS is a challenging, exciting, creative, and rewarding experience.

Yeah no thanks I'll just run it on Ubuntu or Arch Linux then, where a package is already available.

Deckweiss ,

I don't know why your software or OS can not be updated.

According to the official instructions (https://github.com/mcguirepr89/BirdNET-Pi/wiki/Installation-Guide) is should just be a normal raspbian. Nothing on there says it needs a legacy version, but I may be overlooking something.

If you installed it some other way or did it long ago then maybe do the setup over again from scratch with the newest raspbian version? (Don't forget to backup any data you'd want to keep)

Deckweiss , (edited )

Ah makes sense. Still there should be no issue with doing stuff the normal way.

apt update doesn't update your OS to a whole new version.

The command for an OS update is something like "do-release-upgrade" (but I forgot the exact name since I havent used debian for years)

Deckweiss ,

Sir, this is not a sales pitch

Deckweiss ,

After my Nextcloud server just killed itself from an update and I ditched that junk software, nearly zero maintenance.

I have

  • autoupdates on.
  • daily borgbackups to hetzner storage box.
  • auto snapshots of the servers and hetzer.
  • cloud-init scripts ready for any of the servers.
  • Xpipe for management
  • keepass as a backup for all the ssh keys and password

And I have never used any of those ... it just runs and keeps running.

I am selfhosting

  • a website
  • a booking service for me
  • caldav server
  • forgejo
  • opengist
  • jitsi

I need to setup some file sharing thing (Nextcloud replacement) but I am not sure what. My usecase is mainly 1) Archiving junk 2) syncing files between three devices 3) streaming my music collection

Deckweiss ,

I actually moved from seafile to nextcloud, because when I have two PCs running simultaneously it would constantly have sync errors and required manually resolving them all the time. Sadly nextcloud wasn't really better. But I am now looking for solutions that can avoid file conflicts with two simultaneous clients.

Deckweiss ,

Are you changing the same files at the same time?

Rarely.
But there is some offline laptop use compounded with slow sync times. (I was running it on a raspi with external usb hdd enclosure)

Either way, I'd like something less fragile. I'll test seafile again sometime, thanks.

Deckweiss ,

The underlying OS will be detected regardless of the useragent.

Deckweiss , (edited )

What do you mean by "properly configured"

Here is a screenshot of the default Tor Browser, installed from the repos, no config changes made. As you can see, creepjs can detect that I am using Linux.

Obviously, if you disable js, then the site doesn't work. Not sure if there are ways to detect the OS without javascript.

One common way to analyze the OS if all else fails is to look which fonts are installed. This is done by rendering thousands of divs with some text out of sight of the user. Each div with a different font. If the div width changes compared to the default, you know a font is installed. Different OS have different sets of fonts by default. Not sure if flatpak/flatseal (or other containerization methods) could protect against that. Technically you can install the exact set of Windows fonts and uninstall all Linux fonts, but I'd expect some linux app breakage and general uglyness.

An online search I did for how to completely hide the OS without breaking most websites did not result in anything except runnjng the browser in a Windows VM.

https://lemmy.world/pictrs/image/8996b651-8438-496d-8307-935fbf9fc57a.png

EDIT:

Per default tor has a linux useragent. And I can't seem to change it with the useragent switcher or with about config override. So yeah... even better.

Deckweiss , (edited )

How comes my useragent is Linux then? I just installed it fresh trom the arch official repos for the first time to test. Creepjs shows the useragent further down (not in this screenshot) and I visited other test sites as well.

I'll test it tomorrow by downloading it from the website.

Deckweiss ,

Can you share your creepjs results with tor when you have some time to check it out?

[Thread, post or comment was deleted by the author]

    •
    Deckweiss ,

    Yes.

    You can disable the ad popup window and you can set your start page to library. It's all in the settings somewhere.

    Deckweiss ,

    fail2ban

    Ask: How do you handle your résumés?

    Usually I rely on my network & haven’t needed this kind of document in ages, but I’ve been tasked with creating a résumé for myself. I’ve grown more privacy-conscious every year & I think it’s weird that we are expected to give out so much information about ourselves to companies that lie about their culture & don’t...

    Deckweiss , (edited )

    It's good advice, but it depends on how you do it.

    Since I wanted to show off my strengths in web dev and design, I've been working on my website for over two months hahaha.

    Avoid my mistake and just pick some wordpress template if you want to do it in "a few hours".

    Deckweiss ,

    :D

    I went to a startup bootcamp years ago and I quite liked it - I've learned a lot about my strenghts and weaknesses and thought about what I actually want to do in my life.

    The startup methodology part was really boring though and didn't align with my values at all, so I just ignored the instructions and did my own thing.

    Deckweiss , (edited )

    They have live traffic data, which OSM doesn't have.

    In terms of search, there are algorithmic ways to get smarter results compared to what is built in OSM per default. So if other users say that the results are better, magicearth might be doing some magic under the hood.

    Deckweiss ,

    Honestly, I have no idea why it went wrong or why it let me do that. Also my memory is a bit fuzzy since it's been a while, but as best I can remember what I did step by step:

    1. fuck around with power management configs
    2. using btrfs-assistant gui app, rolled back to before that
    3. btrfs-assistant created an additional snapshot, called backup something, I didn't really pay attention
    4. reboot, all seemed good
    5. used btrfs-list to take a look, the subvolume that was the current root / was a child of the aformentioned backup subvolume
    6. started btrfs-assistant and deleted the backup subvolume
    7. system suddenly read only
    8. reboot, still read only
    9. btrfs check said broken refs and some other errors,
    10. i tried to let btrfs check fix the errors, which made it worse, now I couldn't even mount the drive anymore because btrfs was completely borked
    11. used btrfs rescue, which got all files out onto an external drive successfully
    12. installed arch again and rsync the rescued files over the new install, everything works as before, all files are there
  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •