EncryptKeeper

EncryptKeeper , 1 day ago

https://www.usememos.com/ Would be great for this.

EncryptKeeper , 3 days ago

Yeah but France also has way more vacations.

EncryptKeeper , 2 days ago

It really bugs me in general how often the term “home lab” is conflated with a “home server”, but in the context of what this article is trying to communicate, it’s only going to turn the more casually technical people it’s trying to appeal to off.

For many people, their home lab can also function as a server for self hosting things that aren’t meant to be permanent, but that’s not what a home lab is or is for. A home lab is a collection of hardware for experimenting and prototyping different processes and technologies. It’s not meant to be a permanent home for services and data. If the server in your house can’t be shut down and wiped at any given time without any disruption to or loss of data that’s important to you, then you don’t have a home lab.

EncryptKeeper , 2 days ago (edited 2 days ago)

Only if nothing on it is permanent. You can have a home lab where the things you’re testing are self hosted apps. But if the server in question is meant to be permanent, like if you're backing up the data on it, or you’ve got it on a UPS you make sure it stays available, or you would be upset if somebody came by and accidentally unplugged it during the day, it’s not a home lab.

A home lab is an unimportant, transient environment meant for tinkering, prototyping, and breaking.

A box that’s a solution to something, that’s hosting anything you can’t get rid of at a moments notice, is just a home server.

EncryptKeeper , 2 days ago

Fastly is also a CDN. The fact that a website is behind Fastly doesn’t imply that it isn’t selfhosted at all.

EncryptKeeper , 2 days ago (edited 2 days ago)

Oh yeah like that’s part of it. If this article is supposed to be a call to action, somebody who starts looking into “homelabs” is going to get confused, they’ll get some sticker shock, and they won’t understand how they apply to what’s said in the article. They’ll see a mix of information from small home servers to hyperconverged infrastructure, banks of Cisco routers and switches, etc. my first home lab was a stack of old Cisco gear I used to study for my network engineering degree. If you stumbled upon an old post of mine talking about my setup and all you’re looking for is a Plex box you’ll be like “What the fuck is all this shit, I’m not trying to deal with all that”

“Self hosting”, and “home server” are just more accurate keywords to look into and actually see things more closely related to what you want.

EncryptKeeper , 2 days ago

That’s what the definition is, nobody said you have to like it. Home labs have been a thing for a long time now. Long before laymen starting confusing the term with something it’s not, muddying up its meaning.

I mean sure they're a sterile environment, but it's incredibly unlikely that a lab is wiped clean and built from scratch, unless you get millions of dollars, and a lot of free time, i guess.

What the? No you doughnut, the data is wiped. As in you can erase all the data off the drives, install a different OS, spin up a new cluster on some different hypervisor. It’s not a lab as in “physically sterile” it’s a lab as in a place meant for experimentation.

People often refer to their "homelab" as an entire server rack, you want me to believe that people are willing to wheel out their entire server rack and discard the entire fucking thing?

What are you talking about guy? You don’t wheel anything out. You don’t discard the hardware. You ‘d discard any and all data or services on it. It’s for experimenting with things. Often for configuring things from scratch. Thats what you’re experimenting with and studying. Your home lab is the entire rack. Everything that’s running on it is what is ephemeral.

In some capacity a homelab has to be semi permanent,

The opposite. The purpose of a home lab is impermanence. The only permanent part of the home lab is the hardware itself. You can test service reliability over a long period of time on your home lab if that’s what you’re experimenting with, but you wouldn’t do so with all your live, precious data. If you’re putting things into it that are meant to stay there permanently, it’s no longer a home lab. A home lab is for testing things out, experimenting, ripping it all out, setting it all back up, in an environment outside of production. It’s the non-business version of “pre-production” or a testing environment.

EncryptKeeper , 1 day ago

Of course it would be self hosting. If the website isn’t hosted on fastly, and is hosted by an individual, that would be the definition of self hosting. You’re also assuming that Fastly is caching responses, do you know that for certain?

Literally all you’ve done so far is resolve the host name to a DNS record. You think you’ve done something, but you haven’t.

EncryptKeeper , 1 day ago (edited 1 day ago)

use homelabs to experiment in. It's a sandbox environment where if you break it, you fix it, and more importantly it isn't costing money while it's down.

Pretty in line with what I’ve said. It’s for experimentation and is meant for it to be ok to break. You’re trying really very hard to ascribe meaning that isn’t there. I don’t really know why you’re trying so very hard just to be wrong. another hint you’ll notice here is how r/homelab is its own subreddit apart from r/selfhosted

i wasn't talking about a homelab, as evidenced by the fact that i said the most broad, least specific form of lab, laboratory.

So you were just talking nonsense about something unrelated, got it. You tried to compare a homeland to the only definition of a laboratory that doesn’t apply to a technical environment. Very big brain move there.

yeah, that's my point, i was playing by your rules of the definition, which are very explicitly strict.

No, you’re just confusing technical terms and phrases for their literal equivalents. Making arguments about things that were never said. Whatever drugs you are on must be some good shit because the world as you seem to see it is all Willy Wonka.

I.E. literally anything you don't have strong attachment to, because unlike the corpo world, you can simply do whatever the fuck you want with your hardware, you don't even have to test shit in a testing environment if you want to.

No not at all. By that logic, I know some pretty big global companies with production environments that can be considered “home labs” in your eyes. The defining characteristic is the purpose and intent for the environment.

It’s very simple, not nearly as complicated or vague as you’re trying to make it out to be. If your purpose for the environment is to experiment, and nothing on that environment is of any importance to you, I.E. you could wipe the whole thing clean in a moments notice and lose nothing of value, you have a home lab.

If on the other hand you have a Nextcloud instance running on it with files you expect to be there, and would be distraught if they were gone, you do not have a home lab.

Very simple. Nothing complex or vague or overly explicit about it.

EncryptKeeper , 1 day ago (edited 1 day ago)

You clearly don’t understand a single thing about how the internet works and are very confused. Let me help you out.

how you self host a CDN hosted by fastly?????

You don’t? The website is what would be self hosted. Not Fastly.

When did I resolve the Hostname to a DNS record? … I resolved it's domain to an IPv4 address which points entirely to a fastly server

Right there. You resolved the host record, probably an A record or ANAME for the website (dev.to) into an IPv4 address, using DNS.

It's not a resource that get's delivered by CDN, it's the whole fucking website they are serving, which is a service they sell and that's not self hosting.

Here’s what you’re critically misunderstanding about this. Just because you resolve the record for a website and the IP that’s returned belongs to fastly does not mean fastly is hosting the content. You literally haven’t done anything to prove that the website isn’t self-hosted on a computer in some guys garage. You’re making assumptions based on ignorance and using those assumptions to gatekeep self hosting because you don’t even know what you don’t know. It’s very possible that site isn’t self hosted, but so far you haven’t actually found any proof of that like you think you have.

If you think a domain is a hostname and an IPv4 address is a DNS record

A domain can have several host records of different types including one at the root of the domain. What you’re resolving isn’t “a domain” it’s a single record for that domain, and its associated IP address is contained in the DNS record. If you’d like to familiarize yourself with this system, try this:
https://www.dummies.com/book/technology/information-technology/networking/general-networking/dns-for-dummies-292922/

It’s clear that you’re a hobbyist with very little understanding of how the internet and self hosting works on a fundamental level and that’s ok. But I recommend instead of wasting your energy being confidently wrong very publicly for the purpose of gatekeeping, you use that energy to learn how these things actually work instead.

EncryptKeeper , 20 hours ago

That explains how you wound up in the position you’re currently in lmao.

EncryptKeeper , 3 days ago

It is real, though the example they used only makes any sense if they’re like manually plugging resumes by hand into public ChatGPT, which they’re probably not doing.

In reality, white text on your resume that consists of a large number of relevant keywords, that will in fact have an impact on the software they’re using. Recruiters are actually starting to complain about it.

EncryptKeeper , 3 days ago

They likely use tools that do something similar on a larger scale. Less work for them that way.

EncryptKeeper , 4 days ago

Grist

EncryptKeeper , 7 days ago

It’s not misinformation. I hear what you’re saying, and that this whole Futo thing seems like it should be net positive, but it was sold.

The developer still maintains full autonomy on the projects direction and leadership. All BLANK is doing is providing them stable income

This isn’t a good argument for Immich not being sold, because this is the exact description of what private equity firms do.

EncryptKeeper , 10 days ago

I got an email from USAA yesterday excitedly telling me about their new voice ID feature. You can now contact them over the phone and manage your account with fewer security questions by having your voice analyzed. What could go wrong.

EncryptKeeper , 11 days ago

So there are two things that certificates are for. You already understand the first one, which is the cryptography itself. You can use them to encrypt your traffic so that information sent over the connection is not in plain text.

The second thing certificates do, is the answer to your dilemma. Identification. For your browser to trust a website’s certificate, the certificate has to be valid for that website. What makes a certificate valid? The certificate has to have been signed by a trusted Certificate Authority, and the name on the certificate must match the website you’re visiting. If you were to ask “What makes a certificate authority trusted?” The answer is that your web browser and/or operating system come preloaded with certificates for trusted certificate authorities. These special certificates were used to sign the certificate of the website you’re visiting, which is another thing your browser checks for. A malicious third party can’t (easily) obtain a valid certificate/key pair for a domain that they don’t own. If your browser was presented with a fake certificate from the malicious third party, it would not connect and would warn you that your connection isn’t secure and would explain why.

Now if more specifically, you’re wondering that if a malicious third party takes any given website’s public certificate, can it use that to decrypt your session? After all, that public cert is signed and trusted. The answer to that, is that when a certificate is created, so too is a private key file created. This private key is never presented to the public, and it’s the only thing that can decrypt sessions that were encrypted by its paired public certificate. So that third party could install that certificate on a web server theoretically, but they wouldn’t actually be able to decrypt anything because they don’t have the private key for the legitimate certificate.

So in order for a man in the middle attack like this to work, they’d have to obtain not only a legit websites public certificate, but also the corresponding private key. OR, the third party would need to get access to your PC, and install its own certificate authority signing cert, so that it’s fake, self signed certificates are trusted by your browser. Both of these are possible, but at that point you’re not talking about an unknown man in the middle, the man would have to compromise one of the two ends.

EncryptKeeper , 12 days ago

Just hope they don’t have cameras.

EncryptKeeper , 14 days ago

A big differentiator in how you might want to tackle this depends on one question, are you planning on getting into Linux systems administration, like for work? Because if you actually really want low level Linux skills then that’s a whole slew of things you’ll need to learn from scratch. And it’s not just your Windows-only experience that’s holding you back, managing a server is different from managing your desktop.

But if you’re not really interested in working in IT or all you really want to learn how to self host, you’re probably better off with an appliance, like UnRAID. These OSs abstract away much of the low level stuff so you don’t have to worry about it. Not the best way to learn how Linux works really well, but the easiest way to manage your self hosted environment.

EncryptKeeper , 16 days ago

You didn’t just start using electric ones?

EncryptKeeper , 18 days ago

I switched away from google maps to Apple Maps a few years ago and I honestly can’t tell any difference. If google maps traffic data is better, it’s not in any noticeable kind of way for regular day to day usage.

EncryptKeeper , 19 days ago

I’m not sure if this was actually some kind of sinister plot, rather than incompetence and ego. You’re not the first to suggest that this is a way to lay people off without “having to pay severance”, but what really throws a wrench into that idea is that in most states they didn’t “have” to pay severance in the first place. That’s really more reliant on the employment offer or contract. There really wasn’t anything stopping these companies from just laying people off the normal way. The only other justification I’ve seen is that it’s a way to “avoid bad press”. But clearly it doesn’t because we all still know this is happening and we’re all still just as unhappy about it. If anything, it’s better for a company to just lay people off and spin it as a “cost saving measure” to appease shareholders, than make it look like top talent is leaving of their own volition. The latter makes the company look bad to both the general population and its shareholders.

EncryptKeeper , 19 days ago

You think the market is fucking rational, here? I've got news for you, guy, regular people's view of this means fuck-all to these people and the only thing that matters to them is the stock price.

The market absolutely props up "irrational decisions" and cutting employees to cut costs has been a bellwether for increasing stock price for forty fucking years now.

That’s my exact point. I don’t think this is some conspiracy to secretly lay off people. I think this is just a more straightforward case of C-levels blundering around with decisions that make sense only to them.

I think they absolutely thought RTO would be a benefit in some way, and after being proven wrong they just save face with corporate buzzwords.

EncryptKeeper , 19 days ago

100% of the companies this article is about are American companies. The top talent the article describes live in the United States.

0% of the countries that aren’t America are relevant to this article, my comment, and this thread. Including yours.

EncryptKeeper , 19 days ago

The article isn’t talking about Apple or Google adding privacy-invasive stuff. It's talking about protections being put in place To prevent you from being tracked by things like Apple’s Airtags

EncryptKeeper , 21 days ago

https://ghost.org/ would probably work pretty well for you.

EncryptKeeper , 21 days ago

The part where you self host it? I don’t understand the question.

EncryptKeeper , 21 days ago

Oh that’s what you mean, yeah they don’t make it easy to find. I only linked their site so OP could see the feature set. I run it in docker, and remove all the nonsense membership and newsletter features and buttons.

EncryptKeeper , 21 days ago

God damn, Jellyfin still hasn’t figured out intro skipping?

EncryptKeeper , 21 days ago

Some hospital networks just continue to operate slower to the detriment of their patients and just lie to everyone so that nobody finds out they were hacked.

EncryptKeeper , 22 days ago

Oh yes why fix economic system when we can just defeat human nature. Great idea that’ll be much easier.

EncryptKeeper , 25 days ago

Amazon also horrifically mangles and compresses their video for seemingly no reason all the time.

EncryptKeeper , 25 days ago

Yeah that’s the thing is that it’s almost random. As a guy with a network engineering degree that there wasn’t an identifiable issue with my network or devices when this would happen. No idea what would trigger it. Never had the same issue with any other streaming service.

EncryptKeeper , 25 days ago

I have a college education and a well paying job the monthly payment on a new car has doubled since I bought my last one in 2020. No way am I buying a new car at these prices/rates.

EncryptKeeper , 25 days ago

People take their cars to dealership garages? Fuck that noise lmao

EncryptKeeper , 25 days ago

Separate library for her movies, only her user can access, done.

EncryptKeeper , 26 days ago

They mean encrypted at rest. As in, Proton cannot hand over a copy of all your emails to a law enforcement agency, they don’t have access.

This means law enforcement would have to capture an unencrypted email in transit, or obtains your emails from either recipient individually.

EncryptKeeper , 26 days ago

They are bound by Swiss Law, so they have to comply with lawful orders. They are very up front about this even within their marketing that pertains to protection from other government authorities. They are also very good at explaining exactly what is protected and what inherently isn’t. A recovery email isn’t. In order for a recovery email to work by its very nature, Proton has to have a record of it. But at the same time they don’t require you to set one. Proton hasn’t done anything that they’ve promised not to. There comes a point where you need to put a little effort into understanding the product you’re using.

EncryptKeeper , 26 days ago

It’s not needed, that’s just it.

EncryptKeeper , 26 days ago

This information was just as clearly and easily accessible by the guy who was caught, as it is to you, and to me. If you’re going to commit crimes using a cloud service, the onus is really on you to put in a minimal amount of effort to familiarize yourself with what is protected and what isn’t. Proton is extremely up front about this, and give you all the information you need to be safe.

Proton never advertised to a single user that all your data is safe from the Swiss government. On the contrary, their main selling point is that the Swiss government is the primary driver of their secure offering. They encrypt what they can using zero trust encryption, and that is left over is secured by the Swiss Governments laws regarding businesses sharing information with foreign governments.

Proton promised to not comply with direct requests from foreign governments and they haven’t.

Proton promised to encrypt all the data they feasibly can so it was safe from Proton being able to hand it over to even Swiss authorities and they have.

Proton is not responsible for user error, nor the willful ignorance of its users.

EncryptKeeper , 26 days ago

Proton has never given any guarantee about hiding all account metadata from the Swiss government either.

EncryptKeeper , 26 days ago

I don’t label him anything. He clearly did something that guided his decision to use a more privacy-centric service to avoid the prying eyes of his own government. That could be crimes, civil disobedience, it doesn’t matter.

Proton deserves no criticism here. It has not created any functional database of any group of people to be queried by anybody, much less law enforcement. Thats complete nonsense with no evidence to back it up.

It is exactly the privacy haven it appears to be because to this date there has been no reason to believe otherwise. Proton has and continues to offer the protections it’s promised to, without deviation. You just seem to have some kind of personal bone to pick with Proton and are using this story to distort the truth in order to create some kind of anti-proton narrative. I’m no corporate fanboy, but right now we have very few privacy-focused cloud services and for the duration they remain so, I’m not going to tear them down for no reason.

EncryptKeeper , 25 days ago

The fight against misinformation is an important one, and the misinformation you’re spreading is a threat to anyone who is interested in being privacy-conscious but doesn’t know enough to dispute what you’re saying. Whether or not the user was committing crimes, or any other non-state sanctioned activity that he recognized could land him in hot water continues to be irrelevant. Nobody is judging his morality, the point is that he knew what he was doing warranted more effort to maintain his privacy. You trying to put an emotional or moral spin on the term “crimes” is just more pedantic nonsense to distract from the issue at hand.

The fact that Proton services 6,000 requests from law enforcement in a year (not all of which uncontested or even granted, a detail you’ve conveniently left out) does not imply that they’ve violated user trust, or that they’re doing anything they didn’t explicitly say they would do.

Whatever your motivation is for this slander campaign against Proton, it isn’t working.

EncryptKeeper , 25 days ago

They’re all like “privacy and freedom”, “take control of your data”…

That’s correct. And the fella used that freedom and control over his data to deanonymize himself. It isn’t proton’s job to be completely idiot-proof. They tell you what it is they do, and they do it. There are no false claims made.

EncryptKeeper , 26 days ago

The thing is that in most cases you don’t need a VPN to protect yourself on a public network. The ubiquity of TLS on the internet already does a great job of that. Using a VPN on a public network for privacy and security reasons amounts to little more than the obfuscation of which sites you’re visiting, and some fallback protection against improperly configured websites. So while I agree it isn’t entirely a non-issue, it definitely isn’t as big of an issue as one might assume given the scary wording of the headline and article.

EncryptKeeper , 27 days ago

It’s the corporate boomer way of saying it.

EncryptKeeper , 27 days ago

Sounds like LittleBigPlanet without the whimsy and fun.

EncryptKeeper , 1 month ago

At least you are the master of your own destiny