N0x0n

N0x0n , 9 hours ago

What does that mean for apps like SimpleX?

Do they have to comply? :/ And if they decide like signal to retire from EU, how will that work?

N0x0n , 1 day ago (edited 1 day ago)

I think this has nothing to do with who is listed first/last !

As you can see in this docker-compose, they are on 2 different web-ui ports, avoiding conflicts !

N0x0n , 4 days ago (edited 4 days ago)

Not OP, but thanks for the write up !

Regarding macvlan's with docker, I tried to use them in the past and while I liked the idea of having every container on it's own mac /ip address in the home network space, I couldn't get the host to communicate directly with them.

Everyone on the LAN could talk to my containers, except the host itself. IIRC there was/is some tricky part where you have to change the default route and create new iptables to make it work that way, but It seemed rather hacky and not secure at all.

Now that I'm a bit more experienced with docker and all, do you know if this is possible or still one of the downside of macvlan's?

Edit: reference. I see he updated his post in 2023, maybe worth a new shot !!

N0x0n , 3 days ago

Linkding is great ! I love it ! With the new local copy as html file thats a banger !!

Except one thing I hate about it... It can get really messy quickly If you don't overthink your tags... This can get time consuming in the long run !

N0x0n , 3 days ago

Hey :) would you kindly share your tagging methodology? It's the second time I nuke my linkding docker istance, because everytime it gets so messy that I lose sight of my bookmarks ://

Thank you 👐

N0x0n , 3 days ago

That's a nice workflow :) except for KOReader, I do the same combo Miniflux + wallabage + linkding.

Wallabag + miniflux for articles to read and
Linkding for important stuff (mostly github stuff).

What's cool about that workflow it can be automatically send through each other with their API.

N0x0n , 6 days ago

Opening ports on your router is never safe ! There're alot of bots trying to bruteforce opening ports on the web (specially ssh port 22)

With SSH I would disable the password authentication a only used key based authentication. Also disable root access. (Don't know how it works with forgero though)

I would recommend something like wireguard, you still need to open a port on your router, but as long as they don't have your private key, they can't bruteforce it. (You can even share the wireguard tunnel with your friend :))

Also use a reverse proxy with your docker containers.

There are a lot of things you could do to secure everything, but If you relatively new to selfhosting, there's a steep learning curve and a lot of time needed to properly secure everthing up. You could be safe by doing nothing for a few months but as soon as someone got into your system, you're fucked !

But don't discourage yourself, selfhosting is fun !

N0x0n , 5 days ago

You're right, but only if you are an experienced IT guy in enteprise environnement. Most users (myself included) on Lemmy do not have the necessary skills/hardware to properly configure and protect their networking system, thats way I consider something like wireguard way more secure than opening an SSH port.

Sure SSH key based configuration is also doing a great job but there is way more error prone configuration with an SSH connection than a wireguard tunnel.

N0x0n , 6 days ago

Never got into TF2 was more a day of defeat guy (what a banger !!). But still doing my part !

N0x0n , 7 days ago

Is this because I am using a free tier VPN? so it's not functioning properly etc...

Nope ! I use the free tier on all my devices and nothing is leaked based on all tests I did.

If you are on linux you need to check your /etc/resolv.conf and see if your home's router/ISP DNS is in there.

Check also if networkManager hasn't your ISP's dns configured.

There are other locations where your home router's DNS could be hidden on linux after a DHCP configuration.

If it's on windows :/ sorry can't help there.

N0x0n , 6 days ago

That's right !!! That was just a starting point for OP if he was on Linux and lacking that info I gave him just some pointer where to look at.

Anyway, most of the time it gets overwritten from other configuration files, nothing harmful. He could even have resolvconf installed on his system, who knows.

N0x0n , 6 days ago

Long time I haven't booted into windows, so can't help there.

But rest assured that the free tier hides your real IP the same way as the paied tier.

N0x0n , 9 days ago

Hummm, does TTIP and CETA rings a bell? If not, let's just say that during the covid pendamic the EU parliments signed CETA behind ours backs allowing transporting good between canada and EU. Sure TTIP itself was not signed (yeahhhi thats a win... Or not?)

But that doesn't matter because the only thing they wanted was a trade deal with the American continent It's TTIP with extra steps...

So right now we will propably have meat and vegetables full of GMO's, pesticides, and meat fully loaded with antibiotics, vaccines...

So If I where you I wouldn't count to much on

"They look like they want change, and they then blame too many votes on "not themselves" that it didn't pass."

They wan't changes when it benefits them and their agenda ^^.

N0x0n , 9 days ago (edited 9 days ago)

That's not the point, eat what ever you think is good for you. We are not going into arguments that's out of context. That was just an example out of my memory on how they pass things without our consent or when they see any benefit for their own agenda not for the common good. (Still personal opinion, think whatever you want)

But whatever... I'm just a random on the net 🤷

N0x0n , 9 days ago (edited 9 days ago)

👍✌️

Edit:

I shoud have left that part out:

So right now we will propably have meat and vegetables full of GMO's, pesticides, and meat fully loaded with antibiotics, vaccines...

That's was maybe a too personal opinion were the conversation can easily get heated quickly (where ever your stand is on that subject) and is out of the scope of the actual post !

So sorry about that :/.

N0x0n , 16 days ago

Hey :) may I suggest rethinkDNS to have a more granular control over your installed application? Also it's possible to block everything except the apps you trust while still being able to use your own DNS/wireguard VPN/proxy...

Also If you want a more in depth overview of every connection your phone attempts to make, give Pcapdroid a try !

N0x0n , 16 days ago (edited 16 days ago)

Hey :)

Wait, I thought the "downside" of this app was that it used your VPN connection.

https://lemmy.ml/pictrs/image/da00e95d-744e-44a1-9cdd-4f13a46164aa.jpeg

It does, but if you have a VPN that let's you send your traffic through wireguard (like protonVPN, don't know about others :/) it will send all your traffic through that tunnel.

https://lemmy.ml/pictrs/image/09b06a1e-ea08-4205-8c68-9214a591a35c.jpeg

Also, there was a recent update which uses your wireguard's DNS instead of rethink's hardcoded internal DNS. That was the awaited updated I needed to fully switch to rethinkDNS.

There are still some quirks in the interface and a few strange behavior with wireguard when waking the phone up, but nothing that causes leaks in my experience, because if my wireguard tunnel isn't working rethink isn't able to make any requests !

Hope it helps :).

N0x0n , 21 days ago

I feel so bad for the long term contributors :/

The only good thing I could think off, is that someone is going to create a defederated stackoverflow alternative?

Or something similar, to bring back real human interaction...

If this wasn't enough, This will probably raise war against corporated AI.

N0x0n , 23 days ago

Imagine talking about opsec and iCloud in the same sentence 🫣🤭

N0x0n , 30 days ago

Just use rethink dns with a wireguard tunnel and block every app except those you trust and need !

N0x0n , 29 days ago

Hummm, Don't get me wrong I like the command line when I work on my GUI-less server, but a video player to run through the command line on a daily drive desktop with GUI and everything?

This seems a bit overkill and useless no? I mean when I'm on my desktop I just want to click on my media file and launch it right away.

Maybe I'm not the target audience and it's focus is more entitled to people working in the video industry and needs more granular tweaking with specific media files? Scripts?

Or Am I missing something here?

N0x0n , 1 month ago

Maybe syncthing could fit your flow?
OMV syncthing.

I have no idea if it works or if that's something you would implement, but syncthing is pretty good :).

I use it to sync my encrypted backups between my devices (even my phone has my server backups). Never had any issue !

N0x0n , 1 month ago

Woaah ! Thank youu ! That's a great find !

N0x0n , 1 month ago

Congrats !!!!

Only one day? Lucky you ! It took me a whole week to get it to work with self-signed ssl certificate behind Traefik + docker + Adguardhome.

Adguard home rewrites and the correct certificate configuration solved most of my isues (android can be picky with self-signed root certificates). But I learned ALOT through the whole week, so I didn't waste my time :).

I hope you too learned alot :) but if I may, I would switch from AdguardHome to Pi-hole.

I know... AdguardHomes functionalities and UI are awesome and overpass Pi-Holes' but since I saw they add some strange trackers and very sketchy DNS request in their AdguardVPN android application, I don't trust them anymore !

N0x0n , 1 month ago

It does !! I really like it and was easy peasy to make the switch. But I have to admit, AdguardHome's UI and DNS logs are way more detailed and I'm missing a few features I used with AGH. But nothing to critical that makes pi-hole unusable in my workflow !

But yeah, they do not have the same budget... That's a good tradeoff i'm willing to take for my privacy :).

And one day, when I get a job I will surely donate to them.

N0x0n , 1 month ago

Hummm, I have a syncthing instance in a docker compose, so yeah I can access it through my ssl domain (https://syncthing.home.lab) but traefik takes care of everything.

Now if it's on your local machine you're trying to use your SSL certificate I don't know, I always access it through the local ip (127.0.0.1:8384).

If I had to guess or give it a try, I would point the IP to my dns through my host file on my machine. But that's just a wild guess :/

I think syncthing has a good documentation about it :)

N0x0n , 1 month ago

Thanks for the share :))) ! Looks interesting ! Bookmarking until I have more time to read through the docs !

N0x0n , 1 month ago

Well, you still have to open wireguard's UDP port to make it reachable outside your LAN.

Just sayin' 🤷

N0x0n , 1 month ago

Thank your for the write up 😁 Glad you solved your issue !!

N0x0n , 1 month ago

Try to open the web developer tools in your web browser, to look if there is anything useful. It's different for every browser but on firefox:
≡ > more tools > Web Developer tools. Look into the network tab and refresh your page and try to login again. This can sometimes give you some hints what's going wrong.

Also have you tried to log every container from the compose?

When you ls all containers do they seem healthy or does one do not start?
docker container ls -a ?

N0x0n , 1 month ago

I just spinned up the docker compose bare bone without any modification just to see if it actually works on localhost. Just a checkup to see if by default it works, and yes I can login from my host IP:PORT without any issues.

https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md#installation

I just changed the default port, because 80 is already used and gave the admin account a password.

Maybe this github anwser can be helpful ??

The compose stack seems not that easy to customize, In your position I would mount it bare bone a change things one/one reading through their admin docs !

My guess would be that changing the volume a few things are missing? I don't know, docker issues a hard to troubleshoot when you're not infront of the computer.

N0x0n , 1 month ago

Yeah, sorry about that... Seems alot of python is involved.

Can you check your permission on "pg_logical/snapshots" in your folder ?

drwx------ 1 70 root 512 Apr 21 15:40 postgres_data

drwx------ 1 70 70 0 Apr 21 14:41 pg_snapshots

N0x0n , 1 month ago (edited 1 month ago)

Here is something you can work on. You could try to mount your volumes as named volume as per this docker-compose file, so that docker takes care of permissions and ownership of the files.

If I understand it correctly you want to use an external drive or a drive partition ? You can't directly use those partitions as named volume. You can also mount a SAMBA/CIF mounted volume from your external drive/drive partition or NFS (read here).

Do not change this part in the docker-compose I shared above. This files needs to be located where It can find it.

    volumes:
      - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py

This is what I would give a try. Apart from that, I can't help you any further, maybe someone else would come up with a better idea :/.

This seems like a stupid permission issue ˆˆ'. Hope you will find your way arround !

N0x0n , 1 month ago (edited 1 month ago)

You are probably talking about video content? I don't have any advice concercing those, and I'm also interested if someone has some good self-hosted alternative for this kind of content.

On contrary, if you're an ebook/webpage hoarder I had a long run in finding the best solution to keep my learning ebooks tidy and well organized.

If you are serious about learning through written textbook and web, having everything in one spot and also a buildin pdf reader, I really advise you to have a look at Zotero. Even if you are not a researcher it's a very useful tool !

Also would suggest you to give the Zotero 7 beta a try instead of 6. Better UX, native macOS m1, linux, better pdf reader, webp reader... Alot of improvement !!

One thing you should be aware of, it's their cloud syncing, which allow you to continue your work on another computer, which cost a bit of money. Nothing to exagerated though ! BUT if you're a self-hoster you can sync your personal data folder through a bind volume/samba share/nfs/syncthing... What ever your poison is :).

Sorry if this doesn't help in your quest of video content organization, but chances are, you're also hoarding alot of pdf/web page content !

N0x0n , 1 month ago

Maybe something worthwhile looking at (was roaming the web to find something that could actually fit your request!) Mediacms it looks promising, but never tested it so you have to give it a try yourself :).

But seeing from the github repo, it looks like a selfhosted youtube CMS :) Just keep in mind to backup your data before giving it a try. I have no idea how stable it is.

Hope it helps !

N0x0n , 1 month ago (edited 1 month ago)

Docker networking is fun :) (IMO).

Without having a look at your container and how you configured it, if you have correctly mapped your ports and didn't change anything fancy and don't use a reverse proxy

Your container should be accessible on your host's IP mapped with you Immich docker port:

HostIP:2283

Edit: Also, don't run a docker container in... Another container (LXC).

Containerinception

N0x0n , 1 month ago

Also FlorisBoard is back in the game !

Note: Due to various reasons development has been quite stuck in the past year, but things are slowly improving again and new releases/features will follow in the near future, please see the roadmap for details!

florisboard

N0x0n OP , 2 months ago (edited 2 months ago)

Hi :)

I'm relatively new to github repos, first time adding/sharing files. I was looking for a free opensource sharing plateform first, but nowadays everything is closed behind a paywall (yeaah server and storage cost money) even for a single small .js file ! But it's a good training setup before I switch to self-hosted forgero open to the world (Can't wait to make misearble security mistake and wipe all my server setups xD).

Thanks for sharing your project :) Will take a closer look and learn about user-overrides.js ! Thank you !!!

N0x0n OP , 2 months ago

Hello thanks for your inputs !

Is there any reason you went this route instead of just using an user-overrides.js file for the standard arkenfox user.js file?

I'm relatively new to "programming" and file management and wasn't aware of the user-overrides.js. I was sucked in by the testing, reading, and giving my best to understand each entry that I missed this crucial information. I'm reading through the overrides section in the arkenfox wiki and will change accordingly !

Does the automatic dark theme require enabling any fingerprintable settings (beyond just possobly determining the theme of the OS/browser)?

Nope. But by default enabling dark theme is fingerprintable. They know that I'm using dark theme in my browser, but... my eyes can't live without it :(. I think this is a negligeable parameter, because there are too many dark mode user on the web. As long as it's the native Firefox dark mode theme, this should be an okayish compromise.

user_pref("layout.css.prefers-color-scheme.content-override", 0);
user_pref("browser.theme.content-theme", 2);

How are you handling exceptions for sites? I assumed it would be in the user.js file, but didn’t notice anything in particular handling specific URLs differently.

I'm not sure what you mean, but by default I prefere that everything what's happening in my browser needs user consent and manual interaction. I'm still looking for the switches to block all new requests asking to access microphone, location, notification...

Also the only sites I give permenant cookie exception are my selfhosted services (Because I mostly trust them ? XD) and everything else is deleted after each Firefox shutdown.

If I can't acces the site or it's broken, I mostly just leave and just find another ressource. This probably locks me out to a lot of sites, but that's the trade off I'm willing to take.

To add some more fun, I also block all GAFAM at the DNS level on my pi-hole with some strict policies. If I need to acces them for any reason, I spin-up a throwable Virtual Machine.

I hope I answerd your question and thanks for your input ! Diving into user-overrides.js ! Thanks !

N0x0n , 2 months ago (edited 2 months ago)

Out of the box, Firefox is good enough for those who have "nothing to hide" normies. Just turn some visible button on/off and look at them go 🤷🏼.

But if you value your privacy, there are some hidden tweaks you have to apply that most lemmy users are aware off (about:config, resistsFingerPrint, webRTC, ipv6, whatever
...)

If you want to go a step further, go through arkenfox's well documented user.js or just install arkenfox or any of the Firefox/Chromium derivatives.

Then comes TOR and other hidden services like I2P, which are probably over kill for most lemmy users except if you're Edward Snowden or if you really, really care for your privacy/anonimity.

In the end if your really want to go of the radar, the only real solution is to never touch any connected device, burner phone, burn your house, your wife (no don't do that !!) and go live in the woods :) feel the real wireless connection with nature ! Damn if we only could value more that connection 😮‍💨

N0x0n , 2 months ago

They wouldn't go to snapchat, X, facebook, google, tiktok, whatever, in the first place if they really care about privacy.

OOTB Firefox is meant for those kind of people, who just care enough to not be bothered by "conspiracy theorist".

Those who really care/value privacy/anonimity are in the 5% range globally (I don't have real numbers to back of my claim, it's just to empahsize the number here).

Give it a try by yourself, go out into the streets and talk to strangers how much they value privacy and what effort they put into to have their privacy. Talk to them about tiktok, youtube, instagram, X, see of far their believe in privacy would go.

N0x0n , 2 months ago

Not exactly a guide but there is this wonderful github repo.

Some advice to give it a try:
Open firefox (desktop only) in the search box type about:profiles and create a new profile to put the user.js in without affecting your main profile.

This github repo is rather complex and there is alot to read and grasp, but it's a very good starting point to harden your firefox.

You can also give a look at the arkenfox user.js.

Those are complex user.js but you can produce your own with the tweaks you need, in case you need video confercence or what else.

N0x0n , 2 months ago

Last time I saw them, I was filled with infinite inner white light power and joy. So hard to explain that I didn't even tried, because I was sure nobody would understand.

So powerful I couldn't keep my eyes closed, so bright and colorful and the patterns infinitly beautiful.

The CEV mandala patterns are amazing, but the fractal patterns are on another level, and You can really feel how they ARE on another level, plane of comprehension.

What a blissful experience !

N0x0n , 2 months ago

Not only does it work... It's used by all governement agency in the world to spy between world leaders...

N0x0n OP , 2 months ago (edited 2 months ago)

This dump is only from AdguardVPN app. This traffic is not my routed traffic to the VPN.

As you can see on the second screen my vpn is connected to PCAPdroid.

And 800 requests in less than a minutes on a rooted/debloated android?

I have seen a lot of keep alive/cdn packets and fallback dns... and I know how a VPN and routing works. I have setup my whole homelab with selfhosted wireguard/dns/router... I have seen a lot of request on my Adguardhome and played arround with wireshark to see the whole network traffic.

Sure on a whole network there is a lot of traffic, but this amount of request for a single app? There's something fishy !

Edit: Try it for yourself and post some screenshots.

N0x0n OP , 2 months ago (edited 2 months ago)

Hummm... These are probably normal request for the "average user", but not for privacy advocates from this community:

37.120.218.14 33across.com

33Across has over 15 years of experience building identity resolution technology, programmatic monetization, and audience segmentation through big data and a global first-party publisher foundation. Future-proofing the industry's addressable infrastructure, 33Across provides direct access to critical signals that power privacy-safe ...

193.19.204.51 usc1-gcp-v61.api.snapchat.com

Snapchat's Marketing API

66.203.113.242 match.prod.bidr.io/

Match.prod.bidr.io. Match.prod.bidr.io is an application for Chrome, Firefox, Edge and other Windows browsers that can annoy you with hundreds of pop-up ads, banners and promotional messages. In addition to that, Match.prod.bidr.io may automatically redirect your web searches to pre-defined web pages that generate pay-per-click revenue.

212.102.40.187 init.supersonicads.com

init.supersonicads.com is 's script. Going forward, it's going to need help adding value to your business' marketing efforts. Since 2017, this script has been at least 20-25% less effective than you think. Why? Because privacy-first browsing is here. This is a game changer for scripts like init.supersonicads.com and businesses like yours ...

Just to name a few... The list goes on... If this doesn't raises an eyebrow of suspicion, than the privacy community is probably useless....

Also, most of those links are blocked by default by uBlock origin.

Edit:
Why would a VPN application make a request to tiktokcdn.com.c.bytefcdn-oversea.com ? Okay It's "just" a CDN, but why In the hell tiktok? I have never used any of those sketchy apps why would It need to go to tiktok or snapchat?