Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

i_am_not_a_robot

@i_am_not_a_robot@discuss.tchncs.de

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Should I stick with Docker Swarm for self-hosting?

Hi! I'm starting out with self-hosting. I was setting up Grafana for system monitoring of my mini-PC. However, I ran into issue of keeping credentials secure in my Docker Compose file. I ended up using Docker Swarm since it was the path of least resistance. I've managed to set up Grafana/Prometheus/Node stack and it's working...

i_am_not_a_robot ,

Docker Swarm encryption doesn't work for your use case. The documentation says that the secret is stored encrypted but can be decrypted by the swarm manager nodes and nodes running services that use the service, which both apply to your single node. If you're not having to unlock Docker Compose on startup, that means that the encrypted value and the decryption key live next to each other on the same computer and anyone who has access to the encrypted secrets can also decrypt them.

i_am_not_a_robot ,

China is simultaneously destroying the environment for profit and investing too much money in green technology?

A distinctive feature of purchase subsidies for BEV in China, however, is that they are paid out directly to manufacturers rather than consumers and that they are paid only for electric vehicles produced in China, thereby discriminating against imported cars.

That's an interesting way to spin subsidies on the production of electric vehicles. Why would China pay companies in other countries to produce cars?

i_am_not_a_robot ,

The headline says "digital freelancers," so maybe it's talking primarily about small jobs that were being outsourced. A 21% decrease in regular job listings would be more concerning because of the amount of incorrect information and buggy software about to be created than job loss.

Doorbell kamera solution

Hi, anyone have any good self hosted solution for a doorbell camera? What I need is to have the option to look at who is at the door and be able to actuate a lock (relay operated). I have a cheap Chinese brand solution, but it uses an unknown cloud solution and is very unreliable. A phone app would be fine, but if there's a...

i_am_not_a_robot ,

Aqara sells one that works with HomeKit and should work offline. They say it will get Matter support later, but Home Assistant can use it through HomeKit without having to buy any Apple devices.

i_am_not_a_robot ,

Be careful with doing this. X-Real-IP and X-Forwarded-For are good for when the client is a trusted proxy, but can be easily faked if you don't whitelist who's allowed to use those headers. Somebody with IPv6 access could send "X-Real-IP: 127.0.0.1" or something and if the server believes it then you'll see 127.0.0.1 in logs and depending on what you're running the user may gain special permissions.

Also be careful with the opposite problem. If your server doesn't trust the proxy, it will show the VPS IP in logs, and if you're running something like fail2ban you'll end up blocking your VPS and then nobody will be able to connect over IPv4.

i_am_not_a_robot ,

If all you want is to break out the VLANs to NICs using a Linux PC instead of a managed switch, create six bridge interfaces and put in each bridge the VLAN interface and the NIC.

Is it safe to open a forgejo git ssh port in my router?

Hello all! Yesterday I started hosting forgejo, and in order to clone repos outside my home network through ssh://, I seem to need to open a port for it in my router. Is that safe to do? I can't use a vpn because I am sharing this with a friend. Here's a sample docker compose file:...

i_am_not_a_robot ,

There's a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.

i_am_not_a_robot ,

Would it though? It's just vans on tracks instead of roads.

It's not going to be more energy efficient with individually powered cabs. It's not going to be more convenient unless your origin and destination are near a station. It's not going to be more time efficient because of the extra distance getting to and from tracks and because you aren't going to drive highway speeds in tiny self-balancing cars on old rails, especially when passing cars going the opposite direction. It's not going to be more cost efficient because it's more total moving parts requiring maintenance per person per trip.

It sounds like they are solving the problem of turning around only for terminal stations. This might make sense for trains that carry many people, but if you're making cars on tracks there is no good solution. If you need to spend money on a system that turns the cabs around, then you either spend more money installing those systems at most stations or you spend money maintaining cabs that are driving around empty. Either way, cars on roads are cheaper.

They say it's good for people who don't want to wait for public transit, but they don't say how this solves that problem. With public transit, you know when the train will be there. With this, unless they have a way for the cabs to wait at the station without blocking other cabs going the same direction, you have to wait for a cab to come and you can't time your trip to the station around when the cab will be there. Maybe they have one? It would be a disaster if you wanted to get on from near the middle and needed to wait for either a cab that has already been vacated to come or for a cab to come all the way from the start of the track.

i_am_not_a_robot ,

If your options are waiting at the station up to 2 hours for a pod or waiting anywhere else 3 hours for a train, are the pods better?

i_am_not_a_robot ,

Isn't this just Reddit with more steps?

i_am_not_a_robot ,

Linux has had LDAP and other ways to use the same credentials across multiple machines since forever ago.

i_am_not_a_robot ,

That sounds like Cloudflare is giving you certificates intended only to be used for talking to Cloudflare.

You might be able to do it if Cloudflare sends a different SNI. It's probably better if you get real certificates from Let's Encrypt and just use those.

i_am_not_a_robot ,

Some bad still ISPs don't provide IPv6 connectivity. (Verizon)

i_am_not_a_robot ,

They don't allocate you a prefix. The website says they give you 5 addresses.

i_am_not_a_robot ,

Bluesky uses a non-standard protocol and isn't really federated yet.

i_am_not_a_robot ,

I can't because my instance blocked Threads. I guess it's time to find a new instance.

i_am_not_a_robot ,

Facebook is not (yet?) negatively impacting the fediverse. Fediverse users are.

i_am_not_a_robot ,

It's not that easy.

i_am_not_a_robot ,

I have the Aqara G4 doorbell and supposedly it works with WiFi and Frigate (via go2rtc), but I haven't set up Frigate and I haven't verified that it fully functions with the internet turned off. It uses Homekit but supposedly will receive Matter via a software update.

i_am_not_a_robot ,

This sounds like immature project drama. I've seen it before where there's a large, professionally maintained product and people make forks to add small changes and then different forks start fighting with each other over because it's their features and they don't want other forks to incorporate them. You should probably just avoid Floorp if possible.

Android users who have a keen eye for design and detail, how is the whole stutter/lag situation? Esp. after a few years of use?

I haven't used an Android device since my last one, the Galaxy S8. Beautiful hardware, beautiful design, but it was plagued with animation stutters and dropped frames. I switched to an iPhone and an iPad around 6 years ago. And the animations were buttersmooth. It was almost unthinkable to achieve such a fluid interface on any...

i_am_not_a_robot ,

I'm pretty sure this difference isn't real. On both, the UI is supposed to be for the UI and anything that takes longer is supposed to happen on a different thread. Even Windows Phone had that. However, in practice developers don't always do it and this isn't as great as it sounds. If you're scrolling or something and scroll faster than the background threads, it will stutter. If the app has a resource leak, it will stutter. If the graphics are too complicated, it will stutter.

RAM requirements depend on what you're doing. I had a Pixel 4 and it always ran great. I had to get rid of it because it was physically falling apart and Google stopped releasing security updates for it.

Appreciation / shock at workplace IT systems

After self hosting several services for a few users, with SSO, backups, hardware issues etc, I really appreciate how good the IT was in my old company. Everything was connected, smooth, slick and you could tell it was secure. I had very few issues and when I did, they were quickly solved. Doing this all at scale for thousands of...

i_am_not_a_robot ,

My favorite is when IT deploys software that replaces all the links in your e-mails with https://example.com/phishing/YiCdMdsY so you can't tell whether the e-mail is phishing or not, frequently sends you very obvious fake phishing e-mails that interrupt your work by going straight to your priority inbox, and punishes anyone caught clicking on phishing e-mails. Then HR sends out e-mails that have all the indicators of low effort phishing and you're supposed to click on those.

i_am_not_a_robot ,

New action items have been assigned to you:

  • Remedial cybersecurity training (4hr): due by Mar 22

I want to bring some attention to Slidge XMPP Bridges (git.sr.ht)

It seems like an awesome project that fulfills a lot of the requirements for bridging many popular messaging platforms (like FB messenger, WhatsApp, discord, signal, and more). I wanted to share because I know a lot of us have friends and family who still use antiquated/proprietary communication platforms. Fair warning, I have...

i_am_not_a_robot ,

Isn't puppeteering, aka self botting, a bannable offense one some of these networks?

https://support.discord.com/hc/en-us/articles/115002192352-Automated-user-accounts-self-bots This article is only half true. Bot accounts do not have full access to all API routes, but you can still be banned for botting regular accounts.

i_am_not_a_robot ,

They're competitors.

i_am_not_a_robot ,

If you're already using systemd, do not switch to Docker. Use Podman instead. Docker runs all your services under the Docker service. Podman can both run the same containers as systemctl services.

i_am_not_a_robot ,

Normally this is bad advice, but if you already have CGNAT you'd be going from double NAT to triple NAT and it probably won't make anything worse. At least it shouldn't make things worse for IPv4. If you have 5G internet with CGNAT there's no excuse for your ISP not giving you proper IPv6. Putting a second router between will complicate your IPv6 setup.

There are some tricks you can do for IPv4 in the precense of hostile DHCP servers. Serious OSes should allow you to configure a second IP address on the same physical interface, so you could have a dynamic 192.168.0.x assigned by the ISP's DHCP server and a static 192.168.1.y assigned statically by you, and then you should be able to set up an additional route table entry to access 192.168.1.0/24 using the source address 192.168.1.y. As long as the ethernet/wifi switching between devices doesn't filter ARP packets based on IP subnet, you should be able to communicate between your machines using fixed IPs on the second subnet.

i_am_not_a_robot ,

That's complicated to do correctly. Normally, for the server to verify the user has the correct password, it needs to know or receive the password, at which point it could decrypt all the user's files. They'd need to implement something like SRP.

i_am_not_a_robot ,

That sounds kind of like CWE-836.

i_am_not_a_robot ,

Openwrt/ddwrt are used for routers.

In the US you usually need to use your ISP's modem. Even if you buy the modem, it needs to be one that the ISP supports and the ISP will have more control of the device than you do. Even if it were running openwrt or ddwrt, you would not have access to use it.

I have an Arris modem and it works fine now, but for months there was a bug where it would randomly crash. I don't know when the bug was fixed, but firmware updates are controlled by the ISP so I had to just reboot it when it would crash. In other words, even if you have good modem hardware, whether it works correctly is up to your ISP.

i_am_not_a_robot ,

Asus TUF-AX4200 is a router/AP, not a modem/router.

i_am_not_a_robot ,

Supporting PPP does not make something a modem. It's a hardware capability that the device does not have.

i_am_not_a_robot ,

I don't know the details. My modem that I purchased exposes a management interface to the cable operator. I have a read-only view of the connection status and can't change anything meaningful. In the US if you buy the modem you loan it the ISP for free while you're a customer, as opposed to the ISP loaning you a modem for a monthly fee.

i_am_not_a_robot ,

Who would have thought that their truck would need a $5000 extra to be usable outdoors? Who buys a truck to keep it indoors?

i_am_not_a_robot ,

The Vision Pro, despite Apple's marketing, is not AR. AR devices like Hololens allow you to see AR overlayed on top of the world. VR devices like the Vision Pro allow you to see the world behind the headset through cameras. VR isn't really new either, but VR headsets that you can realistically wear continuously like in Apple's ads have yet to come out.

i_am_not_a_robot ,

With the Vision Pro you can sort of see the real world in nearly real time with some distortions because the cameras don't match your eye positioning, and the dynamic range is clamped to what is supported by the cameras and displays, and everything is at the same focal distance, and your peripheral vision is limited. It's definitely not the same class of device as what has traditionally been called AR.

A small number of people have been to varying degrees living in VR headsets and they've been alright, but it's not for everyone. Besides the weight and having to manage the battery, you run into issues like the cameras having difficulty in dark environments or when objects are very close. After enough hours the motion sickness goes away.

i_am_not_a_robot ,

You don't actually need DDNS. If your provider has an API you can update your addresses using the API. https://kb.porkbun.com/article/190-getting-started-with-the-porkbun-api

Is there an easy way to stream full bluray disc rips with menus and features over the network to my TV

Most of my collection is just the movie rips of just the video that play fine in Plex or Jellyfin. I've got a couple of full disc rips though that have the menus and features and all just like you would if you put the disc in. I can open these in VLC on my computer by choosing the folder....

i_am_not_a_robot ,

The Android version of VLC can play DVDs with menus, which is weird because the desktop version can't out of the box for legal reasons.

i_am_not_a_robot ,

There is already a standard, we'll known method for putting a business card on paper that doesn't require electronics: QR codes.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •