Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

lemmyvore

@lemmyvore@feddit.nl

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lemmyvore ,

Same here, it made me finally add some extra blocking on my router.

lemmyvore ,

Please don't self-host DNS. It can be exploited and abused in many ways if you don't know what you're doing.

deSEC.io is free and fully featured.

bunny.net is technically $1/mo but you don't pay anything in months where the queries against their servers fall under a threshold. With a low use personal domain you can basically load up $10 worth of credit and coast on it for a year or more.

lemmyvore ,

Plus the Pi5 sucks.

lemmyvore ,
  1. Don't do unattended upgrades. Neither host nor containers. Do blind or automated updates if you want but check up on them and be ready to roll back if something is wrong.
  2. People should use what distro they know best. A rolling distro they know how to handle is much better than a non-rolling one they don't.
  3. You can run a command to update docker containers too. And there's this thing called cron that can run commands periodically. But maybe you should re-read point 1.
  4. Docker doesn't "bypass"
    the firewall. It manages rules so the ports that you pass to host will work. Because there's no point in mapping blocked ports. You want to add and remove firewall rules by hand every time a container starts or stops, and look up container interfaces yourself? Be my guest.
lemmyvore ,

Ok first of all disregard any advice to connect a permanent drive with USB. It will suck. You will get disconnects and maybe even filesystem failures. And yes you can recover from failures (most of the time) but why polish a turd?

If you can add an internal hdd to the NUC that's all you need. Get one in whatever size you need and you're good to go.

If you want to safeguard against that HDD crapping itself then you can use a secondary HDD on USB. Connecting a HDD occasionally to USB for backups is ok. Keeping it connected 24/7 isn't. Use a specialized backup software like Borg Backup, take a backup of whatever you consider essential data, and keep the backup HDD in the drawer the rest of the time.

You don't have to get an external HDD btw, you get a crappy USB enclosure and a crappy HDD with a shiny brand on it. Get a regular HDD from a good brand, it can also be a 2.5" (laptop) HDD, and an USB SATA adapter. Also, Orico makes some nice HDD cases for drawer storage.

If a second HDD is too expensive for you get an optical unit (can be USB, can be internal + USB-SATA adapter) and burn backups to Blu Ray discs from Verbatim with parity data created with par2. Store the written discs in zip-up CD wallets or jewel cases, not in bulk spindles. You can also burn DVDs if BRs are too expensive where you live. DVDs can also be long-lived if stored properly and any backup is better than no backup. But BR are really best for durability.

Don't listen to advice about making RAID this and RAID that. How much space do you need? They make 20TB HDDs nowadays. Get one HDD and be done with it. Do you want to spend 5x more and also have to buy a NAS to store them, and learn about RAID levels and in how many ways they can fail? Do you need 100 TB? Do yourself a favor and get one single drive and take periodical backups and you'll be golden.

lemmyvore ,

There is one thing to watch out for called SMR and CMR technologies. CMR is the classic tech, SMR a recent one. SMR makes the tracks on the HDD platters overlap, allowing the manufacturer to pack more data on them, and to use fewer platters. But it comes at the cost of writing performance, basically SMR drives will take long pauses every once in a while when writing large amounts of data.

You don't want a SMR drive for a 24/7, instant access drive so you'll have to watch out for this spec. SMR is ok for a cold backup drive because it doesn't matter, you leave the backup program to do its thing however long it takes and you disconnect when it's done. But you don't want to take a long break while you're doing something with your main live drive.

Other than that anything from Seagate, WD or Toshiba will be ok. People will swear by one or other of these brands but it's pretty much the same.

This page will tell you if a drive is SMR or CMR by the model number: https://nascompares.com/answer/list-of-wd-cmr-and-smr-hard-drives-hdd/

lemmyvore ,

will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

You misspelled "black-hole your domain forever".

lemmyvore ,

RAID1 would be a stopgap against a certain type of failures but it's not a solution for accidental deletions or failures that affect both drives or the whole machine (fire, electrical, theft).

Redundancy is mostly a solution for continuous availability, which is not something most home-users care about that much (but if you have private self-hosted services that are super critical for you you may want to reconsider your approach).

You should start by taking inventory of your truly important files, figure out how much space they take overall, then start doing proper backups for them. That means taking regular snapshots on some different media. That media can be another HDD, or it can be optical discs (Blu Ray is better than DVD but it may be a matter of cost where you live). If you use a HDD there are specialized backup software like Borg Backup that will deal with deduplication, compression etc. for you. And you have to verify your backups regularly as well – Borg will allow you to do it easily, with optical discs you can use recovery parity checksums (with par2).

Sanity check - is rsyncing to a remote computer that has zfs snapshotting an okay way to back things up?

I currently have two computers, one that has a big zfs raidz pool that I currently back everything up to. Right now, on my local computer I use rsnapshot to do snapshot backups via rsync to the remote zfs pool. I know I'm wasting a ton of space because I have snapshotting in the rsync backup, and then the zfs pool is snapshotted...

lemmyvore ,

Don't use filesystem snapshots as backup. They're a safety measure against accidental deletion or casual modifications but they're not backups.

If you want backups then use a proper, dedicated solution like Borg Backup. It connects remotely, takes care of deduplication, compression, encryption etc. and you can fully verify the backups and manage them individually.

lemmyvore ,

Don't worry about the UDP ports, they're only needed on the LAN and only in certain conditions. Basically Jellyfin uses them to "announce" things to the LAN.

On 7359 it announces clients where to connect; this can help you when first starting a client to let it connect automatically instead of you having to enter http://IP or https://jellyfin.mydomain.com.

On 1900 it advertises itself as a DLNA server. This is only relevant if you have other DLNA-capable devices. DLNA is a cool protocol that allows devices to act as server, controller or renderer and to cooperate to cast streams. For example you can use your phone as a DLNA controller to get media from Jellyfin acting as a DLNA server and cast it to a TV acting as a DLNA renderer. If your TV has DLNA capability then you may be interested in the BubbleUPnP phone app which can act as a controller, and that's when you may be interested in enabling 1900.

Or you can comment out the "ports:" section in your config and say "network_mode: host" instead and all 4 ports will be mapped automatically and work as intended (it's what I do).

lemmyvore , (edited )

Don't forward 80. In fact it would be best if you forgot 80 exists altogether.

lemmyvore ,

That's good advice for public websites but they don't apply for private services.

lemmyvore ,

I meant it in the sense that you should get into the habit of avoiding any unencrypted connections, especially if they're routed through the open internet but it's also good practice to do it on your LAN. It's not essential on the LAN as it is on the internet but if you start doing it regularly it will be harder to mess up.

And it's also a good idea to get a domain and some Let's Encrypt certificates and set up a *.local.your.domain area for all your services, and learn about how DNS works, maybe start thinking about taking your email private and not depend on one of the big providers and so on and so forth. Lots of potential benefits for a self-hoster and for privacy.

lemmyvore ,

But you can boot stuff in KVM or Qemu or VirtualBox etc., no need to make an USB stick to try it...

lemmyvore ,

It's all about testing how far they can go and what they can get away with and tying things up in legal recourse for as long as possible. They know they'll have to comply eventually but they will drag their feet a good while more. Dumb compliance, malicious compliance, expect them to try everything. They don't really want to do this but can't come outright and say it.

See also how Meta was told to stop collecting people's data and what did they do — they offered people a choice between paying a monthly fee and giving up their data willingly. It's this kind of devious compliance you can expect from Apple too.

lemmyvore ,

We're talking about a rhythm game with a smaller audience then, say, Binding of Isaac. I'm guessing yeah, it might not be a prime target for cracking.

lemmyvore ,

Yahoo was DMOZ (its directory used DMOZ data).

DMOZ had 100k volunteers curating the content at some point, and had a whole complex process to prevent abuse and so on. It will be hard to get going again.

But yeah, who would've thought that a mere decade after being discontinued it would become relevant again.

lemmyvore ,

I don't think they care. In fact I think they're going to exit the consumer market eventually, it's just peanuts to them and the only reason they're still catering to it is to use it as field testing (and you're paying them for the privilege which is quite ironic).

lemmyvore ,

It is in base 6.

lemmyvore ,

As explained in this discussion this seems to be a problem with the web interface only, caused by the framework used by the interface (Svelte). It seems that getting subpaths to work with Svelte is not supported, and the Immich devs are probably right to think it should be fixed by Svelte, not by Immich.

lemmyvore ,

It's not so simple because Apple makes it part of a larger security policy which forbids all methods of running custom code on iOS, including emulators, browser engines, shell terminals, programming languages etc. It also makes an exception for teaching apps under certain conditions. So it's not easy to argue that it's maliciously aimed specifically at subverting browser competition.

lemmyvore ,

Why do they need to offer a certification process?

lemmyvore ,

That (and PiHole) will only work as long as Roku doesn't start using DoH.

lemmyvore ,

No need for HTPC, just a small USB device with HDMI output and DLNA support. You use your phone as a DLNA controller, a server running Jellyfin as DLNA provider, and the device attached to the TV as DLNA renderer. And sometimes TVs have DLNA support built-in (my Toshiba does).

On Android there's an amazing app called BubbleUPnP that can source media from a wide variety of places, make playlists, and cast to DLNA devices as well as proprietary protocols like Chromecast.

lemmyvore ,

Jellyfin supports DLNA too, if you have a DLNA rendering device on the network it will just appear in the cast menu. Or if you want something that works with a remote directly on the TV you can install Kodi. There's really no point nowadays in getting tied up into proprietary stuff.

lemmyvore ,

Well, you know they're gonna use it to circumvent ad blocking. If they want to play nice they can simply keep doing what they're doing now and use whatever DNS server they're told by DHCP.

lemmyvore ,

Do you mean leaking on the LAN or on the Internet? Because the former is a whole different kettle of fish.

Normally, LAN clienta should work with the router and let it organize these things. It's best for example to just let the router advertise itself as DNS and proxy the requests via DoH/DoT, you get a central place where you set the resolver, you can filter ads, you can do caching etc. The router can also intercept (clear) DNS traffic and secure/cache it as needed.

lemmyvore ,

And also because Whatsapp was available on every platform, from the dominant ones at the time (Nokia and Blackberry) to the newcomers (iOS, Android, even Windows Phone and more obscure ones like Samsung's whatever it was called).

lemmyvore ,

It was the other way around, the feature phones were funny at the time so not supporting them would have made no sense. And iPhones and Androids had just been launched at the time so there weren't actually lots of options for them.

lemmyvore ,

Over here it's a mix, some chains use the scales + sensors, some use simple scan machines. I absolutely hate the scale + sensors, some of them are almost completely unusable and the attendants have to keep running around fixing errors or resetting the ones where people just give up mid-cart and go to a manned checkout.

lemmyvore ,

Self-checkout does not make up for stupid people.

My personal favorites are the ones that scan everything, then start bagging everything, then start looking for their card in their handbag, shoulder bag, backpack, pockets etc.

lemmyvore ,

It's already happened — 90% of games will work flawlessly now on both Windows and Linux. It's just that the remaining 10% are different on each platform, for various reasons. Pick your poison. Usually it's those 10% that will dictate the decision for you — but the OS itself has stopped making a difference for gaming years ago.

lemmyvore ,

You mean, other than being the most widespread method of account identification on the internet?

You need to have a method of uniquely identifying (and verifying) accounts and the other widespread method (phone numbers) is extremely privacy invasive because it's much harde or practically impossible to change phone number for most people.

lemmyvore ,

So you want your entire online identity to be owned and controlled by one of the big online corps?

lemmyvore , (edited )

There's nothing wrong with a single HDD in an old desktop except for the risk of failure.

I would start by getting one hdd that's the same size or larger than the one you have and using it as backup. If the old HDD is very old and small you can probably find a larger one cheap, don't go out of your way to find another small and old one.

Something like Borg Backup will be perfect if you use a Linux filesystem because Borg is incremental, has deduplication and compression built-in. There is a very simple graphical app for it called Pika Backup (for Linux).

There are other solutions if you use Windows but even a simple copy of your important files is better than nothing. Get a HDD and copy files to it right away.

Another backup solution is to buy a DVD or BluRay burner (can be USB or internal) and backup super important files to optical disks. This may or may not be cheaper than a HDD.

Do NOT rush into RAID, Unraid, TrueNAS and other fancy stuff like that. Your priority right now should be backup not RAID. RAID is a convenience for keeping a system running when a HDD fails but it is NOT a replacement for a good incremental backup.

After you have a backup in place and use it regularly you can consider whether RAID and availability is something you want/need.

lemmyvore ,

I use this Docker image for Radicale: https://hub.docker.com/r/tomsquest/docker-radicale

You can try using Caldav-sync as an alternative for syncing on Android. It's more reliable than Davx5 for me with very large calendars.

There was also a Carddav-sync from the same developer but that app doesn't show up on the store for me anymore for some reason.

Alternatively you can use the Calengoo app, it can sync directly to a Caldav server bypassing the Android system.

Self-hosted or personal email solutions?

I have a unique name, think John Doe, and I'm hoping to create a unique and "professional" looking email account like johndoe@gmail.com or john@doe.com. Since my name is common, all reasonable permutations are taken. I was considering purchasing a domain with something unique, then making personal family email accounts for...

lemmyvore ,

For anybody interested in more choices for volume-based providers like PurelyMail (with tiers based on storage and emails sent/received but who otherwise allow unlimited domains/mailboxes/aliases) there's also MXRoute (US) and Migadu (Swiss/EU).

These providers don't usually make sense for a single mailbox (although some of them have a low entry tier for this purpose) but can be extremely cost-efficient if you need 2 or more mailboxes/domains.

lemmyvore ,

I have a bunch of users (friends and family) on a bunch of different domains. It's honestly not so bad but yeah, you need a decent dedicated service.

Migrations aren't simple but aren't that complicated either (just did one last year).

I mainly need to copy their email over but it's also a good moment to check they're using decent passwords and to have them freshen it.

I also need to update their webmail and IMAP/SMTP URLs in their bookmark/email apps but I've been playing with DNS CNAMEs for this purpose and it's mostly working ok (aliasing one of my domains to the provider's so I only have to update the DNS which I do anyway for a mail migration).

lemmyvore ,

Can you not transfer away a domain from Google as you would from any other registrar? And then set the MX records to point at another mail service?

Should I move to Docker?

I'm a retired Unix admin. It was my job from the early '90s until the mid '10s. I've kept somewhat current ever since by running various machines at home. So far I've managed to avoid using Docker at home even though I have a decent understanding of how it works - I stopped being a sysadmin in the mid '10s, I still worked for...

lemmyvore ,

Hi, also used to be a sysadmin and I like things that are simple and work. I like Docker.

Besides what you already noticed (that most software can be found packaged for Docker) here are some other advantages:

  • It's much lighter on resources and efficient than virtual machines.
  • It provides a way to automate installs (docker compose) that's (much) easier to get started with than things like Ansible.
  • It provides a clear separation between configuration, runtime, and persistent data and forces you to get organized.
  • You can group related services.
  • You can control interdependencies, privileges, shared access to resources etc.
  • You can define simple or complex virtual networking topologies between containers as you like.
  • It adds extra security (for whatever that's worth to you).

A brief description of my own setup, for ideas, feel free to ask questions:

  • Router running OpenWRT + server in a regular PC.
  • Server is 32 MB of RAM (bit overkill for now, black Friday upgrade, ran with 4 GB for years), Intel CPU with embedded GPU, OS on M.2 SSD, 8 HDD bays in Linux software RAID (MD).
  • OS is Debian stable barebones, only Docker, SSH and NFS are installed on the host directly. Tip: use whatever Linux distro you know and like best.
  • Docker is installed from their own repository, not from Debian's.
  • Everything else runs from docker containers, including things like CUPS or Samba.
  • I define all containers with compose, and map all persistent data to host storage. This way if I lose a container or even the whole OS I just re-provision from compose definitions and pick up right where I left off. In fact destroying and recreating containers cleanly is common practice with docker.

Learning docker and compose is not very hard esp. if you were on the job.

If you have specific requirements eg. storage, exposing services over internet etc. please ask.

Note: don't start with Podman or rootless Docker, start with regular Docker. It will be 10x easier. You can transition to the others later if you want.

Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

Mozilla is ~83% funded by Google. That’s right- the maker of the dominant Chrome browser is mostly behind its own noteworthy “competitor”. When Google holds that much influence over Mozilla, I call it a false duopoly because consumers are duped into thinking the two are strongly competing with each other. In Mozilla’s...

lemmyvore ,

Wait until you find out how much effort and money Microsoft spends to make sure Windows and Office remain the only option in public administrations and schools around the world...

lemmyvore ,

Only affects RSA keys, and then only 1 in a million keys are vulnerable. So this is mostly of academic (rather than practical) interest, but nevertheless it will lead to further hardening of the SSH protocol which is nice.

lemmyvore ,

Where can I read more about good ZFS settings for a filesystem on a new RAID6 array? I don't want to manage disks or volumes with ZFS, I'll be doing that with mdadm, just want ZFS as filesystem instead of ext4. I assume a ZFS filesystem can grow if the space available expands later?

lemmyvore ,

I assume you don’t like the inflexibility of RAIDZ resizing

Right, I'd like to be able to add another disk and then grow the filesystem and be done with it.

my guess is that with mdadm+ZFS, features like self-healing won’t work because ZFS isn’t aware of the RAID at a low-level

Really, I'll have to look into that then because health checks are my main reason for using ZFS over ext4.

mdadm RAID should be a transparent layer for ZFS, it manages the array and exposes a raw storage device. Not sure why ZFS would not like that but I don't want to experiment if it's not a reliable combination. I was under the impression that ZFS as a filesystem can be used without caring about the underlying disk support, but if it's too opinionated and requires its own disk management then too bad...

lemmyvore ,

Do they know about reverse proxies?

lemmyvore ,

If by "easy" you mean someone else already spent 5 years and a nice chunk of cash training a model for it, which you get to use. And if you accept that it will not be accurate across all possible species and environments, only very specific subsets.

lemmyvore ,

I'm waiting for the day Google Recaptcha will ask me "is that traffic light red?" and after a couple of seconds "hurry up, I'm approaching the intersection!"

lemmyvore ,

I'm seeing 4-5 different sizes at a glance on my bike.

Even if there were only 3, my point was that you can't rely on a random key you got from Ikea, and you're not always going to run into the same 3 sizes on every bike. Sooner or later you'll have to buy a full set with 6 or 7 sizes, plus a large key for the stand screw (if you have a stand).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •