nbailey

nbailey , 3 days ago

When you fly on Air Canada there’s a unmutable ad for the Alberta oil sands right after the safety announcement before takeoff. It’s surreal enough, but it’ll be so much worse when they start doing this kind of shit too.

nbailey , 28 days ago

I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.

https://www.cnet.com/tech/tech-industry/telegram-reportedly-ordered-to-share-encryption-keys-with-fsb/

nbailey , 29 days ago

It’s crazy how the US gov basically handed him a monopoly on EV charging infrastructure, something Rockefeller could have only dreamed of, and the guy throws it away less than two weeks later in some ketamine fuelled stupor. Then has to backtrack at the cost of reputation, confidence, and sentiment. Truly another great stable genius.

nbailey , 1 month ago

Right? I’ve been using NextCloud/OwnCloud since ~2015. It’s a very standard LAMP app, nothing fancy going on at all. Give it enough memory and you’ll never have any problems, same as any other web service.

nbailey , 1 month ago

It’s unlikely but not impossible. I’ve been using PM with a custom domain for about five years now, and never thought too hard about leaving.

In an ideal world, a company like ProtonMail would be cooperatively owned by the workers and paying users, sort of like a credit union.

Pragmatically, they’ve done fine stewardship of the service for the last decade or so they’ve been around. A big part of it is that their value proposition depends on stability and trust. But it could be better.

nbailey , 1 month ago

The bastards can never take away your shell script full of arcane and unreadable curl commands parsed by incomprehensible awk scripts!

nbailey , 1 month ago

In my opinion it points to a more dangerous thing, “continuous delivery” software mindset seeping into safety critical systems.

It’s fine, good even, that web developers can push updates to “prod” in minutes. But imagine if some dork could push largely untested control system updates to your car’s ECU… it’s one thing for a website site to get a couple errors, but it’s a very bad thing if it makes your steering wheel stop working.

Unfinished products make more money, and it’s high time a consumer protection law clamped down on this.

nbailey , 2 months ago

I’ve been using Thunderbird with the OWL and TBSync plugins for exchange for years with good results. Obviously some things won’t work (teams integration, provisioned signatures, mail merge, etc) but it’s good enough that I only need proper outlook/OWA less than once a month.

Another option is “installing” the webapp as a PWA. I tried that for a bit but found notifications to be unreliable.

nbailey , 2 months ago

It’s fine. RAID is not a backup. I’ve been running simple mirrors for many years and never lost data because I have multiple backups. Focus on offsite and resilient backups, not how many drives can fail in your primary storage device.

nbailey , 3 months ago

It needs some tweaks to be snappy. The defaults are really bad.

• change database from SQLite to a proper database like MySQL or Postgres, and configure the database server to use your memory fully
• increase the PHP memory limit from the default (128M on many distros) to >1G, the more the better
• install APCu in-memory cache for PHP
• add Redis as additional cache
• turn off the antivirus extension, if installed (ClamAV is useless)
• use http/2 on Apache/nginx to increase performance with multiple connections

https://docbot.onetwoseven.one/services/nextcloud/

nbailey , 3 months ago

Not sure how to do that in docker, I’ve run mine as a plain old PHP-FPM site for years and years. It might be something that can be tweaked using config files or environment variables, or might require building a custom image.

ClamAV is slow and doesn’t catch the nastiest of malware. Its entire approach is stuck in 2008. It’s better than nothing for screening emails, but for a private file store it won’t help much considering that you’ll already have the files on your system somewhere. And most importantly, it slows down file uploads 10x and increases CPU load substantially. The only good reason to use ClamAV for nextcloud is if you will be sued if you don’t!

nbailey , 3 months ago

They’re not going to jail for you. Never assume a service provider will put themselves at risk on your behalf.

nbailey , 3 months ago

Gonna paint this on my roof to break some spy satellites

nbailey , 3 months ago

This appears to be some Philly folklore with no real source other than a silly Onion article from the 90s. It’s possible the Onion was spoofing a real thing that happened, or somebody just made it all up. It’s very funny either way.

https://www.theonion.com/sinn-fein-leaders-demand-year-round-shamrock-shake-avai-1819564253

nbailey , 3 months ago

IPtables on Debian because I like my life to be boring and unchanging.

nbailey , 3 months ago

Yep. Firewall, routing, dhcp, dns, everything you’d expect from a gateway device. Plain Debian (or really any distro) can do it all. With a 1gbps bi-directional connection fully saturated it will run at about 10% cpu on my very crappy low power Celeron CPU.

Plus, there’s no web UI full of janky and insecure CGI scripts to exploit, and software updates are forever (well, until x64 is deprecated, so basically forever).

nbailey , 3 months ago

This was my setup from about four years ago. Other than moving suricata elsewhere, it’s largely the same. Worth a shot if it’s something you’re into!

https://nbailey.ca/post/linux-firewall-ids/

OpenBSD is also great, I’m just more familiar with the Linux tools. All the required tools are in the base image, and they have a great official guide:

https://www.openbsd.org/faq/pf/example1.html

nbailey , 4 months ago

For about a year I was running a full out of band IPS on my network. My core switch was set up with port mirroring to spit out a copy of all traffic on one port so that my Suricata server could analyze it. Then, this was fed into ElasticSearch and a bunch of big data crap looked for anomalies.

It was cool. Basically useless because all it did was complain about the same IP crawler bots as my nginx logs. But fun to setup and ultimately good for my career lol.