Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

solrize

@solrize@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

How should I do backups?

I have a server running Debian with 24 TB of storage. I would ideally like to back up all of it, though much of it is torrents, so only the ones with low seeders really need backed up. I know about the 321 rule but it sounds like it would be expensive. What do you do for backups? Also if anyone uses tape drives for backups I am...

solrize , (edited )

I've been using Borg and Hetzner Storage Box. There are some small VPS hosts that actually beat Hetzner's pricing but I have been happy with Hetzner so am staying there for now. With 24TB of data you could also look at Hetzner's SX64 dedicated server. It has a 6 core Ryzen cpu and 4x 16TB HDD's for 81 euro/month. You could set it up as RAID 10 which would give you around 29 TiB of usable storage, and then you also have a fairly beefy processor that you can use for transcoding and stuff like that. You don't want to seed from it since Hetzner is sticky about complaints that they might get.

Tape drives are too expensive unless you have 100s of TB of data, I think. Hard drives are too unreliable. If you leave one in a closet for a few years, there's a good chance it won't spin back up.

solrize ,

If you already know the person, why not just email them?

solrize ,

If it's an android phone, enable dev mode, install adb on your laptop, run an sshd under termux on the phone, and you should be able to set up iptables to forward packets from the laptop through the phone. The phone won't know that it's being used for tethering. Although I hadn't seen the stuff about packet TTL before. Maybe it's as simple as just adjusting that.

solrize , (edited )

"Github for lesbians" sounds like something I could recommend to my friends of that persuasion though.

Added, for those of you who missed the reference: https://xkcd.com/624/

solrize ,

Too easily gamed I think.

solrize ,

You mean you want to mirror your YouTube comments and let people comment on the mirror site? Or do just mean self-host downloadable videos. The latter is easier.

solrize ,

It's sorta the other way. Mozilla constantly does stuff like that and backs off when they get called out on it.

solrize ,

Can someone explain this a little more? I've avoided both discord and matrix so far.

solrize ,

I have used them and they can give good security but most everyone these days uses phone apps. From an organizational perspective you might use tokens to make it harder for your staff to exfiltrate keys by rooting their phones. For an individual, carrying a FIDO token is potentially more convenient and private than carrying a phone, but the ease of pressing a button vs typing 6 digits isn't that big a deal unless you do it constantly.

I guess there is another virtue, if you're using the phone itself as a login device, with a password manager accessible from the phone. In that case, a 2fa app on the same phone is no longer truly a second factor. A token fixes that. I have a to-do item of setting up my phone to use a token to unlock the TOTP app. So that wouldn't eliminate typing 6 digits. It would just make the TOTP app use real 2FA.

solrize ,

Fingerprint might count though I've considered fingerprint sensors to be a bit dubious. There was a famous incident in Germany(?) where some government muckymuck called for fingerprint based biometrics in a panel discussion at a security conference. Someone nabbed his water glass afterwards, lifted his fingerprints from it, and fooled a fingerprint reader. You can also duplicate your own fingerprints with Elmer's glue. Just spread it on your fingertip, let it dry, and peel it off.

Password to unlock the totp app might count. Auth methods include knowledge such as passwords, objects such as tokens, and physical characteristics like fingerprints. 2fa means one thing from each of two categories. So the phone with the app and stored password is one factor, and the memorized app password is the second. But, remembering and entering complex passwords is a pain, and a lockout in the app for too many wrong passwords is a DOS vector (in the event that you get your phone back after such an attack). So it sounds annoying, idk.

I guess you might already have a similar lock on your whole phone anyway, so another one on the app might be redundant.

solrize ,

Yeah and if your fingerprint is compromised, you can't update it.

I worry most about the phone, since they get stolen all the time and they are full of software vulnerabilities. For my own phone I'm hoping to use a token to unlock. So that's two objects from one category but the token should be harder to steal, if the thief even knows about it.

I expect high security stuff like banking ops is done only from on-premises terminals and not from someone's phone. I will try to ask my buddies in that field.

Physical location can be an auth factor too: you could have a token permanently installed at your desk, so it activated only when you are there.

You will probably like the book "Security Engineering" by Ross Anderson if you're not already familiar with it. PDFs of the full 2nd edition and part of the 3rd are here:

https://www.cl.cam.ac.uk/~rja14/book.html

solrize ,

I'm unfamiliar with how Yubikey works but I thought the FIDO2 protocol was designed to prevent that sort of association. Anyway it doesn't sound good. Cryptographer's saying (by Silvio Micali): "A good disguise should not reveal the person's height".

solrize ,

The idea is that your passwords are stored on the phone. You want a separate long random password for each account, so it's unfeasible to remember them. It's also a big pain to type every one such password on a screen keyboard. Thus, the password and the phone are the same factor.

I have avoided having important passwords on my phone because of this, but some people use their phones more heavily than I do. My more important accounts are only accessed via my laptop, using a TOTP phone app as 2nd factor. I rarely take the laptop out of the house.

solrize ,

Oh I misunderstood what you were describing but yeah, it doesn't sound good. It sounds like the key is supposed to be an SSO credential for multiple phones? Maybe there's a way to set it up differently. You might ask their support.

solrize ,

Yeah it would be preferable IMHO if you had to enroll a newly installed app with username and password in addition to the key.

solrize ,

Well I find it a big pain to type a long complex password on a phone. Ymmv though.

solrize ,

It's a spam bot.

solrize ,

This guy seems to have bought the gun legally at a gun store, after filling out the forms and passing the background check. You may be thinking of the guy in Maine whose parents bought him a gun when he was obviously dangerous. They were just convicted of involuntary manslaughter for that, iirc.

solrize ,

Well you were talking about charging the gun owner if someone else commits a crime with their gun. That's unrelated to this case where the shooter was the gun owner.

The lawsuit here is about radicalization but if we're pursuing companies who do that, I'd start with Fox News.

solrize ,

rm -rf.

solrize ,

Idk what those apps are but if your work requires them, then you should have a separate work phone that runs whatever your boss wants it to, and your own phone that is degoogled. You want the separate phones for other reasons too, like if there is a problem at work and they need the phone, they get theirs and not yours.

Otherwise, find substitutes for those apps if you have to.

solrize ,

I'd want to find and physically remove all the microphones and cameras from the TV for peace of mind. Plus never let it have a network connection. Just use HDMI in.

solrize ,

That I don't know. My mom just has Comcast s and we have the cable box HDMI output going to the TV. No streaming though in principle we could use a computer for that.

I wonder if an HDMI computer monitor could substitute for a dumb TV.

Regarding pihole etc: idk if that suffices since the TV might have a wireless network inside. Better find and disconnect that too if it is there. I think there is no safe "non-destructive" way to de-smart the TV.

solrize ,

Pointless talking about the code when the main challenges will be ops and infrastructure. What are you doing about those? Linking to an imgur hosted graphic isn't a good look in that regard.

solrize ,

Poor Tim. Look what they've done to his Web.

Radical New Discovery Could Double The Speed of Existing Computers - simultaneous and heterogeneous multithreading (www.msn.com)

Does anyone know more about this? Sounds like distributing tasks to other processors that are not really designed for the job? Articles are making it out to be a miracle and not sure whether to believe it

solrize , (edited )

Msn article links a press release which links the paper: https://dl.acm.org/doi/10.1145/3613424.3614285

The idea seems to be if your computer has several kinds of hardware accelerators, there is a systematic way to use them simultaneously. I only read the beginning but it's hard to see a big breakthrough.

solrize ,

What does this have to do with Mozilla?

solrize , (edited )

I don't have as complex a collection but gthumb on a laptop was ok. Or for a while I used a script that made an html page of clickable thumbnails that I viewed in a browser. That was very fast. For uploading from my phone I use a self hosted nextcloud and I back everything up with Borg. I'll look over your list again since the programs you mention sound way too complicated. It should be possible to do what you want with a few simple scripts on a server, plus a browser or gallery app on your phone.

I do think being able to have photos in multiple collections is useful. That can be implemented with something like tags.

solrize ,

This is just under 12 minutes long. Tldw. Can someone explain the argument in maybe 1 paragraph? I watched a minute of the video and got bored. I can't see sending it to anyone. A 1 minute version would be great.

solrize ,

I don't need to hear it myself since I think I'm already privacy conscious. The suggestion was that I forward the link to other people, but it's really too long for that. Thus the request for a written or at least shorter version.

solrize ,

Is there a transcript? I'm sure the relevant info can be digested in much less than 12 minutes.

Yeah I spend more time than that reading shitposts as someone said. But that's because I like reading. I hate video and I don't want to watch it if I can read the info instead. Tik Tok is not for me.

solrize ,

I'm not scared of governments surveying me ... they don't have the time or budget.... I'm not scared fo data brokers, they don't want my data, they want to sell it to some one else for a profit and don't really care about it.

We're in an era where surveillance is cheap enough that literally everyone gets surveilled, and we're approaching one where the data will actually get analyzed (by AI) even when there's no prior expectation that it will be interesting. And while the data sellers might not scare you, what about the buyers? E.g.

https://www.bloomberg.com/news/features/2017-11-15/the-brutal-fight-to-mine-your-data-and-sell-it-to-your-boss

Preferred E-Book Library Server Software?

Looking for a solution to manage and access the directory on my NAS that is full of ebooks. Optimally I want to be able to web reader them but also automagically send it to the email that sends it to my kindle. And e-book wise, the majority of mine are epub/mobi that I got from various kickstarters or humble bundles. But I also...

solrize ,

How many are you talking about? I haven't felt the need for anything like that so far but I don't have a ton of ebooks at the moment.

Converting epub to PDF is fairly easy (I think pandoc can do it, and calibre definitely can) but the other way is harder. Same situation with search indexing (epub easy, PDF harder).

Can you just remote mount your NAS and use calibre or whatever locally? Or just make local copies of anything you plan to read?

solrize , (edited )

Unfortunately most of these systems still expose the very private fact that you and so-and-so are talking to each other at all. Concealing the content is almost immaterial.

solrize ,

It's not just the technology. Why buy a TV when the subscriptions cost a fortune and the shows are crap? We have the Internet now, and watch less TV than before.

solrize ,

Fossil-scm.org is very lightweight (2mb ram) and does quite a lot. See if you like it.

solrize ,

Idk about rclone but you can do that with Borg backup.

solrize ,

It'll be public

Probably not a good idea to publicize the contents of your Plex server. And anyway, why not just use a forum or wiki?

solrize , (edited )

I wouldn't mess with react or other client side bling for this. Just keep it traditional. There are very light weight forum and wiki systems out there. Maybe Fossil ( fossil-scm.org ) could be restyled without too much pain. It uses about 2MB of ram.

Cloudflare Alternative

What do you guys use to expose private IP addresses to the web? I was using the npm proxy manager with Cloudflare CDN. However, it stopped working after I changed my router (I keep getting error 521). Looking for an alternative to Cloudflare cdn so I can access my media server/self-hosted services away from LAN....

solrize ,

bunny.net

supermarket club cards

Hey I'm sure you all know how sketchy club cards are for collecting your data. But I do begrudge paying slightly higher prices just for valuing my privacy. I was wondering if there was any way to sign up to these things whilst limiting the data they have access to. Would it be enough to sign up with fake details and never use...

solrize ,

At my old group's monthly meetings we'd all chuck our cards into a hat, stir them around to randomize them, and take them out again.

What do you think about Abstract Wikipedia?

Wikifunctions is a new site that has been added to the list of sites operated by WMF. I definitely see uses for it in automating updates on Wikipedia and bots (and also for programmers to reference), but their goal is to translate Wikipedia articles to more languages by writing them in code that has a lot of linguistic...

solrize ,

This sounds like more roboticication of wikipedia. Not good.

solrize ,

That's a nice little board! Web search SIM7600X finds various code you can use. Idk if asterisk can support it directly though.

Another possibility might be to use a consumer mobile phone I guess.

I wonder if there might be a 5g version of the board sometime.

solrize , (edited )

There's a device called cell2jack that converts your mobile phone to a pseudo landline. It talks to the cell phone by Bluetooth and has an rj11 port that you plug a landline phone into.

I wonder if one can do similar with software on a raspberry pi. That is, use Bluetooth and a mobile phone instead of that board. It's clunkier but everyone has old phones around, that have the right bands etc. the Pi software could even create a listener port that you can connect to with a SIP client.

Is there a reason you don't want to just use a SIP service by the way? It would certainly be cheaper than that board plus a mobile plan.

solrize ,

I see, yeah, reasonable point about some services not liking hosted phone numbers. I haven't had serious problems with that, but it is a thing.

If you can use those sims in mobile phones then I'd call them mobile plans. Can I ask what country you are in? Here in the US, mobile service costs a lot more. I have been getting SIP service from vitelity.net but twilio.com and voip.ms are better known here. I don't know about jmp.chat.

I haven't had trouble using a hosted number for banking and it feels better to me than using a mobile number. The cheap mobile providers (MVNO's) I use here are sketchy, mobile numbers change all the time, etc. I use a VoIP number as my permanent stable number and forward it to my mobile. So if I switch mobiles, I just change the forwarding. In theory you can port phone numbers between carriers but I've had significant hassle doing that. That's just here though. It may be different where you are.

solrize ,

That is interesting, the least you can pay for a sim here is about 2.5 USD/mo as far as I can tell. A phone number by itself is about 1 USD/mo. Vitelity no longer seems to show prices on its public site, but Twilio has NL mobile numbers for 6 USD/mo which seems pretty high to me: https://www.twilio.com/en-us/voice/pricing/nl

SMS for 2fa is deprecated here because of insecurity and TOTP is generally preferable. Can you use that instead?

I understand about DIY and am interested to hear how this goes for you. I might like to try it myself.

solrize ,

I think it means that on Linux, no driver is needed ("driver-free" = free of drivers) since it uses the kernel USB stack. On windows there may be a USB driver that gets loaded. But you're right, it's ambiguous.

solrize , (edited )

I'm happy with fastmail. I haven't used Protonmail and have had some doubts about them overclaiming about end to end encryption and stuff like that, but they sound good too. The concept of privacy in email is problematic since a) if the person you are emailing uses gmail, then Google has a copy of your email's plain text no matter how much encryption your own provider uses. b) Even if the email content is encrypted, having the metadata intercepted can be just as invasive, c) even if encrypted, having an archived and authenticated copy of a message can be a big problem due to e.g. rubber hose cryptanalysis, d) for secure communication to exist at all, both people have to be quite security conscious, which isn't easy. Technical features like cryptography are of very little help with that.

There's a good movie "Citizenfour" about Edward Snowden, and I remember reading that when the producers needed to have a private conversation while working on the film, they would go outside and talk, leaving their phones in the office. A real privacy approach has to go well beyond using the right email provider.

I like that Fastmail has humans answering support tickets. That's already light years beyond anything like gmail. I don't know how Proton is about that. Maybe they can do it for paid plans. I don't see how they can do it sustainably for free plans but who knows. The main drawback of fastmail is that it is on the expensive side, but I use it so much that it doesn't sting as much.

If you just want cheap non-megacorp email for your own domains, I like mxroute.com. Their sticker prices can be kind of high, but they frequently have sales with super cheap plans.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •