tburkhol

tburkhol , 4 months ago to Selfhosted in Up-to-date OpenSSL guide or tool for creating a certificate authority and self-signing TLS certificates?

I recently moved my internal network to a public domain. [random letters].top was $1.60 at porkbun, and now I can do DNSSEC and letsencrypt. I added a pre-hook to LE's renew that briefly opens the firewall for their challenges, but now I'm going to have to look at the DNS challenge.

Almost everything I do references just hostname, with dns-search supplied by dhcp, so there was surprisingly little configuration to change when I switched domains.

tburkhol , 5 months ago to homeassistant in Behold, My Latest Automation (Cat Companion Problems)

This is exactly the kind of semi-ridiculous thing I like about home automations: the power to answer one's most trivial curiosities.

I'd probably add a logger, so I could follow the history of Mohkno's food thievery, then try different techniques to discourage her. Have ha also play a recording of you saying 'Mohkno, no!' Some activity to distract her during the critical food-stealing window. Or go all-in and get those microchip-reading pet feeders.

tburkhol OP , 5 months ago to Selfhosted in Bind 9.18.18 dnssec key location and privileges?

I'd tried that...this has been going on for five days, and I can not describe my level of frustration. But I solved it, literally just now.

Despite systemctl status apparmor.service claiming it was inactive, it was secretly active. audit.log was so full of sudo that I failed to see all of the

apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/dnssec-keys/K[zone].+013+16035.l6WOJd" pid=152161 comm="isc-net-0002" requested_mask="c" denied_mask="c" fsuid=124 ouid=124FSUID="bind" OUID="bind"

That made me realize, when I thought I fixed the apparmor rule, I'd used /etc/bind/dnskey/ rw instead of /etc/bind/dnskey/** rw

The bind manual claims that you don't need to manually create keys or manually include them in your zone file, if you use dnssec-policy default or presumably any other policy with inline-signing. Claims that bind will generate its own keys, write them, and even manage timed rotation or migration to a new policy. I can't confirm or deny that, because it definitely found the keys I had manually created (one of which was $INCLUDEd in the zone file, and one not) and used them. It also edited them and created .state files.

I feel like I should take the rest of the day off and celebrate.

tburkhol , 5 months ago to Selfhosted in Does anyone else harvest the magnets and platters from old drives as a monument to selfhosting history?

Back in the day, I'd go through HDDs faster than systems-always needed to add storage before I could replace the CPU. I didn't start disassembling them until they got up to the 500 _M_B range, but you'd often get 3 platters back then. OP must be harvesting from a whole workgroup - I've only got a 3cm stack and 7 drives waiting for the screwdriver.

tburkhol , 5 months ago to linuxmemes in Some heroes don't wear capes

Fred78290 is the man. Much better than Fred78920

tburkhol , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

No idea, honestly, what the popular perception of N100 platform is. It only came to my mind because I'd watched https://www.youtube.com/watch?v=hekzpSH25lk a couple days ago. His perspective was basically the opposite of yours, i.e.: Is a Pi-5 good enough to replace an N100?

tburkhol , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

Pi5+ just because I'd originally written Pi5+PS/case/SD.

And you're right that everything has gotten more expensive, but $35 in 2016 (Pi-3) is only $45 today (and you can still get a 3B for $35). The older Pis hit, for me, a sweet spot of functionality, ease, and price. Price-wise, they were more comparable to an Arduino board than a PC. They had GPIOs like a microcontroller. They could run a full operating system, so easy to access, configure, and program, without having to deal with the added overhead of cross-compiling or directly programing a microcontroller. That generation of Pi was vastly overpowered for replacing an Arduino, so naturally people started running other services on them.

Pi 3 was barely functional as a desktop, and the Pi Foundation pushed them as a cheap platform to provide desktop computing and programming experience for poor populations. Pi4, and especially Pi5, dramatically improved desktop functionality at the cost of marginal price increases, at the same time as Intel was expanding its inexpensive, low-power options. So now, a high-end Pi5 is almost as good as a low-end x86, but also almost as expensive. It's no longer attractive to people who mostly want an easy path to embedded computing, and (I think) in developed countries, that was what drove Pi hype.

Pi Zero, at $15, is more attractive to those people who want a familiar interface to sensors and controllers, but they aren't powerful enough to run NAS, libreelec, pihole, and the like. Where "Rasperry Pi" used to be a melting pot for people making cool gadgets and cheap computing, they've now segmented their customer base into Pi-Zero for gadgets and Pi-400/Pi-5 for cheap computing.

tburkhol , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

My guess is Firefox. I'm using Kodi - OSMC/libreelec - and it coasts along at 1080p, with plenty of spare CPU to run pihole and some environmental monitors. Haven't tried anything 4k, but supposedly Pi4 offloads that to hardware decoding and handles it just fine. (as long as the codec is supported).

tburkhol , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

https://www.acepcs.com/products/mini-pc-intel-n100-ultra is only $140, and it looks to me like Pi5+ is $160 with PS/case/microSD.

tburkhol , 5 months ago to Selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

Pi 4's were hard to get there for a while. Pi 5's are expensive. Lot of other SBCs are also expensive, as in not all that much cheaper than a 2-3 generations old low-end x86. That makes them less attractive for special purpose computing, especially among people who have a lot of old hardware lying around.

Any desktop from the last decade can easily host multiple single-household computer services, and it's easier to maintain just one box than a half dozen SBCs, with a half dozen power supplies, a half dozen network connections, etc. Selfhosters often have a 'real' computer running 24/7 for video transcoding or something, so hosting a bunch of minimal-use services on it doesn't even increase the electric bill.

For me, the most interesting aspect of those SBCs was GPIO and access to raw sensor data. In the last few years, 'smart home' technology seems to have really exploded, to where many of the sensors I was interested in 10 years ago are now available with zigbee, bluetooth or even wifi connectivity, so you don't need that GPIO anymore. There are still some specific control applications where, for me, Pi's make sense, but I'm more likely to migrate towards Pi-0 than Pi-5.

SBCs were also an attractive solution for media/home theater displays, as clients for plex/jellyfin/mythtv servers, but modern smart-TVs seem mostly to have built-in clients for most of those. Personally, I'm still happy with kodi running on a pi-4 and a 15 year old dumb TV.

tburkhol , 5 months ago to homeassistant in Air quality (Co2) monitoring options

I have a 'roll-your-own' using an adafruit SCD-30 module https://www.adafruit.com/product/4867 IR-based CO2, temp & humidity; I2C with python libraries, so integrating it with an RPi is easy. Sensor is self-calibrating over time, so if you leave it in a higher CO2 space with no exposure to fresh air, it will eventually drift such that the lowest observed CO2 reports as 420 ppm. Newer SCD-40 is only $45, but different sensor technology.

Dunno about their shipping outside the US.

tburkhol , 5 months ago to Technology in 'It hasn't delivered': The spectacular failure of self-checkout technology

I would rather spend (modestly) more time checking my own than less time standing idly with nothing to do but watch some kid checking out my goods. It feels better to be an active participant. Where it breaks down for me and my 12 items is when all the self-check lanes are clogged with people trying to ring up a full cart of groceries, who still haven't figured out how to work self-checks, who are encumbered by a baby in one arm and a phone in the other hand, or who just can't move all that well.

Managers using the presence of self-check as an excuse to understaff the actual checkouts makes all of those problems worse, and makes the checkout process suck for everyone.

tburkhol , 5 months ago to Technology in Robot baristas and AI chefs caused a stir at CES 2024 as casino union workers fear for their jobs

I've never been in a coffee shop without an automatic/one-touch espresso machine. The last one I tried - a place that roasts their own beans and offers a range of classes and Specialty Coffee of America certifications - I asked if they could make me a "bad" espresso, and they basically said, "Nope, you're gonna get whatever the button gives us."

tburkhol , 5 months ago to Technology in Robot baristas and AI chefs caused a stir at CES 2024 as casino union workers fear for their jobs

Some of that turn is physical plant. Kitchens, especially, are built to serve human forms, where tech solutions to food prep would rather be stand-alone boxes. It's a far harder problem to make a robot that uses a restaurant's existing grills, ovens, and deep fryers than it is to make a box that turns out perfect french fries. It's a riskier proposal for a restaurant to replace its fry station, where a human can make fries, onion rings, egg rolls, or whatever new fad hits tiktok, with a fries-and-rings-only box with less than 10 years commercial proof. Generative AI, for all its faults, is just code that runs on a computer you already have, or maybe in a cloud service with zero physical footprint. Relative to replacing your barista with a vending machine, trying ChatGPT for a quarter or two is practically zero risk.

tburkhol , 8 months ago to Memes in Boss makes a dollar, I make a dime. Now I cry on company time

Quaint rhyme from better times. Boss is making $34 for my dime today.