towerful
@towerful@programming.dev
- Comment on All four major web browsers are about to lose 80% of their funding | by Dan Fabulich | Apr, 2025 1 day ago:
Cutting out swaths of code and features - without breaking other code and features - is not a small task.
It’s probably more time consuming and complex than just continuing to update at a slower pace. - Comment on [deleted] 1 day ago:
I have no idea, but that website is a bit of a red flag to me.
It sounds like it’s some sort of file sharing service. So you can upload, share and download files from the RealDebrid servers.
A quick Google suggests it’s primarily used for downloading/streaming movies, TV series etc. Essentially piracy. - Comment on Cloudflare Tunnel Alternatives 2 days ago:
Chisel, Rathole, an SSH tunnel with port forwarding, a VPN with port forwarding.
Keywords are “self hosted tunnel” or “reverse proxy over VPN”.Run a VPS for like $5 a month, your local reverse-proxy tunnels out to the VPS, and your VPS forwards port 80/443 over the tunnel to your reverse-proxy.
- Comment on Soon, You May Be Able To Play Diddy Kong Racing Natively On Your PC | Time Extension 3 days ago:
Pretty much, yes.
Developers for the older consoles employed all sorts of hacks and used all sorts of undocumented features.
Emulators of N64 would develop the emulator for something like 80% of the features of 80% of the games, then put in specific workarounds for the oddities of each game.
Which is why some games are better on specific emulators.Also, decompilation lead to a greater understanding of the various glitches. DK64 and Mario 64 speedruns benefitted massively from this.
And also fun hack/mods like randomisers and hardcore modes, massively extending the games playability.But yeh, the things devs did back in the day is bonkers
- Comment on Microsoft Allows Bethesda To Continue To Be Cool Regarding Fan-Made Remake Projects 1 week ago:
Now they need to stop interfering with windows
- Comment on How can I create a Lemmy instance without coding or the use of Ethernet/router wiring? 2 weeks ago:
Uh, don’t?
You want a Lemmy instance - that I presume you would want to be somewhat reliable - without doing anything? WiFi prioritises convenience over speed and reliability. So, things will randomly fail.I guess pay for a Lemmy instance provider. Probably the easiest. But this is self hosting, and it sounds like you want a place to start and have chosen “hosting a Lemmy instance” as your learning ground.
Something like cloudflare tunnel will let you punch through a firewall without having to mess with network stuff.
A docker compose stack makes things as easy as they can be in such scenarios.
These are terms you can google “Lemmy docker compose cloudflare tunnel”Here is 1 result: lemmy.world/post/299429
Here is a GitHub for Lemmy in docker compose github.com/Drakeyves/lemmy-docker-setup
This looks like it covers cloud flare in a compose stack: joelparkinson.me/self-hosting-with-cloudflare-tun…
Read through, learn docker compose, understand cloudflare & cloudflare tunnels
- Comment on How to self-host a distributed git server cluster? 2 weeks ago:
Wouldn’t it be better to have highly available storage for the git repo?
Something like Ceph, Minio, Seaweedfs, GarageFS etc.
Cause git is file system based. - Comment on 4chan hacked and taken offline. Hacker reopens /qa/ and leaks all admins emails. 2 weeks ago:
Censoring*
Censure is like a harsh criticism
- Comment on Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program 2 weeks ago:
What a stable government
- Comment on [deleted] 2 weeks ago:
my router and my reverse proxy (traefik) is able to receive the necessary SSL/TLS certificates however
From something like LetsEncrypt?
As an HTTP-01 Challenge? Not an DNS-01 challenge?
Http challenge means that port 80 is accessible from the public internet (because that’s how LE can confirm it can reach your server via the public DNS records, proof of server ownership).
DNS-01 is about proof of DNS record ownership, and doesn’t prove public internet access.Also, what are you self hosting?
Does it really need to be publicly accessible? Or just accessible by you and people you trust? - Comment on [deleted] 3 weeks ago:
Sounds like you have had a very productive life! Your son is very lucky.
Encourage the education. But there are loads of good careers that don’t need university degrees.
And all the while, he can try and achieve his dream.From personal experience, university wasn’t useful for me - other than giving me time to figure out what I don’t want to do, and meeting friends that are still friends to this day.
But I could’ve easily done an apprenticeship, or gone straight into some industry/company. Some days, I wish I had. Other days, I wouldn’t want to be doing anything other than what I am atm.Dream case, he makes it.
Best case, he figures out what he wants to do by 21.
Worst case, he’s still figuring it out when he’s 25.I wasn’t making decent money until I was late 20s. Even now, I can’t guarantee I have enough work next year. It’s extremely likely, but I’m self employed so…
Knowing my folks will still support me means I can continue pursuing interesting, useful and innovative things, even in my 30s - even tho that’s not longer required.Maybe talk to some of your contacts in the football industry.
See if they have similar “football or nothing”, or if they had backup plans.
Talk to some managers, coaches, sports scientists, medics etc.
Ask them how they would get into pro football. Ask them what happens to pro-football aspiring players that don’t make the cut.
Use your experience and connections to help and support your son. And be there if it doesn’t work out.
You might know better, but he still has to learn. The best lessons are mistakes. - Comment on UK bans fake reviews and ‘sneaky’ hidden fees to protect online shoppers under new law 3 weeks ago:
Yeh, but with enough actions taken (and suitably deterrent actions), companies won’t want to risk it
- Comment on UK bans fake reviews and ‘sneaky’ hidden fees to protect online shoppers under new law 3 weeks ago:
Same way with a lot of other consumer protections. By consumers reporting companies.
If I receive an order and inside is a “leave a five star review, and receive 10% off” type thing inside, I’ll report that in a heartbeat - knowing that Trading Standards is now actively dealing with this sorta thing
- Comment on [deleted] 3 weeks ago:
Did you go straight into being a pro footballer? Or did you have back up plans? Like “if this doesn’t work out, I’ll be an electrician” or something?
I’ve never had super lofty goals, but my parents always supported me in what I wanted to do. They never tried to steer me, but they did ask pertinent questions about what I was planning at various points. Probably to hint at bad idea.
I feel like I could have asked them for money/support at any point for any of my projects/ideas/whatevers, and - after making sure I was serious - would have helped out however they could.
I have a very unique career at this point, and I am only in this position because of the eclectic experience I have.Ultimately, he is growing up. He’s going to have to make mistakes.
I’d say you have to be prepared to support him as much as you can in his dream of being a pro footballer.
Maybe he won’t be a pro footballer, but he might get a satisfying career out of being football-adjacent. Medic, science, coaching.
Or maybe he will try it for 5 years and eventually realise it’s not gonna happen, and be an electrician.
Or maybe he will struggle for 2 years, realise he needs to double down, and make the cut a year later.I had a friend when I was growing up that dreamed of being an RAF pilot. Everything he did was around that.
Due to some unfortunate life circumstances, that dream was ripped away in the space of a week. Completely out of anyone’s control, but he could no longer qualify as an RAF pilot.
He was heartbroken. He’s now an engineer/mechanic in the RAF and seems happy.He shouldn’t find another dream.
But he should be aware that dreams don’t always come about. And if this dream doesn’t, would he be happy in an adjacent career? Or something else entirely?
Help him research the backup plan. - Comment on 6* months away now. If you're on 10, do you plan to upgrade? Make the jump to Linux? 4 weeks ago:
I moved to endeavouros. First time using a rolling release, and I was struggling with some webdev stuff cause node was on a recent non-lts build and a few other things.
Not a problem for building, cause I already have that containerised. But things like installing packages was refusing, and obviously couldn’t run dev workflows.Until I realised I should just work inside a container.
I know vscode is still Microsoft (and I’m sure I could get it to work with vscodium), but the dev container workflow is fantastic.
Absolute game changer.
And I know I can easily work on a different platform, os whatever. And still have the same dev environment. - Comment on Nintendo delays Switch 2 preorders over tariff concerns 4 weeks ago:
What?
You have a product that costs 450 to produce.
And you add a 50 markup so you are selling at 500.
Tariffs push that 500 up to 750. Which means a 50% tariff.So you remove your 50 markup and sell it at cost in that market. Which means a product at 450 with a 50% tariff will cost 675.
You don’t make any money on that sale. Fine, it’s a loss-leader. Hopefully you make up the profit of game sales and subscriptions. Which will also be tariffed.For a finished product, the tariff is applied to the selling cost. It doesn’t care about the value of the parts or the amount of markup.
A government isn’t going to pick through a device and apply Country of Origin tariffs on every part, or separate company profit from cost-of-product.If a company says a product is worth 500, that’s the amount the tariff is applied to.
I doubt Nintendo is going to eat the cost of tariffs.
It’s insane to. They could say “we will still launch at this price”, and have the us government cook up more tariffs or whatever. Then Nintendo is holding the bag, or has to renege on the price.
It would be smarter to mildly offset the cost. Like you say, knock $20-50 off but stipulate the final cost is subject to import duties.
I’d love them to say “well, you do you. This is the cost of the console. Your import duties are not out problem.” But I feel (despite their bullshit legal department) Nintendo is more passionate than that, and I think they will mildly reduce the price - Comment on How do I use HTTPS on a private LAN without self-signed certs? 4 weeks ago:
You need to control a domain, so LE can verify you are the controller of the domain, then LE will issue you a certificate saying you are the controller of the domain.
For a wildcard LE cert, you need to use the DNS challenge method.
Essentially the ACME client (or certbot or whatever) will talk to LE and say “I want a DNS challenge for *.example.com”.
LE will reply “ok, your order number 69, and your challenge code is DEADBEEF”.
ACME then interacts with your public nameserver (or you have to do this manually) and add the challenge code as a txt record_acme-challenge.example.com
. (I’ve been caught out by the fact LE uses Google DNS for resolution, and Google will only follow 1 level of NS records from the root authorative nameserver).
All the while, LE is checking for that record. When it finds the record, it mints a wildcard certificate.
ACME then periodically checks in with LE asking for order 69. Once LE has minted the cert, it will return it to acme.
And now you have a wildcard cert.So, how to use it on a local domain?
Use a split horizon DNS method.
Ensure your DHCP is handing out a local DNS for resolving.
Configure that local DNS to then use 8.8.8.8 or whatever as it’s upstream.
Then load in static/override records to the local DNS.
Pihole can do this. OPNSense/pfSense can do this. Unifi can do some of this.How does this work?
Any device on your network that wants to know the IP of example.example.com will ask it’s configured DNS - the local DNS that you have configured.
The local DNS will check it’s static assignments and go “yeh, example.example.com is 10.10.3.3”.
If you ask you local DNS for google.com, it won’t have a static assignment for it, so it will ask it’s upstream DNS, and return that result.
And it means you aren’t putting private IP spaces on public NS records.Then you can load in your wildcard cert to 10.10.3.3, and you will have a trusted HTTPS connection.
Here is a list of LE clients that will automate LE certs.
letsencrypt.org/docs/client-options/Have a read through and pick your desired flavour.
Dig into the docs of that flavour, and start playing around.If it’s all HTTPS, consider using something like Nginx Proxy Manager (nginxproxymanager.com) as a reverse proxy in front of your services and for managing the LE cert.
It’s super easy to use, has a decent GUI, and then it’s only 1 IP to point all DNS records to. - Comment on Does it ever make sense/is it possible to move certain docker volumes to another physical volume, but not all? 5 weeks ago:
I do that, until some container has permissions issues.
I tinker, try and fix it, give up and use a volume. Or I fix it, but it never seems to be the same fix - Comment on Tesla backer says Musk must reduce Trump work, as 46,000 Cybertrucks recalled 1 month ago:
Ah-ha-ha. That’s even sweeter schadenfreude
- Comment on Tesla backer says Musk must reduce Trump work, as 46,000 Cybertrucks recalled 1 month ago:
The majority of Tesla “recalls” have been OTA updates that happen automatically. They get called a recall due to historic laws.
This is actually a physical recall, considering panelling is falling off. So is a lot more expensive for Tesla. Lol - Comment on Self-hosted SSO 1 month ago:
And keycloak has a decent k8s operator, making deployment on a k8s cluster a breeze
- Comment on Need tips for moving forward 1 month ago:
accessed from the internet
Accessed only by you and close family/friends who you are also hosting services for?
Or accessed by anyone?“Accessed by anyone” carries more risk.
“Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
Wireguard is the go-to these days.
Tailscale is much easier and free for 3 users and 100 nodes.If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.
Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall
- Comment on Veterans fired from federal jobs say they feel betrayed, including some who voted for Trump 1 month ago:
The only way I can understand the mental gymnastics is that the right manipulated the “I don’t understand that persons job, I work harder than they do, I don’t like my boss” sentiments, so everyone felt that they were safe but that the people they don’t like would get sacked.
Leopard eating people’s faces party strikes again - Comment on Apple refuses to break encryption, seeks reversal of UK demand for backdoor - Ars Technica 1 month ago:
No.
Users that do not decrypt their storage lose their storage permanently.
Users that decrypt their storage get to continue to use it, but it isn’t decrypted.No encryption is broken.
Users are swapping convenience for privacy. (Or privacy for convenience? Whichever way that is).Broken implies it is unusable or useless. As in “Apples encryption is unusable”.
This is not the case. It’s not broken. Users are given the option to remove the encryption to be able to continue to use the storage.Essentially: xkcd.com/538/
- Comment on Is this massive difference to be expected? 1 month ago:
So you have local DNS set up?
If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why
- Comment on US threatens to shut off Starlink if Ukraine won't sign minerals deal, sources tell Reuters 2 months ago:
Kinda shows how revolutionary starlink actually is, tho.
I mean, a country with minimal military spending (or, one that doesn’t have their own encrypted satellite network) can get a commodity device that gives modern connection speeds with very modest latency.Starlink has many drawbacks, is a horrendous impact to the environment, is owned by a fascist/nazi dickhead.
But the empowerment it obviously gives to an underpowered military is phenomenal.
Ukraine has been awesome in their iteration and implementation of novel strategies and new technologies that few other counties could do.
It’s just a shame that one of the useful techs is being used as extortion by fascists.
It’s like enshitification, but on a country level scale - Comment on Wheel of Time - for both the book and show fans 2 months ago:
Stephen King dark tower?
No. Not western, no guns, no science, not really horror.WoT is the whole “forgotten/suppressed magic, ‘the one’, forces of long imprisoned evil” kinda fantasy, along with a rise to power, world politics, massive battles, adventure, and - I guess - romance.
Has a lot of the tropes, but carves a great story and adventure.
I genuinely recommend it. I’ve read it 3 times, and I enjoy the TV series.It’s a 15 book epic fantasy, with the last 3 books written by Brandon Sanderson according to (deceased, 2007) Robert Jordans notes.
It’s good.
It has it’s faults, Robert Jordans writing has it’s faults.
But it is good, a great story, a great adventure, a great over-arching story. And 15 books long, makes it great read to sink into and enjoy. - Comment on Elon Musk just offered to buy OpenAI for $97.4 billion 2 months ago:
I feel like “look at twitter” is probably enough of a defence to decline president musk.
It would probably need to be wordier for court proceedings. - Comment on Apple ordered to open encrypted user accounts globally to UK spying 2 months ago:
My experience of checksums are in things like serial where they can potentially recover a corrupt bit.
I presume in the case of encryption, a checksum is more of a hash of the raw data? Like a one-way deterministic compute. Easy to get a hash of data, extremely difficult to get data from a hash.
In which case, it’s fine. Passwords are hashed (granted, multiple times), but a cryptographically secure hash is not to be underestimated. - Comment on How JavaScript Overuse Ruined the Web 2 months ago:
A page could load thousands of images and thousands of tiny CSS files.
None of that is JS, all of that is loads of extra requests.Never mind WASM. It’s a portable compiled binary that runs on the browser. Code that in c#, rust, python, whatever.
So no, JS is not the only way to poorly implement API requests.Besides, http/2 has connection reuse. If the IP and the TLS cert authority is the same, additional API/file etc requests will happen over the established TLS connection, reducing the overhead of establishing a secure connection.
Your dislike is of badly made websites and the prevalence of the browser being a common execution framework, and is wrongly directed at JS.