towerful
@towerful@programming.dev
- Comment on X (fka Twitter) is out of service 10 hours ago:
1 fire took down twitter globally?
That’s some great streamlining that Musk has done. - Comment on Realtek's $10 tiny 10GbE network adapter is coming to motherboards later this year 10 hours ago:
Low latency means low compression. Low compression means high bandwidth.
1080p60 NDI will be 200mbps. If you are doing 2160p60, that’s 800mbps (which is about the limit I would run 1gbe at). Doesn’t leave much overhead for anything else, and a burst of other traffic might cause packet drops or packet rejection due to exceeding the TTL.2.5gbps would be enough.
But I see 2.5gbps and 5gbps as “stop-gaps”. Data centers standardised on 10/40gbps for a while (before 25/100 and 100/400) - it’s still really common tbh - so the 10gbps tech is cheap.
I don’t see the point in investing in 2.5/5gbps - Comment on Brooklyn electronics company Adafruit hit with surprise $36K tariff bill: "pay in one week" 2 weeks ago:
Adafruit makes some seriously useful PCBs.
If you have ever tinkered, you likely have some sort of requirement that needs a little more tech to make work. Afafruit cover that gap, and all their stuff is open source.
A genuinely good US tech company. - Comment on Shocked to hear ‘prompt engineer’ is not a real job 2 weeks ago:
Sounds like a project manager that can talk to engineers…
- Comment on New Reform UK Council Leader Calls Ukraine War 'A Distraction' 2 weeks ago:
Is that an insult?
Nature normally smells lovely - Comment on All four major web browsers are about to lose 80% of their funding | by Dan Fabulich | Apr, 2025 3 weeks ago:
Cutting out swaths of code and features - without breaking other code and features - is not a small task.
It’s probably more time consuming and complex than just continuing to update at a slower pace. - Comment on [deleted] 3 weeks ago:
I have no idea, but that website is a bit of a red flag to me.
It sounds like it’s some sort of file sharing service. So you can upload, share and download files from the RealDebrid servers.
A quick Google suggests it’s primarily used for downloading/streaming movies, TV series etc. Essentially piracy. - Comment on Cloudflare Tunnel Alternatives 3 weeks ago:
Chisel, Rathole, an SSH tunnel with port forwarding, a VPN with port forwarding.
Keywords are “self hosted tunnel” or “reverse proxy over VPN”.Run a VPS for like $5 a month, your local reverse-proxy tunnels out to the VPS, and your VPS forwards port 80/443 over the tunnel to your reverse-proxy.
- Comment on Soon, You May Be Able To Play Diddy Kong Racing Natively On Your PC | Time Extension 3 weeks ago:
Pretty much, yes.
Developers for the older consoles employed all sorts of hacks and used all sorts of undocumented features.
Emulators of N64 would develop the emulator for something like 80% of the features of 80% of the games, then put in specific workarounds for the oddities of each game.
Which is why some games are better on specific emulators.Also, decompilation lead to a greater understanding of the various glitches. DK64 and Mario 64 speedruns benefitted massively from this.
And also fun hack/mods like randomisers and hardcore modes, massively extending the games playability.But yeh, the things devs did back in the day is bonkers
- Comment on Microsoft Allows Bethesda To Continue To Be Cool Regarding Fan-Made Remake Projects 4 weeks ago:
Now they need to stop interfering with windows
- Comment on How can I create a Lemmy instance without coding or the use of Ethernet/router wiring? 5 weeks ago:
Uh, don’t?
You want a Lemmy instance - that I presume you would want to be somewhat reliable - without doing anything? WiFi prioritises convenience over speed and reliability. So, things will randomly fail.I guess pay for a Lemmy instance provider. Probably the easiest. But this is self hosting, and it sounds like you want a place to start and have chosen “hosting a Lemmy instance” as your learning ground.
Something like cloudflare tunnel will let you punch through a firewall without having to mess with network stuff.
A docker compose stack makes things as easy as they can be in such scenarios.
These are terms you can google “Lemmy docker compose cloudflare tunnel”Here is 1 result: lemmy.world/post/299429
Here is a GitHub for Lemmy in docker compose github.com/Drakeyves/lemmy-docker-setup
This looks like it covers cloud flare in a compose stack: joelparkinson.me/self-hosting-with-cloudflare-tun…
Read through, learn docker compose, understand cloudflare & cloudflare tunnels
- Comment on How to self-host a distributed git server cluster? 5 weeks ago:
Wouldn’t it be better to have highly available storage for the git repo?
Something like Ceph, Minio, Seaweedfs, GarageFS etc.
Cause git is file system based. - Comment on 4chan hacked and taken offline. Hacker reopens /qa/ and leaks all admins emails. 5 weeks ago:
Censoring*
Censure is like a harsh criticism
- Comment on Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program 5 weeks ago:
What a stable government
- Comment on [deleted] 5 weeks ago:
my router and my reverse proxy (traefik) is able to receive the necessary SSL/TLS certificates however
From something like LetsEncrypt?
As an HTTP-01 Challenge? Not an DNS-01 challenge?
Http challenge means that port 80 is accessible from the public internet (because that’s how LE can confirm it can reach your server via the public DNS records, proof of server ownership).
DNS-01 is about proof of DNS record ownership, and doesn’t prove public internet access.Also, what are you self hosting?
Does it really need to be publicly accessible? Or just accessible by you and people you trust? - Comment on [deleted] 1 month ago:
Sounds like you have had a very productive life! Your son is very lucky.
Encourage the education. But there are loads of good careers that don’t need university degrees.
And all the while, he can try and achieve his dream.From personal experience, university wasn’t useful for me - other than giving me time to figure out what I don’t want to do, and meeting friends that are still friends to this day.
But I could’ve easily done an apprenticeship, or gone straight into some industry/company. Some days, I wish I had. Other days, I wouldn’t want to be doing anything other than what I am atm.Dream case, he makes it.
Best case, he figures out what he wants to do by 21.
Worst case, he’s still figuring it out when he’s 25.I wasn’t making decent money until I was late 20s. Even now, I can’t guarantee I have enough work next year. It’s extremely likely, but I’m self employed so…
Knowing my folks will still support me means I can continue pursuing interesting, useful and innovative things, even in my 30s - even tho that’s not longer required.Maybe talk to some of your contacts in the football industry.
See if they have similar “football or nothing”, or if they had backup plans.
Talk to some managers, coaches, sports scientists, medics etc.
Ask them how they would get into pro football. Ask them what happens to pro-football aspiring players that don’t make the cut.
Use your experience and connections to help and support your son. And be there if it doesn’t work out.
You might know better, but he still has to learn. The best lessons are mistakes. - Comment on UK bans fake reviews and ‘sneaky’ hidden fees to protect online shoppers under new law 1 month ago:
Yeh, but with enough actions taken (and suitably deterrent actions), companies won’t want to risk it
- Comment on UK bans fake reviews and ‘sneaky’ hidden fees to protect online shoppers under new law 1 month ago:
Same way with a lot of other consumer protections. By consumers reporting companies.
If I receive an order and inside is a “leave a five star review, and receive 10% off” type thing inside, I’ll report that in a heartbeat - knowing that Trading Standards is now actively dealing with this sorta thing
- Comment on [deleted] 1 month ago:
Did you go straight into being a pro footballer? Or did you have back up plans? Like “if this doesn’t work out, I’ll be an electrician” or something?
I’ve never had super lofty goals, but my parents always supported me in what I wanted to do. They never tried to steer me, but they did ask pertinent questions about what I was planning at various points. Probably to hint at bad idea.
I feel like I could have asked them for money/support at any point for any of my projects/ideas/whatevers, and - after making sure I was serious - would have helped out however they could.
I have a very unique career at this point, and I am only in this position because of the eclectic experience I have.Ultimately, he is growing up. He’s going to have to make mistakes.
I’d say you have to be prepared to support him as much as you can in his dream of being a pro footballer.
Maybe he won’t be a pro footballer, but he might get a satisfying career out of being football-adjacent. Medic, science, coaching.
Or maybe he will try it for 5 years and eventually realise it’s not gonna happen, and be an electrician.
Or maybe he will struggle for 2 years, realise he needs to double down, and make the cut a year later.I had a friend when I was growing up that dreamed of being an RAF pilot. Everything he did was around that.
Due to some unfortunate life circumstances, that dream was ripped away in the space of a week. Completely out of anyone’s control, but he could no longer qualify as an RAF pilot.
He was heartbroken. He’s now an engineer/mechanic in the RAF and seems happy.He shouldn’t find another dream.
But he should be aware that dreams don’t always come about. And if this dream doesn’t, would he be happy in an adjacent career? Or something else entirely?
Help him research the backup plan. - Comment on 6* months away now. If you're on 10, do you plan to upgrade? Make the jump to Linux? 1 month ago:
I moved to endeavouros. First time using a rolling release, and I was struggling with some webdev stuff cause node was on a recent non-lts build and a few other things.
Not a problem for building, cause I already have that containerised. But things like installing packages was refusing, and obviously couldn’t run dev workflows.Until I realised I should just work inside a container.
I know vscode is still Microsoft (and I’m sure I could get it to work with vscodium), but the dev container workflow is fantastic.
Absolute game changer.
And I know I can easily work on a different platform, os whatever. And still have the same dev environment. - Comment on Nintendo delays Switch 2 preorders over tariff concerns 1 month ago:
What?
You have a product that costs 450 to produce.
And you add a 50 markup so you are selling at 500.
Tariffs push that 500 up to 750. Which means a 50% tariff.So you remove your 50 markup and sell it at cost in that market. Which means a product at 450 with a 50% tariff will cost 675.
You don’t make any money on that sale. Fine, it’s a loss-leader. Hopefully you make up the profit of game sales and subscriptions. Which will also be tariffed.For a finished product, the tariff is applied to the selling cost. It doesn’t care about the value of the parts or the amount of markup.
A government isn’t going to pick through a device and apply Country of Origin tariffs on every part, or separate company profit from cost-of-product.If a company says a product is worth 500, that’s the amount the tariff is applied to.
I doubt Nintendo is going to eat the cost of tariffs.
It’s insane to. They could say “we will still launch at this price”, and have the us government cook up more tariffs or whatever. Then Nintendo is holding the bag, or has to renege on the price.
It would be smarter to mildly offset the cost. Like you say, knock $20-50 off but stipulate the final cost is subject to import duties.
I’d love them to say “well, you do you. This is the cost of the console. Your import duties are not out problem.” But I feel (despite their bullshit legal department) Nintendo is more passionate than that, and I think they will mildly reduce the price - Comment on How do I use HTTPS on a private LAN without self-signed certs? 1 month ago:
You need to control a domain, so LE can verify you are the controller of the domain, then LE will issue you a certificate saying you are the controller of the domain.
For a wildcard LE cert, you need to use the DNS challenge method.
Essentially the ACME client (or certbot or whatever) will talk to LE and say “I want a DNS challenge for *.example.com”.
LE will reply “ok, your order number 69, and your challenge code is DEADBEEF”.
ACME then interacts with your public nameserver (or you have to do this manually) and add the challenge code as a txt record_acme-challenge.example.com. (I’ve been caught out by the fact LE uses Google DNS for resolution, and Google will only follow 1 level of NS records from the root authorative nameserver).
All the while, LE is checking for that record. When it finds the record, it mints a wildcard certificate.
ACME then periodically checks in with LE asking for order 69. Once LE has minted the cert, it will return it to acme.
And now you have a wildcard cert.So, how to use it on a local domain?
Use a split horizon DNS method.
Ensure your DHCP is handing out a local DNS for resolving.
Configure that local DNS to then use 8.8.8.8 or whatever as it’s upstream.
Then load in static/override records to the local DNS.
Pihole can do this. OPNSense/pfSense can do this. Unifi can do some of this.How does this work?
Any device on your network that wants to know the IP of example.example.com will ask it’s configured DNS - the local DNS that you have configured.
The local DNS will check it’s static assignments and go “yeh, example.example.com is 10.10.3.3”.
If you ask you local DNS for google.com, it won’t have a static assignment for it, so it will ask it’s upstream DNS, and return that result.
And it means you aren’t putting private IP spaces on public NS records.Then you can load in your wildcard cert to 10.10.3.3, and you will have a trusted HTTPS connection.
Here is a list of LE clients that will automate LE certs.
letsencrypt.org/docs/client-options/Have a read through and pick your desired flavour.
Dig into the docs of that flavour, and start playing around.If it’s all HTTPS, consider using something like Nginx Proxy Manager (nginxproxymanager.com) as a reverse proxy in front of your services and for managing the LE cert.
It’s super easy to use, has a decent GUI, and then it’s only 1 IP to point all DNS records to. - Comment on Does it ever make sense/is it possible to move certain docker volumes to another physical volume, but not all? 1 month ago:
I do that, until some container has permissions issues.
I tinker, try and fix it, give up and use a volume. Or I fix it, but it never seems to be the same fix - Comment on Tesla backer says Musk must reduce Trump work, as 46,000 Cybertrucks recalled 2 months ago:
Ah-ha-ha. That’s even sweeter schadenfreude
- Comment on Tesla backer says Musk must reduce Trump work, as 46,000 Cybertrucks recalled 2 months ago:
The majority of Tesla “recalls” have been OTA updates that happen automatically. They get called a recall due to historic laws.
This is actually a physical recall, considering panelling is falling off. So is a lot more expensive for Tesla. Lol - Comment on Self-hosted SSO 2 months ago:
And keycloak has a decent k8s operator, making deployment on a k8s cluster a breeze
- Comment on Need tips for moving forward 2 months ago:
accessed from the internet
Accessed only by you and close family/friends who you are also hosting services for?
Or accessed by anyone?“Accessed by anyone” carries more risk.
“Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
Wireguard is the go-to these days.
Tailscale is much easier and free for 3 users and 100 nodes.If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.
Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall
- Comment on Veterans fired from federal jobs say they feel betrayed, including some who voted for Trump 2 months ago:
The only way I can understand the mental gymnastics is that the right manipulated the “I don’t understand that persons job, I work harder than they do, I don’t like my boss” sentiments, so everyone felt that they were safe but that the people they don’t like would get sacked.
Leopard eating people’s faces party strikes again - Comment on Apple refuses to break encryption, seeks reversal of UK demand for backdoor - Ars Technica 2 months ago:
No.
Users that do not decrypt their storage lose their storage permanently.
Users that decrypt their storage get to continue to use it, but it isn’t decrypted.No encryption is broken.
Users are swapping convenience for privacy. (Or privacy for convenience? Whichever way that is).Broken implies it is unusable or useless. As in “Apples encryption is unusable”.
This is not the case. It’s not broken. Users are given the option to remove the encryption to be able to continue to use the storage.Essentially: xkcd.com/538/
- Comment on Is this massive difference to be expected? 2 months ago:
So you have local DNS set up?
If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why