InvertedParallax
@InvertedParallax@lemm.ee
- Comment on Help setting up fail2ban for jellyfin both in docker? 2 days ago:
That’s worse.
Fail2ban isn’t an application like jellyfin, it’s a security framework that should be built in to the gateway router.
- Comment on Can I self host a VPN that sneakies through the China firewall? 3 days ago:
Not really, you need a license and you can host openvpn at tcp 443, but chances are they’ll try to track you down and make your life unpleasant.
When I was there I vps bumped through Hk, that’s probably harder now.
- Comment on China has world’s first operational thorium nuclear reactor thanks to ‘strategic stamina’ 5 days ago:
Yes, I remember when Oppenheimer got in trouble, which resulted in all the decent doctors in the country being rounded up and executed based on lies.
- Comment on China has world’s first operational thorium nuclear reactor thanks to ‘strategic stamina’ 6 days ago:
No, that was only possible because of the southern strategy of the 60s-90s, which pivoted electoral weight to the section of our country most enamored with fascist racism.
- Comment on Entire Pentagon defense tech unit to leave by May 6 days ago:
It’s a moot point to debate whether Trump is a Russian asset or not. Either way, he’s acting as if he was.
Yes, but we do get to abuse brown people right?
- Comment on China has world’s first operational thorium nuclear reactor thanks to ‘strategic stamina’ 6 days ago:
Yeah, they had way more horrifying ones:
- Comment on China has world’s first operational thorium nuclear reactor thanks to ‘strategic stamina’ 6 days ago:
America has been destroyed by the southern strategy.
- Comment on Force Lidarr to re-manage media? 6 days ago:
There’s a mass rename button somewhere.
- Comment on Unpowered SSD endurance investigation finds severe data loss and performance issues 6 days ago:
They were slc, so the charge ratio was much higher.
Mlc/tlc/qlc drives have to measure a current very precisely, up to 16 values of discrimination, any charge degredation doesn’t change a 1 to a 0, but a 3 to a 2 to a 1 and given enough time, a zero.
Also smaller gate dielectric so more leakage.
- Comment on Smartphones and computers are now exempt from Trump’s latest tariffs. 1 week ago:
Tim apple sms’d him a single picture.
Course, the picture was the back of his neck in a sniper scope.
Sometimes pictures speak louder than words.
- Comment on Facebook Pushes Its Llama 4 AI Model to the Right, Wants to Present “Both Sides” 1 week ago:
It’s not that.
It’s just that models are trained on writing and you don’t need to train a lot of white supremacy before it gets redundant.
- Comment on TIL - Caddy 2 weeks ago:
Been using nginx, probably should change just because my mail uses letsencyrot while my http uses bought certs.
Letsencrypt has gone far enough that we can just rely on it now apparently.
- Comment on Most under-utilized consoles? 2 weeks ago:
Lunar 1&2 were originally released on the Sega CD, as was shining force CD.
There were a few decent games on it, but agreed, not many.
- Comment on How a false X post about pausing tariffs led to multi-trillion-dollar market swings. 2 weeks ago:
You’re so full of shit, this isn’t a recession.
This is a proper depression, just like the last time people fucked with tariffs.
- Comment on Testing vs Prod 2 weeks ago:
In my job? Yes.
At home? God no.
I make sure I can recover data when things go wrong, but otherwise my recovery path is redeploying quickly.
- Comment on Trump cuts funding to FOSS projects. 2 weeks ago:
I’m gonna have to donate then.
- Comment on Why is my server using all my Swap but I have RAM to spare? 2 weeks ago:
It pushes stuff when they’re really really cold, so for instance init services and libs that have basically never been touched since boot but still technically need to be in memory.
They might have been pushed out because the page cache thought it had something more interesting, or if you have VMs, because the system wanted to make some huge pages.
- Comment on Filesystem and virtualization decisions for homeserver build 2 weeks ago:
It’s good, but be aware you want to stick to LTS kernels or at least don’t upgrade casually.
Arch is the worst for this, ubuntu and debian are better but still get hit.
forums.opensuse.org/t/…/151323
github.com/openzfs/zfs/issues/15759
…topicbox.com/…/zfs-2-2-5-compatible-with-kernel-…
reddit.com/…/zfs_not_compatible_with_kernel_63/
Hit this recently on an arch build, switched to kernel-lts and it worked, but basically once every year or so the abi breaks and zfs is dead for 3-6 months on github.com/torvalds/linux@master. Just FYI.
- Comment on Filesystem and virtualization decisions for homeserver build 2 weeks ago:
FYI, zfs is pretty fucking fragile, it breaks a lot, especially if you like to keep your kernel up to date. The kernel abi is just unstable and it takes months to catch up.
Which is part of why I don’t trust zfs on root.
Worst case you can sometimes recover with zfs-fuse.
- Comment on Intel Unison allowed Android and iOS to connect to Windows, now it's shutting down 2 weeks ago:
KDE connect is a life saver.
Cancelled pushbullet for it, it’s incredible.
- Comment on Bernstein Posits That A 10 Percent Baseline US Tariff On Raw Semiconductors Is "Not Going To Do All That Much," But PCs, Servers, And Smartphones Are About To Get Pricier By ~40 Percent 2 weeks ago:
That’s literally what I’m saying.
Are you being semantic?
They realized the revenue as dividends, which is exactly what the link says.
- Comment on Filesystem and virtualization decisions for homeserver build 2 weeks ago:
Nfs, it’s good enough, and is how everyone accesses it. I’m toying with ceph or some kind of object storage, but that’s a big leap and I’m not comfortable yet
Zfs snapshot to another machine with much less horsepower but similar storage array.
Debian boots off like a 128gb Sata ssd or something, just something mindless that makes it more stable, I don’t want to f with Zfs root.
My pool isn’t encrypted, don’t consider it necessary, though I’ve toyed with it in th past. Anything sensitive I keep on separate USB keys and duplicate them, and I use luks.
I considered virtiofs, it’s not ready for what I need, it’s not meant for this use case and it causes both security and other issues. Mostly it breaks the demarcation so I can’t migrate or retarget to a different storage server cleanly.
These are good ideas, and would work. I use zvols for most of this, in fact I think I pass through a nvme drive to freebsd for its jails.
Docker fucks me here, the volume system is horrible. I made an lxc based system with python automation to bypass this, but it doesn’t help when everyone releases as docker.
I have a simple boot drive for one reason: I want nothing to go wrong with booting, ever, everything after that is negotiable, but the machine absolutely has to show up.
It has a decent uos, but as I mentioned earlier, I live in San Jose and have fucking pge , so weeks without power aren’t fucking unheard of.
- Comment on Bernstein Posits That A 10 Percent Baseline US Tariff On Raw Semiconductors Is "Not Going To Do All That Much," But PCs, Servers, And Smartphones Are About To Get Pricier By ~40 Percent 2 weeks ago:
bea.gov/…/direct-investment-country-and-industry-…
The TCJA generally eliminated taxes on dividends, or repatriated earnings, to U.S. multinationals from their foreign affiliates. Dividends of $776.5 billion in 2018 exceeded earnings for the year, which led to negative reinvestment of earnings, decreasing the investment position for the first time since 1982. Tables 3 and 4 provide information on the country and industry breakdown of dividends.
By country, nearly half of the dividends in 2018 were repatriated from affiliates in Bermuda ($231.0 billion) and the Netherlands ($138.8 billion). Ireland was the third largest source of dividends, but its value is suppressed due to confidentiality requirements. By industry, U.S. multinationals in chemical manufacturing ($209.1 billion) and computers and electronic products manufacturing ($195.9 billion) repatriated the most in 2018.
- Comment on What steps do you take to secure your server and your selfhosted services? 2 weeks ago:
Have the rack mounted one, I usually roll my own router but I’m glad to have someone else making sure I don’t do anything stupid for security.
It’s not perfect, but it’s peace of mind.
- Comment on Filesystem and virtualization decisions for homeserver build 2 weeks ago:
Zfs on Debian on bare metal with nfs server.
Vlan for services with routed subnet
Sriov connectx4 with 1 primary vm running freebsd and basically all my major services in their own jails. Won’t go into details, but it has like 20 jails and runs almost everything.
1 vm for external nginx and named on Debian vm on isolated subnet/Vlan and dmz for exposed services
1 vm for mailinabox on dmz subnet/Vlan
1 Debian vm on services vlan/net for apps that don’t play well with freebsd, mostly dockers, I do not like this vm, it’s basically unclean and mostly isolated.
Few other vms for stuff.
It’s a Dell r730 with 2 2697(or 2698? 20c/40t each) with 512gb.
12x16tb hgst h530s with 2 nvme drives and 2 Sata ssds, somewhere in there is a zlog and l2arc.
Can’t figure out how to fit a decent GPU in there so currently it’s living on my dual Rome workstation, this system is due for an upgrade, thinking about swapping the workstation to a much lighter one and push the work to the server, while moving the storage to a dedicated system, but not there yet.
Love freebsd though, don’t use it as my daily driver, tried a bit, it worked but there was just enough trouble to not make it work, but freebsd has moved on and so have i, so it’s worth a shot again.
Decent i/O, but nothing to write home about, think it saturates the 10g but only just, I have gear for full 100g (I do a LOT of chip startups, and worked at a major networking chip firm a while) but it takes a lot more power, and i have PGE so I can’t justify it till I can seriously saturate it.
Also I’m in process of moving to Europe, built a weak network here and linked via wire guard, but shit is expensive here and I’m not sure how to finish the move just yet, so I’m basically 50/50 including time at work in the valley.
- Comment on Filesystem and virtualization decisions for homeserver build 2 weeks ago:
ZFS, hands down, it doesn’t even begin to hurt the SSDs, it’s basically the best choice, just try to not fill the whole volumes or it starts thrashing like crazy.
ZFS has encryption, but LUKS is fine too.
I’ve run Raidz2 for well over a decade, never had data loss that wasn’t extremely my fault, and I recovered from that almost immediately from backed up snapshot.
- Comment on Bernstein Posits That A 10 Percent Baseline US Tariff On Raw Semiconductors Is "Not Going To Do All That Much," But PCs, Servers, And Smartphones Are About To Get Pricier By ~40 Percent 2 weeks ago:
He wasn’t successful at anything.
He slashed the corporate income tax and due to an effective amnesty on repatriation many large MNCs brought stashed offshore cash and cut R&D to register massive earnings for his last 2 years.
Ironically, this started to dry up right around Q1 2020… Then COVID drowned out everything.
His response was to just pump $4T to employers with almost no documentation, thank god we didn’t see a massive wave in inflation out of that.
- Comment on Did ChatGPT come up with Trump’s tariff rate formula? AI chatbots ChatGPT, Gemini, Claude and Grok all return the same formula for reciprocal tariff calculations, several X users claim. 3 weeks ago:
Actually, it was the Palantir threat model… which has a frontend to a private chatgpt model :(
- Comment on Just a moment... 3 weeks ago:
Feckoin.
- Comment on What steps do you take to secure your server and your selfhosted services? 3 weeks ago:
Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.
Also consider a honeypot that triggers when anyone tries to ssh it at all.