SpaceCadet

@SpaceCadet@feddit.nl

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Self-hosting your own media considered harmful - I just received my second community guidelines violation for my video demonstrating the use of LibreELEC on a Raspberry Pi 5, for 4K video playback⁩ ⁨⁨18⁩ ⁨hours⁩ ago⁩:
Harmful is just code for “threatens the bottom line of multibillion dollar companies”. There is no relation to anything that matters to real people.
⁨Comment⁩ on ⁨Realtek's $10 tiny 10GbE network adapter is coming to motherboards later this year⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I think 10GbE is more intended for local applications than for internet. Say, you have a NAS with a RAID array of nvme drives for video editing purposes that you want to access from a few workstations.

Even the other day I was quite happy to have 2.5GbE when I installed my new gaming PC, and steam was able to pull all my games directly from my old computer rather than downloading them over the internet again.

Anyway, LAN speeds have always been an order of magnitude higher than common internet speeds, so I don’t see the issue.
⁨Comment⁩ on ⁨Mozilla is shutting down Pocket, their read-it-later and content discovery app, and Fakespot, their browser extension that analyzes the authenticity of online product reviews.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
My user.js file is entirely platform independent. I use it on Linux, Windows and even used it on my work provided Macbook. FYI: user.js only contains the settings you want to change, it’s not the whole prefs.js file. It’s just 63 lines.

I agree that chrome feels cleaner and needs a lot less fiddling to get right, but chrome is effectively dead for me. I switched to firefox for much more important reasons than a few UI annoyances.
⁨Comment⁩ on ⁨Mozilla is shutting down Pocket, their read-it-later and content discovery app, and Fakespot, their browser extension that analyzes the authenticity of online product reviews.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Yes, to completely turn it off, it’s an about:config setting: extensions.pocket.enabled

Removing it from the toolbar just hides it, but keeps it running.
⁨Comment⁩ on ⁨Mozilla is shutting down Pocket, their read-it-later and content discovery app, and Fakespot, their browser extension that analyzes the authenticity of online product reviews.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

with every fucking install on every machine. for years.

Multiplied by all the other annoyances you have to turn off, via either gui or about:config, each and every time. I feel you.

I hop machines fairly frequently, use multiple browsing profiles, and often create discardable profiles, so I eventually just went ahead and spent some time tracing all the about:config equivalents of the settings that I typically change every time and then put them in a user.js file that I can just drop into my profile directory.
⁨Comment⁩ on ⁨Still booting after all these years: The people stuck using ancient Windows computers⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You can protect yourself from that with airgapping and backups. The bigger issue is probably that it’s becoming increasingly hard to source parts for such old hardware.
⁨Comment⁩ on ⁨What techniques do bad faith users use online to overwhelm other users in online discussion and arguments?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Oh look we got a live one!

Mods: if you’re going to remove comments, at least have the guts to say you want to maintain your echo chamber instead of hiding behind rule 5, which this comment does not violate.
⁨Comment⁩ on ⁨What techniques do bad faith users use online to overwhelm other users in online discussion and arguments?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
We got a live one!
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
That’s only for a single case comparison. You can’t draw statistically meaningful conclusions about what percentage of traffic the pihole has blocked over a longer period of time.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:

Yeah no ublock origin really won’t block all that many

Meh, it’s fairly easy to check this you know. If I turn off uBlock, my pihole logs do turn red. If it’s left on, pihole logs stay mostly green, with nothing suspicious or out of the ordinary getting through.

the chattiest DNS comes from apps and smart devices, windows and mac laptops etc.

I don’t have many of those. My work laptop is windows but it connects through a VPN only, and I have my smartphone that I barely use at home.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:

Why call it secondary then, that’s so counterintuitive lol

I don’t think that’s even the official naming. It probably comes from what Windows 95 called it back in the day:

Image

On Linux, it’s just an additional “nameserver x.x.x.x” line in /etc/resolv.conf, with no indication of which is the “primary” or “secondary”.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Your understanding is not correct. For page elements, uBlock prevents the domain from even trying to load, so no DNS request is ever made. Only if you go directly to an ad domain from the url bar (who does that?), does a DNS request get made.

For example, on my own webserver, I created a simple static html file with an <img> tag pointing to an ad domain that I know is blocked on uBlock as well as on the pihole. Like so:
```
<html>
adblock test
<img src="https://track.adtrue.com/some/bannerad.png"></img>
</html>
```
Loading that page, uBlock showed 1 blocked ad on that page, pihole only logged a DNS request to my webserver, not to track.adtrue.com.

Once I turned off uBlock in the browser and reloaded the page, pihole did log the request to track.adtrue.com and blocked it. My browser showed a broken image.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I use firebog’s ticked lists, from what I can tell from the logs ad domains are blocked just fine.

But as I said, I have ublock origin on all my browsers which already catches most ads before they reach pihole, and I don’t use mobile a lot when I’m at home. Oh, and I also use Linux, so no Microsoft telemetry to block either.

1.7% makes perfect sense to me.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
The box I’m running pihole on hosts several other services as well, so I dread having to reinstall everything. Most of it is dockerized, but still.

Anyway, I also waffled back and forth on dockerizing pihole when I initially installed it … but ended up going bare metal, and now I wish I would have gone docker from the start. The initial install is perhaps slightly more complicated, but it’s so much more maintainable and transportable to other devices: transfer volumes, and run your docker-compose.yml on the other box … and voila, you’ve cloned your pihole. I use that system to keep my backup pihole in sync by the way.

Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now

Indeed, it doesn’t run dnsmasq separately anymore, but somehow incorporates all dnsmasq capabilities and it still uses dnsmasq syntax config files, and can be configured to include the /etc/dnsmasq.d configs.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:

Randomly? No, only when your pi goes down

Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Secondary DNS is not for redundancy!

The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google. And if your pihole DNS goes down, half of your DNS queries time out.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:

Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.

The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn’t like my OS (debian-testing) and crapped out … leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.

For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I’ve already had a few die on me.

As for how annoying outages are, I guess that depends on how many people and services you have on your network relying on a functioning DNS. I am running two pihole instances on separate hardware in a keepalived virtual IP setup, with a replicated configuration. Sounds complicated, but it’s really easy.

It’s just nice to be able to reboot or perform maintenance on my pihole knowing it won’t impact DNS, and not having to worry about interrupting my girlfriend streaming her Netflix series or whatever. For example, just a couple of weeks ago I converted my bare-metal pihole installation to a dockerized one, which was a couple of hours of work, without any DNS downtime at all.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It isn’t so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn’t been blocked.

If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers … you’ve blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you’ve blocked a lot less.

Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I’m seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.
⁨Comment⁩ on ⁨The Beauty Of Having A Pi-hole · Den Delimarsky⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Misleading statement. It doesn’t block “traffic”, it blocks DNS requests… you don’t know how much traffic this corresponds to.
⁨Comment⁩ on ⁨Do it⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Satan is in my ass in my ass
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”

A common issue it seems.
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
What I used to do was: I put jellyfin behind an nginx reverse proxy, on a separate vhost (so on a unique domain). Then I added basic authentication (a htpasswd file) with an unguessable password on the whole domain. Then I added geoip firewall rules so that port 443 was only reachable from the country I was in. I live in small country, so this significantly limits exposure.

Downside of this approach: basic auth is annoying. The jellyfin client doesn’t like it … so I had to use a browser to stream.

Nowadays, I put all my services behind a wireguard VPN and I expose nothing else. Only issue I’ve had is when I was on vacation in a bnb and they used the same IP range as my home network :-|
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
This is how I found out Google harvests the URLs I visit through Chrome.

Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.
⁨Comment⁩ on ⁨How to secure Jellyfin hosted over the internet?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

all you need is to get a static IP for your home network

Don’t even need a static IP. Dyndns is enough.
⁨Comment⁩ on ⁨Online ‘Pedophile Hunters’ Are Growing More Violent — and Going Viral: With the rise of loosely moderated social media platforms, a fringe vigilante movement is experiencing a dangerous evolution.⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Seeing the Brussels Times, I thought it was going to be about this guy: nl.wikipedia.org/wiki/Marcel_Vervloesem (sorry no english link).
⁨Comment⁩ on ⁨Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Ah fuck, I just see that you are lemmy.ml tankie scum. Of course you are siding with autocratic fascists. blocked
⁨Comment⁩ on ⁨Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Hey fuckwit, you didn’t reply to a single thing I said.

Europe supported the Ukrainian people vocally, but verbally during the Maidan.

Russia armed and funded extreme Russian nationalists, you know like actual nazi scum, and sent them to Ukraine led by FSB officers, controlled directly from the Kremlin. Nobody in the Donbas asked for this, except for retarded nazi scum.
⁨Comment⁩ on ⁨Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Fuck your disingenuous bothesidesism.

Western support of Euromaidan (what you erroneously call “meddling”) isn’t remotely comparable to the straight acts of war that Russia committed in the Donbas.
⁨Comment⁩ on ⁨Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I live in a country that was occupied by Nazi Germany, where the Nazis did the exact same things and put the local Nazi sympathizers in charge of local administration. It didn’t turn us into a country with deep Nazi roots.

We just imprisoned and shot those fuckers after the war.