SpaceCadet
@SpaceCadet@feddit.nl
- Comment on Still booting after all these years: The people stuck using ancient Windows computers 12 hours ago:
You can protect yourself from that with airgapping and backups. The bigger issue is probably that it’s becoming increasingly hard to source parts for such old hardware.
- Comment on What techniques do bad faith users use online to overwhelm other users in online discussion and arguments? 1 day ago:
Oh look we got a live one!
Mods: if you’re going to remove comments, at least have the guts to say you want to maintain your echo chamber instead of hiding behind rule 5, which this comment does not violate.
- Comment on What techniques do bad faith users use online to overwhelm other users in online discussion and arguments? 1 day ago:
We got a live one!
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
That’s only for a single case comparison. You can’t draw statistically meaningful conclusions about what percentage of traffic the pihole has blocked over a longer period of time.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Yeah no ublock origin really won’t block all that many
Meh, it’s fairly easy to check this you know. If I turn off uBlock, my pihole logs do turn red. If it’s left on, pihole logs stay mostly green, with nothing suspicious or out of the ordinary getting through.
the chattiest DNS comes from apps and smart devices, windows and mac laptops etc.
I don’t have many of those. My work laptop is windows but it connects through a VPN only, and I have my smartphone that I barely use at home.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Why call it secondary then, that’s so counterintuitive lol
I don’t think that’s even the official naming. It probably comes from what Windows 95 called it back in the day:
On Linux, it’s just an additional “nameserver x.x.x.x” line in
/etc/resolv.conf, with no indication of which is the “primary” or “secondary”. - Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Your understanding is not correct. For page elements, uBlock prevents the domain from even trying to load, so no DNS request is ever made. Only if you go directly to an ad domain from the url bar (who does that?), does a DNS request get made.
For example, on my own webserver, I created a simple static html file with an <img> tag pointing to an ad domain that I know is blocked on uBlock as well as on the pihole. Like so:
<html> adblock test <img src="https://track.adtrue.com/some/bannerad.png"></img> </html>
Loading that page, uBlock showed 1 blocked ad on that page, pihole only logged a DNS request to my webserver, not to
track.adtrue.com.Once I turned off uBlock in the browser and reloaded the page, pihole did log the request to
track.adtrue.comand blocked it. My browser showed a broken image. - Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
I use firebog’s ticked lists, from what I can tell from the logs ad domains are blocked just fine.
But as I said, I have ublock origin on all my browsers which already catches most ads before they reach pihole, and I don’t use mobile a lot when I’m at home. Oh, and I also use Linux, so no Microsoft telemetry to block either.
1.7% makes perfect sense to me.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
The box I’m running pihole on hosts several other services as well, so I dread having to reinstall everything. Most of it is dockerized, but still.
Anyway, I also waffled back and forth on dockerizing pihole when I initially installed it … but ended up going bare metal, and now I wish I would have gone docker from the start. The initial install is perhaps slightly more complicated, but it’s so much more maintainable and transportable to other devices: transfer volumes, and run your docker-compose.yml on the other box … and voila, you’ve cloned your pihole. I use that system to keep my backup pihole in sync by the way.
Before pihole was essentially a frontend for dnsmasq but it seems like it’s a bit more than that now
Indeed, it doesn’t run dnsmasq separately anymore, but somehow incorporates all dnsmasq capabilities and it still uses dnsmasq syntax config files, and can be configured to include the
/etc/dnsmasq.dconfigs. - Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Randomly? No, only when your pi goes down
Not how secondary DNS works. It round robins the requests across primary and secondary DNS servers.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Secondary DNS is not for redundancy!
The way secondary DNS works is that a client distributes DNS requests across the primary and secondary DNS servers. So if you have pihole as your primary DNS and, say, 8.8.8.8 as your secondary DNS, you’re sending half of your DNS requests to google. And if your pihole DNS goes down, half of your DNS queries time out.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Literally just had my pihole hard crash this weekend due to a bad update to FTL. Apparently they had a major version upgrade and didn’t bother to read the notes so I had to do a full OS reinstall.
The v6 upgrade was such a disaster. I was bitten by it too, it started the upgrade then halfway through decided it didn’t like my OS (debian-testing) and crapped out … leaving me with a b0rked installation. Luckily I was able to return to v5 using my system backup. It was a right pain to figure out how to restore though, because they write files all over /opt, /etc, /usr/bin, /usr/local and /var.
For this reason I have since dockerized my pihole installation. Not only does this allow you to choose the exact pihole version you want (a bare metal install only supports the latest version), but it allows you to centralize your configuration files neatly under a docker volume, so you only have to backup the volume.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Raspberry Pies (is that how you pluralize it?), and especially their SD cards are not the most reliable pieces of hardware. I’ve already had a few die on me.
As for how annoying outages are, I guess that depends on how many people and services you have on your network relying on a functioning DNS. I am running two pihole instances on separate hardware in a keepalived virtual IP setup, with a replicated configuration. Sounds complicated, but it’s really easy.
It’s just nice to be able to reboot or perform maintenance on my pihole knowing it won’t impact DNS, and not having to worry about interrupting my girlfriend streaming her Netflix series or whatever. For example, just a couple of weeks ago I converted my bare-metal pihole installation to a dockerized one, which was a couple of hours of work, without any DNS downtime at all.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
It isn’t so much about the payload of the DNS requests, but about the content that would have been loaded if the DNS request hadn’t been blocked.
If you load a page that has 100kB of useful information, but 1MB of banner ads and trackers … you’ve blocked a lot more than 66%. But if you block 1MB of banner ads on a page that hosts a 200MB video, you’ve blocked a lot less.
Also a 66% blocked percentage seems very high. I have installed pihole on 2 networks, and I’m seeing 1.7% on my own network, but I do run uBlock on almost everything which catches most stuff before it reaches the pihole, and 25% on the other network.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 1 week ago:
Misleading statement. It doesn’t block “traffic”, it blocks DNS requests… you don’t know how much traffic this corresponds to.
- Comment on Do it 5 weeks ago:
Satan is in my ass in my ass
- Comment on How to secure Jellyfin hosted over the internet? 1 month ago:
That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”
A common issue it seems.
- Comment on How to secure Jellyfin hosted over the internet? 1 month ago:
What I used to do was: I put jellyfin behind an nginx reverse proxy, on a separate vhost (so on a unique domain). Then I added basic authentication (a htpasswd file) with an unguessable password on the whole domain. Then I added geoip firewall rules so that port 443 was only reachable from the country I was in. I live in small country, so this significantly limits exposure.
Downside of this approach: basic auth is annoying. The jellyfin client doesn’t like it … so I had to use a browser to stream.
Nowadays, I put all my services behind a wireguard VPN and I expose nothing else. Only issue I’ve had is when I was on vacation in a bnb and they used the same IP range as my home network :-|
- Comment on How to secure Jellyfin hosted over the internet? 1 month ago:
This is how I found out Google harvests the URLs I visit through Chrome.
Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.
- Comment on How to secure Jellyfin hosted over the internet? 1 month ago:
all you need is to get a static IP for your home network
Don’t even need a static IP. Dyndns is enough.
- Comment on Online ‘Pedophile Hunters’ Are Growing More Violent — and Going Viral: With the rise of loosely moderated social media platforms, a fringe vigilante movement is experiencing a dangerous evolution. 1 month ago:
Seeing the Brussels Times, I thought it was going to be about this guy: nl.wikipedia.org/wiki/Marcel_Vervloesem (sorry no english link).
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
Ah fuck, I just see that you are lemmy.ml tankie scum. Of course you are siding with autocratic fascists. blocked
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
Hey fuckwit, you didn’t reply to a single thing I said.
Europe supported the Ukrainian people vocally, but verbally during the Maidan.
Russia armed and funded extreme Russian nationalists, you know like actual nazi scum, and sent them to Ukraine led by FSB officers, controlled directly from the Kremlin. Nobody in the Donbas asked for this, except for retarded nazi scum.
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
Fuck your disingenuous bothesidesism.
Western support of Euromaidan (what you erroneously call “meddling”) isn’t remotely comparable to the straight acts of war that Russia committed in the Donbas.
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
I live in a country that was occupied by Nazi Germany, where the Nazis did the exact same things and put the local Nazi sympathizers in charge of local administration. It didn’t turn us into a country with deep Nazi roots.
We just imprisoned and shot those fuckers after the war.
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
Everything, because the people of D&L will not violently resist. They were peaceful citizens of Ukraine, who overwhelmingly voted for Ukrainian independence in 1991.
- Comment on Ukraine isn’t invited to its own peace talks. History is full of such examples – and the results are devastating 2 months ago:
The Donetsk & Luhansk republics would violently resist any attempt by Kyiv to absorb them back into Ukraine.
LOL
You know that whole rebellion thing was created by Russia right?
- Comment on GoneWild was once about people feeling wild and posting pictures of it. Now it's just OnlyFans sale 2 months ago:
Mods should ban any account that has external links meant to sell something
There is r/nofans
- Comment on Jeep Introduces Pop-Up Ads That Appear Every Time You Stop 2 months ago:
I think cars peaked ca. 2010. Anything added after that are annoyances or things being taken away.
If I could get a brand new facelift E90, that would probably be my next car.
- Comment on Choosing pink is chaotic evil? 4 months ago:
