tofubl
@tofubl@discuss.tchncs.de
- Comment on [Repost] Reliable alternatives to AWS Deep Glacier for ~5TB? 1 month ago:
Storage box is self-serviced storage on a single server, as far as I’m aware. If you need replication, you need to rent storage at a second location and do it yourself.
- Comment on Welcome to the Age of Technofeudalism - The tech giants have overthrown capitalism 1 month ago:
And I’m sure the fish he caught that one time really was YEA big. And boy the fight he gave him.
- Comment on Welcome to the Age of Technofeudalism - The tech giants have overthrown capitalism 1 month ago:
By god, lemmy is civilised. 😂 I love it.
I can see what you mean, too, but am still on the liking him side I guess. And anyway, l’art pour l’art and all that, right? 😅
- Comment on Welcome to the Age of Technofeudalism - The tech giants have overthrown capitalism 1 month ago:
Hm, interesting. I didn’t read it like that, but as an economist trying to make sense of what’s going on and explain it to others. I didn’t question whether the thoughts are original, neither do I know if there are holes in his concepts that I as a non-economist am blind to. My personal opinion, anyway, is that the message is important today (or better yet 15 years ago but nobody would have listened 😉), no matter whether he is primarily motivated by his ego or what.
Maybe this makes me part of the people he caters to, but that line of thinking doesn’t lead anywhere meaningful anyway, I think.
I liked the end of the book: A call to action for us to come up with tools and technological solutions for “users” to stand together so we can create resistance against overly powerful cooperations and demand our rights. I don’t think it’s hypocritical for him to ask for this either. We need people to point problems out and problem solvers, both.
Have you read more of what he wrote or how did you come by that opinion on him? Technofeudalism and a number of interviews leading up to the book release was the first I was exposed to him.
- Comment on Linux Distro for Jellyfin HTPC 1 month ago:
I have a Raspberry Pi 3 with a Hifiberry DAC running OSMC (nicely packaged Kodi on top of Debian) acting as my media center and recently installed Jellycon with the hopes of being able to use server side transcoding for a few formats my old TV doesn’t support.
My verdict: Menu navigation is slow, but it’s a native kodi integration (supports widgets) and playback works great once you made your way through the menus. You can selectively set transcoding options per file type which is exactly what I needed.
Best solution I’ve seen so far, as it also does IR remote passthrough over HDMI if your TV supports it. The addon works in any kodi setup of course. I think there might be a way to start playback from the Jellyfin web UI but haven’t bothered with it. This would fully remedy the menu slowness, I think.
- Comment on Welcome to the Age of Technofeudalism - The tech giants have overthrown capitalism 1 month ago:
Is that a way of saying you think he’s wrong?
I thought the book had an interesting core idea, even if his grasp on technology seems rather loose and I really disliked the literary device he used to explain said idea.
What’s your take on it?
- Comment on I'm looking for large, battery powered customizable Bluetooth buttons 2 months ago:
Read your reply now, and not sure about the requirements you have: must not leave the local devices or must not use the WiFi?
If it’s the latter, a 4g USB modem with a cheap iot data plan easily frees you of that.
- Comment on I'm looking for large, battery powered customizable Bluetooth buttons 2 months ago:
I second Zigbee.
- There’s plenty of devices available.
- Battery life is amazing.
- zigbee2mqtt is an easy way to bring those messages into your regular IP network; they have a huge list of supported devices.
- Once translated to MQTT, you can hook any automation onto it you want: a python script, home assistant, or my recommendation in this case, NodeRED. NodeRED has a module for zigbee2mqtt that is very well integrated to just know all devices registered on your zigbee network and stringing flows together is actually fun once you get the hang of it. Plus, there is no upper bound to flow complexity.
- Gateway device can be a sonoff zigbee USB coordinator and the whole thing can comfortably run on a rpi3.
- Comment on Tesla seeks to award Elon Musk $56bn pay package | BBC 2 months ago:
It’s only fair.
- Comment on Help with reverse proxy architecture 2 months ago:
The answer seems to always be “not segmented enough”. ;)
- Comment on Help with reverse proxy architecture 2 months ago:
Haha, why do I even ask.
- Comment on Help with reverse proxy architecture 2 months ago:
This is a good hint, I’m going to take a look at that. Thank you!
- Comment on Help with reverse proxy architecture 2 months ago:
I never specified, I think, and probably wasn’t too clear on it myself. Thanks for your insights, I’ll try to take them to my configuration now.
- Comment on Help with reverse proxy architecture 2 months ago:
This is exactly the answer I was looking for. Thanks a bunch.
So but in that way, having a proxy on the LAN that knows about internal services, and another proxy that is exposed publicly but is only aware of public services does help by reducing firewall rule complexity. Would you say that statement is correct?
- Comment on Help with reverse proxy architecture 2 months ago:
Right, I agree with proxy exploit means compromised either way. Thanks for your reply.
I am trying to prevent the case where internal services that I don’t otherwise have a need to lock down very thoroughly might get publicly exposed. I take it it’s an odd question?
Re “bouncer”: Expose some services publicly, not others, discriminated by host with public dns (service1.example.com) or internal dns (service2.home.example.com), is what I think I meant by it. Hence my question about one proxy for internal and one public, or one that does both.
- Comment on Help with reverse proxy architecture 2 months ago:
Right, I could have been more precise. I’m talking about security risk, not resilience or uptime.
That is a fair point.
It’ll probably be the most secure component in your stack.
So, one port-forward to the proxy, and the proxy reaching into both VLANs as required, is what you’re saying. Thanks for the help!
- Comment on Help with reverse proxy architecture 2 months ago:
The services run on a separate box; yet to be decided on which VLAN I put it. I was not planning to have it in the DMZ but to create ingress firewall rules from the DMZ.
- Comment on Help with reverse proxy architecture 2 months ago:
One proxy with two NICs downstream? Does that solve the “single point of failure” risk or am I being overly cautious?
Plus, the internal and external services are running on the same box. Is that where my real problem lies?
- Submitted 2 months ago to selfhosted@lemmy.world | 19 comments
- Comment on Introducing selfh.st/apps, a Directory of Self-Hosted Software 2 months ago:
selfh.st
selfh.st is an independent publication created and curated by Ethan Sholly. […] selfh.st draws inspiration from a number of sources including reddit’s r/selfhosted subreddit, the Awesome-Selfhosted project on GitHub, and the #selfhosted/#homelab communities on Mastodon.
and also
This Week in Self-Hosted is sponsored by Tailscale, trusted by homelab hobbyists and 4,000+ companies. Check out how businesses use Tailscale to manage remote access to k8s and more.
awesome-selfhosted.net
This list is under the Creative Commons Attribution-ShareAlike 3.0 Unported License. Terms of the license are summarized here. The list of authors can be found in the AUTHORS file. Copyright © 2015-2024, the awesome-selfhosted community
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
You know your stuff, man! It’s exactly as you say. 🙏
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
My config was more or less identical to yours, and that removed some doubt and let me focus on the right part: Without a
wan0.network
, the host isn’t bringing upbr0
on boot. I thought it had something to do with the interface having an IP, but turns out the following works as well:user@edge:/etc/systemd/network$ cat wan0.network [Match] Name=br0 [Network] DHCP=no LinkLocalAddressing=ipv4 [Link] RequiredForOnline=no
Thank you once again!
- Comment on Small Commercial Gym Software 4 months ago:
No worries. It has a stripe integration, too, so it’s easy to handle payments without having to hold customers’ credit card info.
- Comment on Small Commercial Gym Software 4 months ago:
You can easily host the community edition in Docker or otherwise. Odoo has a steep learning curve but it’s very versatile. It can definitely do what you describe.
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
I have another question, if you don’t mind: I have a debian/incus+opnsense setup now, created bridges for my NICs with systemd-networkd and attached the bridges to the VM like you described. I have the host configured with DHCP on the LAN bridge and ideally (correct me if I’m wrong, please), I’d like the host to not touch the WAN bridge at all (other than creating it and hooking it up to the NIC).
Here’s the problem: if I don’t configure the bridge on the host with either dhcp or a static IP, the opnsense VM also doesn’t receive an IP on that interface. I have a br0.netdev to set up the bridge, a br0.network to connect the bridge to the NIC, and a wan.network to assign a static IP on br0, otherwise nothing works. (While I’m working on this, I have the WAN port connected to my old LAN, if it makes a difference.)
My question is: Is my expectation wrong or my setup? Am I mistaken that the host shouldn’t be configured on the WAN interface? Can I solve this by passing the pci device to the VM, and what’s the best practice here?
Thank you for taking a look! 😊
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
Thanks for your patience. I appreciate it and I’m learning a lot. 🙏
There’s a chance yet!
- Comment on How to set up Immich from the files within nextcloud? 4 months ago:
That sounds reasonable. I would do the same.
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
Okay, I think I found a bit of a catch with Incus or LXD. I want a solution with a web UI, and while Incus has one, it seems to have access control either browser certificate based or with a central auth server. Neither are a good solution for me - I would much prefer regular user auth with the option to use an auth server at some point (but I don’t want to take all of this on all at once.)
I hope it’s okay that I keep coming back to you with these questions. You seem to be a strong Incus-evangelist. :)
- Comment on How to set up Immich from the files within nextcloud? 4 months ago:
Nextcloud doesn’t like changes on disk in its own file structure, but you can mount “external storage” where Nextcloud is okay with changes and happily scans the location when you access it (a network share, or a local file path also works; SMB share will probably get you around the permissions problem though.)
Don’t know about immich as I haven’t used it, but you will probably have to decide on one of the two services to be “in charge” of the files, I think.
- Comment on virtualizing PFSense. What else works besides ESXi for virtual networking? 4 months ago:
Absolutely. Great intel; thank you!