greyfox
@greyfox@lemmy.world
- Comment on Resurrecting a dead torrent tracker and finding 3 million peers 1 week ago:
Your $1 has absolutely changed in value by 10pm. What do you think inflation is? It might not be enough change for the store to bother changing prices but the value changes constantly.
Watch the foreign exchange markets, your $1 is changing in value compared to every other currency constantly.
The only difference between fiat and crypto is that changing the prices in the store is difficult, and the volume of trade is high enough to reduce volatility in the value of your $. There are plenty of cases of hyperinflation in history where stores have to change prices on a daily basis, meaning that fiat is not immune to volatility.
To prevent that volatility we just have things like the federal reserve, debt limits, federal regulations, etc that are designed to keep you the investor (money holders) happy with keeping that money in dollars instead of assets. The value is somewhat stable as long as the government is solvent.
Crypto doesn’t have those external controls, instead it has internal controls, i.e. mining difficulty. Which from a user perspective is better because it can’t be printed at will by the government.
Long story short fiat is no different than crypto, there is no real tangible value, so value is what people think it is. Unfortunately crypto’s value is driven more by speculative “investors” than by actual trade demand which means it is more volatile. If enough of the world changed to crypto it would just as stable as your $.
Not saying crypto is a good thing just saying that it isn’t any better or worse. It needs daily usage for real trade by a large portion of the population to reduce the volatility, instead of just being used to gamble against the dollar.
Our governments would likely never let that happen though, they can’t give up their ability to print money. It’s far easier to keep getting elected when you print the cash to operate the government, than it is to raise taxes to pay for the things they need.
The absolutely worthless meme coin scams/forks/etc are just scammers and gamblers trying to rip each other off. They just make any sort of useful critical mass of trade less and less plausible because it gives all crypto a bad name. Not that Bitcoin/Ethereum started out any different but now that enough people are using them splitting your user base is just self defeating
- Comment on Old laptop died 🥲 1 week ago:
When you saw that 20v on the board I assume that was right next to the charge port? There are often fuses that should be very close to that connector that you can check for continuity on. Usually marked with zeros because they act like a zero ohm resistor.
Even if the fuse is blown that might just be a sign that something further down the line failed but it would be an easy thing to check at least.
- Comment on Old laptop died 🥲 1 week ago:
I am not exactly an expert at this but it could just be from heat. Do you have a multimeter to check if current can pass through it still?
Either way it seems like this shouldn’t be affecting the laptop when plugged in because it is so close to the battery connector and it looks like the traces are related to the battery connector.
Do you get anything at all (battery/power LEDs) trying to run off of the battery? Is it possible that the charge port failed and the battery is just dead now? Maybe check the battery voltage to see how far drained it is.
- Comment on Pick-ups from the Vancouver Retro Gaming Expo 1 week ago:
I just did a playthrough recently and I think it holds up pretty well. A lot of wasted time on little cutscenes like opening Atla/boxes, and switching characters that gets quite annoying, but gameplay was fine.
One or two bosses that are difficult but a little leveling up, or wiki hints on how to cheese them, and they are a piece of cake. Once you hit the ship dungeon and have easier access to backrooms (since you can buy the fish to enter them) you can grind for gemstones and you end up being able to one hit almost everything from there on out.
Grinding gets a bit boring after a while, I’ll admit I enabled some fish point cheats in my emulator after I had one character with a maxed out weapon. Clear that I could easily do it myself but wasn’t going to waste that time to upgrade the other weapons I wanted leveled up.
- Comment on Self Hosted Private Forums? 2 weeks ago:
Probably a terrible idea but have you considered a private Lemmy instance? At the end of the day Lemmy/PieFed/Reddit are just forums with conversation threads and upvotes.
Lemmy is probably way more of a resource hog than the other various php options but from a usability standpoint if you have a favorite Lemmy mobile app it would work for your private instance as well.
There appears to be a private instance mode that disables federation.
- Comment on Jellyfin 10.11 RC1 Released 2 weeks ago:
Docker(/Compose) can do mounts directly to the container as well.
https://blog.stefandroid.com/2021/03/03/mount-nfs-share-in-docker-compose.html
https://docs.docker.com/engine/storage/volumes/#create-a-service-which-creates-an-nfs-volume
I’ve used NFS mounts with docker compose before but I see the second link also includes an example for CIFS as well.
- Comment on ISPs seem designed to funnel people to capitalist cloud services 4 weeks ago:
For shared lines like cable and wireless it is often asymmetrical so that everyone gets better speeds, not so they can hold you back.
For wireless service providers for instance let’s say you have 20 customers on a single access point. Like a walkie-talkie you can’t both transmit and receive at the same time, and no two customers can be transmitting at the same time either.
So to get around this problem TDMA (time division multiple access) is used. Basically time is split into slices and each user is given a certain percentage of those slices.
Since the AP is transmitting to everyone it usually gets the bulk of the slices like 60+%. This is the shared download speed for everyone in the network.
Most users don’t really upload much so giving the user radios equal slices to the AP would be a massive waste of air time, and since there are 20 customers on this theoretical AP every 1mbit cut off of each users upload speed is 20mbit added to the total download capability for anyone downloading on that AP.
So let’s say we have APs/clients capable of 1000mbit. With 20 users and 1AP if we wanted symmetrical speeds we need 40 equal slots, 20 slots on the AP one for each user to download and 1 slot for each user to upload back. Every user gets 25mbit download and 25mbit upload.
Contrast that to asymmetrical. Let’s say we do a 80/20 AP/client airtime split. We end up with 800mbit shared amongst everyone and 10mbit upload per user. Realistically 10mbit upload is more than the average user will need and we gained %33 more download speed which users do need.
In the worst case scenario every user is downloading at the same time meaning you get about 40mbit of that 800, still quite the improvement over 25mbit and if some of those people aren’t home or aren’t active at the time that means that much more for those who are active.
I think the size of the slices is a little more dynamic on more modern systems where AP adjusts the user radios slices on the fly so that idle clients don’t have a bunch of dead air but they still need to have a little time allocated to them for when data does start to flow.
A quick Google seems to show that DOCSIS cable modems use TDMA as well so this all likely applies to cable users as well.
- Comment on the 'it' in 'it snows' doesn't refer to anything 4 weeks ago:
They are from the Lemmynsfw instance. Probably automatically applied to any post coming from that instance.
- Comment on Realtek's $10 tiny 10GbE network adapter is coming to motherboards later this year 5 weeks ago:
Cisco c3850-12x48u is about $150 on eBay.
- 802.3bt (60watt) PoE on all ports
- 36x 1gig rj45 ports
- 12x 1/2.5/5/10gig rj45 ports
- Has a module slot that you can add 4x or 8x (8x is rare so expensive) 10gig sfp+
The main problem is the idle power consumption. About 150w with nothing plugged in.
- Comment on Sharing Jellyfin 2 months ago:
Depending on how you setup your reverse proxy it can reduce random scanning/login attempts to basically zero. The point of a reverse proxy is to act as a proxy, as a sort of web router, and to validate that the http requests are correctly formatted.
For the routing depending on what DNS name/path the request comes in with it can route to different backends. So you can say that app1.yourdomain.com is routed to the internal IP address of your app1, and app2.yourdomain.com goes to app2. You can also do this with paths if the applications can handle it. Like yourdomain.com/app1.
When your client makes a request the reverse proxy uses the “Host” header or the SNI string that is part of the TLS connection to determine what certificate to use and what application to route to.
There is usually a “default” backend for any request that doesn’t match any of the names for your backend services (like a scanner blindly trying to access your IP). If you disable the default backend or redirect default requests to something that you know is secure any attacker scanning your IP for vulnerabilities would get their requests rejected. The only way they can even try to hit your service is to know the correct DNS name of your service.
Some reverse proxies (Traefik, HAproxy) have options to reject the requests before the TLS negation has even completed. If the SNI string doesn’t match the connection just drops it doesn’t even bother to send a 404/5xx error. This can prevent an attacker from doing information gathering about the reverse proxy itself that might be helpful in attacking it.
This is security by obscurity which isn’t really security, but it does reduce your risk because it significantly reduces the chances of an attacker being able to find your applications.
Reverse proxies also have a much narrower scope than most applications as well. Your services are running a web server with your application, but is Jellyfin’s built in webserver secure? Could an attacker send invalid data in headers/requests to trigger a buffer overflow? A reverse proxy often does a much better job of preventing those kinds of attacks, rejecting invalid requests before they ever get to your application.
- Comment on Is it normal to not have any malicious login attempts? 2 months ago:
Agreed. The nonstandard port helps too. Most script kiddies aren’t going to know your service even exists.
Take it another step further and remove the default backend on your reverse proxy so that requests to anything but the correct DNS name are dropped (bots just are probing IPs) and you basically don’t have to worry at all. Just make sure to keep your reverse proxy up to date.
The reverse proxy ends up enabling security through obscurity, which shouldn’t be your only line of defence, but it is an effective first line of defence especially for anyone who isn’t a target of foreign government level of attacks.
Adding basic auth to your reverse proxy endpoints extends that a whole lot further. Form based logins on your apps might be a lot prettier, but it’s a lot harder to probe for what’s running behind your proxy when every single URI just returns 401. I trust my reverse proxy doing basic auth a lot more than I trust some php login form.
I always see posters on Lemmy about setting up elaborate VPN setups for as the only way to access internal services, but it seems like awful overkill to me.
VPN still needed for some things that are inherently insecure or just should never be exposed to the outside, but if it is a web service with authentication required a reverse proxy is plenty of security for a home lab.
- Comment on Synology could bring “certified drive” requirements to more NAS devices 2 months ago:
You are paying for reasonably well polished software, which for non technical people makes them a very good choice.
They have one click module installs for a lot of the things that self hosted people would want to run. If you want Plex, a onedrive clone, photo sync on your phone, etc just click a button and they handle installing and most of the maintenance of running that software for you. Obviously these are available on other open source NAS appliances now too so this isn’t much of a differnentiator for them anymore, but they were one of the first to do this.
I use them for their NVR which there are open source alternatives for but they aren’t nearly as polished, user friendly, or feature rich.
Their backup solution is also reasonably good for some home labs and small business use cases. If you have a VMware lab at home for instance it can connect to your vCenter and it do incremental backups of your VMs. There is an agent for Windows machines as well so you can keep laptops/desktops backed up.
For businesses there are backup options for Office365/Google Workspace where it can keep backups of your email/calendar/onedrive/SharePoint/etc. So there are a lot of capabilities there that aren’t really well covered with open source tools right now.
I run my own built NAS for mass storage because anything over two drives is way too expensive from Synology and I specifically wanted ZFS, but the two drive units were priced low enough to buy just for the software. If you want a set and forget NAS they were a pretty good solution.
If their drives are reasonably priced maybe they will still be an okay choice for some people, but we all know the point of this is for them to make more money so that is unlikely. There are alternatives like Qnap, but unless you specifically need one of their software components either build it yourself or grab one of the open source NAS distros.
- Comment on Two Open Source Projects Combine to 3D Print a Working Replica Key Using a Flipper Zero 2 months ago:
I’ve had one of these 3d printed keys in my wallet as a backup in case I get locked out for 5 years now. I certainly don’t use it often but yeah it holds up fine.
The couple of times I have used it works fine but you certainly want to be a little extra careful with it. I’ve got locks that are only 5ish years old so they all turn rather easily, and I avoid my door with the deadbolt when I use it because that would probably be too much for it.
Mine is PETG but for how thin it is, it flexes a lot. I figured flexing is better than snapping off, but I think PLA or maybe a polycarbonate would function better. A nylon would probably be too flexible like the PETG.
- Comment on I can not over express how happy I am with having setup my NAS from scratch. 4 months ago:
If your NAS has enough resources the happy(ish) medium is to use your NAS as a hypervisor. The NAS can be on the bare hardware or its own VM, and the containers can have their own VMs as needed.
Then you don’t have to take down your NAS when you need to reboot your container’s VMs, and you get a little extra security separation between any externally facing services and any potentially sensitive data on the NAS.
Lots of performance trade offs there, but I tend to want to keep my NAS on more stable OS versions, and then the other workloads can be more bleeding edge/experimental as needed. It is a good mix if you have the resources, and having a hypervisor to test VMs is always useful.
- Comment on How do you all handle security and monitoring for your publicly accessible services? 4 months ago:
If you are just using a self signed server certificate anyone can connect to your services. Many browsers/applications will fail to connect or give a warning but it can be easily bypassed.
Unless you are talking about mutual TLS authentication (aka mTLS or two way ssl). With mutual TLS in addition to the server key+cert you also have a client key+cert for your client. And you setup your web server/reverse proxy to only allow connections from clients that can prove they have that client key.
So in the context of this thread mTLS is a great way to protect your externally exposed services. Mutual TLS should be just as strong of a protection as a VPN, and in fact many VPNs use mutual TLS to authenticate clients (i.e. if you have an OpenVPN file with certs in it instead of a pre-shared key). So they are doing the exact same thing. Why not skip all of the extra VPN steps and setup mTLS directly to your services.
mTLS prevents any web requests from getting through before the client has authenticated, but it can be a little complicated to setup. In reality basic auth at the reverse proxy and a sufficiently strong password is just as good, and is much easier to setup/use.
Here are a couple of relevant links for nginx. Traefik and many other reverse proxies can do the same.
- Comment on What is everyone using as a HTPC? 4 months ago:
The biggest question is, are you looking for Dolby Vision support?
There is no open source implementation for Dolby Vision or HDR10+ so if you want to use those formats you are limited to Android/Apple/Amazon streaming boxes.
If you want to avoid the ads from those devices apart from side loading apks to replace home screens or something the only way to get Dolby Vision with Kodi/standard Linux is to buy a CoreELEC supported streaming device and flashing it with CoreELEC.
List of supported devices here
CoreELEC is Kodi based so it limits your player choice, but there are plugins for Plex/Jellyfin if you want to pull from those as back ends.
Personally it is a lot easier to just grab the latest gen Onn 4k from Walmart for $50 and deal with the Google TV ads (never leave my streaming app anyways). Only downside with the Onn is lack of Dolby TrueHD/DTS Master audio output, but it handles AV1, and more Dolby Vision profiles than the Shield does at a much cheaper price. It also handles HDR10+ which the Shield doesn’t but that for at isn’t nearly as common and many of the big TV brands don’t support it anyways.
- Comment on Seriously good cold-climate heat pumps are headed to the US market 8 months ago:
H2i® models provide heating, even in outdoor temperatures as low as -13° F, producing up to 100% heating capacity at 5° F. These units offer year-round comfort even in extreme climates
Their technical documents show that they are down to about 20% of their usual heat output at that lowest temperature so they need to be sized up accordingly. The reality for most folks in an area cold enough to require these is they have backup heat sources for the coldest days anyways.