non_burglar

@non_burglar@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Proxmox with arr⁩ ⁨⁨8⁩ ⁨hours⁩ ago⁩:
I’m not being antagonistic, I don’t known where you’re getting that.

Do what you want, I don’t care.
⁨Comment⁩ on ⁨Proxmox with arr⁩ ⁨⁨13⁩ ⁨hours⁩ ago⁩:

in case you bork an unrelated service

??

Why would borking another service break a bind mount?
⁨Comment⁩ on ⁨Proxmox with arr⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:
This absolutely overkill, just use bind mounts for the arr stack and keep the ZFS pool local.
⁨Comment⁩ on ⁨ChatGPT fried my drive!?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Well, no… You need to find the geometry of your disk.
⁨Comment⁩ on ⁨ChatGPT fried my drive!?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:

Can you blame them?

Yes. LLMs don’t make anyone not responsible for their output.

If your dumb friend gave you bad advice and you followed it, you are ultimately still responsible for your decisions.
⁨Comment⁩ on ⁨ChatGPT fried my drive!?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
sg_format can restore your disk.

You need to figure out the block layout of the drive and restore a sector map that aligns with the disk.

Start here:

forum.level1techs.com/t/…/133021

And it bears repeating: LLMs do not think, they generate text from statistical output. If the the topic is advanced or uncommon, errors in output are far more likely.

So don’t be tempted to ask chat gpt for further help on this, if that isn’t clear yet.
⁨Comment⁩ on ⁨ChatGPT fried my drive!?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
SAS drive. If you know of a usb-SAS enclosure, I’d like one.
⁨Comment⁩ on ⁨Tempus v4.6.0 android subsonic client⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Amazing. I’m off to donate to keep your stuff going. Great work.
⁨Comment⁩ on ⁨A self-hosted approach to long-term file storage and control⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Thanks for the reply.
⁨Comment⁩ on ⁨A self-hosted approach to long-term file storage and control⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
That is not an answer.

Here’s a simple way to look at it

I’m not looking for a simple way to look at it. I want a technical breakdown of why rebuilding back end instances is valuable in a security context.
- When do the rebuilds occur? Are they triggered by some event?
- what happens to session tokens?
- do you have frontend / backend auth? What happens to that?
- are you rotating secrets as well? Compromised back end would imply your secrets can no longer be trusted.
- is data encrypted in massive blobs, or can one request only blocks of data?
- can the app tune storage requirements depending on S3 configuration?
I’ll be blunt with you: your answers to this and others have been very surface-level and scant on technical details, which gives a strong impression that you don’t actually know how this thing works.

You are responsible for your output. If you want chatgpt or github ai tools to help you, that’s fine, but you still need to understand how the whole thing works.

You are making something “secure”, you need to be able to explain how that security works.
⁨Comment⁩ on ⁨What is the best trategie to refresh ssh keys?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
1. Find all of the SSH keys you want to replace.
I hate this part.
⁨Comment⁩ on ⁨What is the best trategie to refresh ssh keys?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Re-gen the keys. In this environment, you would have PKI setup and automation to handle cert renewal.

Having the certs expire is an advantage, security-wise. Auth will expire with certs, stolen creds can be instantly invalidated.
⁨Comment⁩ on ⁨Strava Fediverse alternative⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Ah, yes, I suppose that’s true. My apologies.
⁨Comment⁩ on ⁨A self-hosted approach to long-term file storage and control⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Can you explain the “rotating containers back end”? I’m trying to understand what that adds to security.
⁨Comment⁩ on ⁨Here is a more polished release of nanogram. Fully compatible on raspberry pi now.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

It’s not a very constructive community though

You need guidance in your presentation style, you have managed to completely alienate your potential users in one single post.

No one owes you anything. No one asked you to spend time and money on a project. Calling folks “ungrateful” while trying to attract them to your project is weird.
⁨Comment⁩ on ⁨Strava Fediverse alternative⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I use wanderer.

It works fairly well to document and organize my hikes.
⁨Comment⁩ on ⁨Why Journiv Doesn't Use CalDAV (And Why That Makes It More Open)⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I read the entire article,and you seem a bit prickly about caldav, but that is of course your prerogative.

I do wonder if your users are asking for caldav because their use-case make caldav a valuable translation for the rest of their digital lives… Maybe it would be helpful to understand what parts of caldav are interesting to users and what they might actually be asking for.
⁨Comment⁩ on ⁨Alternative to HRConvert2 ?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Notes from the last release mentions that the docker repo is unmaintained.
⁨Comment⁩ on ⁨Where can I learn about networking?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Ohhhhh, I’d forgotten about this. Good one.
⁨Comment⁩ on ⁨How do you manage your home server configuration?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Incus and ansible
⁨Comment⁩ on ⁨Raspberry Pi 4B⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Unbound is just an alternative to bind. Pihole does not handle full-fledged DNS functions like zone transfers and start of authority records.
⁨Comment⁩ on ⁨How do you healthcheck your containers?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Fascinating. How does this help op?
⁨Comment⁩ on ⁨Recommendations to replace AWS DNS?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
No worries. But you’re talking about zone transfers?
⁨Comment⁩ on ⁨Recommendations to replace AWS DNS?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
What do you mean by “recognition”?
⁨Comment⁩ on ⁨Help With Selfhosted Homelab Network Issue⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
We would need more info to help confirm, but watching ids traffic will show you lots of misconfigurations as well as actually suspicious traffic, so this might be a POS device doing stupid stuff.

Is suricata listening on an internal subnet interface? If you are listening on a public interface, your job sorting through the trash traffic will be difficult because determining source is nearly pointless and your external interface should not know anything about the internal subnet.
⁨Comment⁩ on ⁨Recommendation Pocket Alternative⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I think wallabag is the self-hosted go-to for this, but I’m not sure of the extensions for it.

I used to use pocket because it allowed me to sync to my Kobo reader. Kobo have struck a deal with Instapaper and it works in a similar way.

The official instapaper plugin doesn’t do what In My Pocket does, unfortunately.
⁨Comment⁩ on ⁨HandBrakeCLI (via ARM) incorrectly marking first subtitle track as "Forced"⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
mkvmake pulls the Forced flag from its source, so it’s likely that your DVDs have a set flag for certain subs. You can use mediainfo to check this on your mkv files.

Mkv is simply a container format, which means you can probably unset the forced flag with mkvmake directly without having to unpack all the streams and remux them.

Handbrake is amazing, but it does have a LOT of controls, so there’s only so much hand-holding it can do when you start looking behind the curtain of how av files work.
⁨Comment⁩ on ⁨Umami is compromised - upgrade immediately⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thank you!
⁨Comment⁩ on ⁨Umami is compromised - upgrade immediately⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thanks.

For severe incidents like this, please post the most appropriate link, in this case github.com/umami-software/umami/issues/3852

Admins in self hosted usually don’t have that much experience with real, active compromise and may panic, let’s help them as much as possible.

What was the vector? Did you have umami exposed publicly?
⁨Comment⁩ on ⁨Umami is compromised - upgrade immediately⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Link? Did you discover this yourself? There is no actual info here.