non_burglar

@non_burglar@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Finally a good self-hosted calendar frontend⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
If the caldav and cardav specs were more practical and less insane, we would probably have a lot more choice in software to these ends.
⁨Comment⁩ on ⁨Self Hosting for Privacy - Importance of Owning your own Modem/Router?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
You might be thinking of PKI and certificate trusts.

Tier 1 in DNS terms are high-level peered (peered with other tier 1 servers in major network segments) and just refer requests either downstream or to other tier 1 servers. This is no longer as necessary with CDNs everywhere, and DNS infrastructure no longer has to mirror routing landscapes, but it seems that opennic.org is still organised in this way.

Anecdotally, I switched a small network to use opennic in 2019 and it was a disaster, never again. I see that the DE servers are still being recommended to me in Canada, so I guess nothing has changed. Opennic is an example of a good idea with terrible execution.
⁨Comment⁩ on ⁨Openwrt how to block countries but allow a specific path using BanIp⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
This can’t be achieved with banip only, it bans based on CIDR blocks at layer 3 (IP).
⁨Comment⁩ on ⁨Finally a good self-hosted calendar frontend⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Yeah, I also just hooked up tbird to my radicale instance. It’s a bit overkill, but it does work to edit calendar items.
⁨Comment⁩ on ⁨Self Hosting for Privacy - Importance of Owning your own Modem/Router?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Of the tier 1 servers, 2 are in DE and 2 are in USA.

You won’t really hit tier2 unless you’re trying to hit very specific records.
⁨Comment⁩ on ⁨Booklore is officially dead⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
You may need to go catch up on this. The “dev” in this case caused more issues than they solved.

One can’t be missed if one didn’t contribute to anything in the first place.
⁨Comment⁩ on ⁨Self Hosting for Privacy - Importance of Owning your own Modem/Router?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
That makes sense, since you’re in EU and opennic is in DE.
⁨Comment⁩ on ⁨noob questions seeking non-noob answers⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
3 x 3tb in raid5 can lose one disk of three. That is less redundancy than raid 1 on 2 disks, plus a write penalty.
⁨Comment⁩ on ⁨Dashboard for my servers⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Looks good, and highlights how little we generally need to be functional.
⁨Comment⁩ on ⁨Probably want to stop using Booklore...⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Hmmm… Calibre web’s kobo integration is good enough, but Komga seems to be able to sync progress as well?

I might have to try Kkmga after all.
⁨Comment⁩ on ⁨Probably want to stop using Booklore...⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Wait, I use CWA… What do I need to be outraged about this time?
⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Haha too right mate
⁨Comment⁩ on ⁨Hardware Watchdogs & Auto Reboots in Proxmox⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Nice.

Other actions are possible with watchdog timers, especially with hypervisors. They can invoke a script or use an agent to kill a misbehaving process.

Ultimately, the best solution is not to need the timers at all, so finding the culprit within the client is ideal, though not always possible.

VMs hanging on memory often have incorrect caching policies, you may want to investigate that.
⁨Comment⁩ on ⁨Things I've learned about Frigate⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’m in a similar situation, I have a coral tpu, but I’ve switched to openvino. And I see fewer false positives as well.

I suspect frigate devs aren’t working as hard on keeping the coral working with their ML models. Also, that coral driver is pretty stale; it’s from the 2014-era of google maps blurring car license plates.
⁨Comment⁩ on ⁨Search self-host user groups and acxess management⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
This is a problem solved for decades by LDAP. There are many, many management and audit frontends for LDAP.
⁨Comment⁩ on ⁨What is Radicale and how do I use it?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

but I have no idea how to use it

Install davx5, connect to radicale, and allow your calendar/contacts access to it.

I’d like to be able to self host my own calendar and contacts. Is radicale appropriate for this?

Yes.

Is it safe to self host a calendar?

Define “safe”.

Can a self hosted calendar still send and receive invites to other calendars?

Short answer: no. You are describing caldav/cardav integration with email.
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I think this is great. Everyone came to this result better for the exchange.
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
It’s fine, this is healthy discourse we all need to move forward. If we kick out all the vibe coders instead of discussing with them, we will never get them to adhere to any kind of pattern of behaviour.
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

I wish you’d come in to the comments outside my emotional response to someone else :P

I’m 50 yrs old now, but I used to react almost the same way you did, I understand where you’re coming from.

I personally believe LLMs (and AI in general) can be great tools to help along with coding and similar tasks, we just don’t have a very good culture of their use yet.
⁨Comment⁩ on ⁨It might be a good thing for the Internet to get intrinsic resistance to DDoS attacks⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
1. Akamai is by a huge margin the single biggest CDN in the world, they are the 800lb gorilla. Fastly and Cloudflare aren’t minor players by any means, but their volume is not in the same league.
2. CDNs and DDOS don’t have much to do with each other. Cloudflare mitigates DDOS by scaling up network capacity and using pretty advanced pattern detection to simply soak up the traffic. Cloudflare is really, really good at scaling.
Now on that last point, there will indeed come a time when simply using the engineering technique of “making things bigger” won’t work if the attacks become sophisticated enough, but at that point networking will have fully become geopolitical tools (more than they are now).
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Nice.

The issues to look for are unnecessary logic (evaluating variables and conditions for no reason), and double sets of variables.

One of the seasoned devs I work with said she encourages coders to transpose work at major inflection points, and this helps all devs gain an understanding of their own code. The technique is simply to rewrite/refactor the code in a new project manually, changing the names of the variables and arrays. The process forces one to identify where variables and actions are being used and how. It’s not very practical for very big projects, but anything under 1000 lines would benefit from it.

Good luck.
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Again, get off your high horse.

They just came out swinging, for no reason.

You already know how most self-hosted folks feel about vibe coding, or you wouldn’t have taken immediate offence to the initial comment (which ia valid, btw. You did not mark the project as vibe-coded or ai-assisted.) MARK YOUR PROJECT AS AI-ASSISTED.

Explain where you expect inefficiency and how I can fix it, and I will.

I’m looking to replace my cron-timed ffmpeg bash and ash scripts for encoding. Three of the four projects I looked at have double- and triple-work loops for work that should be done once.

And incidentally, the fact that this is a personal project I shared in case someone might find it useful is another reason that coming in here and throwing shade is a shitty thing to do.

Once again, I’m interested in the project, but I have my own thresholds of quality and security. If you can’t handle questions about your project, personal or not, then maybe don’t share it.

But why try to make me feel bad about it, because you don’t like the way I built it?

Sir/Madam, your feeling are your responsibility, not mine. I did not utter any pejoratives your way. Grow up.
⁨Comment⁩ on ⁨Honey, I Shrunk The Vids [Mr. Universe Edition] v1.0.5⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
No one is being a jerk here, stop being defensive.

What fixes did you apply. That’s what we want to know. It’s not a trick question.
- Did you use unit tests?
- Did you check the logic flow so that if I run this code x 10,000 on a ton of media, it isn’t using terribly inefficient settings that will make my 40h workload take two weeks?
- how are you deploying this thing?
If you want to present your project, be prepared to explain it. That is completely above board for us to ask.
⁨Comment⁩ on ⁨In arr stack how to pick indexers?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I used to do that until about 2015.

Even private trackers don’t come close to the coverage of newsgroups. Plus, nzb has the concept of releases, so you don’t have to guess at the quality.

I don’t have an issue with paying, I have an issue with paying for something I don’t want.
⁨Comment⁩ on ⁨In arr stack how to pick indexers?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Indexers and downloaders are distinct for newsgroups.

Public indexers are not good for Linux isos, you need a paid service now. They’re cheap and well worth it. Easynews and nzbgeek are good ones.
⁨Comment⁩ on ⁨Virtual Machines vs LXC vs Docker: What’s the Real Difference?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

Cgroups is not a really a security feature (from what I understand). It is about controlling process priority, hierarchy, and resources limiting (among other things).

With respect, I think you misunderstand what gvisor does and containerization in general. cgroups2 is the isolation mechanism used by most modern Linux containers, including docker and lxc both. It is similar to the jail concept in BSD, and loosely to chroot. It limits child process access to files, devices, memory, and is the basis for how subprocesses are secured against accessing host resources without the permission to do so.

Gvisor adds more layers of control over this system by adding a syscall control plane to prevent a container from accessing functions in the host’s kernel that might not be protected by cgroups2 policy. This lessens the security risk of the host running a cutting-edge or custom kernel with more predictable results, but it comes with caveats.

Gvisor is not a universally “better” option, especially for homelab, where environment workloads vary a lot. Gvisor comes with an IO performance penalty, incompatibility with selinux, and its very strength can prevent containers from accessing newer syscalls on a cutting edge host kernel.

My original comment was that ultimately, there is no blanket answer for “how secure is my virtualization stack”, because such a decision should be made on a case-by-case basis. And any choice made by a homelabber or anyone else should involve some understanding of the differences between each type.
⁨Comment⁩ on ⁨Virtual Machines vs LXC vs Docker: What’s the Real Difference?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Subjective to security practice. There are more appropriate factors than blanket statements on a technology’s inherent “security” when deciding the format and shape of virtual software spaces.

in a memory safe language

Ultimately, the implementation is more important than the underlying code when it comes to containers. cgroups2 works the same for gvisor as it does for LXC.
⁨Comment⁩ on ⁨(XMPP Setup Guide) Discord Was Never the End Game - TonyBTW⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’ve tried it. It performs poorly.
⁨Comment⁩ on ⁨Raid Z2 help⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
For context, I’ve also been using ZFS since Solaris.

I was wrong about compression on datasets vs pools, my apologies.

By “almost no impact” (for compression), I meant well under 1% penalty for zstd, and almost unmeasurable for lz4 fast, with compression efficiency being roughly the same for both lz4 and zstd. Here is some data on that.

Lz4 compression on modern (post-haswell) CPUs is actually so fast, that lz4 can beat non-compressed writes in some workloads (see this). And that is from 2015.

Today, there is no reason to turn off compression.

I will definitely look into the NFS integrations for ZFS, I use NFS (exports and mounts) extensively, I wonder what I’ve been missing.

Anyway, thanks for this.
⁨Comment⁩ on ⁨Raid Z2 help⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
With respect, most of this comment is wrong.
- Both lz4 and zstd have almost no performance impact on modern hardware.
- compression acts on blocks in ZFS, therefore it is enabled at the pool level
- ZFS does indeed need to allocate some space at the front and end of a pool for slop, metaslab, and metadata. I think you are confusing filesystem and datasets.
Also remember that many permissions like nfs export settings are done on a per filesystem basis
- I’m not sure what you’re trying to say about NFS and ZFS, here but this is completely false, even if you mean datasets.