dgdft
@dgdft@lemmy.world
- Comment on Automating Restic backups 1 day ago:
Seconding this answer. The error message and description scream envvar issue.
This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.
@gedaliyah@lemmy.world Did you run a
systemctl daemon-reloadafter making the PassEnvironment change to your service file? - Comment on My first post ever – life in a tent 3 days ago:
Welcome to Lemmy! Sincerely hope you can find some reprieve from your physical circumstances here.
As a friendly heads up, you posted this thread to a tech-related board. Your post may be removed for that reason, but you should consider reposting on a more general comm such as !casualconversation@piefed.social.
- Comment on How to enhance Caddy's basic_auth? 1 week ago:
Yeah, you don’t need to extend Caddy at all for that.
Add a properly-formatted Authorization header to any requests you make to the server and it’ll work. See Wikipedia page for header string format:
- Comment on How to enhance Caddy's basic_auth? 1 week ago:
How does programmatic access tie into the desire for a login form?
Either way, you can do a login form -> basic auth forwarding page by rigging up some simple JS, or access programmatically in a direct way by simply setting a manual Authorization header.
- Comment on Hackers Are Finding New Ways to Hide Malware in DNS Records 2 weeks ago:
Not to detract from the article, but this has actually been a long time coming and known as a vector for decades.
DNS backed website PoC from a few years ago: news.ycombinator.com/item?id=27598164
- Comment on Immich Flatpak 2 weeks ago:
It’s extra work to maintain and test another release format — and the core developers want to focus on making software.
No one is stopping you from rolling your own flatpak.
- Comment on Medieval medicine was smarter than you think—and weirdly similar to TikTok trends 2 weeks ago:
No personal disrespect to you OP, but gotta call a spade a spade: this article is dogwater clickbait and an awful fit for this comm.
- Comment on Tape drive backups 2 weeks ago:
tape drives seem to be the best
Tape drives are the keytars of the tech world. They seem cool and a pro can really jam with them… but they’re not the most practical and you should really get a guitar or a keyboard until you know what you’re doing.
Yeet your shit onto rsync.net or anything else simple and call it a day, unless you’re in it for the meme.
- Comment on [deleted] 3 weeks ago:
I respect the spirit you’re going for, but FYI, Libby and Overdrive are private-equity owned and just as exploitative (if not more so) than the major publishers were.
They do not give libraries an unlimited license for digital books, but rather make them pay what they would for a physical book, and allow them to loan out the digital copy a relatively small number of times (usually around ~4-5 IIRC) under the guise that a physical book would have been irreparably degraded after having been lent out that many times. There’s a stream of billions of dollars being moved from non-consenting taxpayers going right to a monopolistic gatekeeper.
If we’re talking physical books, libraries are definitely still great for that, but I find that the vast majority of the time I look to check if they have a specific book I’m after, there are zero physical copies anywhere in the system, and all the digital “copies” are already “checked out”. E.g., I went looking for a copy of PKD’s Valis last week, and my options were: library audiobook (vomit), wait two weeks for a “checked out” digital copy from the library (vomit), buy from Amazon (vomit), or sail the seas.
So no, that’s a shitty substitute – and your moral high-ground has a sinkhole beneath it.
- Comment on Got my first script kiddy 3 weeks ago:
Absolutely not — the issue here is OP knowingly submitting false abuse reports.
Port scans of public hosts are not considered abuse per the CFAA or Amazon’s AUP without other accompanying signs of malicious intent.
Amazon may take action against egregious mass-scanning offenders per the “…to violate the security, integrity, or availability of any user, network…” verbiage, especially if they’re fingerprinting services or engaging in more sophisticated recon, but OP’s complaints are nowhere near meeting that threshold.
- Comment on WhisperX — Automated Transcripts w/ Timestamps and Speaker Tagging 3 weeks ago:
You should be able to get decent results from that if you pipe your tracks through demucs first to isolate the vocals.
- Comment on WhisperX — Automated Transcripts w/ Timestamps and Speaker Tagging 3 weeks ago:
Are you self hosting the long context llm, of do what are you using?
I did a lot of my exploration back when GPT4 128K over API was the only long-context game in town.
I imagine the options are much better these days between Llama 3/4, Deepseek, and Gemini, and Qwen — but haven’t tried them locally myself.
- Submitted 3 weeks ago to selfhosted@lemmy.world | 28 comments
- Comment on Keeping track of different targets in terminal 3 weeks ago:
You’ll get used to it eventually, but you can e.g. tweak your PS1 to an all-caps hostname, or use a custom tmux layout with dedicated panes for each box you connect to.
- Comment on Hardware Suggestions For A Beginner? 3 weeks ago:
If you really want something upgradeable, used enterprise SFF is the way to go: discountelectronics.com
However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.
Obligatory reminder that you’ll be missing out on most of the commonly-cited benefits of a VPN by self-hosting at home.
- Comment on Cow eggs 4 weeks ago:
Bovines are ungulates, and thus have hooves. These eggs do not have hooves, and therefore are not bovine eggs.
QED
- Comment on Archaeology dig helps Tonkawa Tribe rediscover Texas roots 1 month ago:
I got back yesterday from working on this dig, and had a great time. It was my first field school experience — but despite the fuckery that is tent-camping in central Texas midsummer, I can safely say I’ll be back every chance I get.
The project was a beautiful reminder that even in rural Texas, there are plenty of unsung heroes out in the wild who dedicate their entire lives to building community and looking out for others.
- Submitted 1 month ago to archaeology@mander.xyz | 1 comment
- Comment on Got any security advice for setting up a locally hosted website/external service? 1 month ago:
Please tell me more, which firewall would you recommend that plays nice with Docker?
Firewalld
No NAT?
Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.
why would you copy paste a docker compose without reading it?
There’s more than one way to use docker. Spinning up an official mysql image using the official
docker runORdocker composecall suggested by the docs would start up a server wide open to the entire internet if DMZ’d. - Comment on YouTube Music Downloader 1 month ago:
Just to throw out an easy option: if the music is well-labeled on Youtube, you can get pretty close to that full suite with just yt-dlp by using
–embed-thumbnailas a stand-in for album art, dump your files with an “Artist - track - album” naming structure using the–output-templateflag — then using an awk or python script as a second pss to add the artist/track/album names to the file as tags. - Comment on YouTube Music Downloader 1 month ago:
Yt-dlp is the gold-standard for that.
- Comment on Got any security advice for setting up a locally hosted website/external service? 1 month ago:
You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.
It does have real potential to cause serious issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.
- Comment on Got any security advice for setting up a locally hosted website/external service? 1 month ago:
This is dangerous advice because docker is well-known for undoing UFW’s iptable rules.
- Comment on Got any security advice for setting up a locally hosted website/external service? 1 month ago:
No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.
Use an SSH key, disable password auth, make sure you’re firewalled, and call it a day.
- Comment on Jellyfin 10.11 RC1 Released 1 month ago:
Is there a buried lede here? What’s noteworthy about an RC of a minor version release?
- Comment on So it begins... 1 month ago:
Not a triad user in sight. Just lemmings living in the moment.
- Comment on File collecting program? 1 month ago:
While I’m sure there’s a pre-canned tool out there for you, if you have basic software experience (which you seem to), this is one of those times where it’s usually most efficient to hack together a dumb CGI script and call it a day.
This prompt should get you most of the way there, using your llm of choice:
Write a minimalist cgi script to help upload files to a server. Upon a GET request, serve a light page with a centered form that takes in a file and a submission code. Submission codes will be stored on individual lines of a plaintext file. Adding new codes to this file is out of scope - but the codes will be 8-char hex strings (do validate that submission strings are not empty!). The script should accept the submission as a POST, and save the file to an upload dir if the submission code is valid.
Vet the output, harden as needed, setup a systemd service to serve with busybox httpd, and optionally reverse-proxy. If you’ve done this sorta thing before, you can probably knock it out in a half hour.
- Comment on ISPs seem designed to funnel people to capitalist cloud services 2 months ago:
This is @Shimitar@downonthestreet.eu‘s work, not mine - but it’s pretty similar to how I’d set things up:
- Comment on ISPs seem designed to funnel people to capitalist cloud services 2 months ago:
This is a great suggestion!
Lest anyone miss the buried lede, this approach means that traffic is pre-encrypted as it passes through the gateway VPS - so even if your VPS gets hacked, it’s way harder to steal credentials and break into your services running on the home network.
- Comment on ISPs seem designed to funnel people to capitalist cloud services 2 months ago:
If you’re looking for sympathy, you got it. Fuck the state.
If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.