hietsu
@hietsu@sopuli.xyz
- Comment on Microsoft “Improved” Notepad. I Un-Improved It. - Dave's Garage 3 days ago:
This needs to be pointed out more in all posts related to the guy, and in YouTube too. Scummy shit like his programs were quite common back then but the way he acts around that topic now deserves all the hate imo.
- Comment on Microsoft “Improved” Notepad. I Un-Improved It. - Dave's Garage 3 days ago:
Haven’t watched any of his videos since I learned what he was but what I’ve heard they’re all AI slop now too, like this one appears to be as well based on the description. I wish nothing but shit for this guy.
- Comment on Microsoft “Improved” Notepad. I Un-Improved It. - Dave's Garage 3 days ago:
This is ALSO a guy behind many of those ”your PC is at risk” scams back in the day, selling useless optimization tools that extorted money from victims. He specifically quit Microsoft to pursue that and was even convicted later. Still chooses to downplay and try to hide what he did.
- Comment on Internal domain and reverse proxy 5 weeks ago:
Good to know! *-cert is definitely something I’d need to setup in my self host setup, though a little complex as my (free) domain provider does not let me edit TXT records for DNS-01.
- Comment on Apple quietly released this year's BEST laptop 5 weeks ago:
I’d say basic = good but now that iOS has had more and more options for everything in each version, I think it has approached Android in too many ways. There is now bajillion different ways to do stuff, when earlier there was one (albeit sometimes little limited). And you can configure so much stuff that it becomes difficult to see what affects what.
But I would not describe iOS as ”basic” anymore, perhaps limited in some niche use cases but if you find yourself hitting those limits too often, just jump to Android. When I can run x86 Linux apps and services constantly on background on my iPhone (iSH w/ location services forced on) or even Windows XP for the heck of it (UTM), I don’t see much limitations in what can (theoretically) be done. Sideloading is also an upwards trend on iOS, when Google is now set to kill it on Android.
- Comment on ChatGPT's Atlas: The Browser That's Anti-Web 1 month ago:
Furthermore, I’ve found the answer to this being not just ”yes” but ”yes, most of them”. I think I’ll just give up.
- Comment on 1 month ago:
What?
- Comment on Microsoft Word documents will be saved to the cloud automatically on Windows going forward 3 months ago:
They’re prepared to do anything to get real user data for AI training. This little change gives them easily millions of files per day accidentally saved to cloud.
- Comment on Windows seemingly lost 400 million users in the past three years — official Microsoft statements show hints of a shrinking user base 5 months ago:
What is free though is LibreOffice, or some Nextcloud document addons (to a degree) if ”cloud” is the thing.
- Comment on Jellyfin over the internet 5 months ago:
Nice, but the bots may not understand the joke.
And not only that but they will tag the domain with ”there is something here”, and maybe some day someone will take a closer look and see if you are all up-to-date or would there maybe be a way in. So better to just drop everything and maybe also ban the IP if they happen to try poke some commonly scanned things (like /wp-admin, /git, port 22 etc.) GoAccess is a pretty nice tool to show you what they are after.
- Comment on Jellyfin over the internet 5 months ago:
Not at hand no, but I’m sure any of the LLMs can guide you through the setup if googling does not give anything good.
Nothing very special about all this, well maybe the subdir does require some extra spells to reverse proxy config.
- Comment on Do you remember Windows 95? How about Windows 96? 5 months ago:
UTM is the way to go on modern Macs, and even iOS/iPadOS too! Built on QEMU and super easy to spin up virtual machines with any architecture.
- Comment on ELI5: How to put several servers on one external IP? 5 months ago:
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
- Comment on ELI5: How to put several servers on one external IP? 5 months ago:
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
- nothing answers from www.mydomain.com or mydomain.com or ip:port.
- I have subdomains like service.mydomain.com and letsencrypt gives them certs.
- some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
- keep the services updated and using good passwords & non-default usernames.
- Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
- Planned: geofencing some ip ranges, auto-updating from public botnet lists.
- Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
- Comment on Jeff Geerling: Self-hosting your own media considered harmful (updated). Youtube removed his content, saying that self hosting content is "dangerous or harmful content" 5 months ago:
Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.