hietsu

@hietsu@sopuli.xyz

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨opencloud - I migrated from nextcloud. Screenshots and docker-compose-compose.yml included⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I’d be more interested in finding a project that is not folder structure based like all these tend to be, but instead the files would be managed by metadata/attributes (and of course based on these you could still present the files in a classic folder structure when needed). So more of a database approach like in many Document Management systems, f.ex. M-Files.
⁨Comment⁩ on ⁨Internal domain and reverse proxy⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Good to know! *-cert is definitely something I’d need to setup in my self host setup, though a little complex as my (free) domain provider does not let me edit TXT records for DNS-01.
⁨Comment⁩ on ⁨Apple quietly released this year's BEST laptop⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I’d say basic = good but now that iOS has had more and more options for everything in each version, I think it has approached Android in too many ways. There is now bajillion different ways to do stuff, when earlier there was one (albeit sometimes little limited). And you can configure so much stuff that it becomes difficult to see what affects what.

But I would not describe iOS as ”basic” anymore, perhaps limited in some niche use cases but if you find yourself hitting those limits too often, just jump to Android. When I can run x86 Linux apps and services constantly on background on my iPhone (iSH w/ location services forced on) or even Windows XP for the heck of it (UTM), I don’t see much limitations in what can (theoretically) be done. Sideloading is also an upwards trend on iOS, when Google is now set to kill it on Android.
⁨Comment⁩ on ⁨Microsoft Teams can record office presence from December⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
That’s what I do to get our company ”protection suite” to open up the firewall when I’m outside company network - just set the same Wifi SSID and IP range.
⁨Comment⁩ on ⁨Internal domain and reverse proxy⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Umm, wildcard certs from ZeroSSL seem to run at $52.99 per month, billed yearly. Free plan does not have those, neither does Basic.
⁨Comment⁩ on ⁨ChatGPT's Atlas: The Browser That's Anti-Web⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Furthermore, I’ve found the answer to this being not just ”yes” but ”yes, most of them”. I think I’ll just give up.
⁨Comment⁩ on ⁨Microsoft is making every Windows 11 PC an AI PC⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
All but your points are a bit questionable:
1. Sure, you should click no to almost everything Microsofts asks anywhere, but that hardly helps. Use privacy tools like O&O Shut Up to actually disable spy stuff.
2. God no. Vivaldi is nice if you must have Chromium (this is made by the guys who used to build Opera, before it was sold to shady new owners), otherwise Firefox.
3. See point 1.
4. Just uninstall the damn thing, or some tools of point 1 might do this for you.
5. If you must, sure.
Using Enterprise version of Windows is the best option, it already has most of the malicious stuff left out.
⁨Comment⁩ on ⁨Hackers can steal 2FA codes and private messages from Android phones⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Having cleaned a bunch of old folks phones in the past years this is far more common than we ”advanced” users think. It often starts with clicking an advert or some spam mail or message from (infected) friend, which to them, looks absolutely legit. Then the installed app spams the user with notifications to install more ”PDF readers”, ”phone cleanup apps” and whatnot. In best case these just flood the user with ads but just as easily can do more malicious stuff.

After some schooling (”never click anything that is offered to you” etc.) and putting up defencew like AdGuard (system level) the instances of ”my phone is slow”, ”what does this message mean” etc. have radically decreased. Apple devices have their own issues but this kind of troubles are next to non-existent there.
⁨Comment⁩ on ⁨⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
What?
⁨Comment⁩ on ⁨⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Just let me know when I can install heavy Windows-only apps to Linux and I will make the switch in a second. A couple of examples: SOLIDWORKS CAD or PTC Creo (and related apps), Adobe CC (well for this there at least are foss alternatives but not fully compatible/comparable).

For a company, switching a CAD system for example would cost major $$$ and any automatic conversion is nowhere near complete, so you’d basically have to redraw everything relevant from scratch with the new system. Also there simply does not appear to be any major CAD system supporting Linux, NX used to but not anymore.
⁨Comment⁩ on ⁨Google's shocking developer decree struggles to justify the urgent threat to F-Droid⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
We had a few good Linux phones back in the day but Nokia / Microsoft killed them trying to compete with iPhone OS and Android: Maemo / Meego were great but did not get a proper chance.

Jolla continued the legacy and Sailfish OS is still something worth checking out if you can find suitable hardware, or idk how complex it is to port it.
⁨Comment⁩ on ⁨Google's shocking developer decree struggles to justify the urgent threat to F-Droid⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Also, aren’t some critical apps like banking apps starting to ban unlocked / non-stock systems? Heard someone complaining about this a while ago.
⁨Comment⁩ on ⁨Microsoft Word documents will be saved to the cloud automatically on Windows going forward⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
They’re prepared to do anything to get real user data for AI training. This little change gives them easily millions of files per day accidentally saved to cloud.
⁨Comment⁩ on ⁨YouTube just quietly blocked Adblock Plus — the internet hasn't noticed yet, but I've found a workaround⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Indeed. Tom’s Hardware for me has for long been one of the most useless tech news sites, mostly just dumb clickbaity ad articles in disguise.

If they would know anything about anything or done some actual research they would point to Firefox with a few relevant extensions that keep YouTube’s fuckery in check. Or the alternative mobile apps. Or stuff like Invidious. But guess they are too mainstream and thus afraid to upset Google in any way.
⁨Comment⁩ on ⁨Windows seemingly lost 400 million users in the past three years — official Microsoft statements show hints of a shrinking user base⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
What is free though is LibreOffice, or some Nextcloud document addons (to a degree) if ”cloud” is the thing.
⁨Comment⁩ on ⁨Jellyfin over the internet⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Nice, but the bots may not understand the joke.

And not only that but they will tag the domain with ”there is something here”, and maybe some day someone will take a closer look and see if you are all up-to-date or would there maybe be a way in. So better to just drop everything and maybe also ban the IP if they happen to try poke some commonly scanned things (like /wp-admin, /git, port 22 etc.) GoAccess is a pretty nice tool to show you what they are after.
⁨Comment⁩ on ⁨Jellyfin over the internet⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Not at hand no, but I’m sure any of the LLMs can guide you through the setup if googling does not give anything good.

Nothing very special about all this, well maybe the subdir does require some extra spells to reverse proxy config.
⁨Comment⁩ on ⁨Jellyfin over the internet⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Use a reverse proxy (caddy or nginx proxy manager) with a subdomain, like myservice.mydomain.com (maybe even configure a subdir too, so …domain.com/guessthis/). Don’t put anything on the main domain / root dir / the IP address.

If you’re still unsure setup Knockd to whitelist only IP addresses that touch certain one or two random ports first.

So security through obscurity :) But good luck for the bots to figure all that out.

VPN is of course the actually secure option, I’d vote for Tailscale.
⁨Comment⁩ on ⁨Do you remember Windows 95? How about Windows 96?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
UTM is the way to go on modern Macs, and even iOS/iPadOS too! Built on QEMU and super easy to spin up virtual machines with any architecture.

mac.getutm.app
⁨Comment⁩ on ⁨ELI5: How to put several servers on one external IP?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
⁨Comment⁩ on ⁨ELI5: How to put several servers on one external IP?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
- nothing answers from www.mydomain.com or mydomain.com or ip:port.
- I have subdomains like service.mydomain.com and letsencrypt gives them certs.
- some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
- keep the services updated and using good passwords & non-default usernames.
- Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
- Planned: geofencing some ip ranges, auto-updating from public botnet lists.
- Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
⁨Comment⁩ on ⁨Jeff Geerling: Self-hosting your own media considered harmful (updated). Youtube removed his content, saying that self hosting content is "dangerous or harmful content"⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.