dan
@dan@upvote.au
Aussie living in the USA. https://d.sb/
- Comment on Most slopcode projects are abandoned and deleted within months of release 5 days ago:
And I don’t ever know if it’ll get better because you need to know why you want to build something someway.
The major issue I’m seeing with junior developers at work is that they trust that the AI will always do things the correct way, and don’t question its approach.
To get decent quality output out of an AI model, you need to have critical thinking skills, at least basic knowledge of the overall architecture for whatever you’re trying to build, and enough knowledge to question the model when it does something wrong.
Blindly trusting AI is why so many old security issues are coming back - stored/reflected XSS, SQL injection, exposing databases directly to the internet with no password, things like that. Newer frameworks mostly got rid of them, and now AI is bringing them back. It’s a fun time for red teams at least.
- Comment on Rootless docker and symlink to docker.sock security issues 2 weeks ago:
Does Patchmon not have a setting to look for the Docker socket in a different location?
I could be wrong but I don’t think there’s any security issues making a symlink to a socket, since permissions/ACLs on the socket would still apply.
- Comment on ICYMI, Unraid now supports internal boot and TPM licensing 2 weeks ago:
My Epyc 7702 does have onboard TPM, but my supermicro H11DSi-NT doesn’t pass it through to the OS, for some reason
Huh… That’s interesting. At my workplace we have Linux EPYC servers with working TPM (it’s mandated that all computers, both clients and servers, must have TPM 2.0), but I’m not a hardware person and don’t know exactly how they’re configured.
- Comment on ICYMI, Unraid now supports internal boot and TPM licensing 2 weeks ago:
This is good to know. I haven’t had issues with using a USB drive though, since it doesn’t receive many reads or writes - the system is copied to a RAM drive on boot and runs off that rather than the USB.
I assume this means I’d need another drive to boot it from? My current setup is that I have 2 x 22TB drives in a ZFS mirror for data storage, and 2 x 2TB NVMe SSDs in a ZFS mirror for things like VMs, Docker containers, documents, etc.
- Comment on ICYMI, Unraid now supports internal boot and TPM licensing 2 weeks ago:
I had to get a Supermicro AOM-TPM-9665V TPM chip for my motherboard
How old is your CPU that it doesn’t have onboard TPM? It’s been a standard feature for quite a while now
- Comment on Any self-hosted option for real time location sharing? 3 weeks ago:
Does it use http or MQTT?
Home Assistant uses HTTP for this. Realistically, you won’t see much difference between HTTP and MQTT for this use case.
MQTT is harder to secure than HTTP, and has some limitations (eg it normally only supports username and password auth - no SSO, no 2FA) so I’d avoid it for anything public-facing unless you have a specific reason to use it. Using it via a VPN is fine, but you’d still need to configure a separate MQTT username and password per user.
- Comment on Wireguard easy and third party von service. 4 weeks ago:
iptables should still work, but these days it gets converted to nftables so you may as well just learn nftables.
Having said that, I find it a pain to manually configure iptables or nftables. There might be a better way to do what you want.
- Comment on Wireguard easy and third party von service. 4 weeks ago:
The end goal is to have no reliance on tailscale as i am preparing for the eventual enshitification.
Tailscale is mostly open-source. If they do anything bad then someone could fork the project.
The coordination server isn’t open-source, but you could self-host Headscale as a replacement.
- Comment on Wireguard easy and third party von service. 4 weeks ago:
iptables is deprecated… If you really do want to do your own custom thing you should learn nftables.
- Comment on Kittygram v1.1 has released 4 weeks ago:
All the data gathered by Cambridge Analytica was gathered through the public API though, which is why the API is very locked down now.
- Comment on Kittygram v1.1 has released 5 weeks ago:
aggressively guard
It’s a hard balance for any social media company. Guard content too little and you end up with Cambridge Analytica and headlines talking about big data leaks (which really just end up being compilations of public data). Guard content too much and you restrict users’ freedom too much.
- Comment on Email ownership, I give up. 5 weeks ago:
It’s not too bad if you use an outbound SMTP relay for sending. SMTP2Go is pretty good, and they have a free plan with 1000 emails per month. I use Mailcow and you can configure relays in their web UI, but it works just as well with the
sender_dependent_relayhost_mapssetting in Postfix.Sure, it’s not fully self-hosted, but the interesting part to self-host is the storage of your emails, not the sending (which will just relay through other SMTP servers along the way anyways).
- Comment on Where did the dust settle on Syncthing Fork? 1 month ago:
At least it’s open source so anyone can look at the code and figure out why it asks for the permissions.
- Comment on Are there any FOSS NAS servers for a Marvell arm SOC? 1 month ago:
Do you know exactly which SoC it uses?
It’s probably a 32-bit ARM processor. Most NAS-focused operating systems have removed support for these, if they even supported them at all. OpenMediaVault recently removed support for 32-bit ARM and only support 64-bit now: www.openmediavault.org/?p=4002.
Having said that, some OSes still support them. You should be able to get Debian running if it’s an ARMv7 CPU or newer. Debian did support older ones, but they’re being phased out and no longer build an installer for them.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 7 months ago:
Unfortunately it looks like that one is for Apple devices, whereas I use Linux on desktop and Android on mobile.
There’s some, but I haven’t seen any that have the main features Plex and Plexamp have:
- Cross-fading when playing random tracks, but gapless playback when playing an album in order
- Analysis of the music using a local neutral network, such that you can tell it to play play “similar” sounding songs to the current one
- Automatic playlists - liked songs, decades, etc
- Downloads for offline playback
- Multiple libraries, for example I keep regular music separate from DJ mixes
- Equalizer with presets for common headphones
And probably other things I’m forgetting.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 7 months ago:
Thankfully CGNAT isn’t as common in the USA as it is in other countries. In the US, ISPs generally either offer native IPv4 (most of the major ones), or only use IPv6 and provide IPv4 at all. The latter is the case with a lot of the mobile carriers, especially T-Mobile. Your phone only gets an IPv6 address, and their network uses 464XLAT to connect to legacy IPv4-only servers.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 7 months ago:
Do you have a CVE for this?
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 7 months ago:
Plex still has the most fully-featured music streaming app (Plexamp)
- Comment on MPV: The Ultimate Self-Hosted Media Solution You're Probably Sleeping On 8 months ago:
If you want to play files over SMB, you can just open the SMB file in the file explorer and double click it. I don’t understand how mpv is easier for that use case.
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
I’d say 9/10 aren’t doing proper backups given most people don’t actually do DR runs and verify whether they can fully recover from their backups. If you don’t test your backups, you don’t have backups!
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
Which containers do automatic backups?
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
Where’s the MySQL option? Some of my servers are running MySQL instead of MariaDB because it allowed binding to multiple IP addresses (although I think Maria has implemented this now), and some query plan optimizations were implemented in MySQL but not MariaDB.
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
You still need to know what database system is being used in order to make backups of the database. You can’t just snapshot or backup the data directory while a database is running, because you might end up with an inconsistent state that won’t restore properly. You need to either stop the DB before doing the backup, or use the relevant DB-specific tools to perform a backup.
- Comment on Mommy, Why is There a Server in the House? 10 months ago:
The book was written to sell Windows Home Server.
- Comment on Trump cuts funding to FOSS projects. 1 year ago:
At least there’s some competitors now, which could be used as drop-in replacements if Let’s Encrypt were to disappear.