dan
@dan@upvote.au
Aussie living in the USA. https://d.sb/
- Comment on Reddit files legal challenge against social media ban for under-16s 1 day ago:
Maybe I shouldn’t have included that in my comment, but my point about trying to ban kids from doing stuff being ineffective still stands.
- Comment on Reddit files legal challenge against social media ban for under-16s 1 day ago:
even if 10% of kids get around the ban somehow, the fact that 90% don’t removes a huge part of the social in social network
The kids that get around the ban will spread that knowledge to others. That’s what happened when I went to school, and I don’t think it’s any different today.
- Comment on Reddit files legal challenge against social media ban for under-16s 2 days ago:
Parents should be doing a better parenting, rather than relying on the state to do it for them.
- Comment on ‘The whole thing disgusts me’: Australians ditch US travel as new rules require social media to be declared 2 days ago:
It’s still just a proposal, but Trump has a habit of doing things regardless of the legality.
- Comment on It will be great, they said... 4 days ago:
I’m relaying through an MXRoute account but I’ve used SMTP2Go too and they have a decent free plan with 1000 emails per month.
- Comment on It will be great, they said... 5 days ago:
It doesn’t detect the settings
Autodiscovery needs DNS SRV entries to be added for each domain. The legacy Exchange- and Outlook-specific way was a file at
/autodiscover/autodiscover.xmlbut I don’t know if email clients still use that.I have to ignore the certificate warning
I’m not familiar with Stalwart but you should be able to use Let’s Encrypt certificates.
- Comment on How customer service jobs be 5 days ago:
This reminds me of a restaurant we have in Australia called “Lord of the Fries”.
So far I haven’t been able to find anything as good in the USA.
- Comment on It will be great, they said... 5 days ago:
I self-host my emails, but use an SMTP relay for sending. IMO, the interesting part of self hosting email is the storage
- Comment on Docker security 6 days ago:
If you are good at manipulating iptables there is a way around this
Modern systems shouldn’t be using iptables any more.
- Comment on When you eat too much oats and sleep 6 days ago:
How do you eat sleep?
- Comment on Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline 1 week ago:
Just because something’s written in the terms of service, doesn’t mean it’s legal.
- Comment on Nvidia lobbies White House and wins loosened AI GPU export control to China — U.S. lawmakers reportedly reject GAIN AI Act. There is another bill in the works. 1 week ago:
and Chinese EVs.
But of course they won’t do that, because they need to protect the US car industry and its outdated technology.
- Comment on [deleted] 1 week ago:
why is a tower defense game listed under Automation?
and two of the most popular automation programs are missing (n8n and Node-RED).
who on earth needs customer live chat and a lot of business-scale website analytics, webshop systems and CRM and ERP in their homelab??
Maybe not in a homelab, but plenty of people self-host these. I’m setting up customer live chat (Chatwoot) and invoicing and account (Bigcapital) for my wife for example.
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
Oh… Oops. Hahaha
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
DigiCert have said they’re not changing their prices as a result. It’s still a yearly payment.
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
7-day validity is great because they’re exempt from OCSP and CRL. Let’s Encrypt is actually trying 6-day validity, not 7: letsencrypt.org/2025/01/16/6-day-and-ip-certs
Another feature Let’s Encrypt is adding along with this is IP certificates, where you can add an IP address as an alternate name for a certificate.
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
This is one of the reasons they’re reducing the validity - to try and convince people to automate the renewal process. That and there’s issues with the current revocation process (for incorrectly issued certificates, or certificates where the private key was leaked or stored insecurely), and the most effective way to reduce the risk is to reduce how long any one certificate can be valid for.
From digicert.com/…/tls-certificate-lifetimes-will-off…:
In the ballot, Apple makes many arguments in favor of the moves, one of which is most worth calling out. They state that the CA/B Forum has been telling the world for years, by steadily shortening maximum lifetimes, that automation is essentially mandatory for effective certificate lifecycle management.
The ballot argues that shorter lifetimes are necessary for many reasons, the most prominent being this: The information in certificates is becoming steadily less trustworthy over time, a problem that can only be mitigated by frequently revalidating the information.
The ballot also argues that the revocation system using CRLs and OCSP is unreliable. Indeed, browsers often ignore these features. The ballot has a long section on the failings of the certificate revocation system. Shorter lifetimes mitigate the effects of using potentially revoked certificates. In 2023, CA/B Forum took this philosophy to another level by approving short-lived certificates, which expire within 7 days, and which do not require CRL or OCSP support.
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
Yes, this requirement comes from the CA/Browser Forum, which is a group consisting of all the major certificate authorities (like DigiCert, Comodo/Sectigo, Let’s Encrypt, GlobalSign, etc) plus all the major browser vendors (Mozilla, Google, and Apple). Changes go through a voting process.
- Comment on Decreasing Certificate Lifetimes to 45 Days 1 week ago:
The current plan is for the floor to be 47 days. digicert.com/…/tls-certificate-lifetimes-will-off…
- Comment on Guidance for Noob? (Synching vs Nextcloud, Immich, Tailscale) 2 weeks ago:
Tailscale serve might work; I haven’t tried it so I don’t know what it’s capable of.
Usually I’d recommend getting a real domain name and use Let’s Encrypt. .com domains are around $10/year but some TLDs are even cheaper. If you don’t mind which TLD you use, go to tld-list.com and sort by renewal price.
- Comment on Guidance for Noob? (Synching vs Nextcloud, Immich, Tailscale) 2 weeks ago:
Interesting! They used to have a warning about it. I guess they removed it at some point. It’s referenced in this discussion for example: github.com/immich-app/immich/discussions/13008
- Comment on Guidance for Noob? (Synching vs Nextcloud, Immich, Tailscale) 2 weeks ago:
Tailscale is great. You should use it. Most of their code is open-source. Their coordination server is closed-source, however there’s a self-hostable open-source reimplemention called Headscale if you want a fully-open-source Tailscale stack.
Immich doesn’t rely on Tailscale; you can use any VPN. They don’t recommend exposing it to the public internet at the moment though, which is why you’d use a VPN.
For the drives, I’d recommend ZFS instead of Ext4 or NTFS. ZFS can detect corruption using checksum, which neither Ext4 nor NTFS can do. NTFS also isn’t recommended unless you’re running Windows Server.
- Comment on The Supreme Court Is About to Hear a Case That Could Rewrite Internet Access 2 weeks ago:
This is probably a better analogy. Thanks.
- Comment on The Supreme Court Is About to Hear a Case That Could Rewrite Internet Access 2 weeks ago:
Should the USPS/AusPost/your local postal service be allowed to cut off a household’s postal service because someone received a pirated CD in the mail? That’s essentially the same thing.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 2 weeks ago:
Unfortunately it looks like that one is for Apple devices, whereas I use Linux on desktop and Android on mobile.
There’s some, but I haven’t seen any that have the main features Plex and Plexamp have:
- Cross-fading when playing random tracks, but gapless playback when playing an album in order
- Analysis of the music using a local neutral network, such that you can tell it to play play “similar” sounding songs to the current one
- Automatic playlists - liked songs, decades, etc
- Downloads for offline playback
- Multiple libraries, for example I keep regular music separate from DJ mixes
- Equalizer with presets for common headphones
And probably other things I’m forgetting.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 2 weeks ago:
Thankfully CGNAT isn’t as common in the USA as it is in other countries. In the US, ISPs generally either offer native IPv4 (most of the major ones), or only use IPv6 and provide IPv4 at all. The latter is the case with a lot of the mobile carriers, especially T-Mobile. Your phone only gets an IPv6 address, and their network uses 464XLAT to connect to legacy IPv4-only servers.
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 2 weeks ago:
Do you have a CVE for this?
- Comment on Plex’s crackdown on free remote streaming access starts this week - Ars Technica 2 weeks ago:
Plex still has the most fully-featured music streaming app (Plexamp)
- Comment on Framework stops selling separate DDR5 RAM modules to fight scalpers 2 weeks ago:
Prices rarely, if ever, go down in a meaningful degree.
In 2011, there was a large flood in Thailand that impacted ~40% of hard drive manufacturing. As a result, hard drives significantly increased in price. This was back when SSDs weren’t mainstream yet.
A year or two later, when manufacturing capacity was restored, prices were essentially back to what they were before the disruption.
Apart from disruptions like that, HDDs, SSDs, and RAM have always been going down in price.
- Comment on Australia is bringing in ‘world first’ minimum pay for food delivery drivers – here’s how it will work 2 weeks ago:
California is dojng this too, so “world’s first” also confused me. The California version requires Doordash, Uber Eats, etc to pay 120% of the minimum wage for each hour the driver is working (from when they accept an order to when it’s delivered, excluding waiting time).