nbailey
@nbailey@lemmy.ca
- Comment on Inflation is cooling, yet many Americans say they're living paycheck to paycheck 4 months ago:
Well, yeah. The rate of increases is slowing, but prices are still high. There isn’t, and won’t be, deflation, that’s a catastrophically bad long term economic effect (at least, according to economists)
- Comment on Tea Time 4 months ago:
Do you people not put milk in your crude oil? I find it suits the subtle bitterness of Alberta tar to give it a wonderful but subtle aftertaste.
- Comment on Server as heating device - how do I do this? 6 months ago:
Servers are 100% efficient at heating, but heat pumps are 300% efficient. Get the most energy efficient devices you can, and heat your house with a proper heat pump.
- Comment on Elon Musk laid off the Tesla Supercharger team; now he’s rehiring them 6 months ago:
It’s crazy how the US gov basically handed him a monopoly on EV charging infrastructure, something Rockefeller could have only dreamed of, and the guy throws it away less than two weeks later in some ketamine fuelled stupor. Then has to backtrack at the cost of reputation, confidence, and sentiment. Truly another great stable genius.
- Comment on Why I ditched Gmail for Proton Mail 6 months ago:
It’s unlikely but not impossible. I’ve been using PM with a custom domain for about five years now, and never thought too hard about leaving.
In an ideal world, a company like ProtonMail would be cooperatively owned by the workers and paying users, sort of like a credit union.
Pragmatically, they’ve done fine stewardship of the service for the last decade or so they’ve been around. A big part of it is that their value proposition depends on stability and trust. But it could be better.
- Comment on Hashicorp signs agreement to be acquired by IBM 6 months ago:
The bastards can never take away your shell script full of arcane and unreadable curl commands parsed by incomprehensible awk scripts!
- Comment on Tesla recalls all 3,878 Cybertrucks over faulty accelerator pedal - The Verge 6 months ago:
In my opinion it points to a more dangerous thing, “continuous delivery” software mindset seeping into safety critical systems.
It’s fine, good even, that web developers can push updates to “prod” in minutes. But imagine if some dork could push largely untested control system updates to your car’s ECU… it’s one thing for a website site to get a couple errors, but it’s a very bad thing if it makes your steering wheel stop working.
Unfinished products make more money, and it’s high time a consumer protection law clamped down on this.
- Comment on What's wrong with Nextcloud, and why is it slow/clunky? 8 months ago:
Not sure how to do that in docker, I’ve run mine as a plain old PHP-FPM site for years and years. It might be something that can be tweaked using config files or environment variables, or might require building a custom image.
ClamAV is slow and doesn’t catch the nastiest of malware. Its entire approach is stuck in 2008. It’s better than nothing for screening emails, but for a private file store it won’t help much considering that you’ll already have the files on your system somewhere. And most importantly, it slows down file uploads 10x and increases CPU load substantially. The only good reason to use ClamAV for nextcloud is if you will be sued if you don’t!
- Comment on What's wrong with Nextcloud, and why is it slow/clunky? 8 months ago:
It needs some tweaks to be snappy. The defaults are really bad.
- change database from SQLite to a proper database like MySQL or Postgres, and configure the database server to use your memory fully
- increase the PHP memory limit from the default (128M on many distros) to >1G, the more the better
- install APCu in-memory cache for PHP
- add Redis as additional cache
- turn off the antivirus extension, if installed (ClamAV is useless)
- use http/2 on Apache/nginx to increase performance with multiple connections
- Comment on Let's talk about free/FOSS routing platforms for the homelab 9 months ago:
This was my setup from about four years ago. Other than moving suricata elsewhere, it’s largely the same. Worth a shot if it’s something you’re into!
nbailey.ca/post/linux-firewall-ids/
OpenBSD is also great, I’m just more familiar with the Linux tools. All the required tools are in the base image, and they have a great official guide:
- Comment on Let's talk about free/FOSS routing platforms for the homelab 9 months ago:
Yep. Firewall, routing, dhcp, dns, everything you’d expect from a gateway device. Plain Debian (or really any distro) can do it all. With a 1gbps bi-directional connection fully saturated it will run at about 10% cpu on my very crappy low power Celeron CPU.
Plus, there’s no web UI full of janky and insecure CGI scripts to exploit, and software updates are forever (well, until x64 is deprecated, so basically forever).
- Comment on Let's talk about free/FOSS routing platforms for the homelab 9 months ago:
IPtables on Debian because I like my life to be boring and unchanging.
- Comment on [deleted] 9 months ago:
For about a year I was running a full out of band IPS on my network. My core switch was set up with port mirroring to spit out a copy of all traffic on one port so that my Suricata server could analyze it. Then, this was fed into ElasticSearch and a bunch of big data crap looked for anomalies.
It was cool. Basically useless because all it did was complain about the same IP crawler bots as my nginx logs. But fun to setup and ultimately good for my career lol.
- Comment on [deleted] 11 months ago:
I mean it is possible to run your own authoritative nameservers on a server you own with a static IP. It’s a pretty irresponsible thing to self host, but it is possible :)
- Comment on Anyone know of self-hostable security cameras? 11 months ago:
You can use pretty much any camera with ZoneMinder as long as it supports ONVIF or RTSP and has the right connectivity and power inputs for you. I did something similar with some cheap TP-link cameras with pretty good results. With motion activated recording, I have just shy of 12 month of recordings stored on a 500G SSD.
- Comment on Cisco Finds New Zero Day Bug, Pledges Patches in Days 1 year ago:
Or, hear me out, maybe we don’t expose network management interfaces to untrusted networks? Sure, shit can still get breached by very deep intrusions, but at least you don’t show up on shodan!?
- Comment on AI Could Usher in a New Age of Bioweapons, RAND Report Warns 1 year ago:
Bioweapons are essentially a solved problem already, “AI” or not. In the mid 20th century the USSR had enough weapons manufacturing capability through Biopreparat to kill every human on the planet in less than 30 days. In the 1920s France had enough poison gasses to kill every inhabitant of Europe at the time. America and Russia each still have enough thermonuclear warheads to kill 95% of the earth’s population in under 30 minutes. None of these are new technologies, literally all of this technology is 50-75 years old and hasn’t developed much since because you can’t do any better than “total annihilation”.
- Comment on Got an old Cisco enterprise modem/router. Anything fun I can use it for at home? 1 year ago:
The modern stuff uses signed bootloaders, ie secureboot. Afaik there’s no custom OS’s for C9k or Nexus gear.
- Comment on How can I spy on myself? 1 year ago:
SPAN port on the switch, send it all into a server running Suricata which can analyze, classify, and log all the traffic. Don’t run it in IPS mode online unless you’re willing to suffer a little…
- Comment on How do you backup your data? 1 year ago:
Device sync to nextcloud -> rsync data & db onto NAS -> nightly backup to rsync.net and quarterly offsite/offline HDD swaps.
I also copy Zoneminder recordings, configs, some server logs, and my main machine’s ~/ onto the NAS.
The offsite HDD is just a bog standard USB 4TB drive with one big LUKS2 volume on it.
It’s all relatively simple. It’s easy to complicate your backups to the point where you rely on Veeam checkpointing your ESXI disks and replicating incrementals to another device that puts them all back together… but it’s much better to have a system that’s simple and just works.
- Comment on Lyft and Uber say they will leave Minneapolis if the mayor signs a minimum wage bill for drivers 1 year ago:
Uber & Lyft drivers assume all the financial risk and responsibility for their car payment, maintenance, insurance, cleaning, health and dental insurance, etc. You’ll find that once you factor in the externalities the tech companies push into their workers, they don’t necessarily make good money at all.
- Comment on Looking for new router for home network. 1 year ago:
Could always whitebox it with Debian, nftables, dnsmasq, hostapd, etc. on an old mini PC if it has two NICs…
- Comment on HP printer USB port covered with warning sticker in hopes you won't use it | Boing Boing 1 year ago:
The original mastodon post that kicked off this controversy: haunted.computer/@netspooky/110832978569741892
- Comment on People are getting fed up with all the useless tech in their cars — For the first time in 28 years of JD Power’s car owner survey, there is a consecutive year-over-year decline in satisfaction, wit... 1 year ago:
Get a 2004-2009 car, yank the stereo out and throw an aftermarket headunit with android/carplay in. Best of both worlds!
- Comment on What Self-Hosted Single Sign-On (SSO) do you use? 1 year ago:
Keycloak is decent. It has its own built in user database, or it can connect to an “upstream” idp like AD, GitHub, google, fb, basically anything that speaks openid or SAML. Then, it can act as an idp to each service you run. It is a bit of a chore to configure, but compared to other SSO servers it’s pretty good (looking at you shibboleth)
- Comment on What are your opinions on this tool for home lab use? 1 year ago:
Wazuh is a neat tool, but it’s really just good old OSSEC bolted into Elasticsearch with some custom plugins and middleware. You can get nearly the same result by just shipping logs from ossec and osquery with a lot less complexity.