ninjan

@ninjan@lemmy.mildgrim.com

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Bear Twerk⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
The things you could easily do with that video if you had a higher res version seeing as the pole is a very distinct color…
⁨Comment⁩ on ⁨Appreciation / shock at workplace IT systems⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Tell them to move to yubikey or similar hardware key which is far more secure than any password policy will ever be and vastly more user friendly. Only downside is the intense shame if you manage to lose it.

The key should stick with the user thus not be stored with the computer when not in use. The key isn’t harmless of course but it takes a very deliberate targeting and advance knowledge about what it goes to and how it can be used. It’s also easy to remote revoke. If you’re extra special paranoid you could of course store the key locked at a separate site if you want nuclear codes levels of security.
⁨Comment⁩ on ⁨Amazon "search through reviews" is blindly just running an AI model now⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
I wonder if you can make it “green wash” which is forbidden under EU law… Though what I can see the “feature” doesn’t seem available where I’m at. Likely because the risk it will do something illegal is too great.
⁨Comment⁩ on ⁨Let it rip⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
That kid has serious swagger, real stand user energy
⁨Comment⁩ on ⁨I love Home Assistant, but...⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
I think a VPS and moving to NetBird self hosted would be the simplest solution for you. $5 per month gives you a range of options and you can go even lower with things like yearly subscriptions. That way you get around the subdomain issue, you get a proper tunnel and can proxy whatever traffic you want into your home.

As for control scheme for your home automation you’ll need to come up with something that fits you but I strongly advise against letting users into Home Assistant. You could build a simple web interface that interacts via API with HA, through Node-Red is super simple if it seems daunting to build the API.

If a RPi 4 is what you’ve got and that’s it then I guess you’re kinda stuck for the time being. Home Assistant is often quite lightweight if you’re not doing something crazy so it runs well on even a RPi 3, same with NAS software for home use, it too works fine on a 3. If SBC is your style my recommendation is to setup an alert on whatever second hand sites operate in your area and pick up a cheap one to allow you to separate things and make the setup simpler.
⁨Comment⁩ on ⁨Paying people to work on open source is good actually⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Amen
⁨Comment⁩ on ⁨I love Home Assistant, but...⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
That’s one part of it, but the other is that there’s no proper way to ensure you won’t cause issues down the line and it makes the configuration unclean and harder to maintain.

It also makes your setup dependent on seemingly unrelated things. Like the certificate for the domain which is some completely different applications problem but will break your Home Assistant setup all the same. That dependency issue can be a nightmare to troubleshoot in some instances, especially when it comes to stuff like authentication. Try doing SSO towards two different applications running on different subpaths on the same domain…
⁨Comment⁩ on ⁨I love Home Assistant, but...⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
I can’t grasp your use case I feel, pretty much all your complaints seem… odd. To me at least.

First subdomain. I think HA is completely right that proxy with a subpath is basically an anti-pattern that just makes things worse for you and is always a bad idea (with very few exceptions).

As for your tunnel I don’t know how you’ve set it up and I haven’t used tailscale but them only allowing one domain sounds like a very arbitrary limit, is it something that costs money to add? I use NetBird which I selfhost on my VPS and from there tunnel into my much beefier home setup.

Then docker in HAOS. The proper way I feel of running HA is for sure HAOS, and also running it in its own VM / or on dedicated hardware. This because you will likely need to couple additional hardware like a stick providing support for more protocols like ZigBee or Matter. It really isn’t a good solution for running all your self hosted stuff, and wasn’t ever intended to be. Running Plex in HA for instance is just a plain bad idea, even if it can be done. As such the need for an external drive seems strange as well. If you need to interact with storage you should set up a NAS and share over SAMBA. All this to say that HA should be one VM/Device, your docker environment another VM.

As for authentication there are 10k plus contributors to Home Assistant yearly but very few bother to make authentication more streamlined. I would’ve loved OpenID/OAuth2 support natively but there are ways to do so with custom components and in the end I quite strongly feel that if the end-users of your smarthome setup (i.e. the wife and kids) need to login to Home Assistant then you’ve probably got more work to do. Remote controls which interact with HA handle the vast majority of manual interaction and I’ve dabbled with self-hosted voice interfaces for the more complex operations.

Sorry if this came across as writing you on the nose, that’s not my intention. I just suspect you’re making things harder for yourself and maybe have a strange idea around how to selfhost in general?
⁨Comment⁩ on ⁨Cloud Hosted VMs⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Well, as someone also self-hosting email I agree with his solutions but he paints a picture of how bad it is that I feel is a bit exaggerated. But then again I host for myself and my family, I suspect it gets a bit different when you have many users and send hundreds of mail per day.

Only one I’ve had trouble with it Microsoft, they’re the strictest and you need to get some support from them to make it work reliably. Google has an automated service.
⁨Comment⁩ on ⁨10 Commandmends for a digital age⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
So no ads, sure, but then you need a commandment about paying for what you consume. Since otherwise, if we all followed the commandments, we’d be out of content right quick since you can’t make a living producing it.
⁨Comment⁩ on ⁨Draftposting⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Far more likely to actually get you out of service
⁨Comment⁩ on ⁨Today's date is impossible according to Google Gemini⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
EU favoritism of Microsoft? The same EU that fined Internet Explorer basically out of existence?

If anything it’s Microsofts much savvier handling of their AI policies that make them less of a target. Copilot is very clear that they aren’t entitled to use your data to train the base model, which is in stark contrast to OpenAIs agreement and Googles which basically say that anything entered into them is fair game for them to use to train.
⁨Comment⁩ on ⁨multimedia manager by series⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Yeah exactly, if they have decent APIs or you can scissor out the content via iframes or something. Not really a web developer so I probably ain’t makin’ sense.
⁨Comment⁩ on ⁨multimedia manager by series⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Doesn’t sound like it’s own “product” to be honest. I’d probably look at an alternative presentation layer that can present what’s in Jellyfin and also supports being the presentation layer for the top solutions for books, comics etc. If nothing like that exists I think there are people that would be interested in a unified media presenter. It doesn’t even need to actually play the media, just link to it.
⁨Comment⁩ on ⁨Fact⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Valid point. Unlike other billionaires with public companies connected to them Taylor Swift’s net worth is here value up until this point, what she has generated. There is no pricing in of future potential like what made the Tesla and Nvidia stock absolutely explode (and by that their respective stakeholders net worth). I hadn’t thought of that.
⁨Comment⁩ on ⁨Fact⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Sure, if we’re talking work as in compensation per hour. But we aren’t here. She’s a product (as in Taylor Swift the artist is, not Taylor Swift the person naturally) and thus can be sold in quantities only limited by the amount of people on our planet that can afford to buy her music/merch/tickets etc. For me as a consultant to make a billion just isn’t possible, but if I start a company selling something which isn’t limited like the amount of hours in a day then… Yeah no, I don’t have it in me to become a billionaire. But you get the picture I hope.
⁨Comment⁩ on ⁨Fact⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
The only surprising thing here really is that Swift isn’t worth substantially more. She’s been the top pop music act for a decade now and has been uncommonly business savvy so I was really expecting that figure to be at least the double.
⁨Comment⁩ on ⁨That adds up⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Hmm. Superman and Spiderman do have a catalog of stories in which they’ve got relationships. Unsure about Batman though.
⁨Comment⁩ on ⁨Hmmm...⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
I feel like a tween with embarrassing parents when it comes to the human race. “I’m not with them!!!” Is what I’ll scream when the aliens come…
⁨Comment⁩ on ⁨text don't call⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Sounds like the average lemming! One of us!
⁨Comment⁩ on ⁨The world's smallest PNG⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
I absolutely love this style of blogposts! Thanks for sharing!
⁨Comment⁩ on ⁨Setting Up a Secure Tunnel Between Two Machines⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Yeah, I was just confused about the direction/flow he was asking for. He clarified and his use case is fully solvable. Just not something I’ve personally dabbled in since he wants it for non http traffic.
⁨Comment⁩ on ⁨Setting Up a Secure Tunnel Between Two Machines⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Well thats just a normal proxy then. In my setup I use Caddy to send traffic through the NetBird managed wireguard tunnel to my home machine that runs Jellyfin but for any outside observer it look like it’s my VPS that is serving Jellyfin.
⁨Comment⁩ on ⁨Setting Up a Secure Tunnel Between Two Machines⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
You want to group by IP in grafana and not using http traffic? Why not group on data or metadata in what is being sent which is the common approach?
⁨Comment⁩ on ⁨Setting Up a Secure Tunnel Between Two Machines⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
If you can fool the Internet that traffic coming from the VPS has the source IP of your home machine what stops you from assuming another IP to bypass an IP whitelist?

Also if you expect return communication, that would go to your VPS which has faked the IP of your home machine. That technique would be very powerful to create man in the middle attacks, i.e. intercepting traffic intended for someone else and manipulating it without leaving a trace.

IP, by virtue of how the protocol works, needs to be a unique identifier for a machine. There are techniques, like CGNAT, that allows multiple machines to share an IP, but really it works (in simplified terms) like a proxy and thus breaks the direct connection and limits you to specific ports. It’s also added on top of the IP protocol and requires specific things and either way it’s the endpoint, in your case the VPS, which will be the presenting IP.
⁨Comment⁩ on ⁨Setting Up a Secure Tunnel Between Two Machines⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Preserve the source IP you say, why?

The thing is that if you could (without circumventing the standards) do so then that implies that IP isn’t actually a unique identifier, which is needs to be. It would also mean circumventing whitelists / blacklists would be trivial (it’s not hard by any means but has some specific requirements).

The correct way to do this, even if there might be some hack you could do to get the actual source IP through, is to put the source in a ‘X-Forwarded-For’ header.

As for ready solutions I use NetBird which has open source clients for Windows, Linux and Android that I use without issues and it’s perfectly self-hostable and easy to integrate with your own IDP.
⁨Comment⁩ on ⁨What should I use my RPi4⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Cool, but I’m guessing that ain’t especially cheap right? I pay $60 a year for 4 cores and 8 GB RAM (400 gb storage). Which I consider a pretty OK price. $5 a month.
⁨Comment⁩ on ⁨Public DNS server with gui⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
… Touché
⁨Comment⁩ on ⁨Looking for a job as backend developer, a Sankey diagram⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Congratulations on the job, hope you find it tolerable and that it pays well!
⁨Comment⁩ on ⁨Public DNS server with gui⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Only doing resolution for your own domain and dnssec solve pretty much all those issues and is pretty darn easy.

And I did say that the web gui is what you need to lock down, DNS has no vulnerabilities exploitable through port 53 that lets an attacker take control of the server.