Max_P
@Max_P@lemmy.max-p.me
- Comment on What load balancers can do HA (preferably open source, web gui) 1 day ago:
What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.
When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.
- Comment on What are the benefits of a server having multiple public IP addresses? 2 days ago:
I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.
- Comment on What are the benefits of a server having multiple public IP addresses? 2 days ago:
Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.
It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.
Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.
One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.
- Comment on First time software set up help 2 weeks ago:
The performance is a good point. You can do the striped mirror with ZFS too and still get the advantages of ZFS.
I think you can do all of that through the Proxmox UI, but it shouldn’t be too hard to do on the CLI either. You just make two mirror sets and you’re good to go. ZFS should automatically distribute the load across the two mirrors.
- Comment on First time software set up help 2 weeks ago:
I’d probably do RAID-Z with ZFS rather than RAID10, better space utilization and better error correction. Should be able to easily set that up in the Proxmox web UI.
Everything else sounds good. Don’t worry too much about it, you will find things you wish you did differently regardless, that’s part of the learning experience.
- Comment on Stack Overflow seeks rebrand as traffic continues to plummet – which is bad news for developers 2 weeks ago:
The graph suggests it started declining well before AI became mainstream. I’m sure it accelerates it, but it had already long peaked.
- Comment on Stack Overflow seeks rebrand as traffic continues to plummet – which is bad news for developers 2 weeks ago:
Maybe, just maybe, most of the big questions have been asked and answered already.
These days when I look something up it’s been answered like 8 years ago, and the answer is still valid. And they aggressively mark questions as dupes, so people aren’t opening too many repeat questions.
- Comment on Can local LLMs be as useful and insightful as those widely available? 5 weeks ago:
want someone to prove his LLM can be as insightful and accurate as paid one.
The full DeepSeek model is available for download, and should generate about the same quality answers as the official one, with the bonus of less censorship. I pretty trivially got it to talk about the Tiananmen Square, and they can’t even ban me for it.
That said, that’s rarely the point. It’s usually because you can, a cost saving measure, sometimes you plainly just don’t need a good model, sometimes you want privacy, sometimes you need privacy at the cost of quality.
If your business is shoving customer reviews into a model, you really don’t need the best model for it to tell you how angry the customer is.
Personally I just do it for fun and because I can. Sometimes you just do things for no other reason than because you can.
- Comment on Turning the Tables: How to Make Spammers Reveal Their Own IP Address 1 month ago:
That base64 is so long, and doesn’t need to be. An IP address is 4 bytes so it could be represented as simply 8 hex digits (base64 also expands to 8 due to padding).
- Comment on Incremental backups to optical media: tar, dar, or something else? 1 month ago:
You can’t really easily locate where the last version of the file is located on an append-only media without writing the index in a footer somewhere, and even then if you’re trying to pull an older version you’d still need to traverse the whole media.
That said, you use ZFS, so you can literally just
zfs send
it. ZFS will already know everything that needs to be known, so it’ll be a perfect incremental. But you’d definitely need to restore the entire dataset to pull anything out of it, reapply every incremental one by one, and if just one is unreadable the whole pool is unrecoverable, but so would the tar incrementals. But it’ll be as perfect and efficient as possible, as ZFS knows the exact change set it needs to bundle up. It’s unidirectional, so that’s why you can justzfs send
into a file and burn it to a CD.Since ZFS can easily tell you the difference between two snapshots, it also wouldn’t be too hard to make a Python script that writes the full new version of changed files and catalogs what file and what version is on which disc, for a more random access pattern.
But really for Blurays I think I’d just do it the old fashioned way and classify it to fit on a disc and label it with what’s on it, and if I update it make a v2 of it on the next disc.
- Comment on Alternatives to Roku/AppleTV for Jellyfin Client 1 month ago:
Both use Linux under the hood. You can even install LineageOS on some TVs.
The only reason AndroidTV is bullshit is the manufacturers because casual users want shit like Netflix and Prime preinstalled. Google TV in particular comes with a lot of crap and the ads, which believe it or not some users take as a feature.
But that’s not inherent to Android TV as an OS, it’s exactly like Android phones and manufacturers preloading a bunch of crap to make an extra buck. If your run AOSP you get none of that crap, and it’s fully open-source.
- Comment on Moving from Cloudflare tunnels for media streaming, first plan didn't work out due to double NAT 2 months ago:
Yeah, that’s enough to not have it exposed directly. I understand why they did it that way but very good to know, thanks!
- Comment on Moving from Cloudflare tunnels for media streaming, first plan didn't work out due to double NAT 2 months ago:
I keep hearing claims that it’s not secure enough to be exposed on the Internet, but I can’t seem to find anything about unauthenticated vulnerabilities. It’s got a fair amount of CVEs but they all seem to affect when you’re an already authenticated user, mainly to XSS an admin as a regular user or the likes.
It’s written in C#, and publicly all you can do is pretty much attempt to log in, this feels like it should be pretty sane compared to some other PHP crap I run.
Do you have any examples of previous exploits or anything else to be concerned about?
- Comment on Do I really need a firewall for my server? 2 months ago:
Is it directly exposed over the Internet? If you only port forward the VPN on your router, I wouldn’t worry about it unless you’re worried about someone else already on your LAN.
And even then, it’s really more like an extra layer of security against accidentally running something exposed publicly that you didn’t intend to, or maybe you want some services to only be accessible via a particular private interface. You don’t need a firewall if you have nothing to filter in the first place.
A machine without a firewall that doesn’t have any open port behave practically the same from a security standpoint: nothing’s gonna happen. The only difference is the port showing as closed vs filtered in nmap, and the server refusing to send any response not even a rejection, but that’s it.
- Comment on [deleted] 2 months ago:
Ordered two drives from them, came in very well packaged and even included the PWDIS adapter. Very good deals. Could throw the box across the yard and the drives would probably survive.
- Comment on Starting to self host 2 months ago:
As a starting point. Are there any hardware recommendations for a toy home server?
Whatever you already have. Old desktop, even old laptop (those come with a built-in battery backup!). Failing what, Raspberry Pis are pretty popular and cheap and low power consumption, which makes it great if you’re not sure how much you want to spend.
Otherwise, ideally enough to run everything you need based on rough napkin math. Literally the only requirement is that the stuff you intend to run fits on it. For reference, my primary server which hosts my Lemmy instance (and emails and NextCloud and IRC and Matrix and Minecraft) is an old Xeon processor close to a third gen Intel i7 with 32GB of DDR3 memory, there’s 5 virtual machines on it (one of which is the Lemmy one), and it feels perfectly sufficient for my needs. I could make it work with half of that no problem. My home lab machine is my wife’s old Dell OptiPlex.
Speaking of virtual machines, you can test the waters on your regular PC by just loading whatever OS you choose in a virtual machine (libvirt if you’re on Linux, VirtualBox or VMware otherwise). Then play with it. When it works makes a snapshot. Continue playing with it, break it, revert to the last good snapshot. A real home server will basically be the same but as a real machine that’s on 24/7. It’s also useful to test things out as a practice run before putting them on your real server machine. It’s also give you a rough idea how much resources it uses, and you can always grow your VM until it fits and then know how much you need for the real thing.
Don’t worry too much about getting it right (except the backups, get those right, verify and test those regularly). You will get it wrong and eventually tear it down and rebuild it better what what you learn (or want to learn). Once you gain more experience it’ll start looking more and more like a real server setup, out of your own desire and needs.
- Comment on Starting to self host 2 months ago:
I feel like a lot of the answers in this thread are throwing a lot of things with a lot of moving parts: Unraid, Docker, YunoHost, all that stuff. Those all still require generally knowing what the hell a Docker container is, how to use them and such.
I wouldn’t worry about any of that and start much simpler than that: just grab any old computer you want to be your home server or rent a VPS and start messing with it. Just pick something you think would be cool to run at home. Anything you run on your personal computer you wish was up 24/7? Start with that.
Ultimately there’s no right or wrong way to do things. It’s all about that learning experience and building up that experience over time. You get good by trying out things, failing and learning. Don’t want to learn Linux? Put Windows on it. You’ll get a lot of flack for it maybe, but at the very least over time you’ll probably learn why people don’t use Windows for server stuff generally. Or maybe you’ll like it, that happens too.
Just pick a project and see it to completion. Although if you start with NextCloud and expose it publicly, maybe wait to be more comfortable with the security aspect before you start putting copies of your taxes and personal documents on it just in case.
What would you like to self host to get started?
- Comment on Mozilla is already revising its new Firefox terms to clarify how it handles user data 3 months ago:
They have no business collecting any data in the first place. If I wanted my data collected I’d be using Chrome like everyone else. I’m not choosing to use their buggy ass inferior and slower browser for any of Mozilla’s services, I’m choosing it because I want to support non-Chromium browsers and regain my privacy.
There’s no point whatsoever to using Firefox if it’s just a worse Chrome.
- Comment on is shadowbanning a thing on lemmy? 3 months ago:
Nope. The protocol is way too public for shadowbanning.
You can be banned by other instances than your home instance, when that happens no new post/comment from you will federate to that instance in particular but the others still sees it as normal.
- Comment on Qualcomm and Google team up to offer 8 years of Android updates 3 months ago:
Because phones are a mess of out of tree patches specific to that phone model with zero hope of being upstreamed into the Linux kernel without a cleaner rewrite because it’s not good, it’s made to work and nothing more.
It’s improved but companies like Qualcomm also used to basically drop the code to the manufacturers when the chip launches and then move on with little maintenance for the code and stop maintaining the code once the chip is not produced anymore. Manufacturers don’t have the expertise to maintain that forever nor the will, so you end up with a kernel that keeps aging and isn’t keeping up with Android and the community hasn’t been successful in integrating it all either.
Google’s been pushing hard for this to improve but they’re the only ones to even care. Samsung and others would much rather sell you a new phone.
- Comment on Why should someone join the Fediverse? 3 months ago:
Yeah the best campaigns I’ve seen for the Fediverse were reactionary to something happening on big socials: Lemmy when the API fiasco happened, Mastodon when Elon bought Twitter, recently Pixelfed to replace Instagram, and Loops the last 2 weeks before TikTok was about to get banned.
People don’t change because it’s better, they change because they’re pissed off at their current platform.
- Comment on Why should someone join the Fediverse? 3 months ago:
Good luck with “exhaustive” because people have different unique reasons to come to the fediverse. It would be a very long list.
For the average user I’d approach it with points that affects everyone:
- We can’t have a Twitter-style take over
- We can’t have a Reddit API disaster
- It’s distributed so while parts of the fediverse come and go, you’ll never lose the platform as a whole.
- It’s distributed geographically so one hostile country can’t silence information from other countries like Facebook and Twitter are doing.
- No algorithms designed to keep you scrolling forever
- No ads or commercial content being pushed by the algorithm
- Loads of choices for instances and moderation style for everyone’s taste.
- Users get to choose how they want to browse and with which apps: you’re not stuck with the latest crappy redesign you hate. You’ll never be forced to have reels and stories in your feed if you don’t want that.
- Not controlled by big corporations like Meta and Google, but rather the community for the community.
- If you have sensitive communities you can own the servers to ensure it’s survival in situations where Facebook would immediately ban that page/group.
- No bullshit AI products shoved in your face like Grok or Reddit Answers.
- You as a user are in control of what you see and don’t see.
- No advertiser friendly content policies forcing you to use stupid words like “unalive”, “pewpew”, “corn” or algorithmic downprioritization because you swore.
- If you prefer to browse Instagram-like, you still get to see Twitter-like post, and you friends can see your photos from a Twitter-like interface. Or you can have a Twitter-like interface and interact with Reddit-like posts on Lemmy.
It’s harder to onboard and figure out by the common people but it would be the final platform switch. You may move instances over time but you will never be left looking for a new platform because the old one enshittified. You just move to an instance that hasn’t, done.
- Comment on Why did Microsoft use Windows 3.1 for the Windows 95 setup? 3 months ago:
It does work with plain VGA still, it’ll even use 32 CPU cores to render that. It is still pretty slow though, slower than RDP into the same VM even.
The old stuff just runs great for a minimal bootstrap environment. It’s there, might as well use it instead of designing a stripped down Windows 11 UI just for the installer.
It’s all there in the final install too, if you kill dwm you’ll get those same Vista decorations (and broken modern apps).
- Comment on Why did Microsoft use Windows 3.1 for the Windows 95 setup? 3 months ago:
While they do use Windows PE for modern versions of Windows, it still often looks like the previous version. Windows 8 all the way to pre-24H2 Windows 11 have Windows Vista basic decorations in the installer, like they basically never updated the installer environment.
- Comment on USA | White House bans AP journalists from Oval Office amid continued Gulf dispute 3 months ago:
Imagine the outrage if the democrats banned Fox News from the white house press conferences.
That simple question would solve so many problems… Would you be outraged if your opponent did what you’re doing? If yes, then it’s fucking bad.
- Comment on Google abandons 'do no harm' AI stance, opens door to military weapons 3 months ago:
A computer can never be held accountable, therefore a computer must never make a management decision.
IBM, in 1979.
This is wide open to send a nuke on allies and blame the AI.
- Comment on Changes to Lemmy/PieFed to adjust to living under fascism 3 months ago:
No idea, never used it, I just happen to know it exists.
- Comment on Changes to Lemmy/PieFed to adjust to living under fascism 3 months ago:
You probably want something like Aether instead of the fediverse: getaether.net
It’s peer to peer, encrypted, anonymous, ephemeral and all that.
- Comment on Changes to Lemmy/PieFed to adjust to living under fascism 3 months ago:
The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.
End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
That could work probably, it’s a lot of work and will break interoperability but could be done. You’d still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.
Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
There’s a fair amount of instances already that will let you sign up with a disposable email
Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don’t because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.
Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
That’d be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.
Ephemeral content: auto-deleting posts, messages, etc after a set period.
As an admin, I can literally just restore last month’s backup and undelete everything that got deleted. If someone’s seen it, you must assume it can at minimum have been screenshot.
Instance chooser that flags which instances are in unsafe countries.
Anyone can get a VPS in just about any country, so you’d have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.
Once again however users have plenty of choices already for that, if you trust your instance’s admins.
Defederate from instances in unsafe countries?
Same as previous point. Plus, one can still use the API to fetch the content anyway.
Better opsec around instance owners, admins and moderators
Also pretty hard to enforce.
You probably want something like Aether: getaether.net
- Comment on Is lemmy slow for anyone else? 4 months ago:
Lemmy is decentralized, there is no singular Lemmy as a whole unless you’re talking specifically about the server software. As a user you interact with your home instance, in your case lemmy.world.
Most connectivity problems and slowdowns are instance-specific unless you’re talking about a federation problem specifically, for example you posted but it doesn’t show up on other instances, that’s a problem between your instance and the community’s instance.
In your case you most likely just hit something on lemmy.world’s side. Lemmy as a whole is way too small for them to even care about it.