Max_P
@Max_P@lemmy.max-p.me
- Comment on Tunnel app for my openwrt home server 23 hours ago:
If you want FRP, why not just install FRP? It even has a LuCI app to control it from what it looks like.
OpenWRT page showing the availability of FRP as an app
NGINX is also available at a mere 1kb in size for the slim version, full version also available as well as HAproxy. Those will have you more than covered, and support SSL.
Looks like there’s also acme.sh support, with a matching LuCI app that can handle your SSL certificate situation as well.
- Comment on Google now offers ‘web’ search — and an AI opt-out button 1 day ago:
It would be nice if they’d make “web” search the good old keyword search we used to have that made Google good, now that normies will just use the AI search and it doesn’t have to care about natural language anymore.
- Comment on [Open to workshopping] PSA for reporting best practices 2 days ago:
Kbin is an example. But just due to the nature of the protocol, it has to be stored somewhere but Lemmy also just lets admins view all the individual votes directly in the UI.
- Comment on Mods, what tips or etiquette do you recommend for reporting? 3 days ago:
That’s fine to do once you’ve reported it: you’ve done your part, there’s no value still seeing the post it’s gonna get removed anyway.
- Comment on Mods, what tips or etiquette do you recommend for reporting? 3 days ago:
Still report as well, it sends emails to the mods and the admins. Just make sure it’s identifiable at a glance, like just type “CSAM” or whatever 1-2 words makes sense. You can add details after to explain but it needs to be obvious at a glance, and also mods/admins can send those to a special priority inbox to address it as fast as possible. Having those reports show up directly in Lemmy makes it quicker to action or do bulk actions when there’s a lot of spam.
It’s also good to report it directly into the Lemmy admin chat on Matrix as well afterwards, because in case of CSAM, everyone wants to delete it from their instance ASAP in case it takes time for the originating instance to delete it.
- Comment on Nearly all Nintendo 64 games can now be recompiled into native PC ports to add proper ray tracing, ultrawide, high FPS, and more 4 days ago:
The quality of what the community is doing vs what they shipped with NSO especially on launch is laughable.
Native OoT and MM on the switch would have been really sick. Instead they went with 90s level of emulator quality.
- Comment on Self-hosted website for posting web novel/fiction 5 days ago:
Wordpress or some of its alternatives would probably work well for this. Another alternative would be static site generators, where you pretty much just write the content in Markdown.
It’s also a pretty simple project, it would be a great project to learn basic web development as well.
- Comment on mymasturbators 6 days ago:
Nothing hotter than a giant electric fleshlight whirring away as you get off.
I saw one in a sex shop, it looks like such a chore to get going and clean up afterwards. Hands are so much easier to clean, and readily available anywhere anytime.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 week ago:
Adding routes for other thing on the network the clients can reach directly and remove some load from the router. For example, reaching another office location through a tunnel, you can add a route to 10.2.0.0/16 via 10.1.0.4 and the clients will direct the traffic directly at the appropriate gateway.
Arguably one should design the network such that this is not necessary but it’s useful.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 week ago:
The attack vector here seems to be public WiFi like coffee shops, airports, hotels and whatnot. The places you kinda do want to use a VPN.
On those, if they’re not configured well such as coffee shops using consumer grade WiFi routers, an attacker on the same WiFi can respond to the DHCP request faster than the router or do an ARP spoof attack. The attacker can proxy the DHCP request to make sure you get a valid IP but add extra routes on top.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 week ago:
Most VPN providers don’t use DHCP. OpenVPN emulates and hooks DHCP requests client-side to hand the OS the IP it got over the OpenVPN protocol in a more standard way (unless you use Layer 2 tunnels which VPN providers don’t because it’s useless for that use case). WireGuard doesn’t support DHCP at all and it always comes from configuration.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 week ago:
Some providers have managed to make split tunnelling work fine so those I suspect are not affected because they override the routing at the driver level. It’s really only the kinda lame OpenVPN wrappers that would be affected. When you have the custom driver, you can affect the routing. It’s been a while since I’ve tested this stuff on Windows since obviously I haven’t been paid to do that for 6 years, but yeah I don’t even buy that all providers are affected and that it’s unfixable. We had workarounds for that when I joined PIA already so it’s probably been a known thing for at least a decade.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 week ago:
That’s why half decent VPN apps also add firewall rules to prevent leakage. Although nothing can beat Linux and shoving the real interface in a namespace so it’s plainly not available to anything except the VPN process.
- Comment on Please Don’t Share Our Links on Mastodon: Here’s Why! | itsfoss.com 1 week ago:
Masquerading a normal looking link for another one, usually phishing, malware, clones loaded with ads.
Like, lets say I post something like
[https://www.google.com)(www.bing.com)
And also have my instance intercept it to provide Google’s embed preview image, and it federates that with other instances.
Now, for everyone it would look like a Google link, but you get Microsoft Google instead.
I could also actually post a genuine Google link but make the preview go somewhere else completely, so people may see the link goes where they expect even when putting the mouse over it, but then they end up clicking the preview for whatever reason. Bam, wrong site. Could also be a YouTube link and embed but the embed shows a completely different preview image, you click on it and get some gore or porn instead. Fake headlines, whatever way you can think of to abuse this, using the cyrillic alphabet, whatever.
People trust those previews in a way, so if you post a shortened link but it previews like a news article you want to go to, you might click the image or headline but end up on a phony clone of the site loaded with malware. Currently, if you trust your instance you can actually trust the embed because it’s generated by your instance.
On iMessage, it used that the sender would send the embed metadata, so it was used for a zero click exploit by sending an embed of a real site but with an attachment that exploited the codec it would be rendered with.
- Comment on Please Don’t Share Our Links on Mastodon: Here’s Why! | itsfoss.com 1 week ago:
Even without Cloudflare, simple NGINX microcaching would help a ton there.
It’s a blog, it doesn’t need to regenerate a new page every single time for anonymous users. There’s no reason it shouldn’t be able to sustain 20k requests per second on a single server. Even a one second cache on the backend for anonymous users would help a ton there.
They have Cloudflare in front, the site should be up with the server being turned off entirely.
- Comment on Please Don’t Share Our Links on Mastodon: Here’s Why! | itsfoss.com 1 week ago:
There’s some problem with a federated previews: tricking one instance into generating the wrong preview would spread to every instance. It’s been exploited for malware and scam campaigns in message apps.
- Comment on Is Android increasingly inconsistent? 2 weeks ago:
That varies wildly between manufacturers and ROMs. AOSP and consequently LineageOS have consistently been pretty clean. I have apps running in the background for literal weeks at a time. KDE Connect never fails, Linphone is solid on one of my devices and also stays connected for weeks at a time.
Then there’s Xiaomi and Samsung which seems to be competing for who’s got the worst software imaginable. People keep saying it’s better and the TouchWiz days are over but I’ve yet to pick up a Samsung and not go “ewww” at it.
Pixels are okay but there’s nothing like a bloatware free custom ROM. No AI garbage, just plain basic Android.
The problem is essentially, most people don’t buy phones for the specs, they buy them for the fancy stupid features the manufacturers keep pushing to distinguish themselves. For 99% of the people, that’s effectively all bloat. Samsung in particular seems to do everything possible to pretend it’s not really Google’s Android but Samsung’s Android. Everything is different for the sake of looking different. Developers despise Samsung because their apps works well on every phone except Samsung because it’s “special”.
- Comment on How RCS on iPhone Will Make Texting Better for Everyone 2 weeks ago:
They also block rooted Android users intentionally, completely silently, at least when using Google’s RCS servers. The message just doesn’t send and is automatically deemed spam if you don’t pass PlayIntegrity. And the only RCS capable app is Google’s Messages, third party apps can only access SMS and MMS functionnality.
So yeah, fuck RCS really. Apple was right on that one. It won’t fix messaging, it just puts it in Google’s hands unless carriers finally decide to roll out real RCS instead of relying on Google to provide it.
Third party apps had that resolved a decade ago, and Signal is just plain better.
- Comment on Proxmox Disk Performance Problems 2 weeks ago:
It could be a disk slowly failing but not throwing errors yet. Some drives really do their best to hide that they’re failing. So even a passing SMART test I would take with some salt.
I would start by making sure you have good recent backups ASAP.
You can test the drive performance by shutting down all VMs and using tools like fio to do some disk benchmarking. It could be a VM causing it. If it’s an HDD in particular, the random reads and writes from VMs can really cause seek latency to shoot way up. Could be as simple as a service logging some warnings due to junk incoming traffic, or an update that added some more info logs, etc.
- Comment on [Help] Which modules for BTRFS or ZFS setup with Ansible? 2 weeks ago:
There’s always the command escape hatch. Ultimately the roles you’ll use will probably do the same. Even a plugin would do the same, all the ZFS tooling eventually shells to the zfs/zpool, probably same with btrfs. Those are just very complex filesystems, it would be unreliable to reimplement them in Python.
We use tools to solve problems, not make it harder for no reason. That’s why command/shell actions exist: sometimes it’s just better to go that way.
You can always make your own plugin for it, but you’re still just writing extra code to eventually still shell out into the commands and parse their output.
- Comment on Why is replacement for home device controls so complicated? 2 weeks ago:
Even then, those requirements are easily satisfied by a Raspberry Pi and most other SBCs out there. Seems rather reasonable to dedicate one to HA. It’s not too crazy when you take into consideration how powerful cheapo hardware can be these days.
- Comment on Qualcomm benchmarking controversy: What's happening? 2 weeks ago:
That’s fine, the stock is up this quarter with all the hype, they’ll deal with the next quarter when it comes.
This reeks of “make a chip better than Apple’s or y’all are fired” and the ensuing lies throughout the company about the actual performance of the chip to appease management.
- Comment on ByteDance prefers TikTok shutdown in US if legal options fail, sources say 3 weeks ago:
It’s obviously pretty valuable. How would we feel if say, China decided Microsoft/Google/AWS/Oracle had to sell to a Chinese company on the grounds of national security? They’d rather pull out too, despite China being a very large market too. Or what happens if other countries starts demanding the same?
Pretty sure ByteDance would rather keep their IP.
And if they sell, do they keep the rights for the other countries or it belongs to the US now?
- Comment on How much maintenance do you find your self-hosting involves? 3 weeks ago:
Very minimal. Mostly just run updates every now and then and fix what breaks which is relatively rare. The Docker stacks in particular are quite painless.
Couple websites, Lemmy, Matrix, a whole email stack, DNS, IRC bouncer, NextCloud, WireGuard, Jitsi, a Minecraft server and I believe that’s about it?
I’m a DevOps engineer at work, managing 2k+ VMs that I can more than keep up with. I’d say it varies more with experience and how it’s set up than how much you manage. When you use Ansible and Terraform and Kubernetes, the count of servers and services isn’t really important. One, five, ten, a thousand servers, it matters very little since you just run Ansible on them and 5 minutes later it’s all up and running.
- Comment on [Question] If I selfhost a privacy frontend on cloud, wouldn't the original service get my server IP and track back to me? 3 weeks ago:
Seems like a decent start! My recommendation is pick something you’ll actually use, so you actually want to keep that VPS going, if for you that’s silver bullet then have fun!
NextCloud is relatively easy to get going and useful for sharing files. I find it convenient combined with KeePass/KeePassDX so my passwords are synchronized are nice and safe although I’m considering an upgrade to BitWarden.
Matrix is also reasonably easy to set up and you can set up bridges to just about anything.
I also have my own emails but that’s a special kind of hell for beginning with loads of things entirely out of your control.
- Comment on [Question] If I selfhost a privacy frontend on cloud, wouldn't the original service get my server IP and track back to me? 4 weeks ago:
Depends what it does.
Lets say you run a Reddit/Twitter/YouTube proxy. Yeah, the services ultimately still get your server’s IP, but you will just appear as coming from some datacenter somewhere, so while they can know it’s your traffic, they can’t track you on the client side frontend and see that you were at home (and where your home is), then you went on mobile data and then ended on a guest WiFi, then at some corporate place. The server is obfuscating all of that. And you control the server, so your server isn’t tracking anything.
The key to those services being more private is actually to have more people using them. Lets say now you have 10 people using your Invidious instance. It’ll fudge your watch pattern a fair bit, but also any watched video could be from any of the 10 users. If they don’t detect that, they’ve made a completely bogus profile that’s the combination of you and your 10 users.
You can always add an extra layer and make it go through a VPN or Tor, but if you care that much you should already always be on a VPN anyway. But it does have the convenience that you can use it privately even without a VPN.
A concrete example. I run my own Lemmy server. It’s extremely public but yet, I find it more private that Reddit would. By having my own server, all of my client-side actions are between me and my server. Reddit on the other hand can absolutely log and see every interaction I have with their site, especially now that they’ve killed third-party apps. It knows every thread I open, it can track a lot of my attention. It knows if I’m skimming through comments or actually reading, everything. In contract, the fediverse doesn’t know what I actually read: my server collects everything regardless. On the other hand, all my data including votes is totally public, so I gain privacy in a way but lose some the other way.
Privacy is a tradeoff. Sometimes you’re willing to give away some information to protect other.
For selfhosting as a whole, sure some things are just frontends and don’t give you much like an Invidious instance, but others can be really good. NextCloud for example, I know my files are entirely in my control and get a similar experience to using Google Drive: I can browse my stuff from anywhere and access my files. I have my own email, so nobody can look at my emails and give me ads based on what newsletter I get.
It doesn’t have to be perfect, if it’s an improvement and gets you into selfhosting more stuff down the line, it’s worth it.
- Comment on Broadcom throws VMware customers on perpetual licenses a lifeline 4 weeks ago:
The ad I got there is hilarious in context:
- Comment on [deleted] 4 weeks ago:
join-lemmy.org/docs/contributors/04-api.html
Lemmy is the API, it’s always there. The web UI is just a client like any others and makes use of the Lemmy API. So you can just call the API to register an account, reset password, log in, everything. You don’t need to register tokens or apps, you just log into your account and get a session token and you’re good to go!
That makes it easy to discover the API as well, since you can just open your browser’s devtools and inspect the network requests. It’s the same API, so you can just go ahead and implement the same in your code. No second class clients for Lemmy, they all use the same public API.
Plus of course it also implements the ActivityPub APIs for federation, also which doesn’t require registration or anything special.
- Comment on [Help] Moving Hardware RAID drives between x3650 servers 4 weeks ago:
Do you have spare drives to test? Can be really small or mismatched, it’s just for testing.
The idea is as follows: make the exact same RAID with the old controller on test drives, then put them in the target controller with hopefully the same settings and see if it’s happy. Make sure to have some large files with known checksums on it, just to test if the data is correct and not corrupted in subtle ways.
If it works, then it should work with the real drives. If it doesn’t, good luck.
Also RAID 1 with 6 drives doesn’t really make sense. RAID 1 would be mirrors, and if your data had 6 copies I think you’d care way too much about your data to even consider doing this. Probably RAID 5/6/10, which adds parity and striping to the mix which does significantly increase the chances of incompatibility.
- Comment on Pause alerts during the night 4 weeks ago: