Soon: when you pause a video, it starts playing a video ad with audio, to make sure no silence time gets wasted from your speakers.
Soon: when you pause a video, it starts playing a video ad with audio, to make sure no silence time gets wasted from your speakers.
Ethernet splitter
What kind of splitter? Not a hub or switch, just a passive splitter?
Those do exist to do 4x 100M links on a single pair each, but you can’t just plug those into a router or switch and get 4 ports, it still needs to eventually terminate as 4 ports on both ends.
If you’re behind Cloudflare, don’t. Just get an origin certificate from CF, it’s a cert that CF trust between itself and your server. By using Cloudflare you’re making Cloudflare responsible for your cert.
There’s also Cockpit if you just want a basic UI
And the instance’s sidebar:
A lemmy server for, but not limited to, leftists in the Midwest USA
Less and less about OpenAI is actually… open at all.
If you can find where the antenna is, you can cover it with some metal tape to kill the signal. Or wrap the whole thing on a metal cage or foil, basically put the thing in a faraday cage.
I have a feeling they’d put the antenna in the front panel though, so that solution may not be super aesthethic if that’s the case.
If you’re careful and just disconnect the antenna properly such that you can plug it back in it should be okay.
I have both. I find that YouTube Music has a much better algorithm, but the app really does sucks, although at least it doesn’t crash for me. Spotify’s app is a lot more polished (although lately it too has started to enshittify), but the music discovery is a bit lacking. Audio quality is better on Spotify, YTM just sounds compressed to be as loud as possible.
I believe you, but I also very much believe that there are security vendors out there demonizing LE and free stuff in general. The more expensive equals better more serious thinking is unfortunately still quite present, especially in big corps. Big corps also seem to like the concept of having to prove yourself with a high price of entry, they just can’t believe a tiny company could possibly have a better product.
That doesn’t make it any less ridiculous, but I believe it. I’ve definitely heard my share of “we must use $sketchyVendor because $dubiousReason”. I’ve had to install ClamAV on readonly diskless VMs at work because otherwise customers refuse to sign because “we have no security systems”. Everything has to be TLS encrypted, even if it goes to localhost. Box checkers vs common sense.
LetsEncrypt certs are DV certs. That a put a TXT record for LetsEncrypt vs a TXT record for a paid DigiCert makes no difference whatsoever.
I just checked and Shopify uses a LetsEncrypt cert, so that’s a big one that uses the plebian certs.
Neither does Google Trust Services or DigiCert. They’re all HTTP validation on Cloudflare and we have Fortune 100 companies served with LetsEncrypt certs.
I haven’t seen an EV cert in years, browsers stopped caring ages ago. It’s all been domain validated.
LetsEncrypt publicly logs which IP requested a certificate, that’s a lot more than what regular CAs do.
I guess one more to the pile of why everyone hates Zscaler.
Because it’s too flexible, and assumes everyone has source code to glue it all together. There’s endless choices you can make to have a functional system.
That’s just the basics to make it to a desktop. Now there’s some stuff to help that a lot, like Flatpak which aims to provide a known base system for apps to target. The portals help get access to resources with varying backends. PipeWire supports pretty much every audio protocol in existence so that’s alright. Flatpak is a pretty good standard/ABI to target. For server software we have similar things in the form of Docker and Podman. But all of these solutions are basically “lets just ship the distro with the software”.
The only really standard interface is the Linux kernel’s public interface. If you’re writing a driver, you better be ready to maintain it because stuff moves around a lot internally, the kernel doesn’t care not to break out of tree modules. Go makes use of the stable kernel API and skips the libc entirely, so Go binaries are usually fairly portable as long as the kernel is somewhat sane.
The only real standard you can target is POSIX, which is fine if you’re writing CLI or server software, but if you want to write GUIs, you just have to make choices. Most Linux stuff runs fine on FreeBSD too, they have Wayland, PipeWire and Mesa there too, so technically at this point you’re not even targetting Linux per-se, more like generally POSIX-y systems with software that’s just very commonly used and target that.
On Windows and Mac, you have what Microsoft/Apple provides and if you want anything else you bring it yourself. However, technically you can install PulseAudio on those, install an X server (Xming, Xquartz), run most DEs in there, run browsers and quite a bit of Linux-y stuff, natively on Windows and Mac in their respective binary formats.
The thing with FOSS is there isn’t a single standard it targets, we just port everything to everything as needed. The closest thing we have to a standard is targeting specific versions of specific distros, usually Debian/Ubuntu or RHEL and derivatives because that’s what the enterprise customers that pays for the development tends to run. That’s why Davinci Resolve is a pain to run on anything other than Rocky Linux. Thankfully, it’s also just software and dependencies, so if you just give it everything it uses from Rocky, it’ll work just fine on other distros. And that’s why source code is important: you can make everything work with everything with enough time and patience. That’s what powers the ecosystem.
Probably mostly a carryover from Reddit where it’s an either one or the other kind of deal.
That’s more of a general DevOps/server admin steep learning curve than Vaultwarden’s there, to be fair.
It looks a bit complicated at first as Docker isn’t a trivial abstraction, but it’s well worth it once it’s all set up and going. Each container is always the same, and always independent. Vaultwarden per-se isn’t too bad to run without a container, but the same Docker setup can be used for say, Jitsi which is an absolute mess of components to install and make work, some Java stuff, and all. But with Docker? Just docker compose up -d
, wait a minute or two and it’s good to go, just need to point your reverse proxy to it.
Why do you need a reverse proxy? Because it’s a centralized location where everything comes in, and instead of having 10 different apps with their own certificates and ports, you have one proxy, one port, and a handful of certificates all managed together so you don’t have to figure out how to make all those apps play together nicely. Caddy is fine, you don’t need NGINX if you use Caddy. There’s also Traefik which lands in between Caddy and NGINX in ease of use. There’s also HAproxy. They all do the same fundamental thing: traffic comes in as HTTPS, it gets the Host header from the request and sends it to the right container as plain HTTP. Well it doesn’t have to work that way specifically but that’s the most common use case in self hosted.
As for your backups, if you used a Docker compose file, the volume data should be in the same directory. But it’s probably using some sort of database so you might want to look into how to do periodic data exports instead, as databases don’t like to be backed up live since the file is always being updated so you can’t really get a proper snapshot of it in one go.
But yeah, try to think of it as an infrastructure investment that makes deploying more apps in the future a breeze. Want to add a NextCloud? Add another docker compose file and start it, Caddy picks it up automagically and boom, it’s live and good to go!
Moving services to a new server is also pretty easy as well. Copy over your configs and composes, and volumes if applicable. Start them all, and they should all get back exactly in the same state as they were on the other box. No services to install and configure, no repos to add, no distro to maintain. All built into the container by someone else so you don’t have to worry about any of it. Each update of the app will bring with it the whole matching updated OS with the right packages in the right versions.
As a DevOps engineer we love the whole thing because I can have a Kubernetes cluster running on a whole rack and be like “here’s the apps I want you to run” and it just figures itself out, automatically balances the load, if a server goes down the containers respawn on another one and keeps going as if nothing happened. We don’t have to manually log into any of those servers to install services to run an app. More upfront work for minimal work afterwards.
I hope they’re donating big chunks of money to the Internet Archive in return for what’s likely to bring a ton of extra traffic.
Good luck with that given 3D printers are full of open-source software.
Yeah, that didn’t stop it from pwning a good chunk of the Internet: https://en.wikipedia.org/wiki/Log4Shell
IMO the biggest attack vector there would be a Minecraft exploit like log4j, so the most important part to me would make sure the game server is properly sandboxed just in case. Start from a point of view of, the attacker breached Minecraft and has shell access to that user. What can they do from there? Ideally, nothing useful other than maybe running a crypto miner. Don’t reuse passwords obviously.
With systemd, I’d use the various Protect* directives like ProtectHome, ProtectSystem=full, or failing that, a container (Docker, Podman, LXC, manually, there’s options). Just a bare Alpine container with Java would be pretty ideal, as you can’t exploit sudo or some other SUID binaries if they don’t exist in the first place.
That said the WireGuard solution is ideal because it limits potential attackers to people you handed a key, so at least you’d know who breached you.
I’ve fogotten Minecraft servers online and really nothing happened whatsoever.
That’s fine, the ad co struck a deal with speaker co to not bill for those sound-seconds.