IsoKiero @ IsoKiero @sopuli.xyz

Posts

241

Comments

837

Joined

2 yr. ago

Hakkeriuutisia en ole lukenut, mutta kommentoin saman uutisen ketjuun linux@lemmy.ml:n puolella ja siellä on ainakin äänekäs vähemmistö, jos ei jopa enemmistö, sitä mieltä että nyt ihan syyttä suotta tehdään kiusaa viattomille venäläiskoodareille, tai ainakin jos sanktioita jaellaan niin sitten pitäisi sulkea ulos myös jenkit, saksalaiset, palestiina ja/tai israel ja läjä muita.

Kommunikointi taas tämän päätöksen takana on vähän niin ja näin, mutta Torvalds nyt ei muutenkaan ole tunnettu siitä että keskustelu olisi aina viimeisen päälle sliipattua ja asiallista. Jos joku muu olisi tehnyt ihan kylmän asiallisen lehdistötiedotteen tapaisen että sanktioista yms johtuen homma menee nyt näin niin lieskat ei olisi varmaankaan aivan yhtä isot.

Phobia, by definition, is uncontrollable, irrational, and lasting fear for something. In the current geopolitics situation I'd say that it's not uncontrollable and very much not irrational. Fear, as a fellow Finn, might be a bit strong word, but it's a definetly a concern.

When I first read that I thought that the response is a bit harsh, as Russian (and Soviet Union) individuals have traditionally been a big part of open source community and their achievements on computing are pretty significant, but when you dig a bit deeper on that, a majority of Soviet era things are actually built by Ukrainians in Kyiv (obviously Ukraine as a country wasn't a thing back then).

Also, based on my very limited sight on the matter, Russians are not banned from contributing, but this is more of an statement that anyone working for the government in Russia can't be a part of kernel development team. There's of course legal reasons for that, very much including the trade bans against Russia, but also the moral part of it, which Linus seems to take a stand on.

Personally I've seen individuals at Russia to do quite amazing feats with both hardware and software, but as none of us are in a void without any external infcluence nor affect, I think that, while harsh, the "sanctions" (for a lack of better word) aren't overshooting anything, but they're instead leveling the playing field. Any Joe Anynymous could write a code which compromises the kernel as a whole, but should that Joe live in Russia, it might bring a government backed team which can hide their tracks on a quite a bit different level with their resources than any individual could ever even dream about.

So, while that decision might slow down some implementations and it might include some of the most capable of developers, the fear that one of them might corrupt the whole project isn't unreasonable and, with ongoing sanctions in place (and legal requirements that follow) the core dev team might not even have a choice on this.

In current global environment we're living in, I'd rather have a bit too careful management than one which doesn't take things seriously enough. We already have Canonical and others to break stuff way too often, we don't need malicious government to expand on that with nefarious purposes which could compromise a shit on of stuff on a very fundamental level if left unattended.

No, nyt myöhemmin olisi kai jokin trafi kurssi suoritettava ja mitä kaikkea, mutta silti, hämmästyttää kuinka helppoa olisi vaan ostaa laite ja lentää kuvaamaan aivan mitä vain.

Kurssi pitää suorittaa, varsinkin kamerallisiin droneihin, mutta eipä niitä kukaan ihan oikeasti valvo kuin harvoissa tapauksissa. Naapurin rouvaa auringonotossa tai viereistä varuskuntaa ei tietenkään saa kuvata, mutta etenkin kaupunkialueella (missä on taustahälyä) 200 metristä tuommoinen pieni drone on ainakin paljaalla silmällä (ja korvalla) melkoisen haastava löydettävä, varsinkin jos ei edes älyä aktiivisesti etsiä. Toisekseen etenkin FPV-dronet kulkee sen verran lujaa ja kuvaavat vauhdissakin varsin kelvollista materiaalia niin veikkaisin että keskiverto varuskunnan ehtii kuvata ja paeta paikalta ennenkuin kukaan ehtii hätiin. Eri asia sitten mitä sillä kuvalla tekee, kun ei siellä ihan taivasalla mitään salaisuuksia säilytetä.

Ihan terrorismitarkoituksessahan nuo on sitten aika karmaisevia vehkeitä. Ukrainasta tulee jatkuvalla syötöllä videota mitä ihan kaupallisellakin DJIn vehkeellä voi tehdä, kunhan omistaa 3d-printterin, juotoskolvin ja läjän käsikranaatteja. Isommista sotilasräjähteistä ja kustomirakennetuista droneista tietysti puhumattakaan.

Mutta lainsäädännön kannalta olen sitä mieltä, että nykyinen käytäntö on ihan hyvä. Tekniikka noissa on niin yksinkertaista ja vapaasti saatavilla, ettei tuo kissa mene enää takaisin pussiin ja toisekseen jos säännöt vedetään ihan ääripäähän niin niitä ei sitten noudata tavan sukankuluttajatkaan ja rikollisia säännöt ei tietysti muutenkaan paljon kiinnosta. Salakatselutapauksia en ainakaan muista uutisista nähneeni ja jos dronet kiellettäisiin pelkästään tirkistelyn estämiseksi niin on niille kalsarinhaistelijoille keinoja muutenkin tarjolla, ei tarvitse opetella lentämään äänekästä vehjettä kun voi teipata actionkameran onkivapaan.

Näin on. Leppoisia päiviä heille, ketkä ovat vielä jäljellä ja luottamusta sekä toivoa siitä että uusia veteraanisukupolvia ei tähän maahan enää tule.

NAS stands for 'Network Attached Storage' and there's dedicated hardware for that task from multiple brands. It's a somewhat spesific thing and from what I understand you have a multi-purpose server running on your network. For discussion it's better to use the established terminology to avoid confusion on what's what. Your generic server can of course act like a NAS, but a 100€ Synlogy NAS can't (for the most part) act as a generic server.

Similarly there's a dedicated hardware for routers and they are not the same than generic servers which can run whatever. Dedicated routers do some things way better/faster than generic server, and there's pretty much always a trade-off between the two. You can of course install hardware to your server to be as good as or even better than any consumer grade router and run a pfsense on virtual machine on top of it, but that's going to be at least more expensive than dedicated hardware.

So, your server is running pihole in a container on the same network address/hardware than the rest of your server, and I suppose you already gathered from other messages that the firewall component on it treats traffic coming from outside the server itself differently than traffic originating from the server itself. For this spesific case I'd say it's just simpler to configure the server to use DNS server as localhost:1053 than trying to work out firewall forwarding rules for it, if possible. If not, and you absolutely insist that your pihole runs on a unprivileged port and that your server also has to use pihole as DNS sever, then you need to dig out a firewall config for outgoing traffic which redirects the destination port. Or you could set up a dns proxy on the server which uses pihole as upstream and serves addresses to localhost only or one of the other multiple ways to achieve what you're after, but each of those have some kind of trade-off and there's too many to go trough in a single post.

I personally don't, but many do. But it doesn't matter, my employer isn't legally allowed to read my emails, unless it's a sort of an emergency. My vacation, weekend, short sick leave and things like do not qualify. And even then, if the criteria is met, it's illegal to read anything else than strictly work related things out of my box.

We even have a form where people leaving the company sign permission that their mailbox can be accessed by their team leader and without signature we're not allowed to grant permissions to anyone, unless legal department is on the case and terms for privacy breach are met.

If the firewall was running on a router then you'd need to DNAT back to the same network from which they originated and that is (in general) quite a PITA to get running properly. My understanding is that the firewall doing port forwarding is running on the NAS. And we don't have much information on what that 'NAS' even is, I tend to think devices like qnap or synology when talking on NAS-boxes, but that might as well be a full linux-system just running CIFS/NFS/whatever.

OP could obviously use his router as a DNS server for the network and set upstream DNS server for the router to pihole, but that's a whole different scenario.

This is the same as complaining that my job puts a filter on my work computer that lets them know if I’m googling porn at work. You can cry big brother all you want, but I think most people are fine with the idea that the corporation I work for has a reasonable case for putting monitoring software on the computer they gave me.

European point of view: My work computer and the network in general has filters so I can't access porn, gambling, malware and other stuff on it. It has monitoring for viruses and malware, that's pretty normal and well understood need to have. BUT. It is straight up illegal for my work to actively monitor my email content (they'll of course have filtering for incoming spam and such), my chats on teams/whatever and in general be intrusive of my privacy even at work.

There's of course mechanisms in place where they can access my email if anyting work related requires that. So in case I'm laying in a hospital or something they are allowed to read work related emails from my inbox, but if there's anything personal it's protected by the same laws which apply to traditional letters and other communication.

Monitoring 'every word' is just not allowed, no matter how good your intentions are. And that's a good thing.

As it's only single device I'd suggest configuring DNS server for that to

<ip-of-nas>

Erittäin hyvä ajatus. Suomi.fi:hin mastodon pyörimään ja kaikki kansanedustajat, mepit ja vaikka kuntapoliitikotkin sinne twitterin ja tiktokin sijaan niin tiedonkulku tulee varmistettua eikä tarvitse pitää arpajaisia että mitä Musk ja/tai kiinalaiset tänään sattuu sensuroimaan (tosin tiktokissa tuo ei tieten ole ollut niin iso ongelma, alusta on muuten vain hieman kyseenalainen).

Ja ei toki sillä, että Metan ja kumppaneiden tuotteet olisi yhtään sen parempia, twitteristä lähtö olisi ihan pirun hyvä ensimmäinen askel.

It takes Two (co-op puzzle)

Unravel 2 is a bit similar co-op puzzle game.

Bare metal server sounds like optimal solution for you and set up a hypervisor on top of it, so it's pretty trivial to migrate VMs to your own hardware when needed. But then for your 'long term' environment VPS would most likely be better and migrating a full VM from your hypervisor to VPS is a bit more work, but can be done.

I don't know about providers in Australia, but Hetzner has both and combined billing and my personal experience with them is pretty good. But I'm in Europe, so bandwidth nor latency is not a problem.

My experiences are few years old, so I don't remember excact models anymore, but some back-ups models (es series rings a bell, but as I said, it's been a while) had batteries with soldered connectors and form-factor which (at least at the time) wasn't available from anyone else than APC.

2021: Nordea ulkoistaa osan it-tukensa ydintehtävistä Intiaan

Ilkeämpi saattaisi pohtia onko näillä jotain yhtymäkohtia.

I have older 1500VA FSP UPS, I don't think that exact model is available anymore, but it's been solid for several years. It currently has 3rd or 4th set of batteries and they are standard bulk batteries, so replacements are easy to find from anywhere. Only problem I've had with that is that on display it doesn't give out clear warnings when batteries degrade and it has crashed my system few times in a power outage, but I've been lazy and didn't bother to properly monitor it nor have scheduled battery replacements, so that's mostly on me.

Eaton seems to be pretty solid too, but I don't have a ton of experience on any of their models. Local suppliers had dirt cheap PowerWalker UPS's a few years ago, but one of them didn't survive when battery died, so maybe I got what I paid for. Those worked fine too, but apparently they cooked the carging circuit when battery degraded.

This is of course just my own experience over a few models, but personally I wouldn't spend my money on APC. Propietary batteries and multiple failures after battery replacement at work few years back were enough to choose something else.

I don't have answer for you, but Alec over at Technology Connections made a video few days ago related to the topic. That might not have the answer for you either, but as his videos (and there's a ton of those, even for refridgerators) are among of the best at youtube that is worth cheking out.

But as a rule of thumb, new materials and hardware are better on pretty much every metric. And if your current one doesn't work properly anymore it'll most likely uses way more power than it should, as coolant flow/insulation/something isn't in fully working condition and thus compressor needs to run more often than on a new unit.

Effillä on varsin hyviä pointteja CSAMin(kin) osalta, mutta onhan tuo koko ChatControl niin kuolleena syntynyt ajatus että ei pysty ymmärtämään miksi se kerta toisensa perään nousee pinnalle. Rikollisen materiaalin levittämiseen on sen miljoona eri teknistä keinoa ja, kuten jutussakin mainitaan, nämä ennakkoskannaukset lähinnä helpottaisivat lapsipornon levittäjiä piiloutumaan entistä paremmin mutta siinä samalla kaivetaan kyllä melkoinen monttu ihan tavan sukankuluttajien tietoturvaan.

Ja tässä ei auta perinteinen 'jos ei ole mitään salattavaa'-mantra, sillä jos kryptoihin pakotetaan takaovia, niin niistä ovista pääsee kyllä sitten kulkemaan muutkin kuin länsimaisella moraalilla varustetut viranomaiset. Ja vaikkei pääsisikään, niin ainakin itänaapurille oletettavasti kelpaisi ihan hyvin että valtiolliset toimijat pääsevät nuuskimaan viestinvälitystä vielä nykyistäkin tehokkaammin.

Plus sitten vielä erilaiset harrastepohjalta toimivat alustat, kuten vaikka tämä meidän sopuli.xyz, joiden ylläpito joutuisi sitten pistämään resursseja (sekä aikaa että rahaa) tuon toteuttamiseksi, jolloin pienten toimijoiden mahdollisuudet kilpailla metaa, twitteriä, reddittiä ja muita vastaan heikkenevät entisestään. Ja tuossa on oletettavasti joku sanktio tarjolla, jos valvontaa ei toteuta riittävän hyvin, joka kyllä toimii tehokkaana pelotteena tarjota yhtään mitään yhteisöpalvelua kenellekään julkisessa verkossa.

Ja päälle kaikki sata muuta syytä, miksi tuo esitys on ihan oikeasti täysin susipaska, sekä teknisesti että ajatusmaailmaltaan.

I recommend Hetzner too. I've been a happy customer for a decade. Support, should you need it, works well and services are rock solid.

My ecotank died just like all the other inkjets. It went few weeks without printing and blue nozzle dried completely up and on the pipes I can see dried up ink on other colors as well. So I had to dig up old Brother HL3040 back to the duty which I retired after print quality started to drop (it needs new fuse unit or something similar, so not that big of a deal) and I thought having an option to print nice color pictures would be nice.

So, if you plan to run ecotank (which does have pretty good printing quality when it works) set up a scheduled task on your computer to print something, in color, quite frequently even if it wastes some ink and paper. I think the main issue with mine was that even if I print stuff somewhat often there was a period where I only needed b&w documents so color nozzles went unused for a while.

I might get a new set of nozzles and ink tanks for my unit as it's a ton cheaper than a whole new printer, but if you're looking for a printer this is something to take into consideration, regardless of their marketing material.

Edit: Mine is Epson, didn't know that ecotank term is used by other manufacturers.

You can run clonezilla on your shell session, just apt install conezilla (or whatever variant you're using) and it can do the trick. Dd will almost surely work too, but that leaves a ton of responsibility to you instead of making any sanity checks on the way. That makes dd very powerful tool and it has saved my ass a multiple times, but if you already have a working partitioning schema clonezilla has a ton of options to make your life a lot simpler and a likely a bit faster than dd.