Max-P @ Max_P @lemmy.max-p.me

Just some Internet guy

---

Read more

Posts

2

Comments

1,636

Joined

2 yr. ago

Probably mostly a carryover from Reddit where it's an either one or the other kind of deal.

That's more of a general DevOps/server admin steep learning curve than Vaultwarden's there, to be fair.

It looks a bit complicated at first as Docker isn't a trivial abstraction, but it's well worth it once it's all set up and going. Each container is always the same, and always independent. Vaultwarden per-se isn't too bad to run without a container, but the same Docker setup can be used for say, Jitsi which is an absolute mess of components to install and make work, some Java stuff, and all. But with Docker? Just docker compose up -d, wait a minute or two and it's good to go, just need to point your reverse proxy to it.

Why do you need a reverse proxy? Because it's a centralized location where everything comes in, and instead of having 10 different apps with their own certificates and ports, you have one proxy, one port, and a handful of certificates all managed together so you don't have to figure out how to make all those apps play together nicely. Caddy is fine, you don't need NGINX if you use Caddy. There's also Traefik which lands in between Caddy and NGINX in ease of use. There's also HAproxy. They all do the same fundamental thing: traffic comes in as HTTPS, it gets the Host header from the request and sends it to the right container as plain HTTP. Well it doesn't have to work that way specifically but that's the most common use case in self hosted.

As for your backups, if you used a Docker compose file, the volume data should be in the same directory. But it's probably using some sort of database so you might want to look into how to do periodic data exports instead, as databases don't like to be backed up live since the file is always being updated so you can't really get a proper snapshot of it in one go.

But yeah, try to think of it as an infrastructure investment that makes deploying more apps in the future a breeze. Want to add a NextCloud? Add another docker compose file and start it, Caddy picks it up automagically and boom, it's live and good to go!

Moving services to a new server is also pretty easy as well. Copy over your configs and composes, and volumes if applicable. Start them all, and they should all get back exactly in the same state as they were on the other box. No services to install and configure, no repos to add, no distro to maintain. All built into the container by someone else so you don't have to worry about any of it. Each update of the app will bring with it the whole matching updated OS with the right packages in the right versions.

As a DevOps engineer we love the whole thing because I can have a Kubernetes cluster running on a whole rack and be like "here's the apps I want you to run" and it just figures itself out, automatically balances the load, if a server goes down the containers respawn on another one and keeps going as if nothing happened. We don't have to manually log into any of those servers to install services to run an app. More upfront work for minimal work afterwards.

I hope they're donating big chunks of money to the Internet Archive in return for what's likely to bring a ton of extra traffic.

Good luck with that given 3D printers are full of open-source software.

Capture it interlaced, preferrably as losslessly as possible, then use deinterlacing software where you can fine-tune the settings if you need to.

And keep the original interlaced versions too! You never know in the future you may want to use a newer deinterlater that works better. Or a new codec that can preserve more details in smaller files.

I'd keep the tapes too, you never know when the community will come up with better VCRs like how it's happening in the retro computer world where we have things like the GreaseMonkey that can store the raw magnetic transitions on the platters and floppies.

Yeah, that didn't stop it from pwning a good chunk of the Internet: https://en.wikipedia.org/wiki/Log4Shell

IMO the biggest attack vector there would be a Minecraft exploit like log4j, so the most important part to me would make sure the game server is properly sandboxed just in case. Start from a point of view of, the attacker breached Minecraft and has shell access to that user. What can they do from there? Ideally, nothing useful other than maybe running a crypto miner. Don't reuse passwords obviously.

With systemd, I'd use the various Protect* directives like ProtectHome, ProtectSystem=full, or failing that, a container (Docker, Podman, LXC, manually, there's options). Just a bare Alpine container with Java would be pretty ideal, as you can't exploit sudo or some other SUID binaries if they don't exist in the first place.

That said the WireGuard solution is ideal because it limits potential attackers to people you handed a key, so at least you'd know who breached you.

I've fogotten Minecraft servers online and really nothing happened whatsoever.

Sorry for the YT Short, but of course the simpsons predicted this: https://youtube.com/shorts/rYb8geoO484

Does Lemmy even have print CSS or is it more like the site's style is so basic it just works? I looked quickly and apart from hiding a few elements, it doesn't look like it really tries to be printer friendly at all.

Both options will work fine, it's a matter of want not need. Personally I liked having a separate AP in my 1 bedroom appartment, because I could hang it on the ceiling at the center of the appartment and make sure I had good coverage vs a combo router at one corner of the appartment that barely reaches the other end properly because the ISP comes in there. Seperate AP means you can put the AP anywhere which might not be anywhere close to where the ISP comes in or where you have the router for your wired devices.

So ISP comes in in the living room, goes into my router which serves my desktop, TV and consoles wired directly there and one longer ethernet run to the middle of the hallway so I get good WiFi coverage up to the kitchen and patio.

Lemmy's format just kind of sucks for discussions and visibility. If you comment on a post from a year ago, you can expect that to not been seen by anyone ever.

Lemmy is primarily a link aggregator, just like Reddit. It also happens to somewhat work for Q&A and help forums, but fundamentally Lemmy is more oriented towards new content.

The more classic forum format is better for discussions because replies bump the thread up to bring new attention to it.

Also a lot of people just don't give a shit about random people's random thoughts, that's why I'm not on Mastodon and never really used Twitter either. I don't know why people feel the need to dump all their thoughts on the Internet, like I care that a celebrity is on a plane or enjoying a nice meal.

Lemmy is about topics, not people, that's what I like about it. I don't care about people.

A little bit more anonymity I guess, but be mindful that Lemmy is very public in nature. That includes all of your votes, so it's still pretty easy to profile.

Make it through the web UI, this is not implemented as far as I know as that's not a particularly common operation.

Also !boostforlemmy@lemmy.world

The only thing I wished worked with it is Android Auto. I tried developer options and everything, it refuses to run in the car, at least the F-Droid version.

Isn't he the same person who calls adblocking piracy?

He's also got a generally nuanced opinion of piracy, in that it's justifiable in some situations. If you call it piracy and you're okay with piracy then it's not really a contradiction.

Being willing to talk about it despite working against your interests isn't always bad depending on context.

They'll appear removable but if you don't put users in the option it shouldn't be unmountable.

Titus is fairly trustable (he's made a few videos on the dangers of custom Windows ISOs like AtlasOS) but the thing is written in good chunks with AI assisted development and it's also the dude's Rust learning experience as well, so the code is not great. Parts of it are meant to run under ArchISO to install Arch (another sin, an automatic Arch installer) so it makes sense to want to just one-liner download and run the prebuilt binary.

I wouldn't use it personally but his audience is for it. It targets quick and easy, not proper and secure. It's mostly meant to easily install and clone his setup, it's too early in development to really be that useful for everyone.

On the winutil side he also does the | iex PowerShell sin, but the toolbox do be really useful to debloat a Windows install.

I've read some posts about editing fstab to mount them at startup, but they don't cover whether the drives will be available to other users or not. Can I just add them to fstab and mount them somewhere that's available to all users, then sort out the permissions? If so, where's the best place to put them?

Yes pretty much. It just explicitly tells the system where to mount it, and for some filesystems you can even force the UID/GID and modes.

Usually /mnt/whatever for static mounts and /media/whatever for removable mounts (those appear as drives in file managers, whereas /mnt doesn't). You can set the users option in fstab and it'll let users mount and unmount it without sudo as well, or auto to always mount it on boot.

From there usually you can make a shared group, chown the mount to root:thatgroup, then chmod g+s to make sure the group is inherited. And you should mostly be good to go.

You can't, because normies don't care about tech other than it benefits them directly in some way. They care about the experience they get and doing the same thing everyone does because normies are like sheeps.

Normies barely even get how emails work and it's been like over 40 years. They know if they sign up for Gmail it's free, they get a ton of space and an @gmail.com address. That's it.

And even then, people looked at me weird back in 2007 when I made my Gmail account because "everyone uses Hotmail, why wouldn't you use Hotmail, everyone uses it so it must be the best". Heck just yesterday, the teller at the mechanic shop looked at me weird because I used $storename@max-p.me to place the online order, they were utterly confused. They thought I made a Gmail or Outlook for all of those aliases. People don't think about using emails, they think about using Gmail or Hotmail/Outlook.

Same with Reddit, it didn't become popular until normies felt like they were missing out by not being on Reddit, and arguably that was Reddit's downfall flooding the site with the same repeated arguments and opinions over and over. And for that too, I've been told my "Reddit looks weird" because I use a third-party app. People want to use Reddit so they download Reddit.

Normies don't use Twitter because they want to microblog, they use Twitter because their idols are on Twitter and they want to mimic them. If Taylor Swift opened a Mastodon account and posted exclusively there, we'd get a massive spike of users. And they all would want to register on the same instance as her and it would be the only viable instance to them.

They just want to fit in and do the same as the others, using the same services and same apps and everything. "Influencers" are everything these days.

The best way to get normies on the Fediverse is IMO, endorsing Threads and BlueSky, which will effectively force them to integrate because those platforms integrate.

Manipulating the game can be a lot of fun, more than the game itself. In a way, it kind of becomes like a higher level kind of game. When done appropriately and not ruining other people's fun, that is. I've had good fun on friend's private servers and giving their shit code a good stress test.

I have zero respect for those that just download cheats and use them to pass off as skilled and ruin the fun for others. It's like ethical hacking: do it with permission or at least be transparent about it.

There's game servers out there to play against other cheaters, and it can truly be hilariously broken and entertaining. I've also been quite fascinated by Minecraft servers like 2b2t where cheating is basically necessary to survive at all. The exploit content and drama that have come out of this server is bonkers. But everyone knows they're playing against cheaters, the fun is seeing how you can outcheat your opponents.

There's also the whole speedrunning community, the ways people have broken games wide open. Fascinating and very entertaining stuff. The skills you need to perform a lot of those glitches are insane and extremely challenging. Hours of grinding to get frame perfect glitches work, several times during a run. It's a whole new puzzle, with so many more variables.

Why would someone cheat on games like CS2, Apex, Valorant and the likes, that I don't know. Some people are really just kind of losers I guess. I personally don't see the appeal, I'd want to be famous for the cheats and not even compete with non-cheaters because that's just plain unethical and unfun. There's also a big difference between finding dupes in Minecraft vs an aimbot in a competitive shooter.