chaospatterns @ chaospatterns @lemmy.world

Posts

25

Comments

156

Joined

2 yr. ago

The problem with Grocy is that going too fine grained means you're unlikely to keep it up to date or it be accurate. I would not try to track your usage in ml. Just track it at the bottle level.

However you can still track the price per ml because grocy lets you independently set units. Just define a mapping between bottle and ml.

It's true that Mozilla does collect telemetry and that Mozilla Corp is for profit, however Mozilla Corp is owned by Mozilla Foundation. That ownership structure is either a way to get around limitations on non profits, or its an opportunity for the Foundation to directly influence the Corp to be better.

However, I'll still use Firefox/Thunderbird because: Usage stats such as number of accounts or filters is in no way comparable to my username and password. One is basic metadata and stats, the other is a massive risk. You can opt out of the telemetry, the only way to opt out of sharing your password is to not use the new Outlook.

I take a more pragmatic approach to privacy based on my trust. I understand the value of telemetry, but change it depending on the company. Big Tech I have less trust in, Mozilla, while they have issues, are on average far better for privacy vs big tech.

As a developer, I understand the value of telemetry and the risks that come with collecting any data. I pick Firefox because it challenges the homogeney of Google's influence and it looks like I'm going to pick Thunderbird because I' haven't seen a better option.

That's not because you have a wildcard. That's because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.

MTAs use those standards to verify if somebody is permitted to send email for your domain. If you don't have those set then you can get what that ISP described.

It just updated on my phone to the new icon. I tried to give it a chance but wow that looks not great. Something about the scale and lack of discerning features.

Amazon corporate employees get RSUs which are stocks, not options. After the new hire RSUs go away, you end up with two vest dates a year and new comp offerings start the following year (so in 2024 you'll see new money in 2025 plus a small base salary bump that goes in effect that month).

Tech salaries are frequently stock based, but Amazon's is unusual in that it's only twice a year, and bumps start the following year, and they recently made the change to do 2 year offers instead of 3 years.

Will I still need to consider multicast DNS if my DNS server is on-prem (Pi-Hole + Unbound)

Multicast DNS is separate from DNS, so even if you have Pi-Hole, you'd still have devices using mDNS. It's possible to route mDNS across separate IP networks seeing as how there's mDNS relays across VLANs which would suggest Wireguard could support Multicast. Other things use Broadcast (e.g. WoL) which is a bit more challenging to forward across IP networks.

I'm not familiar with GRE so I couldn't comment on whether it's possible or not. I guess it all depends on how confident you are with your networking skills. If you get it working, you should definitely document it and share with others.

I didn't quite do what you did, but I ran HA in a Kubernetes cluster which was logically a separate IP network. I had to setup the container with multiple network interfaces and specially craft the route table to forward broadcasts + multicast traffic to the correct network.

Tailnet appears to be Tailscale which is Wireguard underneath. This means it operates at layer 3 (IP). However a bunch of smart home stuff (mDNS, WoL, etc) all depend on layer 2 connectivity (same subnet).

That means some stuff won't work correctly.

If you're running Docker for servers not development, then you can make Hyper-V work. I used to do that before I got a separate Linux server and it worked out.

Just setup a network adapter that gets bridged to your Ethernet adapter, then create a VM that uses that bridged adapter. The Linux VM will appear like its another computer on your LAN and you can use Docker with host Network.

Attestation depends on a few things:

1. The website has to choose to trust a given attestation provider. If Open Source Browser Attestation Provider X is known for freely handing out attestations then websites will just ignore them
2. The browser's self-attestation. This is tricky part to implement. I haven't looked at the WEI spec to see how this works, but ultimately it depends on code running on your machine identifying when it's been modified. In theory, you can modify the browser however you want, but it's likely that this code will be thoroughly obfuscated and regularly changing to make it hard to reverse engineer. In addition, there are CPU level systems like Intel SGX that provide secure enclaves to run code and a remote entity can verify that the code that ran in SGX was the same code that the remote entity intended to run.

If you're on iOS or Android, there's already strong OS level protections that a browser attestation can plugin to (like SafetyNet.)

Mine was flashing my Emporia Vue2 home energy monitoring system with ESPHome

I'm always interested in sensors (got a bunch of home made Air Quality and CO2 sensors) so seeing real time energy was cool.

With the per circuit sensing I'm experimenting with identifying if my fridge is left open, or identifying when my clothes washer is finished.

What is your threat model or goal? It could hide the device you use to connect to the instance, however a lot of actions you do on Lemmy, including all upvotes, are public to other instances.

It's not generally a hardware problem. It's a resourcing problem. Companies like GitHub will have complex software and architecture. IPv6 requires them to get a pool of IP addresses, come up with an IP address management strategy, make sure all hosts have IPv6 addresses meaning that now provisioning systems and tooling to management DNS has to plumb IPv6 addresses through too.

Then the software stack has to support it. Maybe their fraud detection or auditing systems have to now support IPv6 which means changes to API schemas.

None of this is a good reason why they shouldn't do it, but I've had to make similar decisions at my job as a software engineer on what looks to be simple but actually requires changes across systems.

Keepass2Android. I store everything in a KeePass database synced with OneDrive. I like KeePass because it serves as the storage for all my passwords, OTP, and even SSH keys because it can act as an SSH KeyAgent.

If I create a secondary config as you are suggesting, wouldn’t it create a conflict with the server blocks of default.conf

No, you can have multiple server blocks with the same listen directive. They just need to differ by their server_name and only one server block can contain default_server; Reference

NGINX will use the server_name directives to differentiate the different backend services. This is a class virtual host configuration model.

There was an uncaught exception to boot gunicorn workers

That's odd that it didn't cause the Docker container to immediately exit.

What now? So now that it looks like everything is working. What is the best practice for the nginx.conf? Leave it all in /etc/nginx/nginx.conf (with user as root), reestablish the out box nginx.conf and /etc/nginx/conf.d/default.conf

My suggestion would be to create /etc/nginx/conf.d/mycooldjangoapp.conf. Compared to conf.d/default.conf, this is more intuitive if you start hosting multiple apps. Keep it out of the nginx.conf because apt-get or other package managers will usually patch that with new version changes and again it gets confusing if you have multiple apps.

First the basics. Connection refused means that nothing is running on "http://192.168.0.2:8020/"

1. Is 192.168.0.2 the IP address of the Django container? If it's the host's IP, does docker ps show that the port is bound to the host? e.g. 0.0.0.0/8082->8082

Confirmed upstream block container is running and on the right exposed port

What steps did you do to confirm that this is running?