cyberwolfie @ cyberwolfie @lemmy.ml

Posts

35

Comments

422

Joined

2 yr. ago

Very much my favorite final boss of the series.

That's my setup (Mi Band 7). It works better than I anticipated. I want it to be as little in the way as possible (no notifications and vibrations), which this allows me to do. Can export database for processing elaewhere.

        …lock-in tactics should put any person who cares about those things off.

  

Unfortunately most people don’t care.

And once you are locked-in, the barrier to get yourself out of it is often so high that it dissuades most people from even trying to get out. I moved from macOS to Linux last year, and even though I was only using a small portion of the Apple ecosystem (iCloud was the only thing I believe), it still took a lot of time as they are designed to make it difficult/time consuming to migrate. Not to mention the macOS/iOS only applications you might've ended up using, as cross-platform functionality was not top-of-mind when choosing. In my case, the notes app Bear was such an example.

This is probably where my lack of knowledge in networking shines through more than ever, but I kinda thought that local IPs would be handled locally and not depend on which DNS servers I use? But I guess that if VPN is active and has not been explicitly told to allow local connections through split tunneling, then it actually do make that request with whatever DNS server I use, which obviously couldn't resolve some random local hostname?

Nice!

Ah, that would explain it. I could set up split tunneling on a per app basis only in my current VPN, and not IP, but it works. However, I am in the process of migrating to ProtonVPN now. Here the "per app"-permission also works, and it does have the option to allow certain IPs, but I was not able to get it to work.

Just checked this, and "Allows local access" is checked in the VPN application, and "Block all non-VPN traffic" is unchecked in Android settings.

About potentially overlapping IPs: I did check, and they were all different (server, laptop, phone).

They are different, but share the first three numbers.

Thanks for the tip. I will be looking into setting up SSH keys fairly soon, and look more into strengthening ciphers et al.

From a practical point of view, what is the likelihood of a brute-force login attempt to succeed? There are plenty of login attempts, but most of them are for root, and as I've disabled root-login that will fail no matter what. Other attempts are typically for generic other names such as 'admin', 'user' and 'test' that has no associated user on the server, as well as some weird choices that I can only imagine comes from some database breach.

That sounds convenient, and having looked at some videos, it seems very nice. I can see myself using this for things that I need to work properly, like Nextcloud, and maybe host other services in a more complicated way, to be able to learn more.

A log is a very good tip - I'll definitely start with that.

/boot is 98% filled, so I am guessing it is that one. I've submitted a ticket with Tuxedo, and hopefully they are able to point me in the right direction.

Thanks for the description, I'll look closer into this and see if I can get this to work (on a test server at home first... :)).

This thread is the first I've heard of Podman - is this something I should look into in favor of Docker, or would you say it is more a case of "pick one and stick to it"?

Great tip - I don't see myself running multiple servers, and I will be the only user needing access to them, so I guess ssh keys are sufficient.

Thanks, I'll look into it. Is it primarily ease of use that makes you prefer this over running Docker on a more standard distribution?

Thanks for your answers!

1. Alright, I guess I should also use the Cloudflare proxy. I could not find the reason I had not enabled it previously.
2. I'm a bit confused as to what a DMZ proxy server is compared to a reverse proxy. Is this a separate server you've set up specifically to handle inbound traffic where you've set up Traefik, or is this a container on your main server where you also host Nextcloud?
3. As I understand it, Authelia is a SSO solution that seems very beneficial for when I am running several services from the same server. Right now, I only run Nextcloud on the VPS - is there any added security benefit of running it there also, or is this mostly for convenience when hosting multiple services?

Setting up auto update and reboot once a week seems smart. Do you set this up with cron?

This shows up when running sudo apt update after having killed the process that is holding the lock. Where would I find out which packages it is trying to install or upgrade? It does say update-initramfs in the second line there, so I think it's trying to update?

Relevant output from df -H:

    
/dev/nvme0n1p1           1,1G  945M   24M  98% /boot
/dev/nvme0n1p2           536M  9,3M  527M   2% /boot/efi


  

Agreed. I was using Apple products for more than a decade before switching to Linux and Android, and I opted out of several of their products long before I started considering the privacy aspects of things. For example, I found the experience of using something like iPhoto to be very lackluster. I reluctantly ended up using iCloud due to the superior pricing compared to Dropbox, which I used before. That was a particular nightmare when migrating away from the Apple "ecosystem".

I'm sure their products cater to many users preferences, but I'm not one of those, and had a better experience using other products. That should've made me jump ship way earlier than I did, but a combination of cost (by the time I would've changed, I had already purchased a new MacBook which I ended up using for about 6 years) and inertia.

Aha, that is exactly it! apt-get is called by their driver update tool, Tomte (https://www.tuxedocomputers.com/en/Infos/Help-Support/Frequently-asked-questions/What-is-TUXEDO-Tomte-.tuxedo). I actually would've seen this from the ps auxf | less command above if I had used my eyes a little better, as the top line in the output I pasted above is a sub-process running under Tomte.

Checking systemctl status tuxedo-tomte.service yields the following output:

    
aug. 08 15:33:56 laptop systemd[1]: Starting Tomte-daemon, finishes tasks that could not be accomplished before...
aug. 08 15:34:06 laptop tuxedo-tomte[1393]: no network found!! some fixes might not be applied correctly
aug. 08 15:34:06 laptop tuxedo-tomte[1393]: systemctlCmd: systemd-run --on-active="30sec" tuxedo-tomte configure all >/dev/null 2>&1

  

I guess contacting their support directly is the best way to solve this at this point.