mspencer712 @ mspencer712 @programming.dev

Posts

0

Comments

162

Joined

2 yr. ago

My first full time job was for Ameristar Casino Council Bluffs. I can say this: see all that fancy stuff? They built it with your money. They don’t need more of it.

I don’t know what people call this, but I’m curious if you also need future balance prediction, basically “here’s how much left over you’re going to have this payday, next payday, etc”. I might switch from my homegrown spreadsheet to one of these recommendations if they also support that.

(I’m talking about something where you input your known scheduled debits and credits, especially for people with biweekly paychecks but monthly debits, and then you match recent actual activity with what’s expected. So you get “current balance is $1800 but it’ll get as low as $300 before you get paid next” type info to keep you from over spending.)

I think image generators in general work by iteratively changing random noise and checking it with a classifier, until the resulting image has a stronger and stronger finding of “cat” or “best quality” or “realistic”.

If this classifier provides fine grained descriptive attributes, that’s a nightmare. If it just detects yes or no, that’s probably fine.

I have an iPhone and a gl.inet gl-e750 portable cell router, and my SIM card stays in the router. I don’t actually restrict my phone the way you’re talking about, but this gives me vpn to my home network without needing the vpn running on each client device. And if I wanted to block connections to big tech company services, I could do that.

Payment card transactions can be disputed or reversed. Cryptocurrency transactions cannot be easily reversed. Reversal is an important capability because sometimes customers or merchants lie, or they can have problems fulfilling their obligations.

When the buyer and seller are in the same country, or are in countries with legal and criminal justice systems which cooperate, transaction risk is lower so fees can be lower.

Not really, it’s been pretty effortless. Every couple months I have to make sure my renewed LetsEncrypt certs really got imported, but I don’t think I’ve had to intervene manually for anything in a long time.

I do, and I agree about their utility. My users and aliases are in OpenLDAP but it’s pretty easy to add new ones.

Separate accounts are preferable if you’re actually going to be responding to messages. I’ve had some embarrassing encounters where I’ve given an alias to a business that I didn’t realize was going to actually use it for real email conversations with a human. By default roundcube web mail lets you hit reply anyway and the reply goes out with your real address, which can lead to confusion.

I host my own for mspencer dot net, used this 15-ish step walkthrough from linuxbabe dot com. Only maybe three instances of spam in two years, gmail and outlook receive my messages just fine, etc. (Successful spammers were using legitimate services, and those services took action when notified. Greylist delays emails by a few minutes but it’s extremely effective against most spammers because they never come back to retry messages after a few minutes, while legitimate senders will.) I don’t know if I would accept blanket advice against self hosting.

Fundamentally if your mail server can see the addressee, it can see the content. SMTPS encrypts both in the same channel. So at the point where you accept messages and store them in a mailbox, the messages have to be readable.

Encrypting them at rest isn’t something I currently do, but if you’re going to later serve those messages to an email client that expects to receive clear text, your server needs both the keys and the messages. They can be stored in different places.

Most of your needs could be met with full disk encryption on the box hosting Dovecot. If you’re worried about being compelled to decrypt, there’s always the deck of cards trick: The pass phrase for full disk encryption consists of a memorized portion plus the letters and numbers of the top N cards in this deck of cards you keep by the server. If someone were to shuffle that deck of cards, and the server were powered down, the encrypted volume would be impossible to recover.

I’m eager to learn what other Dovecot tricks people can recommend to improve security.

Hmm, you have uncovered a problem with both of our ideas. Steam’s leverage is reduced after they have deposited sales proceeds, and is gone after the publisher isn’t selling games on the platform any longer.

(I’m griping about Rockstar specifically but my point is still flawed in the general case.)

Deceased users’ estates still haven’t agreed to the new terms, have they?

Now punish publishers who try to change the terms of sale after sale. “Want to play the single player game you bought a decade ago? Agree to this new arbitration clause.”

Are you going to be hosting things for public use? Does it feel like you’re trying to figure out how to emulate what a big company does when hosting services? If so, I’ve been struggling with the same thing. I was recently pointed at NIST 800-207 describing a Zero Trust Architecture. It’s around 50 pages and from August 2020.

Stuff like that, your security architecture, helps describe how you set everything up and what practices you make yourself follow.

Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.

In a general sense, you are discussing a way to control other people and organizations, and to make them stop talking about you. (Communicating and storing your information) This isn’t always possible or practical.

If you pay a merchant with your payment card, that merchant is allowed to know your payment card number. If you call a toll free number, the recipient of your call is allowed to know your phone number.

If they decide to share what they learn about you, and they do so legally, there’s not a whole lot you can do to stop them. I’m not saying this to antagonize or hurt you. I invite you to think differently about what you can control and what is worth worrying about.

Remove these blank lines.

I’m not seeing unit tests for this.

Unnecessary comment.

BLAM

Ow! Also, this could’ve been a smaller calibur.

s/celebs/weebs/

Fixed :-)

I’ve been ranting about this a lot lately, but as the owner of mspencer.net (completely useless personal domain, but is 199 days older than wikipedia.org for what it’s worth)…

There is sort of a way to do that, but it’s still labor intensive so not a lot of people do it. Movements to investigate are homelab and selfhosted. Homelab equipment is old (extra power-hungry for the capability you get) or expensive. Self hosting requires a bunch of work to stand things up the way you want it.

Biggest barriers to self hosting - or hosting through your nearest nerdy relative - are the following:

Free ad-supported offerings (with the privacy and terms and conditions impacts you describe) are better and easier, so they out compete DIY options. If a nerdy family member offers to host forums and chat for your community club or whatever, the common response isn’t gratitude, it’s “That’s stupid, I’ll just use Facebook.” Without that need and attention, volunteer projects get way fewer eyeballs and volunteers are way less motivated.

Security is difficult to figure out. Project volunteers have enough on their plate just helping users get their stuff working at all. Helping novice users secure their installations is so much extra work.

Many volunteers feel taken advantage of if they produce something that could help companies make money better, when they don’t share any of the money they make through donations or support arrangements. Similarly, many open source projects get taken over by for-profit companies who diminish efforts to make their open source offerings easier to use for free. (They want companies to buy support contracts, even if it means frustrating use by private individuals without kilobucks to spare.)

Looking closer at the image, I’m going with “in this house we use single sideband.” (But, as a Plex user, I love yours too.)

That does make a lot of sense.

I think I’m feeling embarrassed about not being a perfect ops person, while I was going to school for computer science. Like, part of me wants to create this unrealistic private cloud thing, like I’m going to pretend “I’m still around, where have you been? See your old password still works, and look at all the awesome stuff I can do now!”. I already have my 20+ year old passwd file imported into OpenLDAP / slapd and email is using that already.

It’s not realistic. I feel fondness for the internet of 20-25 years ago, but it’s not coming back. If people can log in with 20 year old passwords and upload web content, we both know what’s really going to happen.

I just feel like such a failure for letting it rot away. Really, any place that accepts submissions requires a live audience and staff to keep it moderated, and accepting new submissions is the only reason to even run original code. What you’re describing is probably the only sane way to do this.

Edit: although I do still feel that the world needs that sort of private cloud in a box. Sure Facebook has taken all the wind out of the sails of many private web hosting efforts - the “family nerd” no longer gets love and gratitude for offering to host forums and chat, they get “that’s stupid, I’ll just use Facebook” - but we still need the capability.

And an open security architecture to clone would help cover the daylight between “here’s a web app in a docker container” and an actual secure hosted instance of it. It would require more inconvenience than necessary for the substantial security benefits it would offer. (A better designed, more customized solution would help that, but one step at a time.) But that would give the average homelab user protection against future attacks that today would feel like wild “whoa who are you protecting against, the NSA?” paranoia.