Solar Bear

  • 0 Posts
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle
  • Solar Bear@slrpnk.nettoSelfhosted@lemmy.worldHelp me harden my home server
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    5 days ago

    Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

    The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

    As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.







  • Criticizing people’s past and current actions relating to the subject and bringing up their direct history relavent to the subject is not a personal attack, nor is it out of line to point out he does his to advance his political agenda within the project, which is why he got banned in the first place. All of this directly relates to the subject at hand.

    You know what doesn’t relate to the subject at hand? Your random little “sjw gender terrorists” comment. But it does make it rather clear why you want to obfuscate the facts about Srid’s history with the project, subsequent ban, and continued amplification of drama and general shit-stirring ever since.




  • You should know that the guy you cited in the second link, Srid, is a well-known right-wing shit-stirrer who is banned from basically all NixOS spaces because he cannot peacefully coexist. He literally gets up day after day with the seemingly sole purpose of fueling drama and causing problems. Don’t take his opinion at face value, he wants to see the project burn down and this colors his interpretation of events.

    NixOS is going through a rocky moment for sure, but there’s no indication it will implode currently.


  • Whatever you get for your NAS, make sure it’s CMR and not SMR. SMR drives do not perform well in NAS arrays.

    I just want to follow this up and stress how important it is. This isn’t “oh, it kinda sucks but you can tolerate it” territory. It’s actually unusable after a certain point. I inherited a Synology NAS at my current job which is used for backup storage, and my job was to figure out why it wasn’t working anymore. After investigation, I found out the guy before me populated it with cheapo SMR drives, and after a certain point they just become literally unusable due to the ripple effect of rewrites inherent to shingled drives. I tried to format the array of five 6TB drives and start fresh, and it told me it would take 30 days to run whatever “optimization” process it performs after a format. After leaving it running for several days, I realized it wasn’t joking. During this period, I was getting around 1MB/s throughput to the system.

    Do not buy SMR drives for any parity RAID usage, ever. It is fundamentally incompatible with how parity RAID (RAID5/6, ZFS RAID-Z, etc) writes across multiple disks. SMR should only be used for write-once situations, and ideally only for cold storage.




  • The games will still be designed by humans. Generative AI will only be used as a tool in the workflow for creating certain assets faster, or for creating certain kinds of interactivity on the fly. It’s not good enough to wholesale create large sets of matching assets, and despite what folks may think, it won’t be for a long time, if ever. Not to mention, people just don’t want that. People want art to have intentional meaning, not computer generated slop.





  • Solar Bear@slrpnk.nettoLinux@lemmy.mlThoughts on this?
    link
    fedilink
    English
    arrow-up
    26
    ·
    10 months ago

    it’s probably time to come to terms with the fact that better alternatives would have arisen had anyone thought they could truly manage it.

    This is the most important takeaway. There’s a lot of people whining about Wayland, but Wayland devs are currently the only people actually willing to put in the work. Nobody wants to work on X and nobody wants to make an alternative to Wayland, so why do we keep wasting time on this topic?


  • Solar Bear@slrpnk.nettoLinux@lemmy.mlCanonical changes the license of LXD to AGPL
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    edit-2
    11 months ago

    The full details are complex but I’ll give you the basic gist. The original GPL licenses essentially say that if you give somebody the compiled binary, they are legally entitled to have the source code as well, along with the rights to modify and redistribute it so long as they too follow the same rules. It creates a system where code flows down freely like water.

    However, this doesn’t apply if you don’t give them the binary. For example, taking an open source GPL-licensed project and running it on a server instead. The GPL doesn’t apply, so you can modify it and do whatever, and you aren’t required to share the source code if other people access it because that’s not specified in the GPL.

    The AGPL was created to address this. It adds a stipulation that if you give people access to the software on a remote system, they are still entitled to the source code and all the same rights to modify and redistribute it. Code now flows freely again, and all is well.

    The only “issue” is that the GPL/AGPL are only one-way compatible with the Apache/MIT/BSD/etc licenses. These licenses put minimal requirements on code sharing, so it’s completely fine to add their code to GPL projects. But themselves, they aren’t up to GPL requirements, so GPL code can’t be added to Apache projects.


  • Most Snaps have apt or Flatpak alternatives.

    I’m simply not going to support a distro that creates a proprietary service and ships it as the default source of software. I will support and use distros that open source their code so that everyone can benefit from it. Whether workarounds or alternatives exist is unimportant, my prime issue with Ubuntu and Canonical is with their principles, not Ubuntu’s quality as a product to be consumed by me.