There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

@TCB13@lemmy.world cover

This profile is from a federated server and may be incomplete. Browse more on the original instance.

TCB13 ,
@TCB13@lemmy.world avatar

Nice, can we just do the same with ext3 and ext4 now?

TCB13 ,
@TCB13@lemmy.world avatar

I wouldn’t put my mission-critical file server on BTRFS.

Oh, but I and a lot of people do and it is way more reliable than ext* filesystems ever were. Maybe ZFS or XFS is more your style then? Ext4 is very, very prone to total failure and complete data loss at the slightest hardware issue. I’m not saying you should rely on any filesystem ever, backups are important and should be there, the thing it that recovering from backups takes time and the amount of recovery that ext forced me into over the years isn’t just acceptable.

TCB13 ,
@TCB13@lemmy.world avatar

Well a few years ago I actually did some research into that but didn’t find much about it. What I said was my personal experience but now we also have companies like Synology pushing BRTFS for home and business customers and they have analytics on that for sure… since they’re trying to move everything…

TCB13 ,
@TCB13@lemmy.world avatar

The “Caveats” section for BTRFS is trash, it is all about a ENOSPC issue that requires you to low level mess with the thing or run the fs for years over constant writes without any kind maintenance (with automatic defragmentation explicitly disabled). Frankly I can point from the top of my head real issues they aren’t speaking about: RAID56 (everything?), RAID10 (improve reading performance with more parallelization).

If we take subvolumes, snapshots, deduplication, CoW, checksums and compression in consideration then there’s no reason to ever use ext4 as it is just… archaic. Synology is pushing for BRTFS at home and business so they must have analytics backing that as well.

TCB13 ,
@TCB13@lemmy.world avatar

ZFS is still the de-facto standard of a reliable filesystem. It’s super stable, and annoyingly strict on what you can do with it.

Yes and that’s the reason why I usually pick BTRFS for less complex things.

TCB13 ,
@TCB13@lemmy.world avatar

Meanwhile BTRFS provides me with snapshots and rollbacks that are a useful when I’m messing with the system. And subvolumes bring a lot of flexibility for containers and general management.

TCB13 ,
@TCB13@lemmy.world avatar

Nothing like paying your consulting friends to move everything to Linux to then pay them again to move back to Windows later one. Just like someone is Germany did at some point. :)

TCB13 ,
@TCB13@lemmy.world avatar

Great find, I was aware of that situation but it doesn’t mean what I said wasn’t also happening “in the background”. Everyone was profiting from consulting companies to Microsoft.

What distro should I use on my potato?

I have an HP Stream 11 that I want to use for word processing and some light web browsing - I’m a writer and it’s a lightweight laptop to bring to the library or coffee shop to write on. Right now it’s got Windows and it’s unusable due to lack of hard drive space for updates. Someone had luck with Xubuntu, but it’s...

TCB13 ,
@TCB13@lemmy.world avatar

Debian + xfce.

TCB13 ,
@TCB13@lemmy.world avatar

Devuan

Just no. Systemd can get more efficient than running hundreds of poorly integrated scripts and daemons to have a working system.

TCB13 ,
@TCB13@lemmy.world avatar

“systemd is always better, no matter the situation” is absolutely dangerous for the entire FOSS ecosystem: both diversity and rationality are essential.

I agree with this, however the rest is more open to discussion.

Systemd might make sense for most people on desktop targets (…) “embedded” targets, simpler and smaller is always better.

A few years ago I was working on a bunch of “embedded” devices (4 x ARM @ 800 Mhz + 256MB of RAM) and whatever we the popular alternatives and the truth is that only with systemd we were able to boot and have a usable system (timers, full dual stack DHCP/SLAAC networking network time, secure DNS) without running out of resources for our daemons later on.

The issue with sysvinit and OpenRC etc. isn’t that they aren’t good, it is that they’re simply init systems and nothing more. In order to have just the bare features above we would have to depend on tons of other small packages and daemons that would all eat up RAM and deal with all the integration pain because they weren’t designed to work together. Are you aware of the pain and number of things you’ve to setup to just have dual stack networking? With systemd you cut a lot of those smaller daemons and end up a few that have a much smaller RAM footprint and are actually made to work with each other.

Systemd also providers very useful features like socket activated services in that can be leveraged to have the system wait for incoming connections and once it gets one launch a program. Without systemd it would’ve been one more constantly running daemon. It also provided us the ability to monitor if all required services were running, kill things going over the line, restart on specific conditions and even trigger alerts.

Yes, you can do all of the above without systemd but the amount of stuff it required didn’t fit our 256MB target, nor the power budgets - we tried it, trust me. Besides all that without so many moving parts and by relying on systemd our solution was way more robust and easier to develop / debug.

TCB13 ,
@TCB13@lemmy.world avatar

Flathub priorities: adding colors and banners;

What Flathub actually lacks: a decent way of archiving and installing things offline (that knows how to deal with architectures, drivers and dependencies), an official and proper way of mirroring the repository.

lol

TCB13 ,
@TCB13@lemmy.world avatar

No I’m assuming they’ve a limited number of resources, like everyone else, and they like to pool them in the wrong things. Besides they don’t want to open the door for offline and mirroring because then they would lose their privileged position of being the single largest and most used way to get flatpaks.

TCB13 ,
@TCB13@lemmy.world avatar

The mirroring part of their repository is kind of their responsibility I guess…

TCB13 ,
@TCB13@lemmy.world avatar

Ironic isn’t it?

TCB13 ,
@TCB13@lemmy.world avatar

sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.

And the worst option if you have Windows clients.

TCB13 ,
@TCB13@lemmy.world avatar

SSHFS is a client not a server. If you want to access SFTP / SSH “shares” from Windows WinSCP and Cyberduck are good options.

TCB13 ,
@TCB13@lemmy.world avatar

So, this like a Debian live USB with persistency enabled and tools for create people pre-installed. What else is new?

TCB13 ,
@TCB13@lemmy.world avatar

I believe you’re approaching this from the wrong angle - this isn’t a tech problem, this is a people problem.

save them for posterity so that it lasts for periods like 200 years and more. This allows great-grandchildren and great-great-grandchildren to have access.

Instead of trying to get media that can last 200+ years, just teach your kids and grandkids the importance of keeping your family legacy alive. This will be way more effective than any medium you can come up it. Storage technologies change but the data remains the same, the future generations should be able to gradually upgrade storage mediums as necessary so the information keeps existing.

TCB13 ,
@TCB13@lemmy.world avatar

There’s nothing that anyone can do in 2024 in the MS Office suite of applications specifically that I can’t find a third party or cloud equivalent of to do the exact same thing.

This isn’t true. It might be close to true for a lot of situations, but not true at all. And the issue here isn’t that there isn’t an alternative, those students can learn LibreOffice and do almost everything they need with it, however once they get into a job and the company uses MS Office they won’t be be able to pick the work right away and be as productive as their peers will be. Imagine one of those students tried to apply for a backoffice job at a bank, they’ll most likely test the person’s Office skills and the student may not be able to compete the assessment and have an inferior grade to another one who always had MS Office at his school.

I’m all for FOSS but we must be very responsible when it comes to what we expose young people to and how that may impact their careers on the long run. They should have exposure to Linux, LibreOffice and have a basic understanding of them but they shouldn’t be robbed of valuable jobs skills that may make a difference just because.

TCB13 ,
@TCB13@lemmy.world avatar

Or that :P

TCB13 ,
@TCB13@lemmy.world avatar

Wouldnt you keep them computer illiterate when you teach them exclusively how to use Microsoft Windows and Microsoft Office?

As I said on another comment:

Students can and should learn Linux / LibreOffice and can most likely do almost everything they need with it, however once they get into a job and the company uses MS Office they won’t be be able to pick the work right away and be as productive as their peers will be. Imagine one of those students tried to apply for a backoffice job at a bank, they’ll most likely test the person’s Office skills and the student may not be able to compete the assessment and have an inferior grade to another one who always had MS Office at his school.

I’m all for FOSS but we must be very responsible when it comes to what we expose young people to and how that may impact their careers on the long run. They should have exposure to Linux, LibreOffice and have a basic understanding of them but they shouldn’t be robbed of valuable jobs skills that may make a difference just because.

TCB13 ,
@TCB13@lemmy.world avatar

Also this is much better than giving students locked down Chromebooks

Oh yes, but still can pose a problem. Imagine one of those students tried to apply for a backoffice job at a bank, they’ll most likely test the person’s Office skills and the student may not be able to compete the assessment and have an inferior grade to another one who always had MS Office at his school.

TCB13 ,
@TCB13@lemmy.world avatar

No it won’t. What you see is that younger generation (millennials that actually know a bit of Office) getting slandered as soon as they’re promoted and required to use those tools. They eventually learn them and are productive but it takes more time than it should. Precisely because of what you said is the reason why those generations should be exposed to said software - after all some of them will be managers, layers and other types of professionals that will keep using those tools.

TCB13 ,
@TCB13@lemmy.world avatar

One semester in Excel you have time to learn how to use it for almost everything.

TCB13 ,
@TCB13@lemmy.world avatar

Did you even read my comment? That’s what I said.

TCB13 ,
@TCB13@lemmy.world avatar

You aren’t wrong, but that’s besides the point. The point is that even if you’re decently computer savvy and you can switch around between programs you’ll always be better and faster at advanced features on the one you used more hours. If you say this never happens to you then you’ve never been exposed to a program for enough time to actually learn it from top to bottom.

TCB13 ,
@TCB13@lemmy.world avatar

No problem 😂 We were just saying the same thing.

TCB13 ,
@TCB13@lemmy.world avatar

Once again, people should learn both and be aware of the differences as I said somewhere.

TCB13 ,
@TCB13@lemmy.world avatar

Except for the fact that it is what every major company out there uses lol

TCB13 ,
@TCB13@lemmy.world avatar

Oh but it happens.

TCB13 ,
@TCB13@lemmy.world avatar

Mostly because if you’re working on a MS centric company and you’ve a lot of integration with other MS tools people then need Word and Excel. Besides, Zoom is the biggest piece of shit communication software out there, MS Teams is way way better both in call quality and in screen sharing. Zoom doesn’t even come close to MS Teams on that last one. Once you’ve documentation with dynamic references to other people, meetings, excel sharing data to and from sharepoint and sometimes NAV then it gets really hard to use docs. Besides calc can’t still do some advanced formula features.

TCB13 ,
@TCB13@lemmy.world avatar

But, coming back to this school, do you think that they could afford licenses for the latest MS Office and or MS Windows?

Microsoft typically offers licenses to education… and when it comes to Windows it doesn’t even matter as most retailers already sell machines with Windows licenses with very competitive prices. It’s usual to see bigger retailers selling computers with a Windows license at the same price a smaller retailer would do without license just because they’ve the volume and get good deals from both Microsoft and hardware vendors.

I’m not complaining, just stating something that should be taken into consideration.

TCB13 ,
@TCB13@lemmy.world avatar

You are already drowning in downvotes.

So what? I’m not a politician running a politically correct popularity contest and saying what people want to hear to win votes. I’m just stating what is omitted from the article and what is a fact as you eventually got there:

Really the only application that managers are likely to have any specialist knowledge around is Excel. I will admit that knowing Excel specifically vs other spreadsheet applications is useful. Being able to do a VLOOKUP, a pivot table, or even just proper multi-sheet formulas is useful

Honestly though, the Internet is littered with $19 Excel courses. Take one.

Yes, and will a gen-Z take them? Isn’t just easier to gradually expose them to those tools so they learn naturally without the pressure of getting to some job?

TCB13 ,
@TCB13@lemmy.world avatar

Who knows if they ever asked?

TCB13 ,
@TCB13@lemmy.world avatar

That’s fair but I was extrapolating a bit there. After all unless their IT department and IT related teachers were really inept they would’ve know that Microsoft offers things to education and would’ve got them.

TCB13 ,
@TCB13@lemmy.world avatar

The art and humanities is more a side project

I’ll add:

A side project that isn’t a life or death situation like most of those physical labor things you’re talking about. Art isn’t also bound or constrain by rules and regulations like those jobs and if the AI fails at art then there’s no problem. Nobody would care.

TCB13 ,
@TCB13@lemmy.world avatar

So… art is essentially failing ahaha.

Best resources to learn more about networking

I have been exploring the world of home servers/self-hosting for a little over a year now, and feel like I have at a decent understanding of a lot of things that go into this. The one thing I am not remotely comfortable with yet is networking. It’s like a foreign language to me....

TCB13 ,
@TCB13@lemmy.world avatar

Well, how much wifi and open-source do you really want?

If you are willing to go with commercial hardware + OpenWRT you might want to check the table of hardware at openwrt.org/toh/…/toh_available_16128_ax-wifi and openwrt.org/toh/views/toh_available_864_ac-wifi. Solid picks for the future might be the Netgear WAX2* line (no USB), the GL.iNet GL-MT6000, ASUS RT-AX59U, Belkin RT1800, Belkin RT3200, Linksys E7350, Linksys E8450. If you don’t mind having older wifi a Netgear R7800 is solid.

For a full open-source hardware and software experience you need a more exotic brand like this www.banana-pi.org/en/bananapi-router/. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.

Side note: while there are things like OPNsense and pfSense that may make sense in some cases you most likely don’t require that. You’ve a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT is that with a great router like the BananaPi BPi R3 you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

TCB13 ,
@TCB13@lemmy.world avatar
TCB13 ,
@TCB13@lemmy.world avatar

And why’s?

TCB13 ,
@TCB13@lemmy.world avatar

Thanks.

TCB13 ,
@TCB13@lemmy.world avatar

PGP is not closed. What proton has done is make a really cool JS library for PGP as part of their Web UI (openpgpjs.org) which other projects, even those unrelated to Proton have used, like Mailvelope.

I never said PGP was closed, what I was saying is that their implementation of the access to their service is closed (not using standard IMAP/SMTP) and subsequently “their” PGP might be questionable / opaque.

If they actually do everything with open standards and PGP by the book as they say, why can’t they provide IMAP/SMTP access to everyone who wants it BUT add the disclaimer that you’ve to use a PGP compatible e-mail client and configure it to deal with the encryption… they could even configure their submission to refuse any email that isn’t PGP encrypted to improve things further. The fact that they don’t do this leads me to believe that they either a) aren’t actually doing everything as “by the book PGP” and there might be security issues or b) they’re “privacy” as a catch all excuse in order to push a bit of vendor lock-in.

Their market niche is privacy conscientious people and those same people tend be to computer savvy and I bet half of them would mind setting up PGP on Thunderbird and use Proton without a bridge. Everyone else could still use their apps, web or the bridge.

TCB13 ,
@TCB13@lemmy.world avatar

Great find, even worse than what I was thinking. Like you I was also under the assumption they applied some kind of encryption to all metadata as well.

TCB13 ,
@TCB13@lemmy.world avatar

they always do client-side auth rather than tradition server-side auth

They must have some server-side auth as well, otherwise I could just emulate requests from the bridge an pull all your PGP encrypted email from their servers. Even though it would be mostly useless it would still be a big vulnerability issue.

IMAP/SMTP-based provider to whom you always send your passwords in plaintext

Why do you say that? What led you to believe it?

Most providers are running IMAPS (IMAP over SSL) or IMAP with StartTLS (upgrade to TLS) and the same for submission to make sure there are no passwords in plain-text. Furthermore mail clients and servers also support password hashing and some, like Google, even go further and push people into IMAP/SMTP authentication with XOAUTH2 (OAuth token unique for each e-mail client).

Non-plaintext mechanisms have been designed to be safe to use even without SSL encryption. Because of how they have been designed, they require access to (…) their own special hashed version of it. doc.dovecot.org/…/authentication_mechanisms/-…

Going back to Proton, if they do use PGP in a generic way it means all your e-mail are encrypted and whenever you want to open the website or use the bridge they’ve to decrypt them. As you described before, they do this client side and that’s okay.

Now the next question is: how do they decrypt your mailbox? Their servers hold your private PGP key encrypted with your login password, once a client wants to decrypt your mailbox it has to pull that private key from the server and then use your password to locally decrypt it. Said now plain text key can then be used to decrypt the e-mails. This is a common security practice to make PGP and other asymmetric encryption schemes work securely without forcing the user to store and mange its own private key - that’s okay as well.

For e-mail coming from external providers (and people who don’t use PGP) Proton receives the unencrypted message (over TLS) and then encrypts it with your public PGP key. After this point you are the only person who can decrypt the message because while they also hold your private key it is encrypted thus they can’t use it to decrypt the message. This is reasonable and okay.

Now the thing is, all this can be accomplished via IMAP/SMTP, with the same level of security, if you employ a few rules:

  1. Tell customers who want to use IMAP/SMTP that they’re required to configure PGP manually on their clients otherwise their mailbox will be encrypted / useless and they won’t be able to send e-mail;
  2. Submission (sending e-mail via SMPT) servers configured to refuse any e-mail that isn’t PGP encrypted;
  3. Only provide IMAP/SMTP authentication with SSL/TLS;
  4. Restrict the IMAP/SMTP authentication to a non-plaintext mechanism;
  5. If they don’t go for XOAUTH2, then force people into creating a specific app password for each e-mail client - like Google also allows for legacy stuff that doesn’t support XOAUTH2.

Note that their current apps/bridge also needs to authenticate itself with some hashed version of your password, otherwise I could just emulate requests from the bridge an pull all your PGP encrypted messages from their servers. Actually using XOAUTH2 tokens or unique app passwords would be even be safer than what they’re doing.

Considering their PGP implementation is standard then doing those tweaks isn’t impossible and they would provide the same level of security their apps provide but also be flexible enough for more advanced users.

TCB13 , (edited )
@TCB13@lemmy.world avatar

The bridge does the decryption using credentials you give it locally.

Are you reading what I’m typing? I just described the full process they do on their apps and what can be done over IMAP to give you the same level of protection that Proton offers.

Besides, Proton doesn’t even provide zero access. In Proton there’s a bunch of data like e-mail headers that is NOT encrypted at all and they say it:

subject lines in Proton Mail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end-to-end encrypted. Source proton.me/…/does-protonmail-encrypt-email-subject… and proton.me/…/proton-mail-encryption-explained

Any generic IMAP/SMPT provider + Thunderbird with PGP provides the same level of security that Proton provides, assuming they didn’t mess their client-side encryption/decryption/key storage in some way. PGP is making sure all your e-mail content is encrypted and that’s it, doesn’t matter if it’s done by Thunderbird and the e-mails are stored in Gmail OR if it’s done by the Proton bridge and the e-mails are on their servers, the same PGP tech the only difference is the clients.

TCB13 , (edited )
@TCB13@lemmy.world avatar

One key aspect that you seem to be missing is that Proton encrypts every mail, including those sent by or sent to unencrypted providers using your pgp key before storing them on the server. This isn’t a case scenario that can be handled without using a bridge

Yes it can, and I explained how. Maybe you’re the one not understanding how Proton actually encrypts emails sent by unencrypted providers/people…

<a href="">In asymmetric cryptography the public key is used for encryption, then the related private key is used for decryption</a>. This means the server just has to know your public key to be able to safely store incoming email from unencrypted providers. The Thunderbird that has your private key can decrypt the e-mails later on. This is exactly what Proton does but the decryption part is handled by the bridge.

There’s guide here explaining this in detail and providing an implementation example with Dovecot. This can be also done when a message is received by the MTA (before it is filed / stored by Dovecot) like discribed in this guide for Exim here. The process should be the same for Postfix.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines