TCB13

TCB13 , 5 months ago (edited 5 months ago) to linux in Debian patching 32-bit builds to handle dates beyond 2038

The SheevaPlug was the OG Raspberry Pi released years before the Raspberry Pi that nobody cared about because there wasn’t a media hype around it.

Now the interesting part is: it included an ARM CPU @ 1.2 GHz and it was released in 2009 with dedicated Gigabit ethernet plus another isolated USB chip. Note that the Raspberry Pi was released years later, in 2012, with a 100M ethernet + USB shared chip that was total garbage. They kept selling that garbage until 2019 with the release of the Raspberry Pi 4 that finally came with Gigabit.

Another interesting fact about the SheevaPlug is that there was a variant with an https://commons.wikimedia.org/wiki/File:SheevaPlug_ports.jpg once again totally obliterating the Raspberry Pi 4 and making it the perfect low power system for a NAS at the time.

TCB13 , 5 months ago to linux in What is being done to make Flatpaks better integrate into the system

, theming shouldnt have to be a 10 step process. Make Flatpaks use your themes correctly.

Finally someone shares my opinion, but be careful you’ll get downvoted. Here’s what I’ve said in the past:

All the current themes, versions and tweaks of GNOME are inconsistent (…) it is only on Linux that you launch an App and suddenly it doesn’t respect your theme and goes back to some basic thing because it runs on flatpak and there’s some bullshit about it. Or… your password management can’t communicate with the browser…

github.com/flathub/org.keepassxc.KeePassXC/…/29#i… A password manger can’t community with a Browser as it is. This makes both useless and kills one of the best use cases for Flatpak.

TCB13 , 5 months ago to mildlyinfuriating in It seems like all packaged foods do this now

OP, are you American?

TCB13 , 5 months ago (edited 5 months ago) to linux in Debian patching 32-bit builds to handle dates beyond 2038

Great news, my Sheevaplug can now cross 2038.

What’s a Sheevaplug? lemmy.world/comment/7295421

TCB13 , 5 months ago to linux in When do I actually need a firewall?

I don’t know what else is there to answer about the purpose of a hardware firewall.

Hardware firewalls have their use cases, mostly overkill for homelabs and most companies but they have specific features you may want that are hard or impossible to get in other ways.

A hardware firewall may do the following things:

• Run DPI and effectively block machines on the network to access certain protocols, websites, hosts or detect whenever some user is about to download malware and block it;
• Run stats and alert sysadmins of suspicious behaviors like a user sending large amount of confidential data to the outside;
• Have “smart” AI features that will detect threats even when they aren’t known yet;
• Provide VPN endpoints and site-to-site connections. This is very common in brands like WatchGuard;
• Higher throughput than your router while doing all the other operations above;
• Better isolation.

An isolated device is the fact that you can then play around with your routers without having to think about the security as much - you may break them, mess some config but you can be sure that the firewall is still in place and doing its job. The firewall becomes both a virtual and a physical and physiological barrier between your network and the outside, there’s less risk of plugging a wire on the wrong spot or a apply a configuration and suddenly having your entire network exposed.

Sure you may be able to setup something on OpenWRT to cover most of the things I listed before but how much time will you spend on that? Will it be as reliable? What about support? A Pi-hole is also another common solution for those problems, and it may work until a specific machines devices to ignore its DNS server and go straight to the router / outside.

You can even argue that you can virtualize something like pfSense or OPNsense on some host that also virtualizes your router and a bunch of other stuff, however, is it wise? Most likely not. Virtualization is mostly secure but we’ve seen cases from time to time where a compromised VM can be used to gain access to the host or other VMs, in this case the firewall could be hacked to access the entirety of your network.

When you’ve to manage larger networks, lets say 50* devices I believe it becomes easier to see how a hardware firewall can become useful. You can’t simply trust all those machines, users and software policies in them to ensure that things are secure.

TCB13 , 5 months ago to selfhosted in Current Best Remote Access Method?

So is wireguard still the gold standard?

Yes, unlike you want to rely on 3rd parties and proprietary garbage like Cloudflare, Tailscale and whatnot.

TCB13 , 5 months ago to selfhosted in Best Filesystem for NAS?

For BTRFS since it use of Copy of Write, it is more vulnerable. As metadata needs to be updated and more. Ext4 does not have CoW.

This is where theory and practice diverge and I bet a lot of people here will essentially have the same experience I have. I will never run an Ext filesystem again, not ever as I got burned multiple times both at home/homelab and at the datacenter with Ext shenanigans. BTRFS, ZFS, XFS all far superior and more reliable.

TCB13 , 5 months ago to selfhosted in Router recommendation

Stable yes but bug free no

Is any software really bug free? Most likely not, but compared to DD-WRT it is bug free. :P

Additionally I’m not sure why you think Broadcom has the best performance. There are plenty of devices out there and they don’t need to be Broadcom to be good.

Because Broadcom doesn’t play fair, they have hacks that go behind the published WIFI standards and get it go a few megabytes/second faster and/or improve the range a bit. And to take advantage of those feature both your AP and client must be Broadcom.

Not saying that MediaTek isn’t good, because it is, I use a ton of MediaTek devices and they’re all great.

TCB13 , 5 months ago to selfhosted in Best Filesystem for NAS?

I’m confused with your answer. BTRFS is good and reliable. Ext4 gets fucked at the slightest issue.

TCB13 , 5 months ago to selfhosted in Router recommendation

How much wifi and open-source do you really want?

If you are willing to go with commercial hardware + open source firmware (OpenWRT) you might want to check the table of hardware of OpenWrt at openwrt.org/toh/…/toh_available_16128_ax-wifi and openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line or the GL.iNet GL-MT6000. One of those models is now fully supported the others are on the way. If you don’t mind having older wifi a Netgear R7800 is solid.

For a full open-source hardware and software experience you need a more exotic brand like this www.banana-pi.org/en/bananapi-router/. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.

Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but there’s a catch about open-source wifi. The best performing wifi chips are Broadcom and those don’t usually see open-source software support**. MediaTek is the open-source alternative and while they work fine they can’t, unfortunately, beat Broadcom. As most hardware is Broadcom they have hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.

DD-WRT is another “open-source” firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don’t expect compatibility with newer hardware nor a bug free solution like OpenWRT is.

Side note: while there are things like OPNsense and pfSense that may make sense in some cases you most likely don’t require that. You’ve a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT is that with a great router like the BananaPi BPi R3 you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

TCB13 , 5 months ago to selfhosted in Best Filesystem for NAS?

Yes and BTRFS, unlike Ext4, will not go corrupt on the first power outage of slight hardware failure.

TCB13 , 5 months ago to linux in Are there any studies done on how much linux can save governments money if they do a whole migration?

Govts and large companies moving to Linux isn’t about costs, security or studies. It is about plain simple corruption.

• Govts/companies like blame someone when things go wrong, if they chose open-source there’s isn’t someone to sue then;
• Buying proprietary stuff means you’re outsourcing the risks of such product;
• Corruption pushes for proprietary: they might be buying software that is made by someone that is close to the CTO, CEO or other decision marker in the company, an old friend, family or straight under the table corruption;
• Most non-tech companies use services from consulting companies in order to get their software developed / running. Consulting companies often fall under the last point that besides that they have have large incentives from companies like Microsoft to push their proprietary services. For eg. Microsoft will easily provide all of a consulting companies employees with free Azure services, Office and other discounts if they enter in an exclusivity agreement to sell their tech stack. To make things worse consulting companies live of cheap developers (like interns) and Microsoft and their platform makes things easier for anyone to code and deploy;
• Microsoft provider a cohesive ecosystem of products that integrate really well with each other and usually don’t require much effort to get things going - open-source however, usually requires custom development and a ton of work to work out the “sharp angles” between multiple solutions that aren’t related and might not be easily compatible with each other;
• Open-source requires a level of expertise that more than half of the developers and IT professionals simply don’t have. This aspect reinforces the last point even more. Senior open-source experts are more expensive than simply buying proprietary solutions;
• If we consider the price of a senior open-source expert + software costs (usually free) the cost of open-source is considerable lower than the cost of cheap developers + proprietary solutions, however consider we are talking about companies. Companies will always prefer to hire more less expensive and less proficient people because that means they’re easier to replace and you’ll pay less taxes;
• Companies will prefer to hire services from other companies instead of employees thus making proprietary vendors more compelling. This happens because from an accounting / investors perspective employees are bad and subscriptions are cool (less taxes, no responsibilities etc);
• The companies who build proprietary solutions work really hard to get vendors to sell their software, they provide commissions, support and the promises that if anything goes wrong they’ll be there. This increases the number of proprietary-only vendors which reinforces everything above. If you’re starting to sell software or networking services there’s little incentive for you to go pure “open-source”. With less companies, less visibility, less professionals (and more expensive), less margins and less positive market image, less customers and lesser profits.

Unfortunately things are really poised and rigged against open-source solutions and anyone who tries to push for them. The “experts” who work in consulting companies are part of this as they usually don’t even know how to do things without the property solutions. Let me give you an example, once I had to work with E&Y, one of those big consulting companies, and I realized some awkward things while having conversations with both low level employees and partners / middle management, they weren’t aware that there are alternatives most of the time. A manager of a digital transformation and cloud solutions team that started his career E&Y, wasn’t aware that there was open-source alternatives to Google Workplace and Microsoft 365 for e-mail. I probed a TON around that and the guy, a software engineer with an university degree, didn’t even know that was Postfix was and the history of email.

TCB13 OP , 5 months ago to selfhosted in Alternative to Home Assistant for ESPHome Devices

I don’t get it: lemmy.world/comment/7111683

TCB13 OP , 5 months ago to selfhosted in Alternative to Home Assistant for ESPHome Devices

FYI the DB isn’t even that big and the total space is growing at around 100MB every 2 days.

https://lemmy.world/pictrs/image/683d00f2-8de9-4f6f-85e0-4a1d3b957b0b.png

https://lemmy.world/pictrs/image/df2dde53-c7e0-4693-bc47-36f9cda7abd7.png

I just don’t get it.

TCB13 , 5 months ago to lemmyshitpost in Americans are asleep, post European windows

European here, I’ve had showers with multiple pressure and flow levels since… ever.