TCB13

TCB13 , 6 months ago to linux in linux tablet / convertible recommendation?

My recommendation: HP x360 Elitebook 1040 G8. Great machine, hardware support in Debian is great, everything works out of the box.

The Surface might be an interesting device, however do your research very well. zdnet.com/…/how-i-put-linux-on-a-microsoft-surfac… and github.com/linux-surface/linux-surface. There are a few details.

TCB13 , 6 months ago (edited 6 months ago) to selfhosted in So SBCs are shit now? Anything I can do with my collection of Pis and old routers?

What happened is that people realized what I’ve been saying since ever - that the RPi and others are a money grab because of all the required accessories while a MiniPC will get you way more power, stable hardware , case, power supply and everything in between for the same price (if you go for second hand). Here is are examples of such posts: lemmy.world/comment/5357961 , lemmy.world/comment/4696545

For eg. for 100€ you can find an HP Mini with an i5 8th gen + 16GB of ram + 256GB NVME that obviously has a case, a LOT of I/O, PCIe (m2) comes with a power adapter and outperforms a RPi5 in all possible ways. Note that the RPi5 8GB of ram will cost you 80€ + case + power adapter + cable + bullshit adapter + SD card + whatever else money grab - the Pi isn’t just a good option.

Either way, Pis have their use cases however in my opinion it was an overhyped product that sits on the middle of a market:

• They tried to make the Arduino easy by adding an operating system and high level programming languages such as Python. It never made much sense, why would you want to have GPIOs directly on a “computer”? not reasonable at all. Nowadays we’re seeing a raise of the ESP32 devices that have 30-40 GPIOs and Wifi for 2$ each. Cheap, easy to develop and deploy and eating away on the Pi’s market.
• Another typical use case for a Pi is some low power server, but while it is great in theory then it lacks the CPU performance required for the container-based absurdities people want to run and the I/O sucks. USB wasn’t ever a good way to connect to storage, let alone a USB/network shared bus like we had in the past. The new PCIe is questionable (look at the NanoPi M4v2 from 2018) and requires… more adapters;
• Price-wise it doesn’t make much sense as well because a second hand x86 will be 10x faster at the same price point… and way more stable with more expansion.

Now it’s all gone x86 and Proxmox

Proxmox isn’t a new thing, in fact it is a pile of crap and questionable open-source that people still run because they haven’t discovered LXC/LXD yet. Read more here: lemmy.world/comment/6507871. FYI you can run LXD on your Pis and get both containers and virtual machines with it in the same way Proxmox people do with x86.

The irony of this comment is that people will shit on me about replacing Proxmox with LXD in the same way they used to when I said that Pis were a money grab and x86 MiniPCs were way better.

TCB13 , 6 months ago to selfhosted in Feedback on Design and Firewall Options

Just note that by default ANY router is configured this way because they run NAT. Traffic originating from the local devices is forwarded to the internet while traffic originating from the internet isn’t forwarded to local devices (unless it’s a direct rely to a request initiated from a local machine).

I believe this is a good introductory article: devopscube.com/what-is-nat-how-does-nat-work/

TCB13 , 6 months ago to selfhosted in How to properly setup local certificate authorities for sub domains?

You can also use certbot on the subdomain servers if they are on the Internet, to auto-renew individual subdomain certificates. To run a “real” CA you need a lot of opsec and infrastructure regardless of what software you use

Yes, I agree with you and I always tell everyone to stay away from creating a CA. - it’s just not worth it the workload and the risks. Either way certbot can be even used without exposing local servers to the internet with DNS challenges and other means of authentication. The wildcard has the advantage of not having to publish those subdomains publicly in some for (DNS) or another (crt.sh).

For basic dev-level purposes, CA.pl works and has been around forever, though I’m sure there is better stuff out there.

github.com/FiloSottile/mkcert is the way to go for that.

TCB13 , 6 months ago to selfhosted in How to properly setup local certificate authorities for sub domains?

Still easier whats to setup that than what’s described. Even the Certbot tool is able to setup it up with a simple command.

TCB13 , 6 months ago to selfhosted in How to properly setup local certificate authorities for sub domains?

I just get why one would go over 2343 different pieces of software, containers, portainer, integrations and whatnot when it is as simple as issuing the wildcard certificate for the domain on a public facing machine and then transferring it to the private network.

TCB13 , 6 months ago to selfhosted in How to properly setup local certificate authorities for sub domains?

CA.pl script

NO. JUST NO. Fucks sake that thing is written in Perl. Instead use github.com/FiloSottile/mkcert OR github.com/smallstep/certificates

But yes, a wildcard is mostly way to go, less risks and more results.

TCB13 , 6 months ago (edited 6 months ago) to selfhosted in Feedback on Design and Firewall Options

If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.

I like this device since 3ports would allow me to create a physically separate DMZ

OpenWRT can do this as well. What are your plans with the DMZ tho?

Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.

With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.

You NAS will never “receive updates” it will ask for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).

My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?

You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.

Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.

TCB13 , 6 months ago to workreform in Gen Z is prioritizing living over working because they've seen 'the legacy of broken promises' in corporate America, a future-of-work expert says

That’s fair.

TCB13 , 6 months ago to workreform in Gen Z is prioritizing living over working because they've seen 'the legacy of broken promises' in corporate America, a future-of-work expert says

doesn’t change

But maybe it should for certain subjects.

TCB13 , 6 months ago (edited 6 months ago) to linux in My First Month of Linux

I don’t care what you use and I wouldn’t land in the comments just to put you on blast for your personal choices.

The thing is that this isn’t “personal choices”, I don’t even use most of the solutions I cited, but I happen to know a lot of people who do in different industries and that tried Linux countless times and showed me how poorly things are. I’m talking about managers, designers, engineers, architects - a lot of people with a lot of different needs that would love to be on Linux as much as you do but can’t because it simply doesn’t work out.

Yeah, I’ve never understood people making poorly written snide comments with absolutely zero clarification, either.

Do you really want a properly written comment? It looks like you don’t but I’ll give you one anyways. Just don’t complain like you did when I bluntly said what’s the reality of Linux desktop and professional software.

realizing that 11 was only going to bring more ads, force-installed applications, background processes that were nigh-impossible to disable without a lot of tomfoolery, AI bullshit and general bloat,

Microsoft has multiple versions of Windows and if you are smart enough to install Ubuntu you might as well be smart enough to read about them for five minutes and understand that you if you pick Windows 11 Pro you’ll be moderately clean and Windows 11 Enterprise will be very clean. You’ll also find out that with ANY version you can pick English (World) for a cleaner experience:

Selecting the “English (World)” locale during Windows Setup means you’ll receive fewer advertised tiles in your Start menu once Windows is installed, but it doesn’t change the preinstalled apps that come with Windows (also known as bloatware).

The remaining or all ads and spyware can also be disabled via group policy. When it comes to disabling crap Windows offers way better control than Ubuntu and macOS because it was made for that. There are countess companies and government agencies that force Microsoft to have group policy settings to disable all the “special features” otherwise they couldn’t use it.

Microsoft also has very detailed documentation into this (…microsoft.com/…/manage-connections-from-windows-…) that you can follow to disable what you don’t want. Meanwhile Canonical, Apple and others don’t give shit about users disabling the spyware and the systems sometimes break if you block connections.

So before you say unfounded and dumb things such as “impossible”, “forced” and whatnot go teach yourself about how things really work and what can and can’t be done.

TCB13 , 6 months ago to workreform in Gen Z is prioritizing living over working because they've seen 'the legacy of broken promises' in corporate America, a future-of-work expert says

No no, what’s your take on this? lemmy.world/comment/6915894

TCB13 , 6 months ago to workreform in Gen Z is prioritizing living over working because they've seen 'the legacy of broken promises' in corporate America, a future-of-work expert says

Go look for stats on the referendum, if it wasn’t for the 50+ years old people the UK would still be in the EU. It’s not about “let’s take away the right of people to vote” it is about “how can we let people take vote for something that wont ever affect them either way?”. I bet there was someone voting to leave that died of old age the next day, should that person have as much voting power as someone who’s on their 30’s and had to live an extra 50 years with the fallout of the decidion?

TCB13 , 6 months ago to selfhosted in question about self hosting SSO for multiple domains and services.

bad bot.

TCB13 , 6 months ago to linux in My First Month of Linux

www.rodsbooks.com/refind/ is your friend.