TCB13

TCB13 , 1 month ago

Try to cycle it once every two weeks or something. Unfortunately there isn’t much of a right answer to your question, there are advantages and disadvantages of both approaches. This is a good read on the subject: batterycare.net/en/guide.html

TCB13 , 2 months ago (edited 1 month ago)

I often read suggestions to use something like Tailscale (…) safer than opening a port for WireGuard (WG)

I guess someone is trying really hard to upsell Tailscale there. But anyways it all comes down to how you configure things, Tailscale might come with more sensible defaults and/or help inexperienced user to get things working in a safe way. It also makes it easier to deal with the dynamic address at home, reconnects and whatnot.

Specifically about Wireguard, don’t be afraid to expose its port because if someone tries to connect and they don’t authenticate with the right key the server will silently drop the packets. An attacker won’t even know there’s something listening on that port / it will be invisible to typical IP scans / will ignore any piece of traffic that isn’t properly encrypted with your keys.

f my VPS is compromised, wouldn’t the attacker still be able to access my local network? How does using an extra layer (the VPS) make it safer?

The extra layer does a couple of things, the most important might be hiding your home network IP address because your domains will resolve the VPS public IP and then the VPS will tunnel the traffic to your network. Since your home IP isn’t public nobody can DDoS your home network directly nor track your approximate location from the IP. Most VPS providers have some security checks on incoming traffic, like DDoS detection, automatically rate limit requests from some geographies and other security measures that your ISP doesn’t care about.

Besides that, it depends on how you setup things.

You should NOT have a WG tunnel from the home network to the VPS with fully unrestricted access to everything. There should be firewall rules in place, at your home router / local server side, to restrict what the VPS can access. First configure the router / local VPN peer to drop all incoming traffic from the VPN interface, then add exceptions as needed. Imagine you’re hosting a website on the local machine 10.0.0.50, incoming traffic from the VPN interface should only be allowed to reach 10.0.0.50 port 80 and nothing else. This makes it all much more secure then just blunt access to your network and if the VPN gets compromised you’ll still be mostly protected.

TCB13 , 1 month ago

Yes, and to be fair the OP doesn’t even need to expose a port on his home network. He can do the opposite and have the port exposed on the VPS and have the local router / server connect to the VPS endpoint instead. This will also remove the issues caused by having dynamic IPs at home as well.

TCB13 , 2 months ago

Too bad he didn’t touch the real issue with Linux for most people: lack of their industry favorite proprietary software.

TCB13 , 2 months ago

Most likely yeah :D After all even the other community got burned by CentOS and decided to move to Ubuntu in mass instead of picking a true open-source distro…

TCB13 , 1 month ago

unless youre using Photoshop or Adobe as a senior youre just barking at tree.

That’s the point. The problem is that it doesn’t require the user to be senior to run into issues, it just requires them to be a professional user who has to collaborate within an industry that is standardized around some specific propriety software and people expect formats from that specific software.

TCB13 , 1 month ago

It is, but it’s also made by the same company that from time to time likes to add spyware into things… or fork open-source projects and change licenses just because they felt like it. Using Ubuntu on a professional environment has the same risks that using CentOS had, we never know when someone at Canonical will change the license and fuck everyone over.

TCB13 , 1 month ago

You know its not only Adobe apps… it’s Autodesk, MS Office (because advanced features aren’t available on the web version), Circuit Design Suite (Multisim and Ultiboard) and every other field specific application that isn’t available under Linux or that has alternatives that while viable for an amateur user won’t just cut it if you spend 8h/day within those applications and you’re expected to collaborate with others who also do it.

TCB13 , 1 month ago

That’s the keyword “most”. Someone who spends 8h/day inside an app (or group of apps) wants it to work 100% of the time at the maximum performance / with the least amount of small glitches, delays and annoyances.

TCB13 , 2 months ago (edited 1 month ago)

macOS just refuses to mount my USB 3 drives. I have a 1T seagate ssd and a 3T WD hdd (both exFat) and it just flat out refuses to see them.

I have to re-boot to actually use the extension. I reboot, and it throws the enable extension warning again. Fucking infuriating.

However today was the last straw as a task that should have taken me maybe 15 minutes took two hours of fighting with macOS.

I used to love macOS. It felt so intuitive and while it was never flawless, it mostly just got the fuck out of my way so I could do the things I wanted and needed to do

Although I do agree that macOS has seen better days the things you describe look a lot like general hardware failure because macOS still doesn’t get in the way, at least not as much as Windows, and gets the job done.

Before you say that it all now runs fine under Linux so no hardware issues, consider that Linux is way more permissive with hardware failure than macOS is, you better have a look at dmesg while connecting / using the drives to see if there’s something potentially wrong there. Same goes for a log of the system boot.

Either way I don’t feel like Asahi is a viable production thing yet, it’s a great effort but USB/Thunderbolt/Displays, Microphone and in some cases speakers are still not supported. I would rather see this gaining support for those before using it.

TCB13 , 2 months ago (edited 2 months ago)

Well, nothing is reliable over USB type A. If you don’t want to DIY you can get a USB JBOD with type-c like this one or that one or this cheaper one. They’ll get the job done for a price. :)

However, there are easy ways to get reliable SATA ports from m2 slots that your framework has.

NVME to 6 SATA ports:https://lemmy.world/pictrs/image/24ef9c41-e9c6-4e62-8aa5-22167b6b8a16.pngwww.aliexpress.com/item/1005004263885851.html

To power the disks you can use ANY standard ATX power supply (get something brand-gold second hand for 20$). To make sure the PSU stays ON, just plug a wire between the green and any black wire.

Another option for power is to get a cheap 12V power supply and a step down DC/DC to provide 5V. If you don’t have it a SATA cable like this is helpful. Simply cut the white plug and attach the red cable (5v) to the output of the DC/DC and the yellow one (12V) directly to the power supply.

There’s also these dual output power supplies that you can regulate to 12v+5v but frankly I would just go for the option above as it will be safer.

Make sure you check every voltage and polarity before plugging anything into your power supply!!

TCB13 , 2 months ago

Innovation and privacy go hand in hand here at Mozilla

As well as profits and corporate interests.

People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is. Firefox is better than most, no double there, but at the same time they do have some shady finances and they also do stuff like adding unique IDs to each installation.

Firefox does is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.

I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.

Now you’re free to go ahead and downvote this post as much as you would like. I’m sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.

TCB13 , 2 months ago

Interesting… I wasn’t aware of ClearURLs for uBo. How good is that? Does it really filer all tracking elements like clear URLs does?

TCB13 , 2 months ago

I’ll have to test it. Better to have one less extension.

TCB13 , 2 months ago

Excellent explanation, however, technically it does not constitute an “odd spot.” Rather, it represents a “100% acceptable and evident position” as it brings benefits to all stakeholders, from accounting to the CEO. Moreover, it is noteworthy that investing in services or leasing arrangements increases expenditure, resulting in reduced tax liabilities due to lower reported profits. Compounding this, the prevailing high turnover rate among CEOs diminishes incentives for making significant long-term investments.

In certain instances, there is also plain corruption. This occurs when a supplier offering services such as computer and server leasing or software, as well as company car rentals, is owned by a friend or family member of a C-level executive.

TCB13 , 2 months ago (edited 2 months ago)

Some might say that.

TCB13 , 2 months ago (edited 2 months ago)

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened.

I don’t believe this is what that rare, what I believe is that this was the fist time it happened to a company with enough exposure to actually have in impact and reach the media.

Either way Google’s image won’t ever recover from this and they just lost what small credibility they had on the cloud space and won’t be even considered again by any institution in the financial market - you know the people with the big money - and there’s no coming back from this.

TCB13 , 2 months ago

Thank you for confirming my suspicions. :)

TCB13 , 2 months ago

With great power…

TCB13 , 2 months ago

You will never get the same font rendering on Linux as on Windows as Windows font rendering (ClearType) is very strange, complicated and covered by patents.

Font rendering is also kind of a subjective thing. To anyone who is used macOS, windows font rendering looks wrong as well. Apple’s font rendering renders fonts much closer to how they would look printed out. Windows tries to increase readability by reducing blurriness and aligning everything perfectly with pixels, but it does this at the expense of accuracy.

Linux’s font rendering tends to be a bit behind, but is likely to be more similar to macOS than to Windows rendering as time goes forward. The fonts themselves are often made available by Microsoft for using on different systems, it’s just the rendering that is different.

For me, on my screens just by installing Segoe UI and tweaking the hinting / antialiasing under GNOME settings makes it really close to what Windows delivers. The default Ubuntu font, Cantarell and Sans don’t seem to be very good fonts for a great rendering experience.

The following links may be of interest to you:

• gist.github.com/…/fa6c5341403bf306e23034a1a1a9111…
• joelonsoftware.com/…/font-smoothing-anti-aliasing…
• github.com/mrbvrz/segoe-ui-linux

TCB13 , 2 months ago

but never really thought to use it in my home network

Because you don’t need it. OPNsense and pfSense may make sense in some cases however you’re running a small network and you most likely don’t require those. OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

TCB13 , 2 months ago

Yes, it is very good. It’s great to use perpetually half made software.

https://lemmy.world/pictrs/image/6daef459-bcc7-4460-9a2f-58a712263e80.pnghttps://lemmy.world/pictrs/image/a2d4ffce-17d6-46e2-b79f-edb96c226ddb.pnghttps://lemmy.world/pictrs/image/ffc1ea5d-79b0-4d10-a580-2a2d93ef6bc4.pnghttps://lemmy.world/pictrs/image/157ccb7b-8a25-4898-b148-58d0de650490.pnghttps://lemmy.world/pictrs/image/c3c8ea44-b287-42be-9482-12edc895f33b.pnghttps://lemmy.world/pictrs/image/c998130b-5396-4514-97f8-01b4dd099f4d.png

TCB13 , 2 months ago

The point is that every single feature they try to add to it ends up as yet another buggy thing that never gets fixed. They should focus on making the core things works decently instead of adding new features. After all this time they didn’t get the sync to be as reliable as Syncthing, why would they venture into webmail’s and whatnot ?

TCB13 , 2 months ago

They improved it? You can’t even add a bullet list. No way to have a full screen typing experience. It’s slow like no other and basic formatting tools are already hidden. Is that what you call improvements?

TCB13 , 2 months ago (edited 2 months ago)

Well… Poettering will eventually work his way up to browser engines and then we’ll get something efficient… Here’s the announcement:

"There’s a new component in systemd, called “engined”. Or actually, it’s not a new component, it’s actually the long existing “WebKit” engine now done properly. The engine is also a lot more fun to use than “WebKit” or “Blink” because you can finally have hundreds of tabs open in your browser without running out of RAM.

Coming soon in Coming for systemd 981.

TCB13 , 2 months ago

Hard drive stocks are currently a mess. I don’t get it, even Amazon has low stocks on everything be it small or large drives.

https://lemmy.world/pictrs/image/8773b7d4-a3e5-4a97-bc72-bc4be1080bf8.png

https://lemmy.world/pictrs/image/9cc6850e-934e-40fa-98fe-77a2414a7d15.png

https://lemmy.world/pictrs/image/e84d0292-7279-4dde-a974-5c7d77f2ca34.png

https://lemmy.world/pictrs/image/c5dfe58d-55c6-473f-bb81-c81112f7c8ba.png

Local supplier increased prices to ridiculous values and still doesn’t have the numbers. Anyone knows what’s going on?

TCB13 , 2 months ago

With Amazon if you have prime shipping or next day delivery (whatever they call it) enabled

I don’t have those…

TCB13 , 2 months ago

Yes, it looks a lot like artificial stock limitations to drive prices up.

TCB13 , 2 months ago (edited 2 months ago)

I’ve a very bad experience with GNOME boxes, both VMware and VirtualBox seem to outperform the thing and work better (drag and drop and resolution scaling, actual GPU acceleration).

TCB13 , 2 months ago

+1 here, intel on laptop.

TCB13 , 3 months ago

“GNOME Foundation To Focus On Fundraising After Years Running A Deficit”

So… If I throw half a million at them I’ll get native desktop icons back?

TCB13 , 3 months ago

You know, they were too busy wasting money on reinventing the wheel and coming up with “a vision” to be able to sort their budget.

TCB13 , 2 months ago (edited 2 months ago)

😂 😂 😂 …

TCB13 , 2 months ago

Desktop icons were removed because they’re (at least in the devs’ opinions), a poor solution.

They were removed because they were never able to make them working properly. It was always an hack and had multiple issues. ANY other OS and DE has desktop icons…

TCB13 , 2 months ago

and there are plenty of extensions to add them back if you (for some ungodly reason) want them

All the extensions are plagued by the same issue they had before. Drag and drop from apps never working properly, the icon grid behaves incorrectly sometimes and other cosmetic glitches.

TCB13 , 2 months ago (edited 2 months ago)

It was always an unfinished project because no one gave a flying

No, I didn’t misunderstood, I know it was yet another GNOME unfinished project. Both the native thing and the extensions always had/have the same problems - drag and drop from apps never working properly, the icon grid behaves incorrectly sometimes and other cosmetic glitches.

for anything that was of zero value.

Now this is the thing, desktop icons are basic DE functionality and even Apple - the guys that actually know how to design anything - agree they should be there… at least with an option to turn them ON/OFF. The removal of desktop icons was simply the “GNOME vision” being used as an excuse not the fix something that was hard to fix.

TCB13 , 2 months ago

You clearly never used those extensions.

TCB13 , 2 months ago

– commented a couple of laughing faces in all good spirits // post removed “rule 2”.

https://lemmy.world/pictrs/image/5e561fa4-f9df-47d5-bfab-08d367bdaea5.png

lol

TCB13 , 2 months ago

The funny thing is that you can’t prove me wrong there, apparently not even provide valid arguments, just add a pile of ramblings and insults.

TCB13 , 2 months ago

And right now millions of people do and I don’t see widespread issues.

It’s not a widespread issue, it’s something with the desktop icon extensions and the original implementation. In both cases the drag and drop from/to apps never worked fine.

TCB13 , 3 months ago

Wordpress + Woocomerce. There are a few themes that use less or no JavaScript, but you shouldn’t bother with that, JS is useful and can reduce the amount of page loads (traffic) and make the experience better.

TCB13 , 3 months ago (edited 3 months ago)

If you follow the ISPMail guide at workaround.org you’ll be safe.

I heard there are scaries online which someone could potentially send emails from your server without consent

That’s called an open relay and websites like mxtoolbox.com/diagnostic.aspx can test for it.

Either way your biggest issue won’t be that, if you’re running on a residential internet connection the IP is already flagged as such and will have a very low reputation with other e-mail providers causing Microsoft, Google and any other large provider will simply refuse your email. You’ll also need reverse DNS for your IP pointing at the domain you’re using that your ISP is most likely not going to provide.

TCB13 , 3 months ago

Yes, reverse DNS. Typo there.

TCB13 , 3 months ago

While I share your views about being amateur hours we’ve been seeing an increase in usage and releases on it. At this rate flatpak/flathub will become the defacto way of getting desktop software for Linux and it does solve a lot of annoyances and makes things more secure however it lacks features.

TCB13 , 3 months ago

… that can be said from apt repositories. But… they’re made in a way you can mirror the entire thing offline.

TCB13 , 3 months ago

It apparently happens with other email sources as well

I deal with a lot of mailboxes and a ton of people using Thunderbird with ridiculous amounts of emails like 50-100GB accounts and even on the few times I saw Thunderbird failing it wasn’t loosing anything.

I don’t trust Owl very much, the good news is that we will soon get an official and decent support for Exchange. :)

TCB13 , 3 months ago (edited 2 months ago)

Except for the metadata at the bottom, looks a LOT like markdown to me…

TCB13 , 2 months ago

Okay, that’s fair, what editors are you using?

I don’t complain much about Joplin because it has apps for every platform and doesn’t encode your notes in some SQLite DB + proprietary format or some other hard to access situation. Not that it looks good, but at least you’re locked into some subscription/format/limitation like in Standard Notes. I wish Joplin looked as good as Standard Notes, especially on iOS.