TCB13

TCB13 , 3 months ago

Yet, we still don’t have a proper way to mirror the parts (or the entire) repository and/or have useful offline archives of flatpaks for certain cases.

TCB13 , 3 months ago

is using a public domain effective way to do it or should i always use server’s IP when configuring something inside LAN? Is my traffic routed through the internet somehow when using domain even in LAN or does my router know to not do this?

It depends.

If you control your router (not ISP provided) you can just go into the router settings and tell it to always resolve your public domain to the local machine IP. This will make it so any computer on the network running a DNS query will get a local IP for that domain instead of the public one. Quick and easy fix.

If you don’t control it / don’t apply the fix above, most likely your traffic is not routed through the internet because routers are usually configured for hairpinning / NAT loopback and they’ll simply forward the traffic internally.

You can test what’s going on by using the traceroute (or tracert on Windows) to find where the traffic is going. It will give you a line for each host your traffic has to go through in order to reach the destination. If you need help reading the output, just post it public IPs redacted.

TCB13 , 3 months ago

But even if you don’t fully control the device, you can usually change DHCP DNS so that LAN clients will use your local DNS servers.

Not all ISPs allow this. Mine for instance doesn’t allow changing any LAN DHCP setting… fortunately they have an option to configure one of the ports as “bridge” and you’ll get a public IP there so I can just plug my own equipment and do whatever I want.

TCB13 , 3 months ago (edited 3 months ago)

Does creating a VPN into my home network using my router increase my attack surface?

Yes, but it also provides the ability to access any resource in your network in a secure way.

It is typically less safe to expose 3 or 4 different services you want remote access than a single VPN daemon that is actually designed for that specific scenario and has mitigations for common attacks built in.

To make your setup secure you can consider a few steps:

• Use Wireguard: don’t be afraid to expose the Wireguard port because if someone tries to connect and they don’t authenticate with the right key the server will silently drop the packets. An attacker won’t even know there’s something listening on that port / it will be invisible to typical IP scans / / will ignore any piece of traffic that isn’t properly encrypted with your keys;
• Use a 5-digit port for your VPN - something like 23901 (up to 65535) will be way harder to find than typical ports like the default 51820 or 443;
• Go full paranoid and use a firewall to restrict what countries or even days, hours access your server is allowed. Eg. only allow incoming connection from your country (wiki.nftables.org/wiki-nftables/…/GeoIP_matching). Be aware of what happens when you’re abroad;
• Don’t port forward IPv6 if you don’t need it. Might be easier than dealing with a dual stack firewall and/or other complexities.

In a side note: a VPN doesn’t mean full access to your network either. You can setup a VPN endpoint that only allows access to a few specified services running on specific machines instead of the entire network. This will give you extra security if you’re into that.

• digitalocean.com/…/how-to-set-up-wireguard-on-deb… (skip IPv6)
• github.com/ngoduykhanh/wireguard-ui - good UI to manage wg
• wiki.nftables.org/…/Quick_reference-nftables_in_1…
• tadeubento.com/…/nftables-country-geo-blocking/

TCB13 , 3 months ago

You can also configure your server to only accept traffic on the VPN port coming from your home IP address if you’ve a static one. Or… only allow incoming connection from your country (wiki.nftables.org/wiki-nftables/…/GeoIP_matching). This will provide you an extra layer of security.

Either way don’t be afraid to expose the Wireguard port because an attacker won’t even know there’s something listening on that port as it will ignore any piece of traffic that isn’t properly encrypted with your keys;

TCB13 , 3 months ago

If you want stability use the latest Debian. The point of those LTS kernels is more and more supporting IoT and other devices you can’t simply upgrade, but you want to keep secure… regular use cases can just usa a stable disto like Debian and you’ll never notice any kernel related issues.

TCB13 , 3 months ago

Maybe the issue was that you were using it to access some kind of Microsoft service and their improper IMAP implementation.

TCB13 , 3 months ago

Not a single screenshot was provided.

TCB13 , 3 months ago

^ Boils down to not being hostage to a single provider and whatever it offers.

TCB13 , 3 months ago

Only annoying thing is not supporting ProtonMail out of the box.

That’s Protons fault, they’re the ones that decided to ignore all the open and standard e-mail, contacts and calendar protocols out there and built their custom-everything stack to keep you vendor-locked into their interfaces.

TCB13 , 3 months ago

just more difficult to connect when the provider wants to keep things secure.

Proton could’ve just implemented everything they did with IMAP/SMTP on Thunderbird + OpenPGP with the same level of security, but they decided not to. Yes, their solution is convenient but also close to everything else.

TCB13 , 3 months ago

NixOS is just another attempt at changing the way fundamental things are done so one day they can introduce some orchestration / repository / xyz payed solution. Yet another step in the commoditization of software development.

TCB13 , 3 months ago (edited 3 months ago)

I don’t yet… but a few months ago nobody believed they could take on a sponsorship from Anduril. Nor that they would enact a somewhat vague policy guide pushing the ideia that the community is all that matters and that all further important decisions will be community driven without actually specifically defining “who” is the community.

TCB13 , 3 months ago

This is just like the iPhone (lack of) storage and the (lack of) SD cards. Apple is trying to maximize profits by using less RAM and by forcing people into buying more hardware in a few years. Apple does a lot of stuff very well but then they also pull this crap.

TCB13 OP , 3 months ago

In the US you can go to the App Store and download Delta for free. In the EU you’re forced to pay 1.50€/year because he decided to only make it available on the AltStore.

TCB13 OP , 3 months ago

Did you miss the part where Europens will have to pay 1.50€/year to have access to Delta while Americans can get it for free on the App Store?

having it loaded from his own does.

This isn’t even true. Apps distributed via alternative stores are subject to notarization and are signed as well. Apple can take any app down at any point - even if distributed by a 3rd party store.

TCB13 OP , 3 months ago

RetroArch

Do you have experience with it? Isn’t RetroArch a frontend to another solutions? How does that play in iOS? Does it come with the other code compiled and bundled? How does it get around the fact that in iOS it can’t just launch another executable for xyz?

TCB13 OP , 3 months ago (edited 3 months ago)

Do we have to assassinate someone’s character over this?

Yes, he’s acting in very bad faith, he launched Delta on the US App Store and NOT on the EU… Apple approved Delta for distribution and as so it can be distributed in all stores - not only in the US.

This is was a dick move to push EU people into the AltStore. If Apple made alternative app stores available in the US as well then this guy would’ve never published the app on the App Store.

If you want Delta in the EU, download AltStore.

I’m going to say again: AltStore is either payed or requires that constant refresh thing. It doesn’t make sense for make the app free on the US and force EU users to pay…

Testut was supposed to come back home to Apple just because they said so, but I think he did the right thing by sticking to his plans and foiling Apple’s.

… again and how does that work when he only “stick to the plan” in the EU? Why does US users have access to Delta for free while other have to pay?

TCB13 OP , 3 months ago

Why not, Apple allows it, as long as there is no ROMs included it’s okay.

TCB13 OP , 3 months ago

I bet you’re living in the US not having this deal with this bullshit. While you’ve access to a free app, I’m (in Europe) required to pay and install a 3rd party store just because some guy decided like it.

TCB13 OP , 3 months ago

Why should he make the app free in the US and payed in the EU then? I was okay with paying for this directly on the AppStore even 10$ would be fair, but this is bullshit.

TCB13 OP , 3 months ago

I downloaded it for free. Stop making this about the US 🤣

Enjoy your 3 side loaded app limit + 7 day refreshes and having to install a 3rd party store to get access to an application that was approved by Apple for distribution on the App Store.

He’s pushing users onto his new App Store so he’s making apps available there 🤷‍♂️

Yes and that’s a dick move, he is leveraging Delta to push people into AltStore. Why some users can have it for free while others have to pay? How can this make sense to you? This is the same of, let’s say, you’ve to pay taxes but your next door neighbor does not just because.

He has to pay a fee to create an AppStore. Do you think he can magically make money out of this air to pay apple?

Yes, and who asked for that?

People asked for an emulator on the App Store, eventually Apple changed their policies and allowed it, he was one that decided to create an alternative store, not the users.

TCB13 OP , 3 months ago

According to this it as it currently stands you’ve to download all the core, compile than and bundle them with the App. This is very likely to pass the App Store checks depending on a few details.

TCB13 OP , 3 months ago

or should he refer to your poor arguments in the future

Okay, when your govt decides you should pay taxes and your neighbor in the exact same situation doesn’t have to pay then I hope you’re happy. That’s what you’re advocating for there.

maybe you’re the Portuguese Tim Cook and you’re still butthurt about opening up iOS??

Ahahah, the exact opposite. I’m all for alternative app stores and I believe iOS should allow for direct IPA installs without signatures and checks from Apple at all. What I’m against is developers screwing over specific groups of people, in this case Europeans, like this one did.

At the end of the day Testut is charging 1.50€/year for AltStore PAL access, so… he just created a new tax, a fee and so is Apple. The more things change, the more they stay the same ;)

TCB13 OP , 3 months ago

Riley Testut, as he could flip a switch and have Delta appear on all European app stores.

TCB13 OP , 3 months ago

I don’t get the special treatment for US users. But okay.

I really hope that RetroArch (that is actually done by decent people) get’s released in the stores soon and Delta / Testut fades away.

TCB13 OP , 3 months ago

Let’s forget about the inequality situation that was created here, even though it was mostly created by his choices of accepting the “new terms” and wanting to launch the AltStore.

Do you like to have a phone where you’re forced into having just the Apple App Store? You don’t, you want freedom to choose whatever App Store you would like to use.

This is exactly the same, instead of just making Delta available on the EU Stores for a price (in order to cover the CTF tax) he decided to restrict it to his single store.

TCB13 , 3 months ago

And also because realistically there’s no need for any other distro. :P

TCB13 , 3 months ago

Weyyy! Let’s migrate from the most buggy software out there into the papyrus open comic sans photo manager. :)

Actually kudos for the Immich guys, it is indeed a great piece of software… unlike Nextcloud.

TCB13 , 3 months ago

The better question is, what’s NOT wrong with Nextcloud?

Nextcloud is also a perpetually half made project that breaks at every corner and requires a lot of resources. The sync works until you add like a TB of small files and it never works fine again, unlike Syncthing that can handle whatever you need. Also unlike FileBrowser the WebUI is slow at listing files and related operations. The webmail is yet another pile of JS errors and nonsense idiotic stuff like being unable to show a bullet list.

TCB13 , 3 months ago

^ lemmy.world/comment/9438045

TCB13 , 3 months ago

Did you happen to have a look at my post. I believe what’s there is way more than “comically slow and laggy” it’s just yet another time NC overpromised and underdelivered. I’m used to Roundcube and web both know that thing is very fast and reliable.

What’s the point of storing millions of emails on a DB if the software is 50x slower than something that doesn’t do that?

Yes. It’s a joke.

TCB13 , 3 months ago

has worked just as quickly as Syncthing

Ahaha you funny guy. Can you have a look at this? From what I’ve seen people either say NC works really well and very fast or that it is complete trash. I really wanted to make it work, and I regularly try the thing again to always end up with piles of javascript erros on my browser.

TCB13 , 3 months ago

Did you try out Nextcloud AIO instead of setting it up manually?

Yes, mostly the same.

I agree that NC has a lot of problems. It’s a good example of an application that tries to do everything and unsurprisingly doesn’t do many things truly well. With that said, I was surprised that NC AIO ran well for me despite the horror stories of NC I’d always read

I believe this is a problem of scale, once you get a lot of data and a couple of users things then to go downhill from there.

To make things better NC isn’t polished at all and there’s a lot of moving parts that break randomly at multiple times or at the same time.

My main problems with Syncthing is that there’s no official iOS client and that there’s no easy selective sync

This is kind of the problem with Syncthing for… everyone. What I do with iOS is to avoid syncs, have a central “server” where all your Syncthing devices sync to/from and access everything on iOS through WebDAV/SFTP or FileBrowser running on that server.

TCB13 , 3 months ago

Hey! Let’s add more bugs into an existing pile of bugs (Nextcloud)!

TCB13 , 3 months ago

The American mind can’t just comprehend that there’s world besides the USA. Australia, Germany, Italy, Norway, Sweden, Finland as many pointed out all have longer routes. Don’t let me get started on Russia or we might end up with a new race between the US and Russia trying to come with the longest road.

Another thing the American mind can’t just comprehend (about Europe) is how someone can drive across multiple countries without ever stopping on checkpoints/border controls/customs and most of time without even exiting/changing highways.

The American mind can’t just comprehend what it is to send money to a friend in another EU country with just a single number. No 3rd party services, no routing and account numbers, no fees, no banking shenanigans. Simply login into your European bank, type the value and the IBAN and the transfer is done. :)

TCB13 , 3 months ago

You can but it’s not as straightforward as it is in Europe. It varies much from bank to bank.

TCB13 , 3 months ago

Ahahahaha

TCB13 , 3 months ago

There’s not any discernable delay in typing

Typing is fine, just minimize a window on GNOME and then to the same on Xfce and you’ll see the difference. Xfce = window instantly gone, no special effects. GNOME random minimize / fade animation.

TCB13 , 3 months ago

So am I to understand that your complaint about Gnome has changed from “I have severe performance issues and input lag, even using a desktop i7” to “minimising has a 0.2 second animation, just as practically every other UX has, and rather than just turn it off

No it hasn’t. My complaints about GNOME have expanded a bit, just that. The UI is definitely slower than let’s say Xfce and to make things even worse adds pointless animations.

and rather than just turn it off

That’s the issue, you can’t turn off ALL Gnome animations, there’s a toggle on settings that reduces about 90% of the nonsense but you’ll still get some animations.

TCB13 , 3 months ago

People installing proprietary software.

You are aware that you never got Adobe / MS Office / Autodesk for Linux because Linux is very bad when it comes to supporting developers aren’t you? Unlike all other platforms out there you’ve to deal with multiple DE that are ever changing and half baked. You also have to deal with the lack of proper documentation into APIs and frameworks to make developer’s lives easier.

TCB13 , 3 months ago

No, but we both know it is a big chunk. It works, and it is mostly fine, but it is certainly slower than Xfce and adds more pain with animations.

TCB13 , 3 months ago (edited 3 months ago)

Just because a slight delay doesn’t bother you it doesn’t mean it isn’t there. The first times I used GNOME I actually was convinced it was some issue with my computer / setup. After countless installations on different distros and also dealing with it at work and friend’s computers I came to the conclusion that is it slower than Xfce and most likely KDE. There’s no way around it.

To be fair, as you said in another comment I don’t believe this is CPU bound at all, nor GPU. Multiple machines some Intel with iGPUs others with discrete GPUs, others with AMD, all the same behavior. I’m way more inclined to believe this is an I/O issue above all, GNOME needs to read and load a lot more stuff than Xfce to render any window thus it will be slower.

Anyways, I never experienced this much, but if you google around people that are using older machines say that GNOME is always the slowest thing on those machines. Others such as Xfce they report it as performing better, so if on an old machine the slowdown once using GNOME is noticeable by almost everyone it means it does indeed use more resources. You can throw an i9 to at the issue but the fact is that it will always use more resources no matter of the hardware you have.

In my case I tend to be particular sensible to small delays than you or others but it’s there and old machines prove it. It’s not that I can’t use Gnome ever or it provides the worst desktop experience ever, no, it works fine and can be productive but I notice the delays.

TCB13 , 3 months ago

Can you try Xfce and report back?

TCB13 , 3 months ago

No, the animations aren’t running slower on my hardware than in any other hardware… the issue is that there are animations and those take time to complete.

TCB13 , 3 months ago

However, it isn’t this magical desktop and if your computer is bound up by a drawing text and icons on the display then Xfce4 is not going to help you. KDE and Gnome are both a little ram heavy but that’s because they are much bigger desktops.

Exactly, they are bigger thus require more resources and will run slow on older hardware as many people complain. I personally don’t feel that GNOME is very noticeable slower but, I do believe there’s an extra very short delay when windows are to be drawn, on my main desktop because of it’s larger size but due to the fact that everything is forcefully animated. The DE kinda gets in my way with those animations instead of just click > apear like Xfce does.

TCB13 , 3 months ago

Cmon… how can they not? An animation always takes time, 0.1s is time. As described here there’s even an extension that can speed up animations.