digdilem

digdilem , 9 days ago

Instead of you installing linux on them, why not make it a project for the kids? Give them a bunch of distros to try and see what they learn.

digdilem , 11 days ago

Linux: 1995, Sco (At work), then got a copy of Slackware on a Cover-CD around 2000. Shortly after found Debian and have been using that at home exclusively for over two decades, now onto desktops and laptops as well as a couple of home servers. (I use EL distros, Ubuntu and OpenSuse at work nowadays)

Longer history: 1981: ZX81. 1985, Dragon 32. 1988 Amstrad CPC. 1991 an XT. 1992 A 386 sx25 with 1mb ram, and so on.

digdilem , 16 days ago

I think you’re reading more into that than there is.

digdilem , 16 days ago

No, and never did - but I don’t understand your point. Facebook started only a year after Myspace did.

digdilem , 17 days ago

IRC’s not as popular as in its heyday, and while once it was the main choice for multi-playing gaming chat (Quakenet et al), that’s largely gone elsewhere, but it’s still very good for certain technical channels.

IRC has also proved to be remarkably resistent to commercialisation, mostly due to the users. Even when one of the biggest networks, Freenode, got taken over by a drug addled mentalist Reference who started insisting all all kinds of strange things, the users just upped sticks and created a new network. A bit of fuss, but the important stuff stayed the same and it’s continued much as before as a new network, Librenet.

digdilem , 18 days ago

Others have answered your question - but it may be worth pointing out the obvious - backups. Annoyances such as you describe are much less of a stress if you know you’re protected - not just against accidental erasure, but malicious damage and technical failure.

Some people think it’s a lot of bother to do backups, but it is very easily automated with any of the very good free tools around (backup-manager, someone’s mentioned timeshift, and about a million others). A little time spent planning decent backups now will pay you back one day in spades, it’s a genuine investment of time. And once set up, with some basic monitoring to ensure they’re working and the odd manual check once in a blue moon, you’ll never be in this position again. Linux comes ahead here in that the performance impact from automated backups can be prioritised not to impact your main usage, if the machine isn’t on all the time.

digdilem , 19 days ago

Some of the cheaper Thinkpads are terribly poor quality. Once a by word for ruggedness, now just another name.

digdilem , 24 days ago

Hopefully they escalate it to our MPs, who certainly have plenty to worry about when it comes to not wanting others seeing what they’re doing online and might actually do something to protect privacy for once.

digdilem , 28 days ago

I like this perspective, but it’s the developers who get to choose in the world of FOSS software, and I suspect most would rather develop than package.

Learning the different formats, methods and then committing to re-packaging every update for eternity when you’re often a single person or a very small group is a big ask on top of developing the software too, so they’re going to select a method that’s easiest for them.

So if there was a user-led method, it would still need to appeal to developers as well.

digdilem , 27 days ago

“We’re shocked” - nobody.

But companies are crawling everything like mad - I’ve noticed a 400% upturn this year alone in bot traffic on a low traffic web forum and a few sites I host, so much so that I’m having to do some fairly heavy filtering upstream to keep them out. (They don’t resepect robots.txt, obviously)

When bot traffic outnumbers legitimate traffic at least 10x, it makes you wonder why you’re paying to host stuff.

digdilem , 1 month ago

This is exactly why I never buy Early Access games. The biggest thrill for me is starting a new game, and if that isn’t as good as it can possibly be, then that opportunity has been wasted.

Sure, it /may/ get better at some undefined point in the future, but there’s just so many games out there that are complete, and won’t require re-visiting at some point because they got better. Once that first play is gone, it’s gone.

digdilem , 1 month ago

And it was a good design - it’s universal (aha) adoption proves that.

Those of us old enough to remember the pain of using 9 and 25 pin serial leads and having to manually set baud rate and protocols, along with LPT and external SCSI and manufacturer specific sockets probably agree this was a problem that needed solving, and USB did do that.

digdilem , 1 month ago

I’ve had to scroll down eight pages to find a post that seems to actually address the good points raised in the article.

digdilem , 1 month ago

It’s actually 250 euros for the top tier (267 $us)

I mean, seriously, what the actual fucking fuck?

digdilem OP , 1 month ago

I mean - I switched my attention to Haproxy. And yes, no argument there.

digdilem OP , 1 month ago

Fail2ban is something I’ve used for years - in fact it was working on these very sites before I decided to dockerise them, but find it a lot less simple in this application for a couple of reasons:

The logs are in the docker containers. Yes, I could get them squirting to a central logging serverbut that’s a chunk of overhead for a home system. (I’ve done that before, so it is possible, just extra time)

And getting the real IP through from cloudlfare. Yes, CF passes headers with it in, and haproxy can forward that as well with a bit of tweaking. But not every docker container for serving webpages (notably the phpbb one) will correctly log the source IP even when passed through from Haproxy as the forwarded-ip, instead showing the IP of the proxy. I’ve other containers that do display it, and it can obviously be done, but I’m not clear yet why it’s inconsistent. Without that, there’s no blocking.

And… You can use the cloudflare IP to block IPs, but there’s a fixed limit on the free accounts. When I set this up before with native webservers and blocked malicious url scanning bots, then using the api to block them - I reached that limit within a couple of days. I don’t think there’s automatic expiry, so I’d need to find or build a tool that manages the blocklist remotely. (Or use haproxy to block and accept the overhead)

It’s probably where I should go next.

And yes - you’re right about scripting. Automation is absolutely how I like to do things. But so many problems only become clear retrospectively.

digdilem OP , 1 month ago

Some nice evil ideas there!

digdilem OP , 1 month ago

Maybe? It feels like the kind of stupid that you really need a human to half-ass it to achieve this thoroughly though.

digdilem OP , 1 month ago

Doh - another example of my muddled thinking.

Fail2ban will work directly on haproxy’s log, no need to read the web logs from containers at all. Much simpler and better.

digdilem OP , 1 month ago

Thanks, I’ve not heard of that, it sounds like it’s worth a look.

I don’t think the tunnel would complicate blocking via the cloudflare api, but there is a limit on the number of IPs you can ban that way, so some expiry rules are necessary.

digdilem OP , 1 month ago

Yep - agree with all of that. It’s a fault of mine that I don’t always step back and look at the bigger picture first.

digdilem OP , 1 month ago

I’ve just installed crowdsec and its haproxy plugin. Documentation is pretty good. I need to look into getting it to ban the ip at cloudflare - that would be neat.

Annoyingly, the claudebot spammer is back again today with a new UA. I’ve emailed the address within it politely asking them to desist - be interesting to see if there’s a reply. And yes, it is Claudebot 3 - AI.

UA:like Gecko; compatible; ClaudeBot/1.0; [email protected])

digdilem OP , 1 month ago

It’s back today with a new user-agent, this time containing an email address at anthropic.com - so it looks like it’s Claude3, a scraper for an AI bot.

digdilem , 1 month ago

Obesity is increasingly a problem in low- and middle-income countries.

Isn’t that always going to be the case, regardless of ingredient adjustment? It feels like people who have had very little food will tend towards over-compensating during times of glut - perhaps not so much the generation directly affected, but the care they give to next generations.

As an example vaguely related but less extreme; I was born in 1970 in England to a lower middle-class family. My parents were wartime and post-war babies who had experienced rationing and as a result, I have very strong recollections of being made to “clear your plate” before I could leave the table. (Ironically given this topic, the “there are starving children in Africa who would like that” line was given quite often)

Wasting food was the absolute highest sin I could commit and that’s stayed with me to this day.

digdilem , 2 months ago

Anyone else find themselves singing this headline to the tune of The House of the Rising Sun?

digdilem , 2 months ago

This is a common thing one needs to do. Not all linux gui tools are perfect, and some calculate number differently (1000 vs 1024 soon mounts up to big differences). Also, if you’re running as a user, you’re not going to be seeing all the files.

Here’s how I do it as a sysadmin:

As root, run:

du /* -shc |sort -h

“disk usage for all files in root, displaying a summary instead of listing all sub-files, and human-readable numbers, with a total. Then sort the results so that the largest are at the bottom”

Takes a while (many minutes, up to hours or days if you’ve slow disks, many files or remote filesystems) to run on most systems and there’s no output until it finishes because it’s piping to sort. You can speed it up by omitting the “|sort -h” bit, and you’ll get summaries when each top level dir is checked, but you won’t have a nice sorted output.

You’ll probably get some permission errors when it goes through /proc or /dev

You can be more targetted by picking some of the common places, like /var - here’s mine from a debian system, takes a couple of seconds. I’ll often start with /var as it’s a common place for systems to start filling up along with /home.

<span style="color:#323232;">root@scrofula:~# du /var/* -shc |sort -h
</span><span style="color:#323232;">0       /var/lock
</span><span style="color:#323232;">0       /var/run
</span><span style="color:#323232;">4.0K    /var/local
</span><span style="color:#323232;">4.0K    /var/mail
</span><span style="color:#323232;">4.0K    /var/opt
</span><span style="color:#323232;">168K    /var/tmp
</span><span style="color:#323232;">4.1M    /var/spool
</span><span style="color:#323232;">5.5M    /var/backups
</span><span style="color:#323232;">781M    /var/log
</span><span style="color:#323232;">787M    /var/cache
</span><span style="color:#323232;">8.3G    /var/www
</span><span style="color:#323232;">36G     /var/lib
</span><span style="color:#323232;">46G     total
</span>

Here we can see /var/lib has a lot of stuff in it, so we can look into that with du /var/lib/* -shc|sort -h - it turns out mine has some big databases in /var/lib/mysql and a bunch of docker stuff in /var/lib/docker, not surprising.

Sometimes you just won’t be able to tally what you’re seeing with what you’re using. Often that might be due to a locked file having been deleted or truncated, but the lock’s still preventing the OS from seeing the recovered space. That generally sorts itself out with various timeouts, but you can try and find it with lsof, or if the machine isn’t doing much, a quick reboot.

digdilem , 2 months ago

Good thinking. That would speed things up on some systems for sure.

digdilem , 2 months ago

Reading that made me sad, angry and scared. Great article, but terrifying.

digdilem , 2 months ago

Good luck with that.

Commercial and closed source software is no safer, and may even be using the same foss third-party libs under the hood that you’re trying to avoid. Just because foss licences generally require you to disclose you’re using them, it doesn’t mean that’s what actually happens.

And even if, by some miracle, they have a unique codebase - how secure is that? Even if an attacker can’t reach the source, they can still locate exploits and develop successful attacks against it.

At its core, all software relies upon trust. I don’t know the answer to this, and we’ll be here again soon enough.

digdilem , 2 months ago

In what way did I bend your logic? I found your logic quite twisted to start with, and don’t think I did alter it further.

Also - not constructive? But you’re the one that’s being negative. I’m merely trying to point out that you’ll have a very hard job not relying on foss as it stands today. Where we go from here is a much bigger question, but we’ve all got very used to having free software and, as I said, even if we all start paying huge amounts of money for the alternative, that doesn’t mean it’ll be safer. In fact, I rather suspect it’ll be less safe, as issues like this then have a commercial interest in not disclosing security problems. (As evidenced already in numerous commercial security exploits that were known and hidden)

digdilem , 2 months ago

Not everybody is suited to management.

digdilem , 2 months ago

I think there’s a core difference between loot boxes, which is out and out gambling, and gameplay. Both can be addictive, but they have very different consequences.

Gameplay addiction steals your time and maybe your social life, but that’s it.

Gambling addiction also steals your money. And when that’s gone, drives you to extremes trying to find more.

digdilem , 2 months ago

obfuscation should be done for FUN by PROGRAMMERS to SCARE python programmers. It should NOT be a MANDATORY feature of a language.

<snorts in perl>

digdilem , 3 months ago

Ever read some of the microsoft forums? Just as many people seeking help there - the only difference is we don’t have an over eager paid employee replying with scripted answers which don’t help.

Linux is as simple or as complicated as you want it to be. Most of the mainstream distros “just work” on most hardware. I’ve installed Mint, Rocky, Ubuntu and Debian on laptops and desktops for relatives, including those who aren’t remotely technically gifted. It was as easy/easier as Windows to install, set up and get running. The users are happy - they can use cheaper hardware (and don’t need to upgrade a perfectly good laptop for Windows 11) and are entirely free of software costs and subscriptions. Everything works and things don’t break - just like Windows and Macs. Most people just want their computer to turn on and let them run stuff. All three do that equally as well.

I’ve also installed linux on hardware clusters costing hundreds of thousands of pounds and that definitely wasn’t a simple or quick process, but that’s the nature of the task. Actually, installing the base os was probably the easiest part. Windows just isn’t an option for that.

You ask a fair question - you’re not unique in your viewpoint and that’s probably hampered takeup more than anything else. What makes you a bit better than most is that you actually ask the question and appear to be open to the answers.

digdilem , 3 months ago

That last point is often under-appreciated in its importance, especially when dealing with hundreds of servers.

digdilem , 3 months ago

htop on our vms and clusters, because it’s in all the repos, it’s fast, it’s configurable by a deployable config file, it’s very clearly laid out and it does everything I need. I definitely would not call it bloated in any way.

My config includes network and i/o traffic stats, and details cpu load type - this in particular makes iowait very easy to spot when finding out why something’s racking up big sysloads. Plus, it looks very impressive on a machine with 80 cores…

My brain can’t parse top’s output very well for anything other than looking for the highest cpu process.

But - ymmv. Everyone has a preference and we have lots of choice, it doesn’t make one thing better or worse than another.

digdilem , 3 months ago

To be fair, Emacs has had a package for that for years.

digdilem , 4 months ago

Can’t get any worse and might even get better if there’s enough shareholders who understand how to run a business and can keep a stupid ceo in check.

digdilem , 5 months ago

Very poor title, like someone’s just got their “Big Book of Clickbait”

Everything is under attack all the time, and everything is never-before-seen until it’s seen.

digdilem , 5 months ago

Mate, why wait?,

Run to Linux, don’t just run from Windows.

digdilem , 5 months ago

(Looks at laptop I’m using to reply to this that’s running Debian)

Server OS? Debian? Yes it is, but it’s also a Desktop and Laptop OS and many other things. Everything on this HP laptop just worked, including the function buttons. There’s a reason it’s such a well used distro, and it’s not just because it’s good for servers.

digdilem , 5 months ago

We use EL (Specifically Rocky, a rebuild of Redhat) for this, but I strongly suspect that any of the main distros will be absolutely fine provided they have modern enough versions of the software you need.

digdilem , 5 months ago

I uses Uyuni to push config files out to the machines I’m working on, including .bashrc files, .vimrc and all kinds of little QOL improvements.

Probably overkill just to use Uyuni for that, though.

digdilem , 5 months ago

Because it was also the best show of 2023?

digdilem , 5 months ago

Only one of the ~250 linux machines I maintain has a gui.

digdilem , 6 months ago

If they do think that - and I absolutely do not claim you are wrong - Then it’s through ignorance. Developers can just as easily distribute compiled binaries for linux as they can for Windows, and even encrypt them if that’s what they want to do.

Because linux itself is free and open, it doesn’t mean you can’t run commercial software on it without it being ripped off. I mean, my work pays many tens of thousands of pounds for commercial software running on Linux, and it’s not just licencing that stops it being spread.

digdilem , 6 months ago

I’m sure plenty will disagree with me, but unless you have specific needs, I’d suggest spending more time sourcing your media rather than rely on transcoding. Most formats of popular stuff are available and Jellyfin will happily play it natively.

Also be aware that transcoding is VERY cpu intensive, unless you have a compatible gpu/transcoder. I run a ML110 with a 6-core Xeon (12 threads) and if Jellyfin needs to transcode something, it uses all of that and still stutters badly when seeking.

If you do need to transcode because you can’t source the media in a compatible way - you may want to use something like Tdarr to transcode it before you try to play it, so it’s ready when you are.