ptz

ptz , 11 months ago (edited 11 months ago)

“There was a sign down at Ramsett Park that said ‘Don’t drink the sprinkler water’, so I made sun tea with it, and now I have an infection”

It’s cool you investigated and found out they did just (accidentally?) repack a dirty copy, but it definitely reminded me of that lady from Parks and Rec.

ptz , 11 months ago (edited 11 months ago)

I use a lot of the apps. Most of them are “just good enough” to keep from installing alternate, standalone versions. However, having them all integrated into NC is a big plus over maintaining separate applications.

• Calendar app and sync it with my phone with DavX5
• Tasks -> DavX5 -> OpenTasks on my phone
• Deck, which is a Kanban/Trello type of task management.
• SnappyMail app to access my email
• The Nextcloud app on my phone handles automatically uploading my photos and videos.
• The Riotchat app keeps me connected on Matrix
• Passman to manage my passwords (also has a dedicated Android app)
• Music player to play my media (works great as a Chrome app)
• Cookbook app for my recipes (it is also good at scraping/importing from recipe sites if you paste the URL in)

ptz , 11 months ago

Like Worf’s make-up lines in the first two seasons of TNG.

Watching them remastered, you can clearly tell the makeup department didn’t even bother to blend.

ptz , 11 months ago

They have both an application and email verification enabled there.

If you have gotten the email verification and clicked the link, then an admin there needs to approve you (you should get an approval email when they do).

If you haven’t gotten the initial email to verify your address, then it either failed to send on their end or it’s in your spam folder.

The admins there will not even see your registration application until your email is verified. You also won’t be able to log in until they approve the account.

ptz , 11 months ago

You’re thinking of Piped

ptz , 11 months ago

It’s a little on the nose, considering my display name and avatar, but, “That’s a stupid question!”

ptz , 11 months ago

One day, I want to go on an adventure and just see how far that takes me.

ptz , 11 months ago

Make FOX etc., have to broadcast a banner that says, “THIS IS NOT FACTUAL NEWS THIS IS FOR ENTERTAINMENT PURPOSES ONLY,"

I mean, that might work, but what we’d get is "THIS IS NOT FACTUAL NEWS THIS IS FOR ENTERTAINMENT PURPOSES ONLY 😉 " and there’d be no difference to what we have now.

ptz , 11 months ago

Mine has randomly done that for the last few versions now. I also noticed it now maintains several cookies that I have to clear before I can log in successfully again.

I do have Redis configured with it, have never used their AIO image, and previously, the session ID was the only cookie. Haven’t kept quite up to date with NC’s development, but maybe it’s no longer using PHP’s session store in favor of its own mechanism?

Unfortunately, I’m too invested in NC to start switching everything to discrete apps, so I guess I just have to put up with it. :shrug:

ptz , 11 months ago

The communities OP was talking about are there, but they don’t seem to have any posts/comments and only have 1-3 subscribers.

Still, you’d think if an admin actually had their hand on the wheel there, they’d take care of those.

Also, I like your username.

ptz , 11 months ago (edited 11 months ago)

I mean, you can easily self host a meta-search engine like Searx, Searx-ng, Whoogle, etc. I run Searx-ng and it sends your queries to multiple engines and aggregates the results for you.

To host your own search engine, you’d need to crawl and index every site. It’s certainly doable, but it would take a lot of time /effort.

ptz , 11 months ago

Hackaday-It’s great but might take over your feed.

And? lol

ptz , 1 year ago

Discovery was my “gateway” Trek which led to me watching everything else (except TOS yet) so I had no expectations or anything for what Klingons should look like.

So I didn’t think they looked “off” until I started watching the TNG era shows. Even then, I just attributed it to artistic differences.

All that said, I do like how they refined what they did in DSC for SNW. Those look more like TNG but upgraded

ptz , 1 year ago

At least as a user preference.

ptz , 1 year ago (edited 1 year ago)

I call them any one of the following:

• Grotesque monstrosities
• Pavement princesses
• Four wheeled Freudian excuses

US trucks are ridiculously oversized and typically never see any actual “truck” usage. They’re also insanely expensive and are often redneck status symbols. As an American, I’m sorry they have infested your continent.

Source: I live in a yeehaw state where people own $70,000 trucks while living in a $7,000 hovel.

ptz , 1 year ago (edited 1 year ago)

Got nothing to suggest but just wanted to call out that you’re an awesome dad parent.

ptz , 1 year ago

🤦‍♂️ Yep. Updated comment.

ptz , 1 year ago

I use SnappyMail which is a fork of Rainloop. It works great, has a version available for Nextcloud, AND it has a working sieve editor.

ptz , 1 year ago

Same for me. I’m a die-hard Thunderbird fan (it’s ugly but it works lol).

Used to use TB at work until we switched to Google Workspace and they globally disabled IMAP access. Now I’m stuck with webmail and my productivity went to absolute shit.

ptz , 1 year ago

I haven’t but I definitely should. Just refreshed my laptop with pop os and have been using the default mail client with it (Geary?). It is really responsive and works well with the tiling plugin.

ptz , 1 year ago

The last few updates to nextcloud and PHP 8 have drastically improved performance for me. I’m not using the Mail app but SnappyMail, and everything works pretty well.

Older versions and PHP < 8 were pretty slow even with all of the optimizations.

ptz OP , 1 year ago

Yes! Also one of my top 5 favorites.

Is it telling that most of my favorite Futurama quotes are from Mom? lol.

ptz OP , 1 year ago

I actually posted that one a couple of weeks ago 🤣

ptz , 1 year ago

Will that work for US split-phase “220” where the voltage is 110v on each leg? I was always worried that would fry the PSU since it’s not true 220V.

ptz , 1 year ago (edited 1 year ago)

To quote Stephen Fry quoting Katie Price’s manager:

“Katie just tells them what she wants the story to be about, and they just put it into book words”

So, my opinion is that it really depends on how much input the credited writer has in the process. Sometimes they have a good story to tell and need help with the execution. I can be on board with that. (I’m not plugging her or her book, it’s just a fun quote)

However, I think it was Reagan who said he looked forward to reading his autobiography someday. That low/no level of input would be on the end of the spectrum where I would not approve of a ghostwritten book.

ptz , 1 year ago

Let’s see what all my bullshit detector finds on just the title and description alone:

1. Telling me I need what they’re pitching: ✔
2. Mentioning that it’s free: ✔
3. "Free" is in all caps: ✔
4. Free money? ✔

Gonna go ahead and pass on whatever that is.

ptz , 1 year ago

Is there any solution (program/Docker image) that will take a port, forward it to another host (or maybe another program listening on the host) that then modifies the traffic to contain the real source IP. The whole idea is that in the server logs I want to see people’s real IP addresses, not the server in the cloud private VPN IP.

Not that I’m aware of. Most methods require some kind of out-of-band way to send the client’s real IP to the server. e.g. X-Forwarded-For headers, Proxy Protocol, etc.

If your backend app supports proxy protocol, you may be able to use HAProxy in front on the VPS and use proxy protocol from there to the backend. Nginx may also support this for streams (I don’t recall if it does or not since I mainly use HAProxy for that).

Barring that, there is one more way, but it’s less clean.

You can use iptables on the VPS to do a prerouting DNAT port forward. The only catch to this is that the VPN endpoint that hosts the service must have its default gateway set to the VPN IP of the VPS, and you have to have a MASQUERADE rule so traffic from the VPN can route out of the VPS. I run two services in this configuration, and it works well.

<pre style="background-color:#ffffff;">
<span style="color:#323232;">iptables -t nat -A PREROUTING -d {VPS_PUBLIC_IP}/32 -p tcp -m tcp --dport {PORT} -j DNAT --to-destination {VPN_CLIENT_ADDRESS}
</span><span style="color:#323232;">iptables -t nat -A POSTROUTING -s {VPN_SUBNET}/24 -o eth0 -j MASQUERADE
</span>

Where eth0 is the internet-facing interface of your VPS.

Edit: One more catch to the port forward method. This forward happens before the traffic hits your firewall chain on the VPS, so you’d need to implement any firewalls on the backend server.

ptz , 1 year ago

Forgot to ask: Is your server a VPN client to the VPS or a VPN server with the VPS as a client? In my config, the VPS is the VPN server.

Not sure about the netplan config (all my stuff is debian and uses oldschool /etc/network/interfaces), but you’d need logic like this:

Server is VPN client of the VPS:

<pre style="background-color:#ffffff;">
<span style="color:#323232;">  routes:
</span><span style="color:#323232;">    # Ensure your VPS is reachable via your default gateway
</span><span style="color:#323232;">    - to: <vps public ip>
</span><span style="color:#323232;">      via:  <your local gateway>
</span><span style="color:#323232;">    # Route all other traffic via the VPS's VPN IP
</span><span style="color:#323232;">    - to: 0.0.0.0/0
</span><span style="color:#323232;">      via:  <vps vpn ip>
</span>

You may also need to explicitly add a route to your local subnet via your eth0 IP/dev. If the VPS is a client to the server at home, then I’m not sure if this would work or not.

Sorry this is so vague. I have this setup for 2 services, and they’re both inside Docker with their own networks and routing tables; I don’t have to make any accommodations on the host.

ptz , 1 year ago

See my other response.

You may need to move the logic from netplan to a script that gets executed when the VPN is brought up. Otherwise, it will likely fail since it won’t have the VPN tunnel interface up to route traffic to.

ptz , 1 year ago

I’ve no experience with Zerotier, but I use a combo of WG and Openvpn. I use OpenVPN inside the Docker containers since it’s easier to containerize than WG.

Inside the Docker container, I have the following logic:

1. supervisord starts openvpn along with the other services in the container (yeah, yeah, it’s not “the docker way” and I don’t care)
2. OpenVPN is configured with an “up” and “down” script
3. When OpenVPN completes the tunnel setup, it runs the up script which does the following:

<pre style="background-color:#ffffff;">
<span style="color:#323232;"># Get the current default route / Docker gateway IP
</span><span style="color:#323232;">export DOCKER_GW=$(ip route | grep default | cut -d' ' -f 3)
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Delete the default route so the VPN can replace it.
</span><span style="color:#323232;">ip route del default via $DOCKER_GW;
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Add a static route through the Docker gateway only for the VPN server IP address
</span><span style="color:#323232;">ip route add $VPN_SERVER_IP via $DOCKER_GW; true
</span><span style="color:#323232;">ip route add $LAN_SUBNET via $DOCKER_GW; true
</span><span style="color:#323232;">
</span>

LAN_SUBNET is my local network (e.g. 192.168.0.1/24) and VPN_SERVER_IP is the public IP of the VPS (1.2.3.4/32). I pass those in as environment variables via docker-compose.

The VPN server pushes the default routes to the client (0.0.0.0/1 via <VPS VPN IP> and 128.0.0.0/1 via <VPS VPN IP>

Again, sorry this is all generic, but since you’re using different mechanisms, you’ll need to adapt the basic logic.

ptz , 1 year ago

You may be able to do it through the client, yes, but I have it pushed from the server:

<pre style="background-color:#ffffff;">

ptz , 1 year ago

Just to confirm, is the -o eth0 in the second command essentially the interface where all the traffic is coming in?

That is the interface the masqueraded traffic should exit.

ptz , 1 year ago

What you’re describing is known as a PWA (progressive web app).

Open webapp in Chrome(ium)-> Menu Button -> More Tools -> Create Shortcut -> Check box for open as window.

ptz OP , 1 year ago (edited 1 year ago)

I used to have to rely on satellite internet, so I always avoided cloud services in favor of self-hosted options. Even without the draconian data caps, a literal cloud would cut me off.

I’ve got a decent ISP now, but I’m too invested in my on-prem stuff to change course. lol

ptz , 1 year ago (edited 1 year ago)

See I thought that Beehaw.org was the Lemmy instance for news, as it’s supposed to be a well moderated instance, am I incorrect in that assumption?

I just started a US and World news community on my instance (had federation issues with Beehaw and a lot of stuff randomly didn’t come through in either direction, especially comments/replies). I contributed to the moderation policies they use for their news sub, and the community I put together has even tougher standards than that.

If you’re interested, here’s a post I put together with the standards for posts and the moderation policies we use: dubvee.org/post/58845

Community link: /c/[email protected]

I feel guilty plugging my own community, but if Beehaw isn’t an option (they really are well modded), then I hope for this to be the next best thing. I’ve found the other existing news communities to be somewhat lacking in proper moderation and source vetting.

ptz , 1 year ago

When he’s the only fat person in a country full of starving people, it’s not his weight we’re poking fun at.

ptz , 1 year ago

Typically, yes. It could be due to either a flaky SATA cable/connection/controller, so you might try moving it to a different port if you are able, clearing the error, and seeing if it reoccurs.

Regardless, just make sure you have a good backup of the data or are confident in the other two disks.

ptz , 1 year ago

Dude, shake the spicy Dorito crumbs out of your cleavage, take two steps out of your mom’s basement, get some fresh air, and chill the fuck out.

ptz , 1 year ago

jesus fucking christ, dude. get help.

ptz , 1 year ago (edited 1 year ago)

SearxNG is my favorite.

It’s a meta search engine that makes it easy to find what you’re looking for without ads, tracking, or SEO crap.

From there, you can train your own, built-in neural net to earn the knowledge for yourself :)

ptz , 1 year ago

Gods I hope not.

ptz OP , 1 year ago

Pop OS is an Ubuntu derivative developed by System76 (who make a range of Linux laptops). It uses a customized GNOME that has a window tiling plugin (among other things).

I’ve only run it for a week, and I like it. I was hesitant since it’s Ubuntu-derived and doesn’t fully protect you from The Snappening, but I’ve worked around that and am really enjoying it.

ptz OP , 1 year ago

[Ron Popeil voice] But wait, there’s more!

Also mildly infuriating is if you try to grudgingly load the mobile site in a desktop browser, it just redirects you back to the crappy, non-responsive desktop version.

ptz OP , 1 year ago

Ha, yeah. Checking has just been part of my daily routine forever. The comment section is a dumpster fire, though, so I just skim the headlines each day.

ptz OP , 1 year ago

Yeah, I could have done that, and I do similar to what you proposed on other sites. But that sidebar is completely useless to me and has never had anything of interest, so I’m content just nuking it from orbit.