Solar Bear

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

Use lemmy.ml how you want to use it, and if you want to participate in other political leanings, go to a different instance. No one is really stopping you, and that’s the whole idea of the fediverse. And there really isn’t any value lost, because this isn’t a “choose one and only one” situation. You’ve got all of the fediverse at your fingertips.

Until you make the mistake of replying with the wrong kind of comment to the wrong sub, and get banned from the entire instance and lose the ability to post on many of the largest subs on this side of the fediverse. Or maybe they just see you out and about and decide to ban you on sight because they don’t like what you said. There’s nothing stopping that.

Admin overreach and abuse is a major issue for the fediverse because it affects more than just the user in question. Admins of large instances get to decide who has access to the users and communities on their instances, and very often the users of the instance aren’t even aware of the actions taken on their behalf. Mastodon recently implemented a notification for when blocks and defederation remove your follows or followers, and this is a great first step. Users deserve to know when they are impacted by decisions such as these.

I love the fediverse and want to see it thrive, so we need to stop putting our heads in the sand on this issue. It’s always discussed as if it’s an issue with a few problematic instances rather than the systemic issue in need of a solution that is is. Admins need the tools to protect their instances from real abuse, but we need to balance that with the right of the users to know what’s going on and not be unfairly deprived of the social aspect of this social media experiment, especially without knowing.

And of that 61%, only a third are directly investing. The rest get it as part of their compensation package for their work, which they can’t benefit from without penalty until retirement. Additionally, it skews heavily by race. It’s 66% of white families, but only 39% of black families and 28 percent of hispanic families. The amount invested follows similar trends.

https://www.pewresearch.org/short-reads/2024/03/06/a-booming-us-stock-market-doesnt-benefit-all-racial-and-ethnic-groups-equally/

Actually most of us work for a living and don’t have the luxury of having enough money for investments to be practical in the first place, but I guess you can pretend it’s necessary to get by if it makes you feel better about it.

Incredibly funny story, incredibly awful website.

That’s where you’re wrong, buddy. It’s actually very easy to blame Microsoft for holding a decades-long desktop monopoly by pushing manufacturers to include Windows on every PC out of the box.

People really be out here preloading their computer with viruses to get around Microsoft’s latest bullshit instead of just using Linux, we ain’t never gonna have the Year of the Linux Desktop

Whatever you get for your NAS, make sure it’s CMR and not SMR. SMR drives do not perform well in NAS arrays.

I just want to follow this up and stress how important it is. This isn’t “oh, it kinda sucks but you can tolerate it” territory. It’s actually unusable after a certain point. I inherited a Synology NAS at my current job which is used for backup storage, and my job was to figure out why it wasn’t working anymore. After investigation, I found out the guy before me populated it with cheapo SMR drives, and after a certain point they just become literally unusable due to the ripple effect of rewrites inherent to shingled drives. I tried to format the array of five 6TB drives and start fresh, and it told me it would take 30 days to run whatever “optimization” process it performs after a format. After leaving it running for several days, I realized it wasn’t joking. During this period, I was getting around 1MB/s throughput to the system.

Do not buy SMR drives for any parity RAID usage, ever. It is fundamentally incompatible with how parity RAID (RAID5/6, ZFS RAID-Z, etc) writes across multiple disks. SMR should only be used for write-once situations, and ideally only for cold storage.

I explained my reasoning and you made no attempt to engage with it and just asked a question I already answered in depth. I’m not sure what you want, but it’s clearly not an answer.

Hard disagree. Everything you learn on Arch is transferable because Arch is vanilla almost to a fault. The deep understandings of components I learned from Arch have helped me more times than I can count. It’s only non-transferable if you view each command as an arcane spell to be cast in that specific situation. I’ve fixed so many issues over the years using this knowledge, and it’s literally what landed me my current job and promotions.

Arch is why I know how encryption and TPM works at a deeper level, which helped me find and fix the issue a Windows Dell PC was having that kept tripping into Bitlocker recovery. Knowledge of Grub and kernel parameters that I learned from Arch’s install process is why I was able to effortlessly break into a vendor’s DNS server whose root password was lost by the previous sysadmin before me when everybody else was panicking. Hell, it even helps in installing other distros, because advanced disk partitioning is a hot mess on a lot of distro GUI installers, so intimate knowledge of what I actually need helps me work around their failings. Plus all the countless other times that knowledge has helped me solve little problems instantly, because I knew how it worked from implementing it manually. When my coworkers falter because the GUI fails them and they know nothing else, I simply fix it with a command.

If you use Arch and actually make the effort to learn, not just copy and paste commands from the wiki, you will objectively learn a lot about how Linux works. If you seek a career in Linux, there’s nothing I can recommend more than transitioning to using Arch (not Garuda, not Manjaro, Arch) full-time on your daily driver computer.

Anyways, after about a decade I’ve recently switched to NixOS. Now there’s a distro where the skills you learn can’t be transferred out, but the knowledge I gained from Arch absolutely transferred in and gave me a head start.

I’m gonna keep it real with you, I’ll take “weirdo CEO and optional AI tools” over “corporate entity so powerful that society has literally warped around it, whose primary business model is psychological manipulation” any day of the week. The other search engines are so poor at what they do that they’re not viable options.

I’ve switched to Kagi recently and honestly it’s better than Google ever was. You can assign weights to sites to see more or less of them in your results, it automatically cuts the listicle crap out, it has various built in filters for specific things like forums or scientific studies.

Downside: it’s $10/mo. But I’m at the “I’d rather pay with money than data” stage of my life. Especially if it actually makes the experience fucking usable again.

Your response is "why are you doing X, you should do Y"

Because they're right, you shouldn't do X. I know that's not a satisfying answer for most people to hear, but it's often one people need to hear.

If the process must run as root, then giving a user direct and unauthenticated control over it is a security vulnerability. You've created a quick workaround for your issue, and to be clear it is unlikely to realistically cause you problems individually, but on a larger scale that becomes a massive issue. A better solution is required rather than recommend everybody create a hole in their security like yours in order to do this thing.

If this is something that unprivileged users reasonably want to control, then this control should be possible unprivileged, or at least with limited privilege, not by simply granting permanent total control of a root service.

This is ultimately an upstream issue more than anything else.

Refurbished drives get their SMART data reset during the process, they absolutely had more than that originally.

Recent NixOS convert, where has this work of art been all my life

There's 102 people mentioned in that commit and two of them happen to meet in the comments of a meme thread on Lemmy of all places. I love the Internet.

Docker is open source, licensed under Apache-2.0. Not really sure what you're talking about.

"Because I feel like it."

So in other words, because she wants to? As in, "because it's her body and she can do whatever she wants with it"?

The games will still be designed by humans. Generative AI will only be used as a tool in the workflow for creating certain assets faster, or for creating certain kinds of interactivity on the fly. It's not good enough to wholesale create large sets of matching assets, and despite what folks may think, it won't be for a long time, if ever. Not to mention, people just don't want that. People want art to have intentional meaning, not computer generated slop.

This is no different than anything else, we naturally appreciate the skill it takes to create something entirely by hand, even if mass production is available.