Laser

joined 5 months ago
[–] Laser@feddit.org 5 points 1 day ago

The way I do it with webservices is that I serve them all from virtual hosts. Scan my IP on port port 80? 301 moved permanently to same host port 443. 443? Welcome to nginx! Which webservice is actually served depends on the hostname being requested. The hostnames are just part of a wildcard subdomain with a matching wildcard certificate, so you can't derive the hosts from the blank landing page's cert. Though one option would be to disable https when no matching virtual host is found.

I know this isn't protection against sophisticated attackers, but nobody uses my home services except me when I'm not home so the exposure is very limited.

Anyhow, with Plex you have a central provider who, if I'm not mistaken, knows a lot about how their customers use their product. The angle of attack is different.

[–] Laser@feddit.org 6 points 1 day ago* (last edited 1 day ago) (1 children)

Are you talking about TPM 2? Because I don't think that makes classic ransomware more difficult. Also it doesn't have to be strictly a motherboard feature, e.g mine comes without a fixed hardware TPM, but my processor supports fTPM, which has up- and downsides. But it works as a TPM.

Also MS: Sadly, if your tech doesn't have these features you cannot upgrade and it will be insecure because I will not make updates for it.

Technically, this isn't true, MS will continue to update Windows 10 and even individual users can receive these officially through the Windows 10 ESU program: https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates

Not that I'm in favor of what they're doing, I think they should rather support older hardware with Win 11 and require modern features only on modern systems. But from a security standpoint, their decision is actually good, as it builds a secure foundation. Most private users will just do whatever on that foundation (e.g. run random stuff from the Internet), but I think going forward, this is the right choice, though probably for the wrong reason of doing Intel a favor.

[–] Laser@feddit.org 4 points 2 days ago

The problem I have with this is that there's no definition of what "owning" means. Never have individuals bought a game and then owned all rights associated with it. It was always a license that included personal use and nothing much else.

However, due to how media distribution worked, this license was generally valid forever and could be transferred to another party, and these two factors - especially the first one - make a good point: why would I enter such a license if the other side can factually nullify it at any point, while I lose that option after a certain time?

Apart from that, media piracy was never stealing in the first place. It's about unlicensed usage and distribution of media. And rightholders can't be surprised if people don't license it if the construct is so stacked to their disadvantage.

[–] Laser@feddit.org 1 points 4 days ago

I think if LetsEncrypt went away, so would ZeroSSL's free offer.

However, I do think not having limitations on the API is good; automation is good practice and I guess this is a concession to customers /users who have no automation in place (though this is a sad state by now). LE doesn't offer anything comparable AFAIK.

[–] Laser@feddit.org 1 points 4 days ago (2 children)

Never used them, but they state at https://zerossl.com/features/acme/ that their free acme certs include wildcards.

[–] Laser@feddit.org 7 points 5 days ago (4 children)
[–] Laser@feddit.org 1 points 6 days ago (1 children)

Who hates ChromeOS? Never heard someone say that

[–] Laser@feddit.org 1 points 1 week ago

While I do get your sentiment, we currently see in Ukraine what happens if you don't have a defense industry: You're reliant on other countries to supply you in case a hostile nation notices that you're lacking it.

[–] Laser@feddit.org 4 points 1 week ago (1 children)

All that follows is my personal opinion, but for ease of writing, I'm gonna present it as facts.

Once you have grasped the advantage that Nix offers, all the fundamentally different solutions just seem s o inferior. When I first tried NixOS on a decommissioned notebook, the concept immediately made sense. Granted, I didn't understand the language features very well – I mostly used it for static configuration with most stuff just written verbatim in configuration.nix, though I did use flakes very early on because of Lanzaboote. But just the fact that you had a central configuration in a single language that was able to cross-reference itself across different parts of the system absolutely blew me out of the water. I was a very happy and content Arch user, even proficient enough to run my own online repository that built from a clean chroot for AUR packages (if you use Arch with AUR packages on multiple systems, check out the awesome aurutils!), but after seeing the power of NixOS in action, I switched over all my machines as soon as I could - desktop, virtual servers (thanks nixos-anywhere!), main notebook and NAS.

People often praise the BSDs for their integrated approach – NixOS manages to bring that approach to Linux. Apart from GUIX System that I never tried because Secure Boot was a requirement when I last looked at other distributions, none of them have tackled the problem that NixOS solves, and it's not even certain if they actually understand it. Conceptually, it plays on a whole different level. No more unrecoverable systems, even with broken kernels – just boot the previous configuration. Want to try changes without any commitment? nixos-rebuild test got you. Need an app quick? nix shell nixpkgs#app it is.

Plus the ecosystem is just fantastic. The aforementioned nixos-anywhere really helps with remote provisioning, using disko to declaratively setup filesystems and mounts, you have devenv which is a really good solution for development environments, both regarding reproducibility and features, and many more that I can't mention here. There is nothing comparable, and the possibilities are unlike in any other ecosystem.

It's not perfect for sure though, and documentation is sparse. The language concepts which allow one to "unlock" the most powerful features are different from what most people know.

I was lucky enough to have some downtime at work to get into the system a bit deeper (this was still for work though, just not my core skillset) by implementing a "framework" for our needs which forced me to not just copy and paste stuff, though I definitely did get inspired from other solutions, but to actually better understand the module system (I think?), thinking in attribute sets, writing your own actual modules, function library and so on. But in the end, it was definitely worth it, and I'm unaware of any other system that would allow what Nix and NixOS allowed me to build.

[–] Laser@feddit.org 5 points 1 week ago

Yeah, but if I'm not mistaken not because they're the same architecture, but because each WiiU had full Wii hardware inside it, so it was actually two consoles. The Wii was actually just a faster GameCube.

[–] Laser@feddit.org 12 points 1 week ago

And why would they

[–] Laser@feddit.org 5 points 2 weeks ago

NixOS [...] some packages are kinda old

Fair

that server will be going back to debian next summer.

I don't think that will solve the "some packages are kinda old" issue.

view more: next ›