lemmyvore

joined 1 year ago
[–] lemmyvore@feddit.nl 6 points 1 month ago

Yes but it's unregulated and like most unregulated TLDs it has become a cesspool of malware and dark dealings. I don't think anybody would never if that were to happen to .io.

[–] lemmyvore@feddit.nl 29 points 1 month ago (3 children)

Normally that would have been the preferred solution, but since IANA has experienced all kinds of shenanigans on similar occasions they have decided to not allow ccTLD's to survive their former country anymore.

[–] lemmyvore@feddit.nl 1 points 1 month ago (1 children)

Linux printing is very complex. Before Foomatic came along you got to experience it in all it's glory and setting up a working printing chain was a pain. The Foomatic Wikipedia page has a diagram that will make your head spin.

[–] lemmyvore@feddit.nl 52 points 1 month ago (16 children)

override the auto driving

I must be tired right now but I don't see how a remote operator could have driven better in this situation.

You can't get away from someone blocking your car in traffic without risk.of hitting them or other people or vehicles.

You probably meant they ought to drive away regardless of what they hit, if it helps the passenger escape a.dire.situation? But I have to wonder if a remote operator would agree to be put on the spot like that.

[–] lemmyvore@feddit.nl 1 points 1 month ago

Great trick, I had no idea Flatpak can use an existing install as a repo!

[–] lemmyvore@feddit.nl 5 points 1 month ago

If you end up with resizing /var as the only solution, please post your partition layout first and ask, don't rush into it. A screenshot from an app like Disk Manager or Gparted should do it, and we'll explain the steps and the risks.

When you're ready to resize, you MUST use a bootable stick, not resize from inside the running system. You have to make a stick using something like Ventoy, and drop the ISO for the live version of GParted on the stick, then boot with it and pick the Gparted live. You'll have to write down the instructions and be careful what you do, and also hope that there's no power outage during.

[–] lemmyvore@feddit.nl 4 points 1 month ago (2 children)

The safest method, if your /home has enough space, is to use it instead of /var for (some) Flatpak installs. You can force any Flatpak install to go to /home by adding --user to the command.

If you look at the output of flatpak list it will tell you which package is installed in user home dir and which in system (/var). You can also show the size of each package with flatpak list --columns=name,application,version,size,installation.

I don't think you can move installed apps directly between system/user like Steam can (Flatpak is REALLY overdue for a good package manager) but you can uninstall apps from system, then run flatpak remove --unused, then install them again with --user.

Please note that apps installed with --user are only seen by the user that installed them. Also you'll have to cleanup separately for system and user(s) in the future (flatpak remove --unused for system, then flatpak remove --unused --user for each user).

[–] lemmyvore@feddit.nl 1 points 1 month ago

It's not an issue on Arch & derivates, due to the simple fact I mentioned above: third-party (AUR) packages are never allowed to use the name of an official package.

If a third-party package was already using a name that a new official package wishes to use, users are required to willingly uninstall the third-party package in order to be allowed to install the official one, and can never re-install the third-party package unless it changes its name.

It also helps that there's only one third-party repo (the AUR) so it prevents name overlaps among third-party packages. Although that's of secondary importance since it can be bypassed by crafting custom packages locally.

I appreciate the difficulty of enacting such a rule on Debian or Ubuntu now, considering the vast amount of already existing, widely established third-party repos, and also the fact that Debian official repos contain 3-4 times as many packages as Arch official repos. Which is why I think there's no way to fix this aspect of Debian/Ubuntu anymore.

I'm not saying that makes them unusable... but I believe that anybody who uses them should be [made] aware of this caveat. It's not readily apparent and by the time it bites a new user she's probably already invested a couple of years in them.

[–] lemmyvore@feddit.nl 1 points 1 month ago (2 children)

Interesting, I'll keep it in mind.

Still not sure it would help in all cases. Particularly when 3rd party repos have to override core packages because they need to be patched to support whatever they're installing. Which is another very bad practice in the Ubuntu/Debian world, granted.

[–] lemmyvore@feddit.nl 1 points 1 month ago (4 children)

I'm not sure how that would help. First of all, it would still end up blocking proper updates. Secondly, it's hard to figure out what exactly you're supposed to pin.

[–] lemmyvore@feddit.nl 6 points 1 month ago (6 children)

Third party package mechanism is fundamentally broken in Ubuntu (and in Debian).

Third party repos should never be allowed to use package names from the core repos. But they are, so they pretend they're core packages, but use different version names, and at upgrade time the updater doesn't know what to do with those version and how to solve dependencies.

That leaves you with a broken system where you can't upgrade and can't do anything entirely l eventually except a clean reinstall.

After this happened several times while using Ubuntu I resorted to leaving more and more time between major upgrades, running old versions on extended support or even unsupported.

Eventually I figured that if I'm gonna reinstall from scratch I might as well install a different distro.

I should note I still run Debian on my server, because that's a basic install with just core packages and everything else runs in Docker.

So if you delegate your package management to a completely different tool, like Flatpak, I guess you can continue to use Ubuntu. But it seems dumb to be required to resort to Flatpak to make Ubuntu usable.

[–] lemmyvore@feddit.nl 2 points 1 month ago* (last edited 1 month ago)

People often think that things like recording your screen or keylogging are the worst but they're not. These attacks would require you to be targeted by someone looking for something specific.

Meanwhile automated attacks can copy all your files, or encrypt them (ransomware), search for sensitive information, or use your hardware for bad things (crypto mining, spam, DDoS, spreading the malware further), or most likely all of the above.

Automated attacks are much more dangerous and pervasive because they are conducted at massive scale. Bots scan massive amounts of IPs and try all the known exploits and vulnerabilities without getting tired, without caring how daunting it may be, without even caring if they're trying the right vulnerability against the right kind of OS or app. They just spray everything and see what sticks.

You're thousands of times more likely to be caught by such malware than it is to be targeted by someone with the skill and motive to record your screen or your keyboard.

Secondly, if someone like that targets you and has access to your user account, Wayland won't stop them. They can gain access to your root account, they can install elevated spyware, they can patch Wayland and so on.

What Wayland is doing is the equivalent of asking you to wear a motorcycle helmet 24/7, just in case you slip on some spilled juice, or a flower pot falls on your head, or the bus you're in crashes. All those things are possible and the helmet would come in handy but are they likely? We don't do it because it's not, and it would be a major inconvenience.

 

I took some photos at an event and I need to go through them and get rid of the bad ones (eyes closed, things in the shot, out of focus, blurred etc.) I'm not a pro photographer so no idea where to begin with photo apps. I've used RawTherapee and Gimp a bit.

What app will let me quickly browse the photos and handle (delete/tag) photo formats together (both the RAW and the JPG)?

 

I wanted to run my VPN/Tailscale setup past you, see if anybody has suggestions on how I could do things better.

  • Setup: home LAN (10.0.0.0/24), router+DNS on 10.0.0.1, server running docker containers on 10.0.0.2.
  • LAN DNS points *.local.dom.tld to the server, public DNS points *.dom.tld to my dynamic public IP.
  • Containers run in bridge mode with host, expose ports on host IPs via "ports:" mapping.
  • NPM with LE certs also in container, exposes 10.0.0.2:443, forwards to various other services.

Goals for Tailscale:

  • Accessing HTTP services via NPM from my phone when away from home.
  • Exposing select UDP and TCP non-HTTP services such as syncthing (:22000) or deluge RCP admin (:58846) to other tailnet devices or to phone on the go.

Goals in general:

  • Some containers need to expose ports on the LAN.
  • Some containers need to expose ports via Tailscale.
  • Some containers need to broadcast on the LAN (DLNA stuff) – but I don't want them broadcasting to Tailscale.
  • Generally speaking I'd like to explicitly control what's exposed from each container on either LAN or Tailscale.
  • I'd like to avoid hacking images with Dockerfile. I can make my own images to do stuff, just don't want to keep up with hacking other images.

How I progresed with Tailscale:

  1. First tried running it directly on the host. Good: tailnet IP (let's call it 100.64.0.2) available on the host's default network stack. Containers can use "ports:" to map to 100.64.0.2 (tailscale) and/or 10.0.0.2 (LAN). Bad: tailscale would mess with /etc/resolv.conf on host. Also bad: tailscale0 on host picked up stuff that binds to 0.0.0.0.
  2. Moved tailscale to a container running on the host network stack (network_mode: host). Made it leave /etc/resolv.conf alone. tailscale0 on host stack still picks up everything on 0.0.0.0.

This is kinda where I'm stuck. I can make the tailscale container bridged which would put the tailscale0 interface inside the container. It wouldn't pick up 0.0.0.0 from host but how would I publish ports to it?

  • The tailscale recommended way of doing it is by putting other containers in the tailscale's container network stack (network_mode: container:tailscale). This would prevent said containers from using "ports:" to map to host anymore. Also, everything they publish locally would end up on tailscale0 whether I like it or not.
  • Tailscale has an env var TS_DEST_IP that can mirror another IP. I could allocate an IP on host eth0 like 10.1.1.1, mirror that from the tailscale container, and target it from other containers explicitly with "ports:" when I want to publish a port to tailscale. Downside: 10.1.1.1 would be in the host's network stack so still picks up 0.0.0.0.
  • I could bridge the tailscale container with other containers on a private subnet, say 192.168.1.0/24 and use tailscale serve to forward specific ports to other containers over that subnet. Unfortunately serve is fairly limited; it can't do UDP and technically it refuses to forward TCP either to non-localhost (but you can dump the serve config to JSON, and hack that config, and use it with TS_SERVE_CONFIG= 🤮).
  • I could bridge tailscale with other containers and create a special container with a fixed IP on that subnet, mirror the IP from tailscale, and use iptables on that container to forward specific ports to other containers. This would actually solve everything I want except...
  • If I ever want to use another VPN which doesn't have the mirror feature. I don't know how I'd deal with that.
 

I'm posting this in selfhosted because Gandi increasing prices actually helped me a lot with being more serious about selfhosting, made me look into things like DNS and reverse proxies and VPN and docker and also ended up saving me money by re-evaluating my service needs.

For background, Gandi.net is a large and old (25 years) domain registrar and hosting provider in the EU, who after two successive rounds of being acquired by investment funds have hiked up prices across the board for all their services.

In July 2023 when they announced the changes for November I was using their services for pretty much everything because I manage domains for friends and family. That means a wide selection of domains registered with them (both TLDs and European ccTLDs), LAMP hosting, and was taking advantage of their free email hosting for multiple domains.

For the record I don't hold the price hike against them, it was just unsustainable for us. Their email prices (~5€/mailbox/mo) are in line with market prices and so are hosting prices. Their domain prices are however exaggerated (€25-30/yr is their lower price now). I also think they could've been smarter about email, they could've offered lower prices if you keep domains registered with them. [These prices include the VAT for my country btw. They will appear lower in USD.]

What I did:

Domains: looked into alternative registrars with decent prices, support for all the ccTLDs I needed, DNSSEC, enforced whois privacy, and representative services (some ccTLDs require a local contact). Went with INWX.com (Germany) and Netim.com (France). Saved about €70/yr. Could have saved more for .org/.net/.com domains with an American registrar but didn't want to spread too thin.

DNS: learned to use a dedicated DNS service, especially now that I was using multiple registrars since I didn't want to manage DNS in multiple places. Wanted something with support for DNSSEC and API. Went with deSEC.io (Germany) as main service and Bunny.net (Slovenia) as backup. deSEC is free, more on Bunny pricing below. Learned a lot about DNS in the process.

Email: having multiple low-volume mailboxes forced me to look into volume-based providers who charge for storage and emails sent/received not mailboxes. I've found Migadu (Swiss with servers in France at OVH), MXRoute (self-hosted in Texas) and PurelyMail (don't know). Fair warning, they're all 1-2 man operations. But their prices are amazing because you pay a flat fee per year and can have any number of domains and mailboxes instead of monthly fees for one mailbox at one domain. Saved €130/yr. Learned a lot about MX records and SPF/DKIM/DMARC.

Hosting: had a revelation that none of the webpages I was hosting actually needed live dynamic services (like PHP and MySQL). Those that were using a CMS like WordPress or PHP photo galleries could be self-hosted in docker containers because only one person was using each, and the static output hosted on a CDN. Enter Bunny.net, who also offer CDN and static storage services. For Europe and North America it costs 1 cent per GB with a $1 minimum/mo, so basically $12/yr since all websites are low traffic personal websites. Saved another €130/yr. Learned a lot about Docker, reverse proxies and self-hosting in general.

Keep in mind that I already had a decent PC for self-hosting, but at €330 saved per year I could've afforded buying a decent machine and some storage either way.

I think separating registrars, DNS, email and hosting was a good decision because it allows a lot of flexibility should any of them have any issues, price hikes etc.

It does complicate things if I should kick the bucket – compared to having everything in one place – which is something I'll have to consider. I've put together written details for now.

Any comments or questions are welcome. If there are others that have gone through similar migrations I'd be curious what you chose.

 

I'm thinking of putting all my email archive (55k messages, about 6 GB) on a private IMAP server but I'm wondering how to access it remotely when needed.

Obviously I'd need a webmail client but is there any that can deal with that amount of data and also be able to search through To, From, Subject and body efficiently?

I can also set up a standalone search engine of some sort (the messages are stored one per file in regular folders) but then how do I view the message once I locate it?

I can also expose the IMAP server itself and see if I can find a mobile app that fits the bill but I'd rather not do that. A webmail client would be much easier to reverse proxy and protect.

 

I've repurposed a 32 GB M.2 SATA SSD as a bootable "USB stick" and I'm putting useful tools on it. So far I've got memtest, seatools, gparted live, system rescue, clonezilla, and a live install iso of the distro installed on my PC. What other great bootable tools am I sleeping on?

 

I use multiple workspaces and I open text files all the time.

Once upon a time Mousepad used to behave sanely and would open them in a new tab if there was already an instance on the current workspace, or open a new window (on the current workspace) if there wasn't.

They broke that at some point. Now it's anybody's guess where the file will open. Maybe it opens in a tab in an existing window on this workspace. Maybe in a tab in a window on a random workspace. Maybe a new window on this workspace even though there's one open. I've given up trying to figure it out.

As a last resort I can use wmctrl to figure out how to open the files and can script a sane launcher myself – provided that the editor has --tab and --window options AND lets you specify the window instance. Mousepad has the former but not the latter.

So, do you know any editor that can do it by itself or has those options so I can do it myself? TIA

 

Hi, I'm trying to find the subtitles for Harmy's "Despecialized" Star Wars remakes and I was wondering if anybody has any ideas. The original website for Project Threepio points at a blog that seems abandoned and an old private tracker (MySpleen) that never opens to public anymore. Even just the English subs would be great (the original pack contained extensive language coverage in DVD format so I was given to understand it was quite large). TIA for any hints.

 

I've been using Gandi for over 20 years, almost since it was founded. Since being acquired in 2019 by Montefiore Investment and this year by Total Webhosting Solutions their service have become more and more expensive and have finally priced me out.

For context, I administer a bunch of domains, mailboxes and HTML websites for my family and extended family, and I prefer services hosted in the EU because of GDPR and local availability.

This post is meant as a list of practical decisions in 2023 for the small time selfhoster. If anybody wants to comment on what Gandi (or rather TWS) is doing feel free to do so in the comments, I'm curious myself.

Prices I've mentioned use my country's VAT so will vary slightly for you.

Domain names

Domain names have always been a bit on the expensive side with Gandi but they used to include a lot of features for free with them (SSL, DNSSEC, mailboxes, a small static website, WHOIS privacy, local contact for TLDs that need it etc.) and what they added extra was proportional to the base TLD cost.

For the next renewal all my domains were slated to jump to €28 across the board. If you have domains with Gandi try adding some renewals to the cart and check in advance.

I had to look for an European registrar because I have lots of European ccTLDs that the usual suspects like Cloudflare and Porkbun don't support.

I'm moving to INWX.de and will be saving 25-60% per domain. This takes into account WHOIS privacy where needed for an extra 5€/domain (EU ccTLDs are private due to GDPR but we own a couple of TLDs too) as well as local contact services where required (price varies by country).

Email

I manage multiple mailboxes but they have low traffic and low storage requirements. Gandi will be offering them at €55/mailbox/year. I'm not questioning their pricing, 3-4€/month for email is common, but typically charged by email-focused services.

Anyway, this per-mailbox model would price us into hundreds of euros for resources that go 99% unused. I'm switching to Migadu.com, who allows unlimited domains and mailboxes (within common sense) under a single account and charges for the conflated storage space and emails sent/received across all mailboxes.

Migadu tiers start at 20€/year for 5GB and 200/20/day (soft limits).

Webhosting

We were using Gandi's smallest hosting package for about 100€/year, which was slated to jump to €135. Not an outlandish price for your typical PHP + MySQL hosting, especially since it had some VPS-like features. Then again the typical webhosting service would include a couple of mailboxes and some other goodies.

This was a good opportunity for us to reevaluate out hosting needs and realize we can ditch PHP+MySQL (if we really have to revisit it we'll consider VPS offers in the future). It's mostly static sites, image galleries and a bit of blogging. We've cached all our stuff as plain HTML/CSS/images and moved it to BunnyCDN.

Bunny lets you define a file bundle, gives you FTP access with a unique username+password, lets you pick the extent of replication, puts a CDN on top of it, and lets you point a domain name to it. Also throws a bunch of web server-ish features on top like rules/rewrites and Let's Encrypt SSL.

They actually offer more features than that but I've just mentioned the minimum you need for serving a bunch of static websites.

Bunny pricing starts at $0.01/GB (with a minimum of $1/month) and you pay as you go.

Nameservers

Since we're doing this I've taken the opportunity to dab into DNS. Turns out it's not that hard. There's only like half a dozen of commonly used DNS record types and everybody's helping you with them – email services like Migadu generate the email-related ones for you, registrars and managed DNS services generate the SOA for you, they have forms that tell you what fields are needed etc.

There are lots of managed DNS options. Registrars usually include nameservers and let you mess with the records so INWX was one choice. Bunny offers DNS service that integrates with their CDN. deSEC is a completely free service I'll be using as backup.

All of the above also offer APIs so a bash script will be taking care of dynamic DNS.

 

Upgrading a self-hosted server (1)

Welcome

Hi, I'm starting a series of posts that will follow the upgrades I'll be doing to a self-hosted machine that serves as NAS and also runs all kinds of self-hosted software. I'm lazy so it will probably take time, don't expect me to post too often.

About me: I've been using Linux exclusively for personal use (both desktop and servers) for about 20 years now. I've used several distributions over the years, I've built my own stuff from source (including kernels) and I've done Linux From Scratch. I'm not a Linux expert or professional sysadmin but I know my way around it, and I can learn what I don't know. So don't be afraid to make any suggestions no matter how complicated.

The current state of the machine

  • It's a PC using an i5 7400 CPU, has a built-in GPU with support for h264 hardware encoding and MPEG2, VP8, VP9 and HEVC hardware decoding (this will come in handy for video transcoding).
  • Only 4 GB of RAM, I have ordered a dual 2x16 GB kit.
  • The system drive is a Transcend M.2 SSD (32 GB). SATA rather than PCIe unfortunately but it will do fine for the time being.
  • The OS is Ubuntu Server 16.04 LTS using Expanded Security Maintenance for updates.
  • It's currently running SSH, NFS, Samba, CUPS, OpenVPN, Emby and Deluge on bare metal. Some of them come from distro packages, some from binary releases straight from the developer.
  • There are 6 HDDs forming 3 pairs of RAID 1 arrays. 6 drives was a limit I chose from the beginning, and the case and motherboard were chosen accordingly (cage for 6 drives and 6 SATA connectors).
  • My ISP provides a public dynamic IP and allows port forwards.
  • I have a router that I've recently upgraded to the latest OpenWRT so it also runs Linux, can install packages, it has a web admin interface etc. and can do some interesting stuff.

What I'd like to do

  • Increase the RAM to 32 GB.
  • Stick with a Linux distro, as opposed to a NAS-tailored OS, Unraid etc.
  • Install Debian Stable on a SSD, most likely via debootstrap from the Ubuntu system.
  • Add a GRUB menu entry that makes a passthrough to the other system, so I can keep them both around for a while.
  • Use docker-compose and possibly Portainer for as many of the services as it makes sense. Not sure if it's worth bothering to make containers for things like SSH, NFS, Samba.
  • Add more services. I'd like to try Jellyfin, NextCloud and other stuff (trying to degoogle for example).
  • I'd like to find a better solution for accessing services from outside the LAN. Currently using OpenVPN which is nice for individual devices but gets complicated when you want an entire remote LAN to be able to access (to allow smart TVs or Chromecast to use Emby/Jellyfin for example). I'm hoping Authelia + reverse proxy will be able to help with this.

What I'm not interested in

  • Not interested in using Plex. I've used it for a couple of years, it's a fine piece of software but I don't like the fact they now mandate access through their server or injecting ads.
  • Not interested in changing the filesystem or the RAID setup for the HDDs. RAID 1 pairs give me enough redundancy. The HDD upgrades are very simple. I'm fine with losing 50% of capacity.

Any and all suggestions and comments are welcome! Even if they're about things I said I'm not interested in. It's always possible there are things I haven't considered.

view more: next ›