tofubl

joined 2 years ago
sorted by: new top controversial old
For All That Is Good About Humankind, Ban Smartphones in c/technology@lemmy.world
[–] tofubl@discuss.tchncs.de 0 points 2 weeks ago* (last edited 2 weeks ago)

We found more common ground and more things that separate us, too.

I agree with your idea of regulating social media and I'd add that platforms should be mandated to open their walled gardens by implementing open protocols and force them to play nice with other platforms (said the guy on Lemmy.)

On the other hand, I strongly disagree with the notion that an addiction only hurts the addict. I'd argue that's never the case. On the contrary, alcoholism or gambling can drag whole families or more into poverty. On top of the microcosm impact, albeit more of a European problem, I suppose (although I wouldn't want it any other way), substance-related addictions are a huge cost factor on our social health system, costing the public hand (us, me) huge sums and taking up ever scarcer hospital beds and treatment slots. Here comes my main point: History (especially yours with the prohibition period) proves that outlawing substances doesn't work, and neither am I for it. But our minds are vulnerable to suggestion and manipulation, and advertisement is utilising that fact by e.g., creating associations between drinking or smoking and sexual desirability. This is well known and it works too, or it wouldn't be the enormous industry it is. Now then, why should we allow the manipulation of our desires for something that is ultimately bad for EVERY part of society except the leeches directly profiteering from it? (I'm not even talking about the fact that children's minds are even more susceptible to this, but are for the most part just as exposed to the same stimuli our adult ones are. One of the restrictions for wine/beer ads here in my country, by the way: Not on daytime TV. Somewhat sensible at least.)

I wonder why you draw the line at medicine, by the way. What's the difference there for you?

Edit: Thanks for the respectful discussion, by the way. I appreciate it.

For All That Is Good About Humankind, Ban Smartphones in c/technology@lemmy.world
[–] tofubl@discuss.tchncs.de 2 points 2 weeks ago (2 children)

We land on somewhat different sides of the neoliberal fence, I think.

The substances sugar, alcohol, tobacco, sure. Potentially harmful but not malicious. As long as we're talking about adults I mostly agree (although there are many regulations around them in all parts of the world. Smoking in public places, drinking when operating machinery and so on.) A company trying to manipulate people with ads to consume more of these substances: different story altogether since now there's at the very least neglect of societal responsibility involved- can and should be regulated. I can't think of a single reason why ads for alcohol should be allowed, for example. Here in a middle European country advertising spirits or nicotine products is illegal, while ads for beer/wine are legal under certain conditions. Slot machines and similar gambling are illegal while casino games like Roulette and Black Jack are very strictly regulated but legal. What's the situation in your corner of the world and what's your take on it?

What to regulate and to which extent is not trivial of course, but especially when it comes to social media we're so far removed from "too much regulation" that I don't think it's worth going into it here. Banning Smartphones is obviously not the answer either way.

For All That Is Good About Humankind, Ban Smartphones in c/technology@lemmy.world
[–] tofubl@discuss.tchncs.de 3 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

Of course, everybody is trying to develop tricks like yours to resist, but I don't think we should just accept as fact that we need to have those tricks to escape the attention grabbing behemoths with the endless money they throw at this optimisation problem.

It's not like algorithms designed to maximise engagement regardless of societal cost are a law of nature we can never escape. It's just unregulated power, which society has worked very hard to limit and align with "the common good" in the past. Free reign for technocrats that display beauty ads to teenage girls after they deleted their selfies, as a single heinous example, is proof that our control mechanism (democracy in the broader sense, I suppose) isn't working anymore, but that also doesn't mean we should roll over and accept it.

I'm with you that personal responsibility is of course important. The message of Johann Hari's book I tried to convey was (paraphrasing again) "Don't be too hard on yourself when you eventually slip up. It's a steep uphill battle."

For All That Is Good About Humankind, Ban Smartphones in c/technology@lemmy.world
[–] tofubl@discuss.tchncs.de 6 points 2 weeks ago (6 children)

It's not a problem that can meaningfully be dealt with on an individual level.

I recommend Johann Hari's book Stolen Focus. It goes deep into influencing factors of why we are having such a hard time of putting our devices down. The first he lists: giant tech companies are employing the smartest people on earth (i.e., smarter than you or me) to maximize engagement. The cards are heavily stacked against any single one of us trying to break free from these skinner boxes. The threat of social isolation you mock the blog's author for is of course another ace up Meta's sleeve. The book among other things tries to relieve the feeling of individual failure at this insurmountable task of constantly fending off the targeted attacks on our attention- I paraphrase: "You didn't fail, it was a losing battle to begin with."

If you yourself don't have this problem, I'm glad for you and I hope it lasts. Many, many people do, and there are ever more tragic news headlines to show for it. We as a society (or is that societies?) need to regulate the tech-oligarchs, and fast. I have some hope left at least for the EU coming around on it.

We Should Immediately Nationalize SpaceX and Starlink in c/technology@lemmy.world
Whatever happened to cheap eReaders? – Terence Eden’s Blog in c/technology@lemmy.world
Weird Keyboard Layouts: A Showcase in c/technology@lemmy.world
[–] tofubl@discuss.tchncs.de 3 points 3 months ago

Isn't Svalboard the new(?) hottness in keyboard-land?

Raspberry Pi as Bluetooth to Aux converter in c/selfhosted@lemmy.world
[–] tofubl@discuss.tchncs.de 4 points 4 months ago

I think OSMC does this.

Any nice playbook or tutorial to host a static website from home? in c/selfhosted@lemmy.world
[–] tofubl@discuss.tchncs.de 3 points 4 months ago* (last edited 4 months ago)

You can set up your project in a private repo and in your deploy action push it to the main branch of your public Pages repo. I agree it's not a huge deal to show the source, but I prefer it like that.

name: Deploy Hugo site to Github Pages

on:
  push:
    branches:
      - main
    workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Hugo
        uses: peaceiris/actions-hugo@v3
        with:
          hugo-version: "0.119.0"
          extended: true

      - name: Build
        run: hugo --minify

      - name: Configure Git
        run: |
          git config --global user.email "you@example.com"
          git config --global user.name "Your Name"
      - name: Deploy to GitHub Pages
        env:
          GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
        run: |
          cd public
          git init
          git remote add origin https://user/:${{ secrets.DEPLOY_TOKEN }}@github.com/USER/USER.github.io.git
          git checkout -b main
          git add .
          git commit -m "Deploy site"
          git push -f origin main

edit: Markdown is adding a / after "user" in above git remote command. Don't know how to get rid of it.

What hardware do you use for Nextcloud? in c/selfhosted@lemmy.world
[–] tofubl@discuss.tchncs.de 3 points 4 months ago* (last edited 4 months ago)

My Nextcloud journey went from a Raspberry Pi 2B with a single USB HDD over a Pi 3B to a QNAP 2bay NAS on RAID 1 with a proper backup strategy including daily encrypted cloud backup. Having come to rely on the setup much more than when I was starting out playing with it years ago, I sleep much easier now. That said, I never lost any data, even on very questionable hardware without any redundancy whatsoever.

Recommendation Self Hosting Blog in c/selfhosted@lemmy.world
[–] tofubl@discuss.tchncs.de 1 points 4 months ago* (last edited 4 months ago)

If you're not very set on hosting at home, hosting a static Hugo page directly on Github Pages is incredibly convenient and easy (and free.) With the right Github Action, updating the site is as simple as pushing content to the main branch and it automatically deploys. And should Github ever give you a reason to do so, moving away is as simple as copying your static files to any other webhost and pointing your domain there instead.

Edit: It's of course equally easy to deploy on your NAS - just a basic nginx serving the directory with your static site that Hugo generated.

Recommendation Self Hosting Blog in c/selfhosted@lemmy.world
[–] tofubl@discuss.tchncs.de 7 points 4 months ago (2 children)

Are you looking for advice regarding administration or the platform?

I say for a simple blog it's hard to beat Hugo. There are plenty of nice themes and easily adjustable, too with a bit of html/css.

32
Share VPN connection over Android hotspot? (discuss.tchncs.de)
 

I have a home setup with private services and Wireguard to phone in from outside, and would sometimes like to be able to access some of these services from devices that don't have their own Wireguard client like an eBook reader.

Ideally, I would have Wireguard on my Android phone, create a WiFi hotspot and allow other devices to use that Wireguard connection. Out of the box this doesn't work. Does anybody know how to achieve it?

18
Help with reverse proxy architecture (discuss.tchncs.de)
 

In my home network, I'm currently hosting a public facing service and a number of private services (on their own subdomain resolved on my local DNS), all behind a reverse proxy acting as a "bouncer" that serves the public service on a subdomain on a port forward.

I am in the process of moving the network behind a hardware firewall and separating the network out and would like to move the reverse proxy into its own VLAN (DMZ). My initial plan was to host reverse proxy + authentication service in a VM in the DMZ, with firewall allow rules only port 80 to the services on my LAN and everything else blocked.

On closer look, this now seems like a single point of failure that could expose private services if something goes wrong with the reverse proxy. Alternatively, I could have a reverse proxy in the DMZ only for the public service and another reverse proxy on the LAN for internal services.

What is everyone doing in this situation? What are best practices? Thanks a bunch, as always!

22
[SOLVED] Firewall noob vs. port forward (discuss.tchncs.de)
submitted 1 year ago* (last edited 1 year ago) by tofubl@discuss.tchncs.de to c/selfhosted@lemmy.world
26 comments fedilink
 

Hi there, hoping to find some help with a naive networking question.

I recently bought my first firewall appliance, installed Opnsense and am going to use it with my ISP modem in bridge mode, but while I'm learning I added it to my existing LAN with a 192.168.0.0/24 address assigned to the WAN port by my current DHCP. On the firewall's LAN port I set up a 10.0.0.0/24 network and am starting to build up my services. So far so good, but there's one thing I can't get to work: I can't port forward the firewall's WAN IP to a service on the firewall's LAN network and I can't figure out why.

To illustrate, I would like laptop with IP 192.168.0.161 to be able to reach service on 10.0.0.22:8888 by requesting firewall WAN IP 192.168.0.136:8888.

Private IPs and bogons are permitted on the WAN interface and I have followed every guide I can find for the port forwarding, but the closest I have come to this working is a "connection reset" browser error.

Hope my question is clear and isn't very dumb. Thanks for the help or any explanation why I might be struggling to get this to work. Am I missing something obvious?

UPDATE The thread is all over the place, but I have made some progress:

  • RDR rule gets triggered when requesting 192.168.0.136:8888 from 192.168.0.123
  • Apache logs show 2024-02-09T17:39:17.056208857Z 192.168.0.123 - - [09/Feb/2024:17:39:17 +0000] "GET / HTTP/1.1" 200 161
  • a tcpdump (in spoiler below) on the apache container looks inconspicuous to my untrained eye, with the exception of checksum errors in some packets from the docker container (172.20.0.2). The last five lines, after the second GET request (why is there a second GET request?) appear in tcpdump after a delay of about five seconds.
    tcpdump
    192.168.0.123.54120 > 172.20.0.2.80: Flags [S], cksum 0xfdc5 (correct), seq 4106772895, win 64240, options [mss 1460,sackOK,TS val 1485594466 ecr 0,nop,wscale 7], length 0
17:45:14.918207 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.0.2.80 > 192.168.0.123.54120: Flags [S.], cksum 0x6d68 (incorrect -> 0x2fd7), seq 3999845366, ack 4106772896, win 65160, options [mss 1460,sackOK,TS val 1469298770 ecr 1485594466,nop,wscale 7], length 0
17:45:14.924098 IP (tos 0x0, ttl 62, id 63128, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.0.123.54120 > 172.20.0.2.80: Flags [.], cksum 0x5b30 (correct), ack 3999845367, win 502, options [nop,nop,TS val 1485594472 ecr 1469298770], length 0
17:45:14.924102 IP (tos 0x0, ttl 62, id 63129, offset 0, flags [DF], proto TCP (6), length 134)
    192.168.0.123.54120 > 172.20.0.2.80: Flags [P.], cksum 0x70f5 (correct), seq 4106772896:4106772978, ack 3999845367, win 502, options [nop,nop,TS val 1485594472 ecr 1469298770], length 82: HTTP, length: 82
        GET / HTTP/1.1
        Host: 192.168.0.136:8888
        User-Agent: curl/7.74.0
        Accept: */*

        <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
        <html>
         <head>
          <title>Index of /</title>
         </head>
         <body>
        <h1>Index of /</h1>
        <ul></ul>
        </body></html>

17:45:14.924119 IP (tos 0x0, ttl 64, id 34500, offset 0, flags [DF], proto TCP (6), length 52)
    172.20.0.2.80 > 192.168.0.123.54120: Flags [.], cksum 0x6d60 (incorrect -> 0x5ad1), ack 4106772978, win 509, options [nop,nop,TS val 1469298776 ecr 1485594472], length 0
17:45:14.924407 IP (tos 0x0, ttl 64, id 34501, offset 0, flags [DF], proto TCP (6), length 364)
    172.20.0.2.80 > 192.168.0.123.54120: Flags [P.], cksum 0x6e98 (incorrect -> 0x0a74), seq 3999845367:3999845679, ack 4106772978, win 509, options [nop,nop,TS val 1469298776 ecr 1485594472], length 312: HTTP, length: 312
        HTTP/1.1 200 OK
        Date: Fri, 09 Feb 2024 17:45:14 GMT
        Server: Apache/2.4.58 (Unix)
        Content-Length: 161
        Content-Type: text/html;charset=ISO-8859-1
17:45:14.929077 IP (tos 0x0, ttl 61, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.0.123.54120 > 172.20.0.2.80: Flags [R], cksum 0x1833 (correct), seq 4106772978, win 0, length 0
17:45:15.138862 IP (tos 0x0, ttl 62, id 63130, offset 0, flags [DF], proto TCP (6), length 134)
    192.168.0.123.54120 > 172.20.0.2.80: Flags [P.], cksum 0x701e (correct), seq 4106772896:4106772978, ack 3999845367, win 502, options [nop,nop,TS val 1485594687 ecr 1469298770], length 82: HTTP, length: 82
        GET / HTTP/1.1
        Host: 192.168.0.136:8888
        User-Agent: curl/7.74.0
        Accept: */*

17:45:15.138872 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    172.20.0.2.80 > 192.168.0.123.54120: Flags [R], cksum 0xb48d (correct), seq 3999845367, win 0, length 0
17:45:19.995097 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.20.0.1 tell 172.20.0.2, length 28
17:45:19.995161 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.20.0.2 tell 172.20.0.1, length 28
17:45:19.995164 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.20.0.2 is-at 02:42:ac:14:00:02, length 28
17:45:19.995164 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.20.0.1 is-at 02:42:b8:07:c2:99, length 28```


***

**UPDATE 2**
I see the exact same behaviour with a second VM and apache directly installed on it instead of in a docker container.

***
**UPDATE 3**
Thank you everybody for coming up with ideas. And thank you most of all to [@maxwellfire@lemmy.world](https://lemmy.world/u/maxwellfire): The culprit was the `Filter rule association` in my Port Forward settings which I had as `Add associated filter rule` but needs to be `Pass`. As soon as that is set, everything works.

The full solution is a NAT Port forwarding rule with filter rule "pass", an outbound NAT rule for hairpinning, and everything related to reflection turned off in Settings > Advanced. It's that easy! 😵‍💫
133
Nextcloud Performance Improvements (discuss.tchncs.de)
submitted 2 years ago* (last edited 2 years ago) by tofubl@discuss.tchncs.de to c/selfhosted@lemmy.world
36 comments fedilink
 

Nextcloud seems to have a bad reputation around here regarding performance. It never really bothered me, but when a comment on a post here yesterday talked about huge speed gains to be had with Postgres, I got curious and spent a few hours researching and tweaking my setup.

I thought I'd write up what I learned and maybe others can jump in with their insights to make this a good general overview.

To note, my installation initially started out with this docker compose stack from the official nextcloud docker images (as opposed to the AIO image or a source installation.) I run this behind an NGINX reverse proxy.

Sources of information

Improvements

Migrate DB to Postgres

What I did first is migrate from maridb to postgres, roughly following the blog post I linked above. I didn't do any benchmarking, but page loads felt a little faster after that (but a far cry from the "way way faster" claims I'd read.)

Here's my process

  • add postgres container to compose file like so. I named mine "postgres", added a "postgres" volume, and added it to depends_on for app and cron
  • run migration command from nextcloud app container like any other occ command. The migration process stopped with an error for a deactivated app so I completely removed it, dropped the postgres tables and started migration again and it went through. after migration, check admin settings/system to make sure Nextcloud is now using postgres. ./occ db:convert-type --password $POSTGRES_PASSWORD --all-apps pgsql $POSTGRES_USER postgres $POSTGRES_DB
  • remove old "db" container and volume and all references to it from compose file and run docker compose up -d --remove-orphans

Redis over Sockets

I followed above guide for connecting to Redis with sockets with details as stated below. This improved performance quite significantly. Very fast loads for files, calendar, etc. I haven't yet changed the postgres connection over to sockets since the article spoke about minor improvements, but I might try this next.

Hints

  • the redis configuration (host, port, password, ...) need to be set in config/config.php, as well as config/redis.config.php
  • the cron container needs to receive the same /etc/localtime and /etc/timezone volumes the app container did, as well as the volumes_from: tmp

EDIT Postgres over Sockets

I'm now connecting to Postgres over sockets as well, which gave another pretty significant speed bump. When looking at developer tools in Firefox, the dashboard now finishes loading in half the time it did before the change; just over 6s. I followed the same blog article I did for Redis.

Steps

  • in the compose file, for the db container: add volumes /etc/localtime and /etc/timezone; add user: "70:33"; add command: postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/docker/'; add tmp container to volumes_from and depends_on
  • in nextcloud config.php, replace 'dbhost' => 'postgres', with 'dbhost' => '/tmp/docker/',

Outlook

What have you done to improve your instance's performance? Do you know good articles to share? I'm happy to edit this post to include any insights and make this a good source of information regarding Nextcloud performance.

20
Service to fetch and print email and attachments (discuss.tchncs.de)
submitted 2 years ago* (last edited 2 years ago) by tofubl@discuss.tchncs.de to c/selfhosted@lemmy.world
16 comments fedilink
 

Hi fellow self-hosting lemmings,

In an SME setting, I'm looking for a service to regularly fetch mails from an IMAP server and print incoming mails and attachments on a local network printer based on rules (e.g., only print mails where the subject contains a specific word.)

Does a solution like that exist, ideally with a browser frontend to set it up?

Thank you!

view more: next ›