• 0 Posts
  • 12 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle

  • I’m a bad one to get how-to advice from if you’re starting out. Not a fan of docker and I don’t know what watchtower is. I’m one of those electricity-wasting home labbers who loves ESXi, vlans, and /30 nets for each individual VM.

    I’m also one of those who takes months to accomplish what someone competent can do in days. It’s taking me forever to get openldap, postfix, dovecot, and roundcube to all play nice. (Because I’m trying to “be like daddy” and mimic the security I see at work, I can’t follow normal walkthroughs, or just install an off the shelf container and make it someone else’s problem. But this way makes me read manuals and gain a deep, durable understanding of the technology. And it takes forever.)



  • Security is a tough thing to give advice about. Different people have different levels of risk tolerance. It’s embarrassing to give advice about one’s personal views - tedious to write - and then get replies about how that’s too much security, too little security, etc.

    Attackers can use tricks to enumerate dns subdomains. They can compromise one container and pivot to the container host.

    You can frustrate automated compromises by putting up roadblocks or speed bumps they have to get through before seeing the stock landing or login pages for well known apps. That can buy you a little time if a serious exploit is discovered and you know you won’t be on top of container updates. But stay on your container updates.


  • Agreed, CRT and real hardware (FPGA counts) just feels right. I always rolled my eyes when people talked about frames of lag, but when I went from HDMI to CRT/component, it was noticeable. Like my childhood muscle memory suddenly works again. Not “oh I must be getting old, I have to relearn how to play because my fingers forgot.”

    Like, getting all the coins from a ? block in NES Mario. Emulation, I always flub the first couple bounces because the timing is different. Via CRT I could have not touched the game in months, but I nail it because muscle memory still works.


  • I grew up poor, and reached adulthood at the tail end of the BBS days / start of the internet revolution. It was frustrating seeing so much history go by and not being able to take part in it.

    Started playing with Linux early because, I think, I resented my parents never signing the permission form to let me get a school UNIX account. They thought I’d rack up thousands in long distance charges somehow. But I got Slackware 3.1 later as an adult.

    I guess I wanted a taste of that “whee I’m a sysop too!” experience because in 2000 I stood up a personal domain and started making shell accounts for people on IRC. Part of my username dot net, though there’s nothing really there now. I was a bad sysadmin, though generous with my time and resources. Eventually it started feeling like a crushing weight of unresolved commitments, as the server needed more and more work that I didn’t know how to do.

    The site eventually died in 2015 I think, ancient IDE hard drive finally clicked itself to death. Even more depressing. And then in the process of trying to recover the drive with Spinrite I straight up lost the drive. I think I didn’t label it well and it disappeared into a box with other IDE drives.

    I found the drive again recently. I’ve been a professional C# developer since 2012 and since 2016 I’ve been with an awesome company and gotten to see a bunch of the ops side. That’s inspired me to try to get back into it, but with modern standards and security. And three ESXi servers.

    Just last night I mostly finished loading my old passwd, shadow, and groups info into openldap. Got 400+ users, though I’m sure most were just ftp users who grabbed some fansub anime and split. Had 98 distinct file owners in /home/httpd/html, mostly web comics or personal file dumps. 15-ish phpbb boards. I’d love to get that all back online.

    I know that won’t bring the 2000s back. Several of my users have probably passed away. Nobody will care about most of this. But it’ll feel like I’m closing out an older chapter of my life in a better way, if I get everything back online.

    (And if I need to job hunt again, I can point to the site and say “behold my awesome devops skills! I can accomplish in months what a competent person can do in days!”)




  • Current implementation seems to focus on administrative domains for control, like email servers with individual policies and reputations. What if we look at this the other way?

    People have different value systems. Are you ok with promotion for monetary gain? (No never / only individual contributors promoting themselves / only small businesses and below / yes) Are you annoyed by $controversial_topic? Do you dislike when bored people make a conversation game out of someone else’s need for obscure technical help?

    The details can be decided later by people smarter than me. The point, though, is that these value systems aren’t universal. Users should decide their own.

    Meta interactions (up down report friend block) should be aligned to these values. My client would gather meta-mod data as well as votes/comments. I could easily configure my client to hide things, or group similar distractions together and show/hide them all together. Your client could work differently.

    I have no idea how we would possibly implement this with federation. Civically minded users create a meta-moderation identity with a PGP key, sign and publish their decisions, and let people choose to trust them based on past behavior?

    Probably still flawed, susceptible to karma farming and cashing out. If well known mods start betraying their users, the bad activities are signed and can be used as proof they can no longer be trusted, though it could take days to get people to stop trusting someone.

    Even the whole value system idea can be subverted. Dog whistles, toxic in-jokes, things which are offensive in context but seem fine judged later out of context, etc.

    But I want this for us all. (And I vaguely remember seeing something similar on slashdot in the 90s) I have no idea if Lemmy can even support it though.


  • I agree with nearly everything I’m seeing. Maybe to summarize:

    Laser of any kind is shelf stable. Liquid ink dries out and different printers compensate for this in different ways. Even dumb ink tank printers - where you add liquid and there’s no chip to be read anywhere - can have internal ink sponges that fill up and cause failures. Just a different kind of chipped consumable.

    Color laser means four smaller cartridges and an extra wear part to replace after a few years: ITB or intermediate transfer belt. Instead of going from toner drum to paper, toner goes onto this belt first and then to the paper.

    Different printer manufacturers have different behaviors to lock you into only buying their consumables. HP tends to be the worst offender, but it varies.

    I got lucky, bought a used HP Color Laserjet Pro MFP M477fdw. Basically two generations old, and the top of their desktop / tabletop printer line without being tabloid / large-format or being a huge copy machine / document station.

    Toner chip validation is an option you can turn off. For now. But individual components have firmware versions and can be incompatible with each other, so I’m fully confident I’m one part replacement away from needing to update firmware on everything else and losing this tolerant behavior. A full refill of all four cartridges (5000 pages) totals like $65 right now, so that will suck.



  • I hope this is ok to ask, but: suppose this gets popular enough that monied interests will want to try various influence ops here as they have done elsewhere. Is there enough metadata available that spammy or suspicious activity can be detected and guarded against?

    I keep thinking back to posts on Reddit by some guy who was convinced the lack of posting and commenting anonymity would be horrible for people. Horrible for spammers and influence ops, I assumed, but without actually understanding in what way.